Home > Blogs > Ethical Hacker

It's time to take back the term hacker from the wanna-be's...

Not sure when it happened, but somebody stole a geek title and sold it, at a profit, to high tech press profiteers.

Ask most people to define the word Hacker, and they use terms like crime and criminal, caffeine and colas, pizza and persistence.  Far from all that, Hacker originally was used to describe a very resourceful administrator.  Somewhat like the term "tinkerer", a hacker was someone who would figure a way to scrunch more code into less memory space or find a way to create a more efficient data structure.  From Nothing.  True Creatio Ex Nihlio.  Break into a banking system?  No way.

Not sure who, but someone decided to apply the term to those who use their technical knowledge to get more privilege, more access to restricted information, some access onto computers now made reachable by 300 baud modems.  The original connotation got lost sometime in the 80's.

Why clank on about hackers?  I recently qualified for the GPEN certification from SANS.org.  Some claim I can call myself an Ethical Hacker, possibly a White Hat.  Honestly, folks, this is no [D&D] game.  There is no Fantasy as I dig into designs, vowing to find strategic weaknesses other analysts and scanning software often neglect.  The only hat I wear is a motorcycle helmet.   Me?  I'm a boring IT guy who tried out the Security path 20+ years ago.  Sure, I've found a lot of vulnerabilities I repaired after proposing a remediation project, but nothing illegal was done to deduce the problem.

Let me know what you think of the term "Hacker".  Is it something we can win back from the press, too often too eager to sell papers or video viewings?  What's your take on hackers and their importance to traditional Information Security analysts?  What knowledge and skill sets can each contribute to the other group? 

I get it.  Today's hackers are remarkably strong in the IT arts, much like their hacking ancestors.  They bring a blunt awareness of problems in vendor software we're sold as "secure".  They add urgency to remediation plans, and yes, by reviewing their recommendations, we get new impetus to improve security--at a rate far faster than I could bring about with a traditional IT security report.

How do we re-associate hacking with the helpful effects and de-associate the term from criminal activity?

jt