I would like to know more about hacker teams who hire themselves out to companies to conduct permitted hacks of their systems. Where can I find information about them? What are the advantages and disadvantage of these teams of hackers?
Be very careful with this one! While there are many reputable companies who conduct so-called "penetration tests," there are also a lot of charlatans in this business. You need to do a thorough background check of any ethical hacking company you hire to penetrate your organization. You are giving these folks carte blanche to attack your systems. Ask them what their practices are regarding hiring ex-criminals. Ask them about their own background check procedure. Look for folks working at large, reputable consulting firms. Ask them about liability; what financial backing do they have if something goes awry?
Keep in mind, though, that penetration testing can be a very good thing, as it can help you find vulnerabilities before the bad guys do. The advantages include getting a "hacker's-eye" view of your security, where the rubber meets the road. The disadvantage is that your results will be a snapshot in time when you ran the test and won't reflect your environment next week. So, I recommend proceeding, but with caution.
For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Think twice about hiring a 'white-hat' hacker
News & Analysis: Audits confirm enterprise security
Featured Topic: Penetration testing
Dig deeper on Security Resources
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.