How to hire an ethical hacker

Video transcript:

Many companies hire ethical hackers to play the role of an adversary who’s looking to hack into them to penetrate their defenses. Companies need to think about whether the company that they’re hiring, or their individuals are hiring are properly vetted.

There are plenty of what I would call smaller organizations out there whose individuals might have operated on the other side of the fence for a period of time and may have turned good now but you don’t know necessarily what else they may also be doing on their off hours, and so I think it’s really important to ensure that anybody that you’re looking to really work with you for any cybersecurity advice or consulting or implementation or testing has individuals that are both skilled, that they have a strong development program that supports those individuals, that they have background checks that you can validate, and that they have a strong track record in the market of providing that service to organizations which can be validated through discussions with those organizations.

Oftentimes it’s the individuals who are strongest at that type of activity. Frankly do think like a criminal. They can think about why would a criminal want to get after this organization. What would they be after, and how might they get after it?

When companies are looking to hire any cybersecurity advice, they really need to be asking those organizations about their methodologies and their quality processes. How they ensure that whatever activity those individuals are going to undertake does not put your company at risk.

When a cybersecurity professional is assessing an organization’s vulnerabilities, they are collecting a lot of sensitive information that would be confidential or highly confidential and very valuable to criminals who may not have done that activity yet. You should be asking questions around how that organization protects that data about them because it is valuable information. What are their practices for securing that information, ensuring that it does not get disclosed, for sharing it, sharing the results with the organization? What type of tools and encryption are they using even just to share the report? If organizations don’t have solid — cybersecurity organizations don’t have solid responses to these types of questions, they’re not somebody you want to hire.

Where to find March’s flipbook issue

The Journal of Accountancy is now completely digital. 





Get Clients Ready for Tax Season

This comprehensive report looks at the changes to the child tax credit, earned income tax credit, and child and dependent care credit caused by the expiration of provisions in the American Rescue Plan Act; the ability e-file more returns in the Form 1040 series; automobile mileage deductions; the alternative minimum tax; gift tax exemptions; strategies for accelerating or postponing income and deductions; and retirement and estate planning.