What: At the RSA Conference in San Francisco, a panel featuring Kevin Mitnick, cyber-savvy attorney Jennifer Granick and Mitnick's prosecutor, Christopher Painter, debated whether IT shops should hire security personnel with criminal records.
FUDFactor: Enterprises should hire security personnel based on each person's history or professed intentions.
FUDBust: The debate between Mitnick and his prosecutor raised important ethical issues. But unless the person you're hiring has a record and is honest about it, you might not know if he or she has engaged in illegal activity. Do your own homework before hiring. Take a lesson from contributor Jonathan Feldman and run background checks. Afterward, monitor network activity on all employees, being sure to notify them first. And deploy internal security so all system access is restricted and monitored. You can't know what people are thinking. All you can do is consider the possibilities.