I was talking with some people this morning at the Rochester Security Summit, and one person said, “I have a problem with the Certified Ethical Hacker – it’s a contradiction in terms!”  This really pushed my button.  Clearly the fellow equates “hacker” with “criminal.”  This is fallacious.

A hacker is a person who investigates how things work, at least in part for the joy of simply discovering how things work.  That is all.

The equation of “hacker” with “criminal” grew out of hysterical media reporting of early crimes and mishaps regarding computer networks.  The Morris Worm, one of the first “cyber security” incidents, grew out of experimentation that, admittedly, went awry.  But there was no hostile intent.

I was a “hacker” in college and I remain proudly a “hacker” today!  I still experiment with things to see how they work, see if I can break them, and see what I learn from how they break.

Hacking is only criminal if one takes criminal actions with it.  So too is, for example, driving a car.  And just as “driver” does not mean “criminal,” neither should “hacker.”