From his column: “Of course the idea of teaching someone how to hack almost always generates a negative visceral reaction, because the assumption is that you intend to teach someone how to become a criminal. I’m certainly NOT arguing that we raise a generation of cyber-criminals. However, an understanding of hacking no more makes a criminal than an understanding of karate makes someone use the discipline maliciously. Either skill has the potential to be misused for bad things, but likewise, each skill can also make the student better prepared if and when bad things happen."
A hacker’s mentality is needed in order to provide good security, he argues. Adding that, “without such skills and experience it’s hard for security teams, much less a consumer, to be anything more than a foil for marketing departments and one more sitting duck for the bad guys to hit.”