ABSTRACT
Introduction Th is chapter focuses on two personnel-related tactics: hiring a hacker and countering insider threat. Th e “hire a hacker” tactic is based on the idea that hiring someone good at fi nding security fl aws in systems provides a defensive advantage. Th e assumption is that these individuals are more likely to fi nd fl aws in a system before it is released or goes into production and hopefully, before one of the bad guys does. Th e reviews on this strategy are mixed. Most security professionals say no, while some security service companies would say yes. One example that stands out is @Stake, which hired a number of hackers from L0pht Heavy Industries (a band of well-known Boston-based hackers). Whether or not this is a good tactic really depends on the objectives you are trying to achieve. Some in the industry say hiring a hacker is too risky and increases the threat of insider attacks.
