I noticed a pattern. An interesting pattern. You and I weren’t CS majors. The other two guys I had in mind when writing this (good, ethical, high achieving guys) weren’t either. I think one went back and got a CS degree.

Seems to me that having one, maybe two computer-talented non-CS majors on staff is an asset. It’s one reason I refuse to apologize for not having a CS degree.

I agree, when people say “hire a hacker,” they have one of (at least) three ideas: there’s the hacker definition of “jack of all trades,” a guy that can come up with “outside the box” solutions — scripts, tricks, and hacks, so to speak. Then there’s the hacker “security professional,” a guy that has certifications or knowledge specific to hacking as it pertains to security. And finally there’s the grey or black hat hacker, the kid they caught “breaking in” and trying to turn the tables on him by hiring him.

I currently wear the first two hats. I am my branch’s “outside the box” guy, to the point where people have no qualms about asking me to do seemingly impossible things, mostly because of seemingly impossible things I have delivered in the past. I’m the guy that turned our department’s three-day patch deployment system into an hour long automated one. These guys (and my opinion may be tainted) are invaluable. Looking outside the box and coming up with solutions that managers or other computer people may not have thought of or even understand can save companies tons of time and money. Like you said, these people rarely get to talk at meetings (I’m a good example of why they should not be able to do that). I work in a basement and they keep me away from the general public. When they want something they bribe me with drive space and energy drinks. So far, it’s working.

I am also the second kind of “hacker,” a security guy who runs tools and does testing and generates reports. As you either know or suspect it’s nowhere near as romantic as it sounds. At the end of the day it’s all numbers and data. I have people constantly worried that I’m looking at their e-mail or their data — trust me, I have so much to do, I couldn’t care less about viewing people’s personal photographs or e-mails. These guys are also a great asset to businesses. Farming out security scans can be almost as expensive as having someone do them in house, and there’s a certain amount of security in knowning that your findings are being kept internal. Plus, the better an auditor understands your environment, the better. You just have to make sure that the results you end up with are impartial.

We’ve all heard romantic stories of the third kind of hacker, the bad kid turned good, the kid who got caught with his hand in the cookie jar and, instead of prosecuted, given a job. This is a great concept in fiction, but in reality, it rarely works out. Human beings (generally speaking) rarely find a new wealth of morals by simply being offered a job. Someone that was willing to snoop around without authorization is likely to do it after you hire them, too. Like you found out, these kinds of hires rarely turn out to be very trustworthy. Chances are before long they’ll be digging into your business, or into someone else’s using your resources.