Tips when hiring hackers
- Don't assume that attacks can only come from outside - many come from inside the organization
- A hacker might be able to identify the problem but can they provide a solution?
- Many hackers are just one-hit wonders, they may not be able to offer the additional skills you need
- Do you really need the level of hacking skills they can bring?
- Can a leopard change its spots? Putting a hacker in charge of your security is like hiring a burglar to guard a bank.
Things to consider when vulnerability testing
- Make sure that you set out some formal rules of engagement before embarking on a penetration test
- Consider what you do not want as well as what you do: set out the limits clearly
- Penetration tests can cause damage - make sure the ethical hacker is insured and that you are protected through a formal contract
- Ensure that the security infrastructure is properly set up before the test starts
- Penetration tests and risk analysis are not a replacement for security, merely a method of checking it.