Ethical hackers have fun, earn oodles As director of the southeast region of X-Force Professional Security Services, Rick Belisle is paid to find flaws in companies' secured data

Ethical hackers have fun, earn oodles As director of the southeast region of X-Force Professional Security Services, Rick Belisle is paid to find flaws in companies' secured data

When he got access into a county prison system, he could have changed prisoner's parole dates on the prison database.

He gained access into the database of a Florida hospital and viewed patient billing information.

And after hacking into the system of an electric utility, he could have turned off power to an entire country.

But Belisle is one of the good guys. He and his team at IBM Internet Security Systems are what some may call ethical hackers. He is director of the southeast region of X-Force Professional Security Services, a team paid to find flaws in a company's secured data -- also known as penetration testers.

The X-Force can be hired to either try to hack into company information from their homes and see what data they can get their hands on. Or they will go on site to a client's office, plug into their network and see how much information a corrupt employee would be able to access.

The goal is to patch up the holes before actual Internet criminals take advantage of the weaknesses.

The companies typically tell the X-Force how far they are allowed to pry into the systems. Some will just want to see if they can peak in, and others, Belisle said, will say, "Go as far as you can go and don't stop until we scream mercy."

Since Belisle and his team are sworn to secrecy, he couldn't reveal details on the hacks his team has been hired to do. But when Belisle presented the results of the Florida hospital hack to the hospital's executives, he said he would never forget "the look of grief on their face because it basically impacted every aspect of their organization."

A perk about being on the X-Force is that everyone works from home, including Belisle, who lives in Stuart. But he said the downside is having to work vampire hours of 10 p.m to 6 a.m. so their hacking doesn't interfere with work during business hours.

"Typically the first thing we are going to target is poor coding in the applications," Belisle said. Once they get their foot in the door, they can jump into other systems and databases.

A penetration tester would need to have a strong programming application background, "whether they learn that on their own or they go to school for that, we don't care," he said.

And because technology is constantly evolving, job security is a guarantee.

Belisle said there hasn't been a system yet that he hasn't been able to access.

"Because every test is unique," he said, 'it almost becomes a personal challenge of 'I've got to find something.' "