Dirty IT job No. 3: Enterprise espionage engineer (black ops)
Seeking slippery individuals comfortable with lying, cheating, stealing, breaking, and entering for penetration testing of enterprise networks. Requirements include familiarity with hacking, malware, and forgery; must be able to plausibly impersonate a pest control specialist or a fire marshal. Please submit rap sheet along with resume.

Social engineer, con artist, penetration tester, or white hat hacker -- whatever you call it, Jim Stickley has a dirty job that actually sounds like fun. As VP of engineering and CTO of TraceSecurity in Baton Rouge, La., Stickley gets to talk his way into a client's offices, sneak into their datacenters, make off with the company's vitals, then come back later to show them where their internal security broke down.

[ Fortips on penetration testing, see "How to think like an online con artist" ]

The best part? He gets to wear disguises. Pest control specialist, AC repairman, OSHA inspector -- Stickley and his crew have a closet full of uniforms. But fireman is a particular favorite. "At one place you're the fire inspector, and girls fall all over you," Stickley says. "The next place you're wearing the pest inspector suit and you're the scum of the earth."

First, Stickley and his team take over the company's e-mail system and schedule an appointment. Then they show up in the appropriate fake attire. Whoever has been assigned to watch them usually leaves after about five minutes, Stickley says. If not, they send her out to get them coffee or offer to show her a (fake) dead mouse they found in the corner. That usually does the trick.

Once she's gone, they sneak into the security room and take all the backup tapes, load Trojans onto the servers, or plug wireless devices into the network and hack it from the parking lot.

"If we can get the backup tapes, we're done," Stickley says. "Every piece of data you'd want – mothers' maiden names, Social Security numbers -- is on those tapes. We've also walked out with computers, boxes filled with loan documents, and applications for patents that have been drawn up but not submitted. It's amazing."

Stickley says he's penetrated more than 1,000 locations and has yet to be thwarted. The dirty part: Coming back the next day to face the people you just 0wned.

"You feel dirty, if nothing else," Stickley says. "People come up to you and they're mad. 'I can't believe I got you a cup of coffee.' But ultimately you're just trying to help them out. Nobody gets fired for screwing up. The whole point is to learn from the experience."

There's at least one person who doesn't gain much from Stickley's exercise in creative insecurity, however.

"I feel really bad for the real pest inspector," he says. "The next time he shows up, boy does he get beaten down."

Dirty IT jobs home | Dirty IT job No. 2: Datacenter migration specialist