sponsored

Security Experts and Hackers: We're Not So Different

The similarities between hackers and security programmers can be an advantage; admire their ingenuity but with an unrelenting take-down mentality.

security experts hackers not so different
Evident.io

Many of us in cloud security are driven by a common goal: catch bad guys. We're not Harry Bosch putting the screws to some perp in the interrogation room, or laying on a rooftop to pick off an enemy at far range. But we know the damage that can be done by a malicious hacker, and we want to stop it. What's more, we have the ability to stop it...or at least, we think we do. This is exactly why we deal in the science and art of technology security.

Interestingly, the mindset of a hacker and a security expert is in many ways quite similar. So is our training. In fact, the daily experience, tactically speaking, is almost indistinguishable. Our world is code, projects, delivery, iteration, many failures, and ultimately (hopefully) the big win. We don't intend to inflict harm as hackers do, but we are all intrigued with the pursuit of complex tasks that require analytical thinking and creative approaches. As perverted as it may seem, I'm sure hackers become overjoyed upon entering a network or accessing data that’s not meant for them. In a similar way, the best security professionals experience the same feeling upon delivering a solution that will identify hundreds of misconfigurations – the holes in our security that make us so vulnerable – across an entire enterprise.

I not suggesting we are kindred spirits in a collegial way. While there are parts of our brains wired in similar fashion, we are most decidedly pitted against one another towards very divergent goals. But having this same type of mindset makes security programmers more effective at understanding and identifying how to create security and compliance solutions to thwart even the best hackers. The feeling of that success is what fuels so much of this work and it's the foundation of the best security products.

Security developers and hackers both have a mission. They have training, knowledge, and are dedicated to their pursuits. Consider this when building your security team and when identifying how to secure your cloud environment: The algebraist Carl Gustav Jacobi advised: “Invert, always invert”. In other words, think backwards to figure out a solution. Programmers, irrespective of their proclivity for good or ill, approach their goals in the same way. And that mindset will be a huge advantage for your team good guys as they pursue those bad guys.

No one can truly appreciate security if they aren't living it. If you create an environment where security is part of the general mindset, it reminds your experts that you think security, in all its forms, is important. It also creates an alert atmosphere, which is precisely what is needed to reverse-engineer the devious thinking of hackers. There is no morality tale here; those with a good yardstick for right and wrong can see the twistedness of a ransomware attack. They may also appreciate the creativity that goes into its engineering. But that admiration is followed by a take-down mentality. There is victory in knowing that you didn’t let the bad guy get away with anything. You’ve put your abilities to the task and have become the hero in the story.

Detectives and investigators hopefully don’t have experience doing the deeds they prosecute. HR might have a thing or two to say about the Homicide Division hiring murderers just because they can put themselves in the suspect’s shoes. But technology is different; perhaps the right analogy is something like Hogwarts. Students are given a foundation in wizardry, the same foundation, but they might choose to use that knowledge for evil rather than good. Damn that Lucius Malfoy and his beautiful, flowing locks of white hair.

Hackers get smarter and bolder every day. Correspondingly, so must the people trying to prevent security breaches. Environments that prize tinkering and problem solving will be able to build teams that prevent the pursuits of hackers. In using similar thinking to that used by hackers, you will help create a team that understands how to protect your assets, can identify the right security automation and compliance platforms to use, and will make your organization stronger in its pursuit against the dark hats.

Related:

Copyright © 2017 IDG Communications, Inc.