We talked to Charles S., Senior Penetration Tester at Secmentis about security testing and here is what he said about it.
First of all, how are you and your family doing in these COVID-19 times?
Charles S: While the outbreak has been challenging, everyone is safe and healthy, thank you.
Tell us about you, your career, how you joined Secmentis.
Charles S: I have always had a deep passion for cybersecurity and admiration for computer hackers and their exploits, wishing for myself to become more like them, by mastering all the material I could find on this subject. You know, originally, a “hacker” was someone who had a deep desire to figure out how things work, such as software, and their weaknesses, and who looked for ways to exploit these weaknesses to achieve things their designers had not intended, like bypassing security. Having mastered programming in several languages and having worked on open source development projects from an early age, I went on to a world-renowned CS school. Naturally, in this environment, you end up meeting like-minded people, and that’s when my ethical hacking interest flourished, where we built software and software exploits and challenged ourselves to bypass the limitations of the software and systems we used. After years of working for a number of global companies doing programming and penetration testing, following a reunion with these same friends, I was invited to join the Secmentis ethical hackers team to work as a senior penetration tester.
How does Secmentis innovate?
Charles S: Our team members at Secmentis all come from similar backgrounds, that is, of having a deep understanding and expertise in programming, software, and cybersecurity. At Secmentis we specialize in penetration testing or ethical hacking, which means that companies worldwide give us permission to proactively test the security of their websites, web and mobile applications, external and internal systems and networks, as well as their physical security measures, to proactively identify vulnerabilities that could be exploited by potential attackers. By using the latest methods, processes, and tools, also used by the attackers, we show companies, from startups to large companies, where their vulnerabilities are and how attackers could exploit them to gain unauthorized access to sensitive information, such as customer information, trade secrets, internal processes, and more.
How does the coronavirus pandemic affect your business finances?
Charles S: As security is a journey and not a destination, at Secmentis, we have been as busy as ever with providing our penetration testing services to international clients. Companies who are serious about safeguarding their reputation, customer data, and customer loyalty, proactively seek Secmentis penetration testing services to secure their applications and systems, without leaving things to chance. In security, as we say, it’s not a question of “if”, but “when” a cyber attack will happen. Thus, like with the outbreak, we provide a “vaccine”, if you like, against vulnerabilities in your company’s external and internal systems.
Did you have to make difficult choices regarding human resources, and what are the lessons learned?
Charles S: When hiring people, we always look out for individuals who have a solid and practical understanding of the fundamentals of computer software and security. Having the right people who have a deep passion for their work is essential to us at Secmentis. As Steve Jobs famously said: “A players attract A players. B players attract C players.” We try to hire the most talented and dedicated people we can, who also share our values and work ethic.
How did your customer relationship management evolve? Do you use any specific tools to be efficient?
Charles S: At Secmentis, we have always focused on keeping our customers happy by delivering thorough security testing and high-quality results effectively and efficiently, to meet and exceed their expectations. We have a close relationship with our customers, and they know we are by their side at all times.
Did you benefit from any government grants, and did that help keep your business afloat?
Charles S: No.
Your final thoughts?
Charles S: Data breaches occur after cyber-attacks because most companies do not seek to proactively protect themselves. Putting your web applications and systems online without securing them first is a surefire invitation to fail at some point in the future. As Murphy said, “Anything that can go wrong will go wrong” – it is only a matter of when. While keeping your business running is important, it is also supremely important to show your customers that your company is serious about their personal data, about its reputation and business continuity, and about safeguarding its systems and networks from malicious attacks by opportunistic attackers. While you may trust your IT people have done a good job, it is also important to proactively validate any assumptions made before a real attack occurs.