Q&A with the ambassador
When and why did you first become interested in hacking?
From an early age, I was drawn to fundamental questions and enjoyed solving problems in as many creative ways as possible. I first realized passwords could be cracked when I got access to the internet back in school. Around that time, I got into Counter-Strike 1.6 and learned about cheats for the game, which reinforced my belief that there are always unconventional ways to achieve a desired result.
From an early age, I was drawn to fundamental questions and enjoyed solving problems in as many creative ways as possible. I first realized passwords could be cracked when I got access to the internet back in school. Around that time, I got into Counter-Strike 1.6 and learned about cheats for the game, which reinforced my belief that there are always unconventional ways to achieve a desired result.
What tools and programs do you use in your work?
I use a wide variety of tools. For security assessments, I mostly use Burp Suite, Acunetix, Nessus, and various Kali Linux utilities. For red teaming, I use either a custom-built or commercial C2 server, along with a mix of custom, sophisticated tools and simpler tools designed to mimic user behavior naturally.
I use a wide variety of tools. For security assessments, I mostly use Burp Suite, Acunetix, Nessus, and various Kali Linux utilities. For red teaming, I use either a custom-built or commercial C2 server, along with a mix of custom, sophisticated tools and simpler tools designed to mimic user behavior naturally.
What skills are essential for a successful career in cybersecurity?
I believe persistence, passion for your work, and strong communication skills are key to a successful career in any field, including cybersecurity.
I believe persistence, passion for your work, and strong communication skills are key to a successful career in any field, including cybersecurity.
How do you keep your skills up to date?
When I find myself buried under too many management tasks, I turn to a cyberrange or vulnboxes. I also make it a point to stay hands-on, not just as a leader but as a senior member of the team.
When I find myself buried under too many management tasks, I turn to a cyberrange or vulnboxes. I also make it a point to stay hands-on, not just as a leader but as a senior member of the team.
What qualities are most important for an ethical hacker?
- Understanding the logic and structure of the system being tested. This requires extensive knowledge and perspective.
- Being useful. Many beginners get a thrill from finding bugs—and that's great—but it's important to remember the business context. The real value lies in clearly explaining the impact of a vulnerability and how to fix it in a way that makes sense to the client.
- Knowing when to stop. Hackers are often overzealous. Sometimes it's better to take a break, step back, and think things through instead of pulling an all-nighter, making a careless mistake, and getting caught by the blue team.