The Unsettling Dynamics of Information Security and the Hacker's Economy

Balancing in-house and outsourced information security is crucial, as disgruntled experts may fuel a lucrative hacker's economy, posing serious risks.


Roshan Yacob George CISA CISSP CFE

12/27/20232 min read

man using MacBook
man using MacBook

In the fast-paced and ever-evolving landscape of information security, conversations often take unexpected turns, revealing the intricate dynamics that shape the industry. Recently, a friend of mine shared a rather intriguing encounter within the information security circle that shed light on the delicate balance between in-house expertise and external threats.

During a heated discussion with the Chief Technology Officer (CTO) of his company, my friend faced an unsettling ultimatum — the potential outsourcing of the entire Information Security team to external service providers specializing in managed security services. What caught my attention was his defiant response, threatening a mutual dissolution of the tech team if the Information Security team were to be disbanded.

Intrigued, I probed further, seeking to understand the rationale behind such a bold stance. His perspective was both eye-opening and thought-provoking. According to him, the work of Information Security is not confined to the boundaries of a company. Instead, it operates on a spectrum that transcends organizational walls. If the team operates within the company, they work for the company's protection; however, if they operate outside the company, they could potentially work against it.

This assertion raises a critical question about the potential consequences of letting go of information security professionals. What happens when these experts find themselves unemployed or disgruntled? The answer, my friend argued, lies in the emergence of an unsettling reality — the hacker's economy.

In the hacker's economy, former information security professionals, armed with their knowledge and skillsets, may find lucrative opportunities on the darker side of the digital realm. It's no secret that hackers often command higher earnings than their counterparts who uphold the cybersecurity fort within organizations. With the allure of substantial financial gains, some may be enticed to cross the ethical boundary they once defended.

This raises concerns not only about the immediate security risks posed by disgruntled former employees turned hackers but also about the ethical dilemma faced by professionals in a field where the boundaries between defender and adversary are fluid. The very individuals tasked with safeguarding sensitive information may, under certain circumstances, become the very threat they were hired to protect against.

As organizations grapple with the decision to outsource their information security functions, they must carefully consider the potential repercussions and the broader implications for the industry. The delicate balance between internal expertise and external threats requires a strategic and thoughtful approach to ensure the ongoing protection of valuable assets in an increasingly interconnected world.

In conclusion, the conversation with my friend unveiled not only the vulnerability within organizations contemplating outsourcing their information security but also the intricate interplay between professionals, their roles, and the broader hacker's economy. As we navigate the complexities of information security, it becomes crucial to recognize the symbiotic relationship between defenders and potential adversaries and to address the underlying issues that may contribute to the emergence of a shadowy economy thriving on digital vulnerabilities.