Hack into the Department of Defense, go to prison, come out and get a high paid job as a security analyst. For a while there, it seemed this was a hot career path for geeky, rebellious teenagers who might have viewed spending four years sitting in college classrooms as not that different from being behind bars, anyway. From the point of view of the ex-con kids, it was a dream come true: they got paid - often very well - to do what they were doing anyway, for free, and didn’t have to worry that the FBI would come knocking at the door (or bust it down) late some night.From the point of view of the companies doing the hiring, who better to do penetration testing than people whose skill levels have been proven in a court of law? It seems to make sense, but the trend appears to have leveled off as many organizations have tightened their general hiring criteria in a less robust economy. However, even if your HR department isn’t bringing them on staff, a close look at the employees (and owners/founders!) of that security consulting firm you’re contracting with might reveal a few folks whose backgrounds include more than a few illegal activities. What are the arguments for and against allowing such people access to your network, and what are the ramifications if it goes wrong?

**Hidden Content: Check the thread to see hidden data.**