“A hacker is someone who thinks outside the box. It’s someone who discards conventional wisdom, and does something else instead. It’s someone who looks at the edge and wonders what’s beyond. It’s someone who sees a set of rules and wonders what happens if you don’t follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity.”
The above is a quote from crypto living legend Bruce Shneier’s book, Beyond Fear. This is exactly how I feel about hacking. Hacking is a major asset to Information System Security… if fact is THEE only real asset. I’ve had arguements with some of my peers about this. Information Security Pro vs. Hacker. If the typical information system security pro doesn’t get smart on hacking (security/programming) techniques, security will continue to be a losing battle. Cyber criminals have no problem learning the latest exploits, they have no boundaries and this gives them a “superpower” against security professionals. Some Information security professionals, on the otherhand, restrict themselves by categorizing hacking as bad. They see it as unethical and not responsible.
It is unethical and not responsible to NOT know hacking techniques that might exploit a customers system.