Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
7/6/2017
11:00 AM
Tim Prendergast
Tim Prendergast
Partner Perspectives
Connect Directly
Twitter
LinkedIn
RSS
50%
50%

Security Experts & Hackers: We're Not So Different

Using the similarities among hackers and security programmers can be an advantage.

Many of us who work in cloud security are driven by a common goal: catch bad guys. We're not Harry Bosch putting the screws to some perp in the interrogation room, or laying on a rooftop to pick off an enemy at far range. But we know the damage that can be done by a malicious hacker, and we want to stop it. What's more, we have the ability to stop it ... or at least, we think we do, and this is why we deal in the science and art of technology security.

Interestingly, the mindset of a hacker and a security expert is in many ways quite similar. So is our training. In fact, the daily experience, tactically speaking, is almost indistinguishable. Our world is code, projects, delivery, iteration, many failures, and ultimately (hopefully) the big win. We don't intend to inflict harm as hackers do, but we are all intrigued with the pursuit of complex tasks that require analytical thinking and creative approaches. As perverted as it may seem, I'm sure hackers become overjoyed upon learning they've entered a network or accessed data not meant for them. Yet, in a similar way, the best security professionals experience the same feeling upon delivering a solution that will identify hundreds of misconfigurations across an entire enterprise.

I don't mean to suggest we are kindred spirits in a collegial way. While there are parts of our brains wired in similar fashion, we are most decidedly pitted against one another towards very divergent goals. But having this same type of mindset helps security programmers be more effective at understanding and identifying how to create effective security and compliance solutions to thwart even the best hackers. The feeling of success at having done so is what fuels so much of this work, and it's how the best security products are built.

Security developers and hackers both have a mission. They have training, knowlede, and are dedicated to their pursuits. Consider this when building your security team, and when identifying how to secure your cloud environment. The algebraist Carl Gustav Jacobi advised: "Invert, always invert." In other words, think backwards to figure out a solution. Programmers, irrespective of their proclivity for good or ill, approach their goals in the same way; that mindset will be a huge advantage for the good guys on your team who are pursuing hackers.

No one can truly appreciate security if they aren't participating in it. If you create an environment where security is part of the general mindset, it reminds your experts that you think security, in all its forms, is important. It also creates an alert atmosphere, which is precisely what is needed to reverse-engineer the devious thinking of hackers. There is no morality tale here; those with a good yardstick for right and wrong can see the twistedness of a ransomware attack. They may also appreciate the creativity in how it was engineered. But admiration is followed by a take-down mentality. There is victory in knowing that you didn’t let the bad guy get away with it. You’ve put your abilities to the task and have become the hero in the story.

Detectives and investigators hopefully don’t have experience doing the things they seek to prosecute. HR might have a thing or two to say about the homicide division hiring murderers just because they can put themselves in the suspect’s shoes. But technology is different; perhaps the right analogy is something like Hogwarts. Students are given a foundation in wizardry, the same foundation, but they might choose to use that knowledge for evil rather than good. That damn Lucius Malfoy and his beautiful, flowing locks of white hair.

Hackers get smarter and bolder every day. Correspondingly, so must the people trying to prevent security breaches. Environments that prize tinkering and problem solving will be able to build teams that prevent the pursuits of hackers. In using similar thinking to that used by hackers, you will help create a team that understands how to protect your assets, can identify the right security automation and compliance platforms to use, and will make your organization stronger in its pursuit against the dark hats.

Tim Prendergast co-founded Evident.io to help others avoid the pain he endured when helping Adobe adopt the cloud at a massive level.  After years of building, operating, and securing services in Amazon Web Services, he set out to make security approachable and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.