But by no means, he emphasized, is the recommended or most effective route. Of the hundreds of people he knows in the security world, none were ever black hats. (In computing lingo, black hats are those who penetrate computers without authorization for profit, fun or protest. White hats, sometimes called "ethical hackers," are computer security professionals hired by companies whose intent is to keep computers and networks safe.)
"It's a bit of a myth, I think that you have to go down the black hat route," he said.
Dan Kaminsky, a computer security consultant for Seattle-based IOActive, Inc., who unveiled a major Internet flaw to the security community last summer, agrees.
"Building a serious career is about giving people reasons to hire you, not reasons not to," he said.
He also highlighted that hackers will likely make less money because the firms hiring them know that they're likely blackballed from other companies.
The public only hears about the hackers that went on to successful careers -- not the ones that never recovered from digital transgressions -- but they're hardly in the majority.
"It's easy to blow something up. But how many people can really crank down to do substantial research to help remedy a problem?" he asked. "That's harder, that makes it more impressive."