Why Security Loves Hackers
by Graham Westbrook
At one time, the term “hacker” simply implied using technical knowledge to solve a problem creatively.
Now, it has evolved into a pejorative term which brings to mind bizarre mental images - attackers wearing gloves and masks or typing with a balaclava.
Let’s take a moment to clarify. Computer hackers are being inappropriately lumped together with criminals partaking in illegal activity. A hacker, as the original definition suggests, is more accurately described as any skilled expert using their technical knowledge to overcome a problem. Someone engaging in criminality using computers can be more correctly labeled a "cyber criminal.” Even more broadly, the term "threat actor" can be used to describe hacktivists and nation-states (among others) acting with malicious intent.
This is not just semantics. When we continue to use the word "hacker" in a negative way, it alienates the very same group of people who can help us: the curious tinkerers, the creative engineers, the devil’s advocates. The innovators critical to the evolution of our industry against threats. Used rightly, it is a badge of honor.
And some in the security industry are taking notice. People like Dustin Dykes from AT&T and Chris Roberts of LARES are making concerted efforts to avoid using the term "hacker" in a pejorative sense, and only use it in reference to someone doing something ingenious in the technical field. The endeavor to change the word is still small and may be difficult to achieve (because the rate of proliferation is higher than the rate of conversion). But it is incredibly important to reclaim the word because the cost of indifference is too high.
A little insurgency wouldn’t be a bad thing.
Graham Westbrook is the Director of Intelligence & Content at Living Security. He has a B.A. in Intelligence Studies and is currently pursuing a M.S. in Criminal Justice/Forensic Psychology. Graham is an intelligence practitioner at the intersection of cybersecurity and human risk. He has bylines at Russia Direct (RBTH), Leksika, SANS and Living Security, and will be speaking at RMISC 2019.