You wouldn’t hire a CEO with a prison record, so why would you leave your network security to convicted criminals? A growing segment of the industry says the best enterprise security comes from those who’ve broken it.
“People have to do themselves a favor and stop condemning hackers as bad,” says Ian Murphy, a reformed hacker and one of the first people convicted of a computer crime in the United States. “Hackers have a better understanding of technology environments than a typical IT manager could ever gather on his own.”
Murphy, known in the hacker community as Captain Zap, spent portions of the early 1980s probing telecom systems and private networks. He even claims to have used the White House switchboard to make calls to Europe before being fined $1,000 and sentenced to thirty months’ probation for his online exploits.
Murphy now runs IAM/Secure Data Systems, a decade-old consulting firm that specializes in IT security. “In my opinion, companies that need security experts are best served by hiring burglars instead of cops,” says Murphy, from his office in Tampa Bay, Florida. “The burglar knows how to get into your facilities and how to attack you.” The cop, by contrast, typically can’t help you until after the crime has been committed.