Security professionals have to make a lot of judgment calls. For example, if you perform a penetration test against a Web site, you would also instinctively assess the routers and DNS servers as well. However, judgment sets in because you should know that the client might not have the authority to give you permission to assess those devices, as those devices may be owned by the Internet service provider, and you might be committing a crime by testing them. This is just one specific example of how judgment would override instinct. There are other reasons why judgment is important. While Cuthbert may not have had intent to cause damage, he did. While he might not have caused damage to the Web site itself, if he made one mistake, he very well could have. His actions did attract the attention of the administrators of the fund-raising site, and they had to use their resources to figure out what Cuthbert was doing. It is not up to them to figure out his intent, so they contacted the police about the breach, which could have potentially been part of a massive credit card or identity theft attempt.

Everybody theoretically did what he was supposed to in response to Cuthbert's actions. This cost a great deal of resources (well more than the $1,700 fine he is ordered to pay), whatever his intent was, and Cuthbert should be accountable for it. Again, all this could have been avoided if he applied "judgment" and used nonintrusive methods for investigating the legitimacy of the site in question. If security professionals cannot exercise judgment, and know when they might theoretically be crossing a line, and resort to other than direct methods of performing their work, they are not qualified to be security professionals.

Cuthbert's new employer was quoted as saying that his case demonstrates that the Computer Misuse Act is untried and untested, despite the fact it has been in effect since 1990, because it doesn't account for intent. There are few laws where intent matters, and the fact is that it shouldn't in most cases. When you cause people to react to what is a crime, you cannot expect people to stop and just forget about it because the crime was just a mistake on your part. Even if Cuthbert's conviction is overturned on a technicality, the damage has been done. What happens to Cuthbert himself remains to be seen. Some people who are burned by their poor judgment exercise better judgment in the future. Cuthbert could make a good security professional. If, however, he is treated like a computer counterculture hero, he will be rewarded for exercising bad judgment, and will probably look for future opportunities to do so. That's up to him.

However I have my doubts as Cuthbert refers to people who dare question his opinions as "desperate wannabes" who are "nobodies in the security field." So take the advice from this desperate wannabe and nobody, that it's up to you to determine to what extent judgment matters for you and your company.