3 min read

The Dark Side of Shiny: Why Cybersecurity Experts are Moonlighting for the Bad Guys

The Dark Side of Shiny: Why Cybersecurity Experts are Moonlighting for the Bad Guys
Image generated with DALL.E.3

Imagine this: a seasoned security professional, let's call him Alex, sits down at his computer after a long day of patching vulnerabilities and fending off phishing attempts for his employer, a reputable tech firm. Alex is good at his job and highly skilled in the intricacies of digital defence. But tonight, instead of unwinding with a well-deserved beer, he logs into a secure chat program, a portal to a hidden world where his talents are desired for a very different purpose.

This, my friends, is the murky realm of moonlighting, a recent trend in cybersecurity in which experts like Alex offer their expertise—for a hefty fee—to malicious hacking groups. It's a disturbing phenomenon, a betrayal of the very oath cybersecurity professionals take to protect our data and digital infrastructure. However, we must delve deeper to understand why someone like Alex might be tempted.

The Seductive Lure of Lucrative Darkness

The world of cybersecurity is rife with talent shortages. Companies are scrambling to find skilled professionals to plug the ever-widening gaps in their defences. This translates to a seller's market, where top cybersecurity specialists can command impressive salaries. But here's the rub: that impressive salary often fails to match the sky-high figures dangled by malicious groups.

Imagine Alex, with years of experience under his belt, battling a nagging sense of being underpaid. He sees a flashy advertisement on a dark web forum – a king's ransom for his skills, a sum that could solve his financial woes in one fell swoop. The allure is undeniable, especially for those burdened with student loans or supporting families.

The Thrill of the Forbidden: Playing with Fire

Cybersecurity is a constant intellectual duel, a game of cat and mouse between defenders and attackers. Some experts, particularly those with a thirst for challenge, might be enticed by the prospect of testing their mettle against the best – the bad guys. It's the ultimate hacking puzzle, a chance to push their skills to the limit, but with a dangerous twist.

Think of it like this: Alex might be intrigued by the opportunity to infiltrate a system that even his company's defences couldn't crack. The thrill of the challenge, the satisfaction of outsmarting a formidable opponent – it's an intoxicating cocktail for some. But unlike a friendly hacking competition, the consequences of moonlighting are far-reaching and potentially devastating.

Shades of Grey? Not in the Black and White World of Cybersecurity

Some moonshiners might attempt to rationalize their actions. They might argue they're only targeting specific companies they deem deserving, those with lax security practices or a history of unethical behaviour. Perhaps they see themselves as vigilantes, exposing vulnerabilities and "teaching a lesson" to careless corporations.

But here's the harsh reality: ethical hacking operates within a strict code of conduct. There's a clear distinction between identifying vulnerabilities for remediation and exploiting them for malicious gain. Malicious groups have no such qualms. They'll use any tool or tactic to achieve their goals, often with catastrophic results.

Imagine Alex's code, designed to exploit a vulnerability in a specific company's system, ends up in the wrong hands. Malicious actors could modify it for a widespread attack, wreaking havoc across multiple industries. The potential for collateral damage is immense, and the ethical implications for Alex become undeniable.

The Looming Shadow: Why Moonlighting is a Threat to Us All

The dangers of moonlighting are multifaceted. Firstly, it weakens the defences of the good guys. Alex's expertise, honed on ethical battlefields, is now being used to craft offensive tools. This empowers malicious actors with a deeper understanding of security protocols, making it harder for defenders to stay ahead of the curve.

Secondly, moonlighting erodes trust in the cybersecurity profession as a whole. If companies can't be sure their cybersecurity experts are loyal, they'll hesitate to invest in the talent they desperately need. This creates a vicious cycle, making it harder to attract and retain top professionals.

Finally, moonlighting normalizes the idea of cybercrime. When skilled professionals like Alex lend their talents to the dark side, it sends a dangerous message. It implies that cybercrime is a viable career path, a perception that could entice others to follow suit.

The Path Forward: Shining a Light on a Dark Problem

So, what's the solution? The answer lies in a two-pronged approach. Ethical companies need to step up their game. Competitive salaries are necessary, but it's more than just the money. Fostering a culture of appreciation, offering opportunities for professional development, and creating a sense of shared purpose are all crucial elements in retaining talent.


The following blog post contains fictitious names, characters, and situations. It is not intended to identify or infer any connection with actual persons (living or deceased), places, buildings, or products. Any resemblance to real-life events, locales, or individuals, whether living or deceased, is entirely coincidental.