Sophie Pingor, aka Jek Hyde, was clearly not the prototypical pen tester or hacker when she left the University of North Texas with a journalism degree some five-plus years ago.
Pingor worked on the school newspaper and then after college started working at KERA radio in the Dallas-Fort Worth area. It was there that she became interested in security, volunteering for stories about the latest breaches.
“I was very interested in the science and technology beat, so whenever a story about hackers came up I would volunteer for it,” Pingor said. “Through that I made connections in the Dallas hacker community where I was living at the time and they were the ones who introduced me to social engineering and physical penetration testing.”
Pingor, who now works on the Walmart global red team specializing in physical security, never thought she would have pursued this career. A friend suggested she take on a physical penetration test he didn’t want to do and from there she was hooked. Her methods were all based on human vulnerabilities, but after her first job, she started educating herself on physical security bypass methods.
“If you had told me five years ago that I’d end up running penetration tests on Fortune 500 companies for a living, I would have said you were crazy,” she said.
Pingor focuses exclusively on penetration tests on Walmart and its brands, not on other companies. She said, given Walmart’s size, the red team stays very busy year-round, though she couldn’t offer hard numbers.
“But I can tell you that offensive security professionals around the world in all industries are finding and reporting major exploits,” Pingor said.
Pingo believes she’s one of the only non-technical people on a major corporate red team. Trying to break into the largest company in the world leaves a lot of ground to cover, which is why Walmart hired someone to solely focused on social engineering and physical penetrations.
While Pingor focuses on physical break-ins, she does have some IT skills and her writing background comes into play. For social engineering to work, she must develop believable stories. Most of the time she’s creating an illusion to back up the story she’s going to tell someone when the time comes to “go live” with a campaign.
“The background work includes making fake websites or fake accounts on social media sites and building up a history for the business or person I’m claiming to be,” Pingor said. “So, there might not be room for someone with my skillset on every team, but I’m grateful there is on this one.”
When she started at Walmart, sitting in team meetings, Pingor felt like she was stranded in a country where everyone was speaking a different language. Her initial philosophy was: “I’ll break in and get you to a computer. You do the rest.” But then she began to get curious about the work Walmart’s business partners and other tech teams did.
“I realized that as cool as breaking into a server room was, the work they were doing was made the biggest impact,” Pingor said. “I’ve made more of an effort to study the cybersecurity side of the house since then. I hope I grow up to be a 1337 haxor one day, but for now I’m starting to feel like I am conversational in more technical crowds.”
Even if she’s not breaking into buildings in five or 10 years, she sees herself stiill with Walmart doing information security.