Mind Your Gamekeepers

In his book, ‘Flash Boys’, Michael Lewis recounts the story of an influx of Russian programmers to Wall Street. This sudden need was fueled by the growth of High Frequency Trading, a method of trading that uses powerful algorithms to transact a large number of complex orders in fractions of a second.

These programmers had learned their trade in Russia, which was a cyber-minefield, riddled with loopholes. Those who learned to master that chaotic environment, built valuable skills that were coveted by Wall Street. As a result, these programmers found themselves very well rewarded, respected and revered.

With so much spotlight on cybersecurity, Lewis’ book came to mind. I pondered how “The Flash Boys” in Lewis’ story knew the weaknesses, this meant they also knew how to prevent them. In effect, the best poachers can also be the best gamekeepers. In the context of cybersecurity, the same thoughts apply.

Understanding the Hats

I have always been a fan of the old westerns. In these classic movies, characters would often say, “Never trust a man in a black hat”. Bad guys were portrayed as wearing black hats while good guys wore white hats. These same characteristics were adopted by the hacker community to signal the intentions of a hacker.

Black Hats refer to those hackers who are driven by personal gain. Grey hats, wear both hats. They characterize those hackers, who identify faults in systems, report them to an authority and suggest a fix - for a fee of course. If the authority does not pay the fee, the fee may become a ransom and the hacker’s hat changes from grey to black.

Then there are the white hats, those hackers who use their skills for good. White hats are known as “ethical hackers” and they are a highly valuable and rare breed of individual. When you find them, cherish them, appreciate them, when you are looking for them, prepare adequately.

It is becoming increasingly difficult to acquire highly-skilled, ethical cyber talent. As a result, organisations need to be very specific about the needs of these potential team members. To recruit and retain this talent requires a specific and carefully-considered acquisition strategy. White hats have a choice of employers and will seek out specific working cultures that fit their values. They will require access to state-of-the-art infrastructure and sophisticated penetration testing environments and of course, high-end computing power. The environments they require should be allied with challenging projects, clear career paths and executive sponsorship i.e., how aligned security goals are with business strategy. 

Most importantly, to attract this talent you must have absolute clarity on organisational values and ethics. If an “ethical hacker’ – a gamekeeper, is going to join your organisation, then the organisation must have ethics, a clear mission and value statement. Hiring managers must be up to speed with such principles so that they can communicate these elements to the gamekeeper.

In an age where poachers are widespread, we must protect and cherish the gamekeepers – when we find them.

Thanks for reading.