While some security experts learned their craft in the government sector or through school, many of today's consultants and researchers were yesterday's hackers. In many cases, the person may not have done anything illegal, but in other instances, it was a matter of not having been caught, Mitnick said.
Of course, the missing irony here is: Are you sure you want to hire a hacker that got caught? Obviously, if you hacked computers, and got caught, you must have overlooked something while you were doing your thing, no? Industry pundits may have it right when they say that convicted hackers have nothing to add to the security mix, but for the wrong reason. Saying that the hacker community has nothing to add to the 'security posture' of the network as a whole may be wrong, but it turns out that this can be a completely different statement than saying "We don't hire ex-con hackers".