We’ve all seen this debate before. The most highly debated example of this would be in regards to Kevin Mitnick. So can one of the bad guys turn into one of the good? Some say it can’t happen. Others say a leopard doesn’t change it’s spots. Then we have some who say these people shouldn’t be given a second chance. We also see the discussion of – is it good security to hire these individuals.
Here are couple of threads that show what I mentioned above in regards to Kevin Mitnick.
Chris Pirillo says this spammer has changed and started working for the common good.
It’s not every day you get to meet a spammer. While we didn’t actually spot a live one in the wild, Chris talked at length with a guy who used to post Viagra and Texas Hold’em links in blog comments across the Web. Todd “Oilman” Friesen has since cleaned up his act, instead employing years on the dark side of the biz to helping companies figure out how to reach their audience in the search space the right way.
That link includes an audio interview with this reformed spammer.
Having recently had to deal with a small amount of trackback Spam the past few months. I’m not exactly keen on being friendly with a Spammer. But I guess in some cases a second chance is deserved. And if this person really has changed there ways. They deserve the chance to prove themselves.
As my comment above shows. I’m sort of on the fence on this issue. I want to believe in the good of human beings. I’d like to believe that those who have done wrong can change. None of us are perfect. What would happen in many cases if we’d not been given a second chance?
Then again giving these people a chance is a big risk. Do we let them into our businesses and take that risk? Some would say it takes a crook to fight a crook. You hear stories of virus writers writing malware to get noticed. In the hopes of getting a job. Is it really a good thing to let the wolf in the hen house? Do you want reformed virus, worm or trojan writers coding your virus definitions? Can they be trusted to help keep you safe?
For many in the online / offline security business. It’s just not worth the risk and perceived liability. Even though many companies employ ex hackers when doing security assessments. I’m not sure corporations are always fully aware of this fact though.