The Industry of Ethical Hackers: Interview

December 20, 2017


facebook icon facebook icon

Hackers, allusive individuals that seems to have no limit to their technical abilities, at least that’s what TV and films would have you believe.

However, for many, hacking isn’t about bringing down the world’s financial systems as seen in Mr.Robot, or hijacking a fleet of cars to pull off an insane highest, as the latest Fast and Furious film demonstrates. No, for some it is a regular 9-5 job, for normal people who just happen to have an interest in technology and how things work.

Kelly Matt

Kelly Matt

To get a better understanding of what life is like as an ethical hacker, we spoke with Kelly Matt, a Managing Consultant at A-LIGN, a security and compliance solutions provider, who works on Penetration Testing for companies.

Prior to joining A-LIGN, Matt was Manager of Information Security for Recreational Equipment Incorporated (REI Co-Op) where he was responsible for both offensive and defensive security services. He led the teams responsible for security engineering, threat and vulnerability management, penetration testing, and cybersecurity incident management.

A-LIGN also host regular Ask Me Anything sessions on Reddit, which have had some interesting question with some equally interesting responses. Below are a collection of the top questions from their most recent AMA session, followed by a few question that The Sociable discussed with Matt personaly.

What misconceptions about hacking/the hacking community portrayed in the media frustrates you the most?

In seriousness, hackers are always portrayed as the evil person, and when you go to conferences like DefCon and hang out in the community, by and large, the community is people who are interested in how things work. It’s just people that are curious and have a different way in approaching problems. The demonization and the hooded individual in the media is way overdone.

The most common security advice I see is that everyone should enable 2-factor authentication everywhere it’s available. Does it matter which type of 2FA you use (SMS, authenticator apps, physical devices)? Are some of them more secure from various attacks?

Absolutely! Text messaging is actually very susceptible to attacks. Many government entities and compliance regimes are no longer allowing MFA to be text-based. As long as you get away from text-based MFA, you’re in a much better state. But if your options are nothing or text, I would still recommend using something additional.

Was hacking an interest of yours when you were younger? And if so did you ever use it to your advantage? For example, Bill Gates apparently hacked his school’s computer system to meet girls.  

Yes, I remember I was on BBS systems before there was an internet, and like others at the time, I was curious about computer networks and phone systems.  No, never used for my advantage.  Just young and inquisitive.

Slightly less to do with hacking, What technology are you really look forward to seeing develop over the next five years? 

AI and deep learning continues to be an area that will be interesting to watch over the next 5 years.  It seems like we may be on the precipice of some very interesting developments.  Especially when it comes to digital assets and systems controlling real physical systems.  However, I tend to lean more toward Elon Musk with my apprehension of how deep learning will impact our world as we continue to see the lines blurred between the logical and physical.

It is common for hackers to demand Bitcoin as payment for encrypted files after a ransomware attack. What are your thoughts surrounding Cryptocurrencies such as Bitcoin and how do you see them effecting hacking in the foreseeable future? 

As long as people keep paying the extortion demands, we will continue to see cryptochromes fuel the continued growth of ransomware based attacks.  However, cryptocurrency is really a subordinate topic when discussing “hackers”.  Really the best way to deal with the cryptocurrencies issue as it relates to extortion is to take away the leverage by managing systems effectively so you don’t fall prey to these attacks and never pay.


facebook icon facebook icon

Sociable's Podcast