• Log in
  • About Us
  • Privacy Policy
  • Contact us
Telecoms IT - VanillaPlus
  • Home
  • News
  • Verticals
    • 4G
    • 5G News
    • Big data analytics
    • Bill & Charge
    • CEM
    • Companies
    • Digital transformation
    • Fraud prevention
    • Managed services
    • Network optimisation
    • NFV Hub
    • OSS
    • People
    • Policy
    • Revenue assurance
    • Revenue management
    • Service assurance
    • Service Provisioning
    • Test & measurement
  • Digital Edition
  • Events
    • Events diary
    • Webinars
  • Videos
  • VP Featured
    • Webinars
    • Podcast
    • Editorial advisory board
    • Expert opinions
    • Hot List
    • Operator View
    • Press releases
    • Reports & whitepapers
    • Special reports
    • Talking Heads
    • Troubleticket
    • Digital Talking Heads
  • Directory
  • Tech Trends
  • Subscribe

You are here:

  • Home
  • Companies
  • Secure IT: Profile of a White Hat hacker

Secure IT: Profile of a White Hat hacker

05 May, 2017 at 1:00 PM

Secure IT: Profile of a White Hat hacker
Lawrence Munro of Trustwave

Ever wondered who these ‘hush-hush’ people are that help to keep our networks safe? Here we talk to Lawrence Munro, director of SpiderLabs EMEA for Trustwave, about the role of the ‘White Hat hacker’.

VanillaPlus: What are you looking for, in technical expertise and temperament, when hiring a white hat hacker?

Lawrence Munro, Trustwave: We see all types of temperament among our penetration testers, but a combination of fastidious and creative is usually a recipe for success.

Technical expertise is absolutely a priority, but it needs to be coupled with self-motivation and a genuine passion. I particularly look for someone who is self-taught and has an underlying intrigue into how things are made.

I find that people who learn through doing rather than being taught tend to have a more in-depth knowledge and understanding. If someone likes taking things apart and putting them back together again to understand them in their spare time, that’s usually a good sign of having the right mindset.

VanillaPlus: How often do you hire white hat hackers and for how long?

Lawrence Munro: I hire them all the time and if they’re good then we’ll keep them indefinitely. When you find a talented individual you try to hang on to them, so it’s important to develop the right culture and appropriate incentives. We don’t use contractors and all our pen testers are full-time employees.

VanillaPlus: What types of work do they do for Trustwave? Do you do research in the Internet of Things and communications?

Lawrence Munro: Our pen testers work mostly on testing the security of web applications and network infrastructure, however, IoT and embedded systems have become a bigger focus in more recent years.

Many connected devices are known to have poor security, so my team spends a good portion of their time working on anything IoT and doing research into this area. As we’ve seen from attacks like the Mirai botnet, these vulnerabilities can have big consequences.

VanillaPlus: What changes have there been in recent years to the skills that you require from them?

Lawrence Munro: It is well publicised that there is a skills gap in the cyber security industry, particularly in recent years. Driving this is the fact that both the volume and sophistication of cyber attacks has increased steadily.

At the same time, businesses are simultaneously investing in technology that can lead to increased risk, such as IoT, while also facing greater scrutiny in how they protect data. As a result, security services are in high demand, but there are not enough sufficiently experienced personnel to go around.

Trustwave has seen a change in the type of client we have approaching us. It used to be mostly large enterprises with big budgets for IT. These days we are definitely seeing businesses of all sizes, including SMEs (small to medium-sized enterprises), wanting to enhance their cyber security.

VanillaPlus: Is it true that hackers fall into two main groups? I’ve heard it said that some are meticulous in what they do, very detailed and methodical, while others are anti-authoritarian, can’t tie their own laces but could hack the Pentagon if they wanted. Any truth in this?

Lawrence Munro: I would say the cyber security industry is as diverse as any other. We do tend to attract people with a slightly anti-authoritarian attitude (mixed with a healthy dose of paranoia), but that’s just because of the nature of the job – it’s a legal way to do what they love. Even with that kind of attitude, a meticulous approach is still vital to success.

VanillaPlus: What motivates these groups? Money? Peer respect? Recognition? Learning and
self-development?  Something else?

Lawrence Munro: Money is often not a motivating factor, as most pen testers are paid competitively and are passionate about what they do. A big draw for these people is the culture of the organisation and buy-in to what the company’s vision is.

Respect of peers is extremely important and working with others who they also respect and can learn from will rate highly with them. If you have spoken at a well-known conference such as Defcon or 44Con in London, this will definitely earn you kudos among your peers and the hacking community.

VanillaPlus: What skills do you need to manage white hat hackers? How do you recruit your
management team?

Lawrence Munro: To gain your team’s respect it’s important that you have a thorough understanding of the industry and the technical nuances of hacking. The best managers have often come through the ranks of an organisation and will understand all aspects of the work.

It is important that a manager can relate to all members of his team. Often the most qualified or most technical person is brought in as a manager, but these qualities don’t always equal a good leader, it must be said!

VanillaPlus: How do Black Hat Hackers react to the White Hats?

Lawrence Munro: Honestly, I don’t even think they’re on their radar! The two groups will rarely come into contact with each other (except to steal tools and tactics).

However, there are far more “grey hats” around than you would perhaps expect – hackers that aren’t malicious and are not interested in money, but still tend to go places where they shouldn’t – just because they can. This group is treading a very fine line however, and there have been occasional examples of grey hats falling foul of the law.

Lawrence Munro was interviewed by Jeremy Cowan, editorial director of VanillaPlus, IoT Now & IoT Global Network

Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus


category: Companies, Security, Troubleticket

Tags: 44Con, attitude, contractors, culture, cyber-attacks, DEFCON, hacker, IoT, Lawrence Munro, mindset, MIRAI, SMEs, SpiderLabs, tactics, Trustwave, White Hat

Tech Trends Vanillaplus
 

Tech Trends - How will you harness the power of the evolving edge?

It’s easy to look at the latest figures and deduce that the cloud era is over, and the edge is now dominating technology decisions but, to arrive at that conclusion, you have to decide what and where the edge is. That is still open to debate…

READ NOW

Comments are closed.

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Subscribe
Relax time
Read the new novel by J.J. Cowan on Africa’s conflict minerals trade and forced labour. 5* Reviews on Amazon.co.uk Paperback & Kindle

Check out on Amazon

X

Be the first to know!

  • The top telecom IT news stories of the minute
    in your inbox
  • Exclusive offers for entry into hundreds of
    events worldwide
  • Free access to a huge selection of the latest
    analyst reports and whitepapers
Subscribe now so you don't miss out
Don’t show me this again
Please check your email
x
Vanillaplus - The Global Voice of Telecoms IT
The Global Voice of Telecoms IT

VanillaPlus is the world-leading resource covering digital transformation for the communications industry. VanillaPlus brings you exclusive News, Expert Views, and Event Reviews. See Interviews from CEOs, CTOs, and COOs who are successfully transforming their business today.

Connect

Facebook Twitter YouTube LinkedIn

NEWS

  • Latest Telecoms IT news

DIGITAL EDITION

  • Latest Editions

OTHER

  • Newsletters [Archive]

KNOWLEDGE CENTRE

  • Webinars
  • Special Reports
  • Talking Heads
  • Editorial Advisory Board

COMPANY

  • About
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

PARTNERS

  • IoT News

© 2014-2021 VanillaPlus - The global voice for telecoms IT. All rights reserved.