Designation: Principal Security Analyst & Manager of Security Analysis Team

Number of Years at Help AG: 4

 Q) What made you chose a career in IT?

I have always been interested in tinkering with digital gadgets. IT offers diversity and never-ending challenges, which translates to a never-ending learning path and constant stimulation. Being in IT, one can closely track the amazing trends shaping our world, be it in networking, programming to AI and the vast security aspects of the cyber-world.

Q) What does your typical day at work involve?

A normal day at the office involves me assessing the security of our customers and identifying remediation strategies. I work closely with customers to outline the scope of our security projects and provide them with detailed plans to address the challenges they face.

I also have to dedicate some portion of time every week to conducting research on the latest cyber security threats and come up with ideas and development to counter these. And if time permits, I also enjoy bug hunting and programming.

Q) How do you keep your skillset up to date in order to counter ever evolving cyber threats?

Security threats are ever growing and evolving and it is normally hard to keep up with all the threats we now see in the digital world. So, I concentrate mainly on areas of exploitation like web security, internal security, thick application security, and endpoint security bypass. I constantly enhance my skills by:

  • By participating on hacking challenges online
  • Recreating cyber threats internally and attempting the attacks in Help AG security lab environment
  • Collaborating with teams to discuss new attack vectors
  • Learning about the latest hacking techniques through online resources

 Q) What’s the most interesting cyber-attack you’ve witnessed?

I must say that internet of things (IoT) based botnets are highly interesting. There are many commonly used items that are being digitized and connected to the internet. Taking advantage of this high degree of connectivity, many attacks are being developed and exploited like “Mirai Botnet”.

Q) How could someone better prepare to be an ethical hacker?

I believe if someone wants to be an ethical hacker, they should start by developing their fundamental skills in networking and programming, and develop an understating of how computers work internally. It’s very important to realize that there are actually many types of ethical hackers concentrating on specific aspects like:

  • Application security
  • Hardware security
  • Web security

I suggest they should study well, participate in online white hat hacking competitions to gain hands-on experience, and have the drive and dedication not to give up.

Q) Could you list 5 websites that are a must read for any cyber security expert?

  • https://thehackernews.com/
  • https://www.exploit-db.com/
  • https://www.darknet.org.uk/
  • https://www.us-cert.gov/
  • https://www.cybrary.it/

Q) What are your technical/educational qualifications?

Degrees:

  • MSs IT Security
  • BSc Computer Science
  • High School Diploma in Mathematics and Physics

Certifications:

  • OSCP
  • OSCE
  • OSWP
  • SANS GREM
  • CCSP
  • MCSA
  • Hardware Security
  • Forensics
  • Wireless Communication Technologies
  • US CERT ICS/SCADA Training
  • Course completion certificates: Cryptography (Stanford) and Information Security Management
  • CCNA Security
  • CCNA
  • HP Fortify Auditor – Code Auditor