(This is the first in a regular series of features sharing stories about how the ethical hacking community is serving society. These security experts have a variety of titles including “ethical hacker,” “security researcher,” “white hat,” “bug hunter,” and “finder.” The goal of this series is to eliminate stereotypes and educate people on the profession).
Part of a generation of boundary-pushers, ethical hackers have been using their skills and ingenuity for the greater good. Equipped with a curious mindset and love for creatively overcoming limitations, many are passionate about making the world a safer and better place.
While shows like Mr. Robot have fairly depicted the technology part – there is still much to learn about hacker ethics, culture, and motivations.
Hackers are not criminals.
Mainstream portrayals of the black hoodie and faceless hacker illuminated by binary code are potentially distorting how people should see ethical hackers: they wear dresses and ties too, blending in quite nicely in business environments.
I spoke with Chris Roberts, chief security architect at Acalvio Technologies, an ethical hacker who helps enterprises find and mitigate cybersecurity vulnerabilities to reduce risk. Here are some unedited excerpts from our conversation:
Marilia Wyatt: Before we dive into unrealistic hacker stereotypes, can you tell us about the work you do and how it helps enterprises reduce risk?
Chris Roberts: Work’s split into several areas, the Acalvio stuff is looking at building up the Deception side of the world, the basic assumption is that computer No1 is compromised and therefore HOW do you know that someone’s inside…most companies are asleep at the wheel especially in the S/M market when it comes to proactive/preventative/predictive security so the aim of the Deception tech is to help change that landscape. Outside of that there’s the assessment side of things, the maturity model work and then obviously the no-more-passowrds R&D I’m in the middle of…
Marilia Wyatt: Why do you think there is so much emphasis on painting hackers across the board as faceless and obscure loners?
Chris Roberts: I think we’ve done it to ourselves, at least in the past…we were separate, we were the geeks, the ones who seemed to think differently than most, the ones who understood the underlying “tick” of the digital universe…so with that we managed to separate ourselves AND lets face it there’s LOT of us who do like to work on our own at least in part because it’s simpler/easier and quieter…at least until we need to team up and collaborate on projects etc.
“So, you take that hooded geek and it fits perfectly with the media and unfortunately that’s never worn off…which given we’re part of society AND working to save it really sucks.”
Marilia Wyatt: What are the essential hacker ethics to promote?
Chris Roberts: Let’s face it most of us are trying to fix the world, make it a safer place, a better place in SO many different ways, from the technical securing of all the transportation, intermodal, ICS and other critical systems through to making sure that the banks don’t keep loosing all the money….couple that with SO many folks working to take technology to countries that desperately need it more than we do AND try to use it to save people, provide water/basic necessities etc….that’s the basic humanity behind what we do AND who we are…You look at folks who band together to try and do some good.
Marilia Wyatt: Tell us a bit more about how the ethical community collectively is serving the greater good?
Chris Roberts: There’s a ton of examples, look at how Chris Hadnagy is working on the problems surrounding child material on the Internet and the folks behind that…look at what Johnny Long and the team have done at Hackers For Charity, look at the numerous efforts with Veterans to name just three…
“…this is a community, it’s a family…rather dysfunctional at times BUT it’s a community.”
Marilia Wyatt: What is the most rewarding part of your profession?
Chris Roberts: Finding clients who want to learn, change and work on bettering themselves…those are the folks I’ll happily hug and go an extra mile to make sure we’ve done the very best we possibly can to help them…
Marilia Wyatt: Is there a significant barrier for the mainstream to understand that ethical hackers can have diverse backgrounds and interests? They wear dresses and ties too.
“Oh hell yes”
Chris Roberts: …let alone inside this industry we’ve got a LOT to learn about diverse backgrounds and how to make sure we don’t keep tripping up over ourselves. The world as a whole also has a long way to go to see past the tattoos, the nails, hair and clothing and simply accept us for who we are….heck isn’t that the world in general though? OH, and let’s face it we’re not shining examples of humanity either, when I ask the question on LinkedIn about what to call non-geek people and get everything from muggles to plebs.
“WE need to take some time to actually accept the world around us.”
Marilia Wyatt: I’m a proponent of clearly distinguishing between bad and good apples when writing the word “hacker.” What’s your take on the issue?
Chris Roberts: Hacker is good, working on understanding tech, understanding what IS this world about and how do do it different/better…CRIMINAL breaks into you and steals shit…NOT a hacker.
Marilia Wyatt: How can we better educate people about how the ethical hacking community use their skills for good and how bad apples use their skills for self-gain and destruction?
Chris Roberts: Guess tasers are out of the question at this point? WE have to get better at communication AND the world in general needs to get dragged into this year and understand that they NEED to go past first impressions OR their bigotry.
Marilia Wyatt: What would you like to change in the universe about the portrayal of hackers?
Chris Roberts: I like my hoodies but they don’t make me a bad person…let’s start there, something easy 🙂
Marilia Wyatt: If you could have a superpower what would it be?
Chris Roberts: I’m thankful for the continued stream of random neurons that keep hitting me with inspiration and ideas….so what I really would like is more hours in the day, the ability to manipulate time sufficiently to get all the things done that I really want to work on and research would be rather bloody helpful!