> >Ahh, but does this mean that you should not hire this person? Could this
> not be >misdirected energy? Could it not be turned in another direction?
> (trying not to sound >like Obi-Wan Kenobi) If the person knows their stuff
> real well, and you feel that you >can trust them (based on "X" criteria),
> then they may be the best security person that >you can have. Ask Bob
> Stratton :)
> Yes. I would not hire this person. The energy is misdirected and
> should be rechanneled into something positive, but the InfoSec field
> isn't the place for it. InfoSec is a field which requires a very
> high level of integrity & ethics. A person who has a history of
> integrity/ethics problems should really look for another field, IMHO.
Integrity and ethics are where you find them, and they are essentially
orthogonal characteristics to drug use or hacking. That is, there is
such a large supply of crooked sleazeballs who never do drugs or hack
that I don't think those characteristics per se tells you much at all.
Likewise, the percentage of the population that follows all the laws
all the time is vanishingly small. Of course, you don't want a
surgeon to be stoned while he operates on your eye. But being stoned
at another time is another thing, of precisely no more significance
than if he/she had an after dinner drink.
The bottom line is you have to make your own judgements about who
> Granted that hackers, like other people can turn over a new leaf -
> and I think that this is indeed a possibility. However, even if
> this is the case, I would recommend that their talents be used in
> another field and not InfoSec. This helps them avoid any possible
> relapses (BTW - one of the best cures against a relapse is to remove
> the temptation). Couple of analogies: Asking a reformed pedophile to
> babysit for your children or asking a reformed alcoholic to guard
> the distillery. Either of these cases places enormous temptations
> on the individuals involved that are much greater than that of
> other individuals who haven't had these types of problems. Why not
> avoid the issue by removing the area of temptation?
Let's see, there's a term for this rather slimy and odious style of
argument -- nuts, I can't remember. However, your analogy between
hackers/recreational drug users and pedophiles/confirmed alcoholics is
a rather egregious and ugly rhetorical technique, and you should be
ashamed of yourself for using it -- you've assumed certain characteristics
that are exactly the point at issue. The question is whether hacking
and drug use have any special significance as far as integrity and
ethics are concerned. You have advanced nothing but your prejudices
to support your position.
Kent Crispin "No reason to get excited",
com the thief he kindly spoke...