By Lindsay Toler
By Chad Garrison
By Brett Koshkin
By RFT Staff
By Lindsay Toler
By Riverfront Times
By Danny Wicentowski
By Pete Kotz
"Even some of the hackers who work for government organizations still do bad things on their own time, because they can," Echemendia says. "I've known some kids where that structured, 'do this' environment is not enough for their intellectual evolution."
There is indeed a bit of an arms race for those young hackers Echemendia is referring to. Cybersecurity firms and the government/military complex recruit budding geeks with promises of perks, salary and, yes, security. Hacking, long a bastion for those who see themselves as apart from society, is becoming a structured career path.
In St. Louis this fall, Fontbonne University is launching an undergraduate program in cybersecurity, while Washington University is introducing a cybersecurity master's degree. Both universities see the field as a potential jackpot growth industry. According to InformationWeek's IT Salary Survey 2013, cybersecurity staff members earn a median of $90,000, while managers earn around $120,000 a year. Businesses need people who can speak the language of electronic defense and react to attacks with a cool head.
"We want to produce leading professionals in the field," says Jack Zaloudek, director of the cybersecurity management master's program at Wash. U. "When companies experience a denial of service attack or discover malware, they don't want a bunch of Chicken Littles running around shouting, 'The sky is falling! We need to shut down the entire system to scrub it down.' When you're at a place like Express Scripts, where you're expected to generate $40 million a day, you just can't do that."
Among those who had a hand in designing the Wash. U. program is Jerry Hoff, who previously taught for seven years at the university's Center for the Application of Information Technology. He believes the best way to stop a young hacker from breaking bad is to diagram the illegal stuff and sap it of its mystery. Hoff, now in California with WhiteHat Security, has even developed a Web application called WebGoat that allows hackers to do just that. WebGoat serves as an online piñata — of sorts — a program riddled with common script vulnerabilities for students to hack to shreds.
"We try to shine a light on the problem," Hoff says of his app and dozens like it. "We want to cut out the mystique and make it common knowledge. That way, we can satisfy people's curiosity so that they don't have to take illegal steps to find out 'What happens when I do X?'"
Chronister has also gotten into the business of training tomorrow's white hats. His Parameter Security now has an in-house "Hacker University," where local IT professionals can earn official certification as ethical hackers. They learn security from both the offensive and defensive sides, training themselves to think as attackers would.
"The vendors out there want to build up their walls and say their system is perfect," says Chronister. "They're not testing it the way offensive guys are testing it."
In 1986 an individual under the handle of "The Mentor" wrote the highly influential "Hacker Manifesto." After 27 years, an eternity in the tech world, the creed remains relevant.
"Yes, I am a criminal. My crime is that of curiosity," reads its most famous passage. "My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for."
It makes for compelling recruiting material, but Chronister is adamant: The romance of these digital Robin Hoods lasts only as long as they can sell their philosophy to the public. In April, the hacking community Anonymous launched an online salvo that crippled the Westboro Baptist "God Hates Fags" Church. Their cyber attack was generally celebrated. But who does Anonymous have a beef with next? And what if it's an organization that at least a few rational people could support? What gives a hacking collective carte blanche to play at being vigilante lawmen?
"You may agree with what Anonymous is doing, but at some point they're going to cross your lines, and you'll see them as criminals," Chronister says.
Ethical hacking might not come with the same underground street cred, but Chronister believes it's a more rewarding line of work. Every day he's testing his curiosity by probing security systems in an attempt to outwit the black hats.
"I get to be a criminal, legally. Legally!" says Chronister. "How much more fun can it be?"