K logix mentioned in article "Data breaches: Good guys who think like bad guys"

I contributed to the below article "Data breaches: Good guys who think like bad guys" by Joshua Vaughn from The Sentinel about ethical hacking. I recently won the CyberAces Governor's Championship and understand the importance of ethical hacking in creating a successful and confident security program. My work as a solutions architect at K logix allows me to provide security consulting and technology integration services to ensure that security aligns with business objectives and goals. 

Hacker — for most people the term evokes an image of a sinister cyber-delinquent sitting in front of a computer screen full of unrecognizable code trying to break into networks for their own personal gain.

“Not everyone wants to be a bad guy,” said Casey Ellis, CEO of Bugcrowd.

Ellis is what’s called an ethical hacker, a breed of computer-savvy individuals who use their skills to seek out vulnerabilities in websites and networks and alert the owners before nefarious forces can exploit them.

“Ethical hacking is really the same kind of hacking that the bad guys would do, but with the intent to help the vulnerable organization correct their vulnerabilities before the bad guys can exploit them,” said Kevin Murphy, solution architect at Massachusetts-based K logix and ethical hacker.

Ethical hacking has become a career for many people. Corporations and even government agencies such as the FBI, NSA and CIA recruit hackers to test their systems.

In fact, Ellis has started an entire company dedicated to the concept of ethical hacking. Bugcrowd pulls the talents from a large group of ethical hackers to explore weaknesses in security systems.

The company uses a bounty system. People who want their systems tested contact Bugcrowd and then the hackers go to work. The first to spot a unique security flaw gets paid.

“The mantra we throw around the office is good guys who think like bad guys,” Ellis said.

He said ethical hackers provide an offensive weapon against security breaches in a field that is largely dependent on defensive measures like firewalls and encryption.

“When it comes to IT security, one of the ways you can separate the field is offensive and defensive security,” Murphy said. “I think there’s a bit too much focus in the field on defensive security ... I’ve always been interested in the offensive side of that, because I feel like the more you know of the offensive side, the more you know of how these attacks occur, the better you can be on defense.”

Murphy said his company performs what is termed penetration testing. Companies hire Murphy and K logix, to do anything they can to break into their systems. This can be everything from exploring security holes in the companies software to attempting to get employees to load malware on to their computers.

“A lot of companies are focused on the edge security, but not focused on a holistic view of everything that is going on,” Murphy said.

For Murphy, organizations focus a great deal on the software and security tools they purchase to keep out hackers, but fail to fully harden a critical part of their security infrastructure — their employees.

“If you are looking at full pen (penetration) test, that usually involves attempt to social engineer the companies’ users too,” Murphy said. “When you talk about a target attack, those are becoming the most common ... targeting internal user with an email, tricking them to open an attachment or whatever.”

Both Ellis and Murphy said they hope to use their talents to make life safer, but for Ellis, offering a system that gives incentives for finding and reporting security flaws will help bring more hackers to the ethical side and reshape the public’s understanding of the word.

“I think it’s a fundamental of the spirit of curiosity,” Ellis said. “When you talk about what a hacker is, it’s kind of come to have a negative meaning, but what it originally meant was someone who could take something and get it to do what they want or do something it wasn’t meant to do. It can be used for good as well as evil.”