Clickability tracking pixel

Should Government IT Be Hiring Hackers — and Pirates?

When filling out cybersecurity teams, character, passion and diversity top experience, and hiring a technologist who thinks outside the box could be a better move than opting for a government security veteran.

by / October/November 2020

About a decade ago I was sitting in a large auditorium listening to valedictorian speeches at my daughter’s high school graduation ceremony. Most of the five-minute speeches seemed too long, with predictable thank-yous to parents and teachers, hopes and dreams, future service, etc.   

But one bright young lady shocked everyone. “I’ve examined my options … visited colleges … taken my parents’ money … and have decided to buy a ship. I plan to live life as a pirate!” she declared.

Her passionate appeal to her classmates was to break the rules. Go the wrong way on one-way streets. Don’t just reach for the stars — explore the universe. Live free or die. Don’t let others define you. Follow your heart.  

She received the only standing ovation.  

But as a former National Security Agency employee, images of traitors and espionage filled my brain. I thought, “Hazards ahead!”  

Nevertheless, a few years later, I realized that this 17-year-old was tapping into something important. I read in What Would Steve Jobs Do? by Peter Sander that Jobs once proclaimed, “It’s more fun to be a pirate than to join the Navy.”

So why did Jobs seek to hire pirates?  

“A pirate can function without a bureaucracy,” Sander writes. “Pirates support one another and support their leader in the accomplishment of a goal. A pirate can stay creative and on task in a difficult or hostile environment. A pirate can act independently and take intelligent risks, but always within the scope of the greater vision and the needs of the greater team.”

Pros and Cons of a Pirate, and Hacker, Mentality    

I’ve often heard similar statements made about “black hat” hackers. The desire is to hire people with an outside-the-box mentality. The sentiment is that hackers who like to break things, who steal things, also find new ways of accomplishing things. Hackers are professionally curious, and never say never. Talented hackers who understand the dark web and think like criminals are needed to stop the bad guys.  

Which brings us to the elephant in the room with hiring pirates — and black hat hackers. Namely, their activities are generally illegal. They do not follow society’s rules. Taken to the extreme, pirates and black hats might not even show up at the office at all.   

But this leaves us with other questions like, how far do you let the pirates/hackers go? Could their illegal actions tarnish organizational reputations, lead to more insider threats and audit findings, or even bring fines, jail or bankruptcies?  

This discussion leads to an inevitable question: Can you hire an ethical pirate? In security circles, many people call these people “gray hat” hackers, with a foot in both the good and evil online worlds.

What Traits Should We Aspire to Hire?  

There are no easy answers to these tough questions. Nevertheless, the importance of this topic cannot be underestimated. Every organization seeks to hire the best talent, but the greater goal is to build effective teams that work well together to deliver solutions, produce new innovative products and services, and build a culture of lasting success.

It is generally true that technology and security professionals who earn interviews have the minimum skills to fulfill the duties in the job descriptions, at least on paper. But how do we measure future potential and cultural fit? Beyond credentials and certifications, what traits should we be looking for?  

My answer is to start with character. Is this person trustworthy? I’d rather hire a good securty pro who has a great attitude, is trustworthy and is accountable than a great cyberexpert I don’t trust.

Second, is the person passionate about the role, the organization and team success? You can’t fake passion.  

Third, hire for diversity of experiences and backgrounds on the team. I agree with Steve Jobs on this: “Recruit a diverse, well-traveled and highly skilled pirate, and they’ll follow you anywhere.” 

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso

E.REPUBLIC Platforms & Programs