IT pros have reservations, but ethical hackers are becoming a fact of life.

Ethical hacking. That phrase may seem incongruous to some, but for others it's an essential component of their IT strategy. Whatever your reaction to the concept of ethical hacking, everyone agrees that someone, authorized or not, is trying to break into your IT infrastructure.

"You want the good guys to find the security holes before the bad guys do," says Jack Koziol, program manager at the InfoSec Institute, an organization that certifies security professionals. "If your people are not doing it, someone else will -- and that someone won't be on your side," he says.

It's not just about keeping that nefarious "someone" out. Nabbing a successful perpetrator -- or even simply knowing that a break-in has occurred or is being planned -- is too often well beyond the technical scope of many IT departments. Even worse, when a break-in is discovered, most IT professionals don't know how to secure and preserve the evidence needed for the forensic analysis and prosecution.