In one of his latest posts Bruce Schneier refers to an interesting article authored by two Marylend University professors. They carried out interesting examination for their information security course. The idea was to provoke their students creative and out of the box thinking to break the american education system stereotypes. In order to pass the exam they had to cheat without been caught. While reading the article my thoughts went back to my students years in Bulgaria and I realized that I grew up in completely different environment. My memories contain countless cheating techniques and some of them were used in fact by the Maryland students. Yet one of the students approaches caught my attention and made me laugh – he suggested that he can fill up correctly only 10 of 100 digits and continue with random numbers for the rest 90, because no one will check every single digit and … he was right :D.
The main point behind that article according to me was that there were and will be people that cross borders and challenge the widely accepted rules. Those people have different mindset and the successful security specialist needs to adopt it. That’s why I think that it is more important to have an “ethical hacker” inside your organisation than having a “information security professional” (although I guess both have their places). Many people can argue that those are just words and terms and may be they will be right. However from my point of view “hacker” is still that curious, craving for knowledge and creative person that is capable to see beyond the accepted ways of making and using things. The same way “information security professional” from my point of view is a synonym of everything commercial and standardised in the modern so called “security field”.

The Maryland University professors (Gregory Conti and James Caroland) article is available on the following address:http://www.rumint.org/gregconti/publications/KobayashiMaru_PrePub.pdf