What Is A Certified Ethical Hacker? A Conversation With John Hammond

May 17, 2022 8:15:00 AM / by Ted Harrington

Tech+Done+Different+Podcast+banner+2 (1)

On this Episode of Tech Done Different with Ted Harrington, Executive Partner at Independent Security Evaluators (ISE)...

The protection of computer systems and networks against information disclosure, theft of or damage to their hardware, software, or electronic data, and disruption or misdirection of their services is known as computer security, cybersecurity, or information technology security. In this episode, Ted delves over cybersecurity attacks, defending against attacks by leveraging the skillset of a certified ethical hacker, and why staying calm during a cyberspace security breach is important. Don't miss out on this episode!


Here are three reasons why you should listen to the full episode:

  • Learn the advantages you have when you are on the defending side of a cybersecurity attack
  • Why do people take pride when labeled as a "certified ethical hacker"
  • Why educating the masses about cybersecurity and how it works is vital

Resources

Connect with Ted Harrington: Website | LinkedIn | Twitter 

 

Episode Highlights

The Advantages

[04:19] The initial advantages over a hacker are the logs, artifacts, and home-field benefits. 

[05:29] As defenders, we have information that the attacker must gain. They may be unable to do so, or they may be unable to obtain the information required.

[06:00] You put in some mouse traps, gimmicks, and decoys to waste the hackers' time so you can find them. So long as you set up the audits, assessments, and sensors appropriately, it's your host.

 

Hacking

[09:32] You don't have to advertise your status as a certified ethical hacker in a bold, chest-thumping braggadocio style to show your effort, work, and ability as a hacker. You're exhibiting tremendous pride when you say, "Hey, I'm a hacker." It happens when people want to learn more about cybersecurity and enter the field, whether through penetration testing, bug bounty programs, or other means.

[14:36] This defensive mindset is similar to yours, which is more akin to a hacker technique. Remember that ransomware, malware, and other threats are all software, and software contains flaws and errors. Malware flaws and vulnerabilities exist.

 

Crucial Role

[31:05] While some may believe discussing battlegrounds in cybersecurity is fun and games, the reality is quite different when genuine attacks or threats occur. Ted finds fulfillment in his profession as a certified ethical hacker, as it may appear as though he is simply tapping on his keyboard, but what he is doing is providing real-time protection to prevent more breaches in cyberspace security.

 

Powerful Quotes from this Episode

[03:04] "The attackers only need to be right once, and the defense has to be right 1000 times or all the time. I would turn that on its head and say it's slightly different. The attackers might only need to get right once, but I would argue that the defense also only has to be right once."

[04:22] You do a little detection, you track it down, and you find that you've got the logs, the artifacts, everything, and the bad guys are out of their elements when that incident happens. They are on your home turf, and you have the advantage here.

[09:08] There is an excellent understanding of the word hacker, like people who like to tinker, explore, understand, and want to know more about technology.

[15:28] If we did some due diligence and homework, reverse engineering how that malware worked. We could find some weird idiosyncrasy like a kill switch over finding that domain that would stop that.

[15:45] Think about command and control. It sends and receives packets and data. What happens if you send too much data? What if you started giving the wrong information? Is it as vulnerable as software built by skilled people? Isn't that odd if you try to mitigate the harm caused by faults and malware?

[22:21] The best way to learn something is to try and teach it yourself, and I would recommend being humble and transparent about that. Thankfully, in cybersecurity, I think in tech, that's kosher. There are no experts in cybersecurity.

 

About ISE

ISE is a boutique cyber security agency made up of skilled, certified ethical hackers helping SaaS companies defend against malicious attacks. See what we do on our website. You can also follow ISE on: LinkedIn | and Twitter. Listen to more episodes via our Podcast.

 

Subscribe to Our Blog

Stay up-to-date on the latest ISE and cybersecurity news.

We're committed to your privacy. ISE uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our privacy policy.