As security professionals we are paid to know how to do bad things. We must know how to do these bad things in order to defend from bad people. What separates us from the criminals is our integrity. We hack for the good of humanity.

Adam Ely, COO, Bluebox

September 11, 2009

2 Min Read

As security professionals we are paid to know how to do bad things. We must know how to do these bad things in order to defend from bad people. What separates us from the criminals is our integrity. We hack for the good of humanity.Some people believe it is wrong to openly discuss what ethical hackers do, know, and what they are capable of doing. It is as if ethical hackers only have the ability [read: ability not motive] to compromise systems while under an NDA and only if being paid, but return to a Forrest Gump like state when between jobs where they lose all ability.

Is it wrong to state that we could in fact do bad things if we were so inclined, such as compromise banks, steal government secrets, or socially engineer a free pizza?

As a consultant, my clients pay me to ethically compromise their most prized assets in order to help improve their organizations.

Admitting that I have the ability to compromise someone's bank account is simply an admission of my ability. Much as Tiger Woods stating he can drive a golf ball 297.8 yards or Michael Jordan stating he can slam dunk a basketball from the free throw line. A [ethical] hacker admitting he is a [ethical] hacker is nothing more than self-realization.

If the world is too afraid of people with the knowledge to commit crimes whom do not have the motive or intent, then we should reexamine many areas of our lives. If a hacker can't speak of his abilities, then a police officer cannot discuss how he is able to determine if a white powdery substance is flour or something more. A pathologist cannot write a book on how to determine the death of a person. I could go on, but you get the point. If you haven't picked it up yet, the point is our integrity keeps us on the right side of the law and should not be easily questioned as it is the basis of who we are and what we do. What do you think? Let me know on the twitter, email, or comment on the blog.

Off to [ethically] hack the planet! HACK THE PLANET!!!

[email protected] @adamely

About the Author(s)

Adam Ely

COO, Bluebox

Adam Ely is the founder and COO of Bluebox. Prior to this role, Adam was the CISO of the Heroku business unit at Salesforce where he was responsible for application security, security operations, compliance, and external security relations. Prior to Salesforce, Adam led security and compliance at TiVo and held various security leadership roles within The Walt Disney Company where he was responsible for security operations and application security of Walt Disney web properties including ABC.com, ESPN.com, and Disney.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights