I have a proposal for a new "Hacker Hat"

The Blue Hat Hacker.

I know this is kind of silly, but I feel a definition and a back-story are in order. Last night, while having dinner with the family, I was discussing my job as the InfoSec officer at my place of employment. This is a relatively new job description for me, as I was originally hired to be the WAN engineer. So I was telling my wife about running a port scan against a server to check for security holes when my eight year old daughter asked me "Daddy, shouldn't you be wearing a blue hat or something when you are at work?"

"Why would I do that honey?" Was my reply

"Because don't security people wear blue hats when they're at work? All I see you wear is your tie."

Ahhh.....from the mouths of babes. What a perfect analogy for what I do given the current white hat/black hat division of hackers.

So my proposed definition is as follows:

"A blue hat hacker is an information security professional who employs the tools and methods of hackers and crackers against networks and systems for which (s)he has some measure of responsibility. The purpose of conducting said hacks is to find security vulnerabilities and mitigate threats before exploitation can occur from other sources."

So, two years from now when you hear someone call themselves a "blue hat" you can smile smugly to yourself and say "I knew what blue hats were on day 0. February 1st, 2003. The term was coined by Thread_Killer, thanks to his eight year old daughter."