Mitnick: Leaving the Dark Side
Interview: Now that Kevin Mitnick is back online, the notorious hacker speaks out about his security consulting business and the state of enterprise security.After serving 60 months in federal prison and an additional three years on probation following his conviction on wire fraud and other charges, notorious hacker Kevin Mitnick is now back online and back in business. Only this time Mitnick says hes trying to stop hackers. Hes founded a security consulting company, Defensive Thinking Inc., in Los Angeles, that he says is focused on providing security awareness training and vulnerability assessments to enterprises and government agencies. Recently, eWEEK Executive Managing Editor Jeff Moad spoke with Mitnick about where hes been and where hes going. eWEEK: How have enterprises taken to the idea of hiring Kevin Mitnick as a security consultant? Mitnick: For the people who hired me, it hasnt been an issue. The question is how many companies havent hired me or contacted Defensive Thinking based on my past. I believe its 50-50. Some people have taken the position that if you were involved in hacking in the past we wouldnt hire you. Other people have taken the position that maybe this guy would be good to go with because he brings a lot of skills to the table, and hes put his past behind him, and hes doing good things now.
It really comes down to an assessment of risk. If a company hires Defensive Thinking to do training, there is no risk because we are basically the messenger providing very valuable information that companies could use to protect their information assets. [On the vulnerability assessments] it depends on the scope. If your vulnerability assessment is from the external side or from the point of view of the client not giving any information to us, there is no risk because theyre not giving us the keys to the kingdom. If we go inside the organization and do a vulnerability assessment or we look at business processes and procedures, theres some risk.