This study investigates the eects of incentive and deterrence strategies that might turn a security researcher into a malware writer, or vice versa. By using a simple game theoretic model, we illustrate how hackers maximize their expected utility. Furthermore, our simulation models show how hackers' malicious activities are aected by changes in strategies employed by defenders. Our results indicate that, despite the manipulation of strategies, average-skilled hackers have incentives to participate in malicious activities, whereas highly skilled hackers who have high probability of getting maximum payos from legal activities are more likely to participate in legitimate ones. Lastly, according on our ndings, we found that reactive strategies are more eective than proactive strategies in discouraging hackers' malicious activities.