I was surprised to read that a 16 year old teenager has achieved a qualification in ethical hacking. It’s clearly a great achievement for him. No doubt he will have a great future ahead of him. But how can such a thing be possible? Penetration testing requires a lot more than technical knowledge. It calls for a high level of integrity, a good appreciation of business risks and a sound understanding of the economics of security solutions. Let’s hope that organisations look for more than paper qualifications when hiring contractors to test their systems. And let’s hope that security professionals stop using that dreadful term, which has little to do with ethics or hacking.