I characterize myself as a retired hacker. I'm applying what I know to improve security at companies.

Social engineering is using manipulation, influence and deception to get a person, a trusted insider within an organization, to comply with a request, and the request is usually to release information or to perform some sort of action item that benefits that attacker.

Hacking was the only entertainment that would occupy my mind - like a huge video game, but with real consequences. I could have evaded the FBI a lot longer if I had been able to control my passion for hacking.

New security loopholes are constantly popping up because of wireless networking. The cat-and-mouse game between hackers and system administrators is still in full swing.

Should we fear hackers? Intention is at the heart of this discussion.

Hacking is exploiting security controls either in a technical, physical or a human-based element.

Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.

Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management.

I think it goes back to my high school days. In computer class, the first assignment was to write a program to print the first 100 Fibonacci numbers. Instead, I wrote a program that would steal passwords of students. My teacher gave me an A.

I'm still a hacker. I get paid for it now. I never received any monetary gain from the hacking I did before. The main difference in what I do now compared to what I did then is that I now do it with authorization.

For the average home-user, anti-virus software is a must.

Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically.

I don't condone anyone causing damage in my name, or doing anything malicious in support of my plight. There are more productive ways to help me. As a hacker myself, I never intentionally damaged anything.

My hacking involved pretty much exploring computer systems and obtaining access to the source code of telecommunication systems and computer operating systems, because my goal was to learn all I can about security vulnerabilities within these systems.

No way, no how did I break into NORAD. That's a complete myth. And I never attempted to access anything considered to be classified government systems.

If you go to a coffee shop or at the airport, and you're using open wireless, I would use a VPN service that you could subscribe for 10 bucks a month. Everything is encrypted in an encryption tunnel, so a hacker cannot tamper with your connection.

Our Constitution requires that the accused be presumed innocent before trial, thus granting all citizens the right to a bail hearing, where the accused has the opportunity to be represented by counsel, present evidence, and cross-examine witnesses.

I use Mac. Not because it's more secure than everything else - because it is actually less secure than Windows - but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems. I still work with Windows in virtual machines.

Then again, my case was all about the misappropriation of source code because I wanted to become the best hacker in the world and I enjoyed beating the security mechanisms.

People are prone to taking mental shortcuts. They may know that they shouldn't give out certain information, but the fear of not being nice, the fear of appearing ignorant, the fear of a perceived authority figure - all these are triggers, which can be used by a social engineer to convince a person to override established security procedures.

The first programming assignment I had in high school was to find the first 100 Fibonacci numbers. Instead, I thought it would be cooler to write a program to get the teacher's password and all the other students' passwords. And the teacher gave me an A and told the class how smart I was.

What I found personally to be true was that it's easier to manipulate people rather than technology.

Anything out there is vulnerable to attack given enough time and resources.

Most people assume that once security software is installed, they're protected. This isn't the case. It's critical that companies be proactive in thinking about security on a long-term basis.

Computer hacking really results in financial losses and hassles. The objectives of terrorist groups are more serious. That is not to say that cyber groups can't access a telephone switch in Manhattan on a day like 9/11, shut it down, and therefore cause more casualties.

I love solving puzzles, I love finding my way around obstacles, and I love learning new things about technology.

Phone phreaking is a type of hacking that allows you to explore the telephone network by exploiting the phone systems and phone company employees.

I was hooked in before hacking was even illegal.

Once when I was a fugitive, I was working for a law firm in Denver.

A hacker doesn't deliberately destroy data or profit from his activities.

If I needed to know about a security exploit, I preferred to get the information by accessing the companies' security teams' files, rather than poring over lines of code to find it on my own. It's just more efficient.

I believe in having each device secured and monitoring each device, rather than just monitoring holistically on the network, and then responding in short enough time for damage control.

Garbage can provide important details for hackers: names, telephone numbers, a company's internal jargon.

Some people think technology has the answers.

I think malware is a significant threat because the mitigation, like antivirus software, hasn't evolved to a point to really mitigate the risk to a reasonable degree.

I have done a lot to rehabilitate my reputation.

Any type of operating system that I wanted to be able to hack, I basically compromised the source code, copied it over to the university because I didn't have enough space on my 200 megabyte hard drive.

I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%; we've always found a hole.

I was an accomplished computer trespasser. I don't consider myself a thief.

Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.

For the average home-user, anti-virus software is a must. A personal firewall such as Zone Alarm and running a program like HFNetcheck, which is a free download for personal users. It checks your system to see if anything needs to be patched. I'd also recommend a program such as SpyCop to periodically check for any spyware on your system.

Not being allowed to use the Internet is kind of like not being allowed to use a telephone.

So the ethic I was taught in school resulted in the path I chose in my life following school.

Oracle, for example, has even hired people to dumpster dive for information about its competitor, Microsoft. It's not even illegal, because trash isn't covered by data secrecy laws.

A lot of companies are clueless, because they spend most or all of their security budget on high-tech security like fire walls and biometric authentication - which are important and needed - but then they don't train their people.

What happens with smaller businesses is that they give in to the misconception that their site is secure because the system administrator deployed standard security products - firewalls, intrusion detection systems, or stronger authentication devices such as time-based tokens or biometric smart cards. But those things can be exploited.

I use Spam Arrest because of the amount of junk mail I get. Any legitimate person who wants to send me a message has to jump through hoops before they can be added to my opt-in list.

The best thing to do is always keep randomly generated passwords everywhere and use a password tool to manage it, and then you don't have to remember those passwords at all, just the master password that unlocks the database.

I happen to be notorious. That, I have no control over.

I don't know the capabilities of our enemies. But I found it quite easy to circumvent security at certain phone companies throughout the United States. So if an inquisitive kid can do it, why can't a cyberterrorist do it?