Halifax seeks 'ethical hacker' to test its IT systems

Halifax is looking to hire an "ethical hacker" to test the security of the municipality's IT systems.

According to a tender document posted Monday, the city is looking for an IT security firm to assess HRM's infrastructure, practices and policies in order to "identify vulnerabilities that put the municipality at risk," as well as to recommend actions to mitigate those risks.

"[It's] just to make sure our systems don't have any security gaps," said Phillip Evans, manager of technology and infrastructure.

The municipality hires an IT firm to test its systems every couple of years, Evans said, but the specific timing of the assessment is kept under wraps.

"I know when it's happening," he said. "But I don't bother sharing it because I want to test our response to it."

Halifax Regional Police is one department that depends on regular security checks, which are required to continue to have access to a national police database.

Some of the past problems identified involve infrequently changed passwords or security fixes issued by software manufacturers that weren't up to date.

In the past, Evans said the municipality has been able hire a local ethical hacker, as well as one from Ontario.  

The tender document states anyone interested in the work has to be certified as either a certified information systems auditor (CISA), a certified information systems security professional (CISSP) or a "certified ethical hacker" (CEH).  

Interested companies have until Feb. 20 to submit a bid.