Some of today’s top companies including Starbucks, Uber and Google are turning to reformed black-hat hackers to fill their cybersecurity skills shortage, with the rapidly evolving industry providing new – and legal – pathways for the next generation of cybersecurity professionals.
You could be forgiven for thinking that Silicon Valley is the house that hackers built. Facebook founder Mark Zuckerberg allegedly broke into the email accounts of student reporters during his time at Harvard. Jack Dorsey, the man behind Twitter, hacked into the network of a potential employer in an attempt to impress during a job interview.
It doesn’t end there. WhatsApp founder Jan Koum and Napster head honcho Sean Parker were both members of the infamous black-hat hacker group w00ww00 in the 1990s, before going legit to make millions in Silicon Valley.
Now, facing a serious skills shortage in the cybersecurity industry – 82 percent of respondents to McAfee’s Hacking the Skills Shortage survey reported a shortage of cybersecurity skills – companies are turning to black-hat hacker groups to recruit the next generation of white-hat cybersecurity professionals.
Rise of the Condor
Known as ‘Condor’ in his hacking days, Mitnick stole source code and software from Novell and Motorola and illegally accessed networks belonging to Sun Microsystems and Pacific Bell.
Mitnick eventually served five years in prison for his crimes. He founded Mitnick Security Consulting after his release and is now a sought-after cybersecurity consultant and speaker.
Today, Mitnick uses the deep-penetration testing skills he learned as a hacker to identify vulnerabilities in companies’ cybersecurity systems.
“Companies from all around the world hire my company to try to break in to businesses by exploiting technological flaws, by manipulating people, by getting in physically and also by getting in through the mobile phones,” says Mitnick. “During our testing exercises, we compromise these devices day-in and day-out.”
Mark Abene, formally known by the handle Phiber Optik, is another example of a black-hat hacker who has reinvented himself as a white-hat cybersecurity expert. Once a member of hacking group Masters of Doom, Abene served one year in prison before going on to start his own ill-fated cybersecurity firm.
“After my own consulting firm folded after the dot-com bust in the early 2000s, I continued doing independent security consulting for a lot of large companies,” Abene told CNET. “A fun job I had recently was writing the encryption routines for the online streaming service for Major League Baseball.”
Black Hat Turns Good
It’s black-hat skills such as these that companies are becoming increasingly interested in accessing.
Companies such as Nintendo, Starbucks, Shopify and Uber have turned to platforms like HackerOne that connect corporations with a community of white-hat hackers. So far, HackerOne claims that its community has fixed more than 35,000 bugs for its clients with security vulnerabilities found within 24 hours in 77 percent of its cases.
A Better Way Forward
When Mitnick was coming of age in the 1970s, cybersecurity training didn’t exist. Rather, hackers learned their trade in the dark corners of the computer world and developed their skills by committing illegal acts.
Today, a number of quality education providers offer sophisticated cybersecurity training courses to prepare the next generation of cybersecurity professionals for corporate roles without the need to resort to unethical activities.
While Silicon Valley was once a happy hunting ground for reformed hackers, the rapidly evolving cybersecurity industry is today providing more legitimate career pathways for the next generation of cybersecurity professionals.
What role do you think hackers will play in the evolution of cybersecurity?
Find out more about how you can invest in the skills that will shape cybersecurity.