How to hire an ethical hacker

Video transcript:

Many companies hire ethical hackers to play the role of an adversary who’s looking to hack into them to penetrate their defenses. Companies need to think about whether the company that they’re hiring, or their individuals are hiring are properly vetted.

There are plenty of what I would call smaller organizations out there whose individuals might have operated on the other side of the fence for a period of time and may have turned good now but you don’t know necessarily what else they may also be doing on their off hours, and so I think it’s really important to ensure that anybody that you’re looking to really work with you for any cybersecurity advice or consulting or implementation or testing has individuals that are both skilled, that they have a strong development program that supports those individuals, that they have background checks that you can validate, and that they have a strong track record in the market of providing that service to organizations which can be validated through discussions with those organizations.

Oftentimes it’s the individuals who are strongest at that type of activity. Frankly do think like a criminal. They can think about why would a criminal want to get after this organization. What would they be after, and how might they get after it?

When companies are looking to hire any cybersecurity advice, they really need to be asking those organizations about their methodologies and their quality processes. How they ensure that whatever activity those individuals are going to undertake does not put your company at risk.

When a cybersecurity professional is assessing an organization’s vulnerabilities, they are collecting a lot of sensitive information that would be confidential or highly confidential and very valuable to criminals who may not have done that activity yet. You should be asking questions around how that organization protects that data about them because it is valuable information. What are their practices for securing that information, ensuring that it does not get disclosed, for sharing it, sharing the results with the organization? What type of tools and encryption are they using even just to share the report? If organizations don’t have solid — cybersecurity organizations don’t have solid responses to these types of questions, they’re not somebody you want to hire.


Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.


Black CPA Centennial, 1921–2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nation’s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.