Disclaimer: People use the word hacker in different ways. For some, it is a general term indicating that someone has skills when it comes to coding and security systems. For others, it more specifically means you have broken the law, or at least displayed questionable ethics, in applying those skills. For the purposes of this article, we are only using the term hackers to describe those who have knowingly broken the law using their computer skills.
You may want to read this article and think twice. In classic "I-told-you-so" fashion, convicted hacker-turned-security-expert Max Ray Butler, a.k.a. Max Vision, is being prosecuted for hacking again. He was indicted on three counts of wire fraud and two counts of transferring stolen identity information. According to the indictment, he helped to operate a website dedicated to buying and selling stolen credit card and other personal identity information. Reports indicate he sold tens of thousands of stolen credit card accounts gained by using 'war-driving' attacks to exploit wireless networks and gain access to computer networks at several organizations, including the Pentagon Federal Credit Union and Citibank. He hasn't been convicted of anything yet, but there seems to be a strong case against him supported by solid evidence gathered by the U.S. Secret Service.
There's always been some debate on whether hiring former hackers to perform security duties is an acceptable practice. In my opinion, it is very hard to justify hiring a former hacker, particularly one with a criminal record. In Butler's case, he was a former FBI informant and a somewhat well-known security researcher. But apparently, he still couldn't overcome the lure of using his talents for illegal activities. I'm all for second chances, but you have to take your business's best interests into account when it comes down to hiring someone who is going to be responsible for an aspect of your security. This applies to hiring consultants as well.
And in case you're wondering: No, we do not hire former hackers at SecureWorks.