Getting inside the minds of ethical hackers

Dan Hatch gets to know some ethical hackers, learning what makes them tick and how they can help businesses by attacking them.

It's "a little disheartening," McLaughlin admits, but the most common mistakes made today like lazy passwords are the same mistakes Wood was pointing out to clients 20 years ago.

Wood advocates the use of passphrases instead of passwords claiming they're both easier to remember and infinitely harder to guess.

"This would, in one stroke, remove the single largest vulnerability we find as internal testers and firms won't do it," he said.

"Beyond that we need to understand that the programs we are running in 2011 are very different in quality from the programs we were running 10 years ago."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

As the IT world continues to change, so too do the challenges faced. Three factors in particular have changed the nature of security dramatically in the past year.

"The first is cloud services, the second is consumerisation where staff are increasingly being allowed to use their own equipment in the corporate environment and the third is social networking," Wood said.

IT decision-makers need to look closely at their legal and security requirements before signing up to the cloud, he warned.

"For instance, if I have personal, identifiable information about citizens in Europe, the Data Protection Act will apply to me," he continued.

"If I arbitrarily choose a cloud provider on the basis of cost alone and upload that data onto their servers without identifying where those servers are located, I can immediately be in breach of data protection legislation."

This would also make it harder for ethical hackers to test data security. That said, if anyone can find a way to make it work, it's likely to be Wood.

Advertisement - Article continues below

An old head for modern times

At 58, he has spent a lifetime tinkering with computers. It is a career that found him, not the other way around. He was never an illegal hacker. He never formally studied it. His interest and abilities evolved along with computers themselves.

"I was always interested in technology, even as a small boy," he said. "I was the kind of kid who pulled something apart to find out how it worked."

A good student, Wood's world was rocked at the age of nine when his father committed suicide. He was still top of the class at his Sussex school at age 11, but by 16 he railed against authority and dropped out. Today, his long grey ponytail betrays his past as a slightly wild child of the 60s.

Advertisement
Advertisement - Article continues below

It's like being the combination of Sherlock Holmes and a naughty schoolboy

His first job was with a hardware firm in Horsham, working on systems for BBC radio and television. He studied electronics. He came across his first computer in 1970 working for a company called Computing Techniques, testing industrial control analogue-digital hybrid computers.

Advertisement - Article continues below

"That suited my personality enormously well because I've always preferred trying to break things to trying to make things," he said.

Over the years he worked with computers and systems for various companies even spending some of the mid-70s installing systems behind the Iron Curtain in Poland before opening his own consultancies.

He has seen computing change from a world where data was loaded one byte at a time, by switches, through to the internet age where gigabytes can be sent across the world at the click of a mouse.

Wood said he particularly loved ethical hacking because "it's like being the combination of Sherlock Holmes and a naughty schoolboy".

"You are actually making systems more secure, which in turn makes the average citizens life secure, in the long run," he said.

It's also a growth industry and one Wood encourages young people to consider.

Advertisement - Article continues below

"There's no greater thrill than being with [co-worker] Andy when he gets into a secure data centre just by using his voice, or being with Mike when he gets into the most sensitive data in a worldwide legal firm and gets it within ten minutes," he added.

"It's exciting. It's like a multi-dimensional crossword puzzle."

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/cloud/microsoft-azure/354771/microsoft-azure-is-a-testament-to-satya-nadellas-strategic-nouse
Microsoft Azure

Microsoft Azure is a testament to Satya Nadella’s strategic nouse

14 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020