A recent survey by IT recruitment specialist CWJobs.co.uk found that 70% of IT professionals think hiring former hackers could help address security challenges. The logic is simple: who better to defend systems than those familiar with exploiting them?
One prominent example is George “GeoHot” Hotz, the well-known iOS jailbreaker and PlayStation hacker, who was hired by Facebook shortly after a high-profile legal battle with Sony. Such hires show the appeal of bringing insider attack knowledge into defensive roles.
Still, recruiting former attackers carries clear risks. Directly enlisting someone who previously exploited systems raises legitimate concerns about whether they can be trusted not to engage in malicious activity from within.
Recent high-profile breaches reinforce that concern. Following the PlayStation Network outage that left Sony’s online services down for a month, 56% of IT professionals surveyed said companies are not taking security seriously enough. In a hyper-connected world—where services and even physical objects are increasingly internet-enabled—that’s a troubling finding.
Furthermore, four in ten respondents said the UK technology sector currently lacks enough skilled security specialists to counter evolving threats. This shortage makes some organizations more open to unconventional recruitment strategies, including hiring reformed hackers.
Security expectations vary widely across industries. The military faces the most serious potential for abuse if security measures fail, while banking is another sector where weak controls carry major consequences. For example, consumer group Which? recently judged UK high-street bank Santander to have the weakest online security among those evaluated, based on factors such as safety when logging in, changing account details, and transferring funds.
Richard Nott, Website Director at CWJobs.co.uk, commented on the survey results: “These findings present an interesting tactic for those keen to find new ways to meet the demand for security professionals within their organisations—though perhaps one that should be treated with some caution.”
He added: “What is clear though is that cyber threats are growing and evolving on an almost daily basis, so having skilled candidates who understand and can navigate this environment to protect the business is now crucial.”
The survey raises important questions about recruitment strategies, risk management, and trust. Hiring ex-hackers can bring deep technical insight and a hacker’s mindset that helps uncover vulnerabilities before they are exploited, but organizations must pair such hires with rigorous vetting, clear ethical expectations, and robust oversight to mitigate potential dangers.
Ultimately, the debate is not just about whether ex-hackers should be employed, but how organizations can safely expand their security talent pools to keep pace with rapidly changing threats. Combining diverse hiring approaches—such as training existing staff, investing in security education, partnering with ethical hacker programs, and carefully integrating reformed attackers—may offer the most balanced path forward.
What do you think about these survey findings and the idea of hiring former hackers for security roles?