• 		Enterprise Infrastructure
  Data Centre Servers and Mainframes Storage and Storage Sub-Systems Operating Systems Systems Management Peripherals Virtualization

• 		Communications Infrastructure
  Network and Management Planning Performance Management and Monitoring Network Devices Unified messaging Carriers and Cellular Wireless LAN

• 		Information Architecture
  Service Oriented Architectures Messaging and Collaboration Databases Data Warehousing Identity Management

• 		Integrating IT
  Development Environments Tools and Languages Project Management Middleware / Utilities Outsourcing and Application Service Providers (ASP)

• 		Departmental and End User Computing
  Personal Systems and Peripherals Personal and Portable Devices Personal and Office Productivity Applications Small-Area Networking (SAN) Help Desk and End-User Support Mobile Applications Future Technology

• 		Enterprise Business Applications
  Enterprise Resource Planning (ERP) Business Intelligence and Data Mining Enterprise Portals Open Source and Linux Online Retailing and Ecommerce Customer Relationship Management (CRM) and Customer Self-Service Supply Chain Management (SCM)

• 		Security
  Security Products, Practices and Infrastructure Disaster Recovery / Business Continuity Hacking and Viruses Alerts, Patches and Fixes Privacy Issues

• 		Voice Data and IP
  Carriers and Service Providers Protocols and Standards Hardware, Software and Emerging Applications Regulatory Issues

• 		IT Workplace
  Human Resources Issues Hiring and Retention Careers and the Job Market Salaries and Benefits Education and Training Consulting and Contracting Knowledge Management Knowledge Worker Tools

• 		Leadership
  Issues for CIOs Budgeting / IT Alignment Value Management and ROI Human Capital Management Best Practices Industry News IT Executive Development

• 		E-Government
  Case Studies and Best Practices From Canada and Internationally Legal and Government Policy Issues Management Issues Privacy and Security

• 		The good the bad and the ugly
  The good The bad and the ugly Useful and fun tips

• 		Green IT
  E-Waste and Recycling Hardware lifecycle management Power and cooling Paper and printers Green thinking

• 		News Briefs
  Breaking News

• 		IT Women
  Training and development Profiles Opinions and commentary Global perspectives

• Blogs

• Salary Calculator

• IT Executive Development Series

• Video Library

• IT World Canada Technology News Daily ITwire Global Newswatch

• Slide Show Library

• White Papers

• Product Reviews

• Careers

• ITWorld Canada RSS Feeds

This hacker wears white

Advertisement

He could have conquered the world with his superhuman powers, but Clark Kent chose to be on the good side, beckoning his Superman alter ego to defend the weak.

The so called “white hat” hackers of the IT world, like the Metropolis Man of Steel, could also have turned bad and joined the havoc wreaking dominion of IT’s dark side; instead, they use their technical flair helping companies strengthen their defenses against malicious attacks.

Twenty-three-year-old Paul Haas’s job title is “security engineer” but simply put, he is a hacker by profession. He hacks into corporate systems and seeks out vulnerabilities that can be exploited. But he does it as a service and with the knowledge and permission of the subject company.

“Using the knowledge I gained through research and vulnerability gathering, I prepare a report that itemizes the risks of each of those vulnerabilities and the priorities in terms of what should be fixed first,” explains Haas, who works at Redspin, a security consulting firm in Carpinteria, Calif.

Haas has only been with Redspin less than a year, but he’s no stranger to IT security. During his undergraduate studies at the University of California Santa Barbara (UCSB), Haas got involved and worked at the university’s computer security research lab, alongside various post-graduate researchers.

At 22, he was one of the youngest and the only undergraduate among a team of IT researchers that won at last year’s Def Con Capture the Flag contest.

Capture the Flag is a hacking competition where each team is given a set of computer systems with built in security. The object is to break into as many of these computers as possible within a prescribed time period.

Haas says winning Def Con was one of the best things that happened to him. “Once you compete with a really good team, you can actually say that in an instant…that’s the highlight of my career.”

Advertisement

Shortly after winning Def Con, Haas earned his Bachelor’s Degree in Computer Science and worked for Redspin. His accomplishment at the hacking event may have helped put Haas on the radar of potential employers like Redspin, but it was his research background that added trustworthiness to his credentials, says Redspin’s president John Abraham.

Abraham admits Def Con is not typically the place where his company would look for candidates, but when he heard about Haas’s work at the university research lab he knew Haas was working on the good side.