Marcus has a long post on hacker mythology — I don’t have his depth of experience on it, but I’ve had a little exposure.
Back in the 80s/90s, I was on the edge of hacker culture. I was cracking games, I was doing a little phone phreaking, I was poking around in that culture, reading the magazines and trying stuff out. My general impression: “This is easy.” A little knowledge about computers — an epiphenomenological sort of knowledge — was easily amplified into some success in breaking into things. I talked with “hackers” online, and was unimpressed. They could talk a good game, but they didn’t understand much. Their primary skill was in bragging.
Then I got a job as a systems manager for an academic unit, working with VAXen for a lot of scientists who just saw them as tools to get a job done, and they needed someone to take care of keeping everything running smoothly. I worked at that for a couple of years. General impression: “This is hard.” You had to dig deep to understand how to prevent harm to the system. Those were big complex operating systems, and you knew all it took was one of those idiots I used to be reading about some hole in one of many subsystems to take advantage, so you had to read everything and keep up with all those DECtapes that came rolling around with technical issues.
I pretty much lost all respect for so-called “hackers” fast, and have never seen the virtue of hiring hackers to improve security. You don’t hire people who know how to smash things with hammers to enhance the security of locks — they don’t know anything you don’t.