“Being a hacker means knowing how to reason outside the box – says Pietro – The difference between an Ethical Hacker and a “black hat one”, an “evil” hacker, is only in the intentions: the former does it to improve companies’ computer security levels, the latter jeopardizes the systems for unlawful purposes. But the techniques and tools used are the same”.
The job of an Ethical Hacker, in fact, is that of trying to violate a business network or system in order to make companies understand the risks they are running and to implement the required corrections. “Unlike hackers who access systems for illegal reasons, we have a reference document that specifies what to break into and where to act. Obviously, we cannot go beyond the task we are assigned and this, perhaps, is the most difficult part of our work, because we would tend to discover all possible flaws in order to have the opportunity to correct them”.
What is in the toolbox of an Ethical Hacker?
“There are many tools, both hardware and software and even services available from the web, which we use to carry out our activities. Where necessary, we ourselves create specific programs for our needs. Of course all these tools alone are not enough to jeopardize corporate systems, or to perform a Penetration Test. It is up to the analyst to identify possible vulnerable points and to exploit them to his/her own advantage. In addition to technical knowledge and skills, our toolbox must contain perseverance and passion: often, we work until late to find the right key to open the door which allows us to breach the systems”.
How is your job done? How much is routine or how much does it change, depending on the activity?
“Our work is never monotonous: scenarios are extremely varied and we cannot always rely on our previous experiences as each client has different infrastructures, therefore what we do must always be adequately planned, by experimenting, trying, trying yet again, pulling new ideas out of the hat, sometimes absurd ones, without ever giving up. The best part of the job, of course, is when you finally find a way to enter a system and come up with important data. That’s the usefulness of what we do”.
What skills do you need? Can you improvise?
“Improvise, definitely not. I think my engineering degree helped me a lot, but what really made me grow was the passion for computer security which I have nourished since I was a kid. I have also met excellent hackers who are not graduates and others with a degree in humanities, but none of us can afford to take a break, even just for a short while, from study and research. This is a complex trade, where a transversal knowledge that embraces many sectors of information technology is indispensable. I also wanted to undertake a certification process and I chose OSCP, technically the most advanced on the market today; I did it also to test myself. I took the exam, which lasted 2 full days, after having jeopardized all the machines in the laboratory. It was an experience as tiring as it was satisfying”.
How does a hacker keep up to date?
“Every day I find myself consulting specialized blogs, Telegram channels, industry magazines and groups of experts with whom we also compare notes in order to find unconventional solutions to the challenges which arise during our work. Erroneously, everybody thinks that a hacker works solo, instead the relationship with colleagues is fundamental to acquire new skills”.
What websites would you recommend?