7.2 Managing Security Hire White Hats (to Manage the Threat of Black Hats) 231 In general, a hacker is someone who is interested in finding and exploiting security flaws of IT systems and networks. The industry has stolen a paradigm from old cowboy movies to identify the good guys and the bad guys as white-hat and black-hat hackers. Black-hat hackers are those you generally think of with the term "hacker"--they're interested in security flaws in order to take advantage and abuse them--usually for profit, but oftentimes just to see what trouble they can cause. However, white-hat hack- ers are interested in security flaws as a way of identifying how security can be improved and how systems can be better protected. White-hat hackers are sometimes called "ethical hackers." Both white- and black-hat hackers have exceptional technical skills and are experts in operating systems, networks, etc. Many black-hat hackers become white-hat hackers when they realize that their skills should be put to use for good instead of evil. Some- times, jail time or a fine helps them see the light. Action 2: Get Upper Level Management Buy-In Security is an issue that impacts every level and every facet of the organization. CEOs