Welcome to The Intelligence Group

Is there a place for ex-cops among the ranks of your IT staff?

Jun 22, 2001
John Connell
© 2001 TechRepublic, Inc.

If you spread out the resumes of your IT personnel across the conference room table, chances are good that you would see a striking and diverse range of education levels, interests, and work experiences. While many people would agree that any effective department within an organization thrives from a diverse workgroup, opinions waver when it comes to the efficacy of IT workers with law-enforcement backgrounds.

At first glance, a law-enforcement background may seem a fitting skill set to address some of your firm’s security issues. However, in the long term, keeping ex-cops on the IT payroll could prove counterproductive in the wake of a cybercrime. Before you recruit someone based on his or her past experience in law enforcement, check out what some experts say about these types of IT pros.

The insight of ex-officers
When Jack Mattera, director of computer forensics and Philadelphia operations for The Intelligence Group, visited a client who had recently been victimized by a cybercriminal, Mattera was disappointed to find that the client had disrupted the chain of evidence needed for a proper investigation. The client had made a Ghost copy of the original, victimized drive and labeled it “evidence.” The problem is that she failed to use the forensic switches on Ghost.

“What she had was essentially a file-by-file copy, and that doesn’t get all of the leftover stuff. It doesn’t get erased files, slack on allocated space, and more importantly, you could never testify that it is a perfect bit-by-bit copy. There’s no evidentiary value to the copied drive at all.”

In Mattera’s line of work, he regularly encounters evidentiary foul-ups like this. In most cases, the in-house personnel have a clear understanding of the technology and what went wrong, but they’re oblivious to the legal procedures that can make or break a case down the road. Because law-enforcement officers have evidence instruction drilled into them during their training, Mattera’s convinced that there’s a place for ex-cops among the IT ranks of many enterprises.

“Ex-law officers are going to have key insight. For instance, consider a question like ‘Can we get these records from the ISP by search warrant or with a subpoena?’ There are civil
orders that you can get that rival a search warrant, but someone has to know that they exist and how to get them.”

More harm than good?
Staff members with law-enforcement backgrounds will undoubtedly have a clear understanding of chain-of-evidence and other legal procedures, yet their experience could also be counterproductive in the organization.

Mark Seiden, a security services expert with the California-based firm Securify, agrees that ex-cops on the IT staff would be effective liasions between the firm and other
“law-enforcement people.” However, Seiden also believes that strict, by-the-book evidentiary procedure may not be appropriate in some cases.

For example, if a firm loses its entire credit card database to a Russian hacker, the people within the company are going to be either in denial or in trauma. For most firms, the logical step is to get the FBI into the organization to investigate.

“But, this can be the worst thing to happen. You call the FBI in, and they’ll often say, ‘We’re impounding all your machines as evidence.’ They do more harm to you than the original offense. This [type of] response may not be what a firm wants in its [IT] department.”

Is it practical?

So do firms actually seek out IT workers with law-enforcement backgrounds? According to Jack Mattera—occasionally. The general trend among large firms, however, is to employ a general security director that handles all aspects of security—especially physical security—throughout the company.

“Sometimes this person knows enough to step in and do a systematic investigation and protect some of the evidence. What you don’t see a whole lot of is a specific IT security
director who knows all of the technical details working with the general director.”

Additionally, unless a firm is particularly vulnerable or subject to incidents, it might not make sense to add an ex-cop to your staff. Mark Seiden suggests that the one or two incidents that a well-prepared firm may endure per year probably don’t warrant an in-house vice squad.

“Of course, it’s important to have an incident response plan—and these law people could probably do it well—but that’s the perfect thing to outsource. You needn’t have somebody on staff that’s capable of that.”