I'm A Proud Hacker. You Should Be Too.
I spent last week in Las Vegas, at Black Hat a conference built for and around professional hackers.
This annual security conference takes place in Vegas, Barcelona, London, and Riyadh, and each year I'm asked some version of the same question on every flight and in every Lyft ride: “So, you're part of that hacker show?”
The ask is always accompanied by a skeptical, even fearful side eye, as if to really say “Who the hell are you and what trouble are you about to cause on my flight/in my car?”
Their concern is reasonable. My response is less so. I always say something awkward or vague like, “Well… yes, I'm part of the show – but don’t worry, I’m not a hacker!” Exactly what a hacker would say. This lame deflection comes with a small, fake laugh to put the driver or fellow passenger at ease. It doesn’t work. Which makes me wonder why I bother. Not only is there nothing wrong with being a legitimate hacker, I believe it's extremely important work, done by brilliant people providing a deeply necessary service to society. The world of the hacker is rife with #CorporateStorytelling. So why am I compelled to assure others that story isn’t mine?
Hackers Are Cool
If the fellow passenger or driver seems interested, I explain the fascinating (to me) reality of hackers gone legit. Some Black Hat attendees were honest from the start. Others were once underground criminals, cracking code, breaking into databases, breaching firewalls, installing ransomeware, stealing financial and informational assets. Then they had a change of heart. Or pulled a Frank Abagnale and made their conversions to legitimacy post-arrest. Sorry, that’s cool.
The stories of those who chose to emerge from the shadows after years of operating in the dark, hoodied fringes of the nether network intrigues me. Their skills dazzle me. So when fellow United passengers or Uber drivers ask if I'm a hacker I should proudly lie and say yes rather than trying so hard to assure them I'm not. After all, real criminals don't openly attend trade shows, wearing badges with their names on them and happily sipping cocktails in the lobby bar. They’re too street to listen to me speak about data ingestion or the SIEM (security information and event management for those of us who aren’t smart enough to hack).
How Hacking Pays Off
Today's legitimate hacker is employed to break into their own company's infrastructure and reveal its weaknesses, exposing potentials for failure or risk of incursion. The more issues they expose, the more bonuses they earn. Discovering a small security leak may earn thousands in bonus pay. Proving potential for a full system crash may earn tens or even hundreds of thousands. A small price for the corporation to pay when the damage from an actual nefarious black ops team could wreak havoc in the millions.
Remember the recent airline and public transportation fiasco with Cyberark? Yup, that brand was exhibiting last week at Black Hat. And the reaction from the rest of the community to Cyberark's embarrassing debacle was… meh. Just business as usual. Every exhibitor at the event recognized it could just as easily have been them, so no fingers needed pointing. But if yours was one of the 3,000 cancelled or 28,000 delayed flights due to the Cyberark/Microsoft incident? You were probably a lot less understanding. Always two sides to every story.
The Honest Hacker
“Honest hacker” may sound like a dichotomy, but honest hackers prevented those 3,000 cancelled flights from becoming 300,000 cancelled flights. These rare geniuses are paid exceptionally well to do such important work. Likely not as much as they may have made in secrecy, evading the law and bringing corporations and even governments to their knees. But as salaried employees, hackers no longer fear discovery. Or prosecution. They may earn less than they did in anonymity, but that lower paycheck buys the right to openly and publicly brag about achieving impossible hacks to their peers and celebrate one another's remarkable achievements.
Being legit means an honest hacker gets to share their story. Each hacker's #CorporateStorytelling inspires future generations of hackers to stay honest, to use their gifts for good instead of evil, and to make their own positive marks on the future of the network. Like I said, hacking is cool.
Hacking Into Our Audience’s Mindset
All strong communicators and value-driven leaders are hackers at heart, seeking out the insecurities, opportunities, and success gaps of our audiences and our teams. The point of every talk, presentation, or meeting is to expose cracks in performance, holes in our operations, and failing aspects of our common practices.
The goal of any good speaker is to show what isn't currently working and has the potential to be better. We hack the status quo and reveal new possibilities for success. If we’re good at it, we hack that status quo loudly, proudly, out in the open, for all to see, hear, and benefit from.
Which is why I need to change my own story the next time someone asks if I'ma hacker. Because the truth is, I am. And if you’re a leader, so are you.