A Lot Of UK White Hats Used To Be Black Hats

Although it’s hardly unusual for large companies to hire former cyberthieves—even convicted ones—to test security defenses, a U.K. study has found the effort increasingly common due to a shortage of security professionals with experience breaking into secure systems. Sometimes apparently, it really does take a thief.

This point was highlighted in a report released Monday (Nov. 17) by KPMG, which saw that enterprises have found it “increasingly difficult” during the last two years to find and retain IT professionals with sufficiently aggressive cyber-security skills. Why? Most because professionals with that background are being actively recruited by headhunters. The report termed such black hats becoming white hats as “poachers turned game-keepers.”

“They wouldn’t hire pickpockets to be security guards, so the fact that companies are considering former (cyberthieves) as recruits clearly shows how desperate they are,” Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy, told the Wall Street Journal.

“Banks, including JP Morgan, Citigroup and Bank of America Merrill Lynch are also recruiting cyber security staff, but are looking more at ex-military and intelligence officials,” the story said.

KPMG surveyed 300 senior IT and HR professionals in organizations employing 500-plus staff in the U.K. The most interesting survey answer: A little more than half of all respondents (52 percent) said they would not exclude an employee or contractor applicant because they had a criminal conviction.


Latest Insights: 

The Payments 2022 Study: Building A High-Performance Payments Team For Fraud Detection, a PYMNTS collaboration with Stripe, examines how digital platforms of all sectors and sizes plan to develop their anti-fraud teams as part of their their broader growth and development strategies. Drawing from an extensive survey from approximately 250 payments heads at digital platforms in the U.S. and abroad, our study analyzes how poor anti-fraud capabilities can harm platforms’ long-term growth strategies, and how they can build high-performing teams to tackle these challenges.

Click to comment


To Top