How do you describe your job to average people?
I say I run the security assessment practice at Novacoast and, after the blank looks, I then say, “OK, clients pay me to break into their computers.” Then I get, “Oh, OK, now I get it. Cool how do you do that?” Conducting penetration testing or ethical hacking is what the industry calls what security experts do to test a computer network for security holes or vulnerabilities. I look at it more as an art form, and so run this test, check the results and repeat. You have to be able to analyze the results of the tools you are using and be able to adapt.
Why did you get into IT security?
In the last 10 years, I was helping clients secure their networks from attacks. From this point on, I was heavily involved in IT security. It is fascinating to me to see how things work and to see if I could go around network defenses. The more I learn, the better I am at helping clients better protect their own networks.
What was one of your biggest challenges?
Talking to clients about the need to secure their networks. I often hear, “It won't happen to me.” And I tell them, “It's not if but when.” There are a lot of people looking to get into other people's networks to steal, cause harm or just for the thrill of it. These days it is mostly to steal IP, credit cards or to get a competitive edge in the marketplace.
What keeps you up at night?
I give a lot of speeches throughout the county on IT security, and people come up to me and ask how much IT security costs. I tell them it depends on how valuable the information you are trying to protect is. There's a price on your data. If you lose company plans or financials, it can have a dramatic effect on the company. Changing data is a huge threat. If a cyber criminal gets into your network and changes your pricing, for example, that would affect the bottom line or stock prices.
For what would you use a magic IT security wand?
Encrypt everything. I know that is a broad statement. I have been involved in many investigations where data was compromised and if the data was encrypted the loss both financial and company reputation would have been minimized greatly. If you look at a company like TJ Maxx and others that have had great loses their reputation was tarnished and customers lost faith that the company would keep there credit card data secure. It's very have to win that trust back. If you don't take proactive steps to secure your customers' data, then the damage could be detrimental or even worse.