Lawrence Gimenez

Interview about Ethical Hacking

I was supposed to be interviewed by the Grade 11 STEM Students from Marist School, Marikina, about Ethical Hacking.

1. Can you tell us what you know about hacking?

Hacking is like everything else, there is a good and bad side to it. The bad is what you usually see or hear in the news where criminals hack systems to steal data, destroy systems, install malware, and lock the systems behind ransomware.

The good is the ethical hackers which are usually the ones testing by penetrating your systems and then reporting it to the concerned party before the bad guys do.

2. Can you tell us about your experiences with hacking?

Outside of my day job, I check for vulnerabilities found in mobile apps since I am a mobile developer. Last 2020, I found a serious bug in one of Globe’s Rewards apps and others. You can read the writeups here:

initviews.com/2022/05/1…

initviews.com/2022/03/3…

initviews.com/2021/03/0…

initviews.com/2020/09/0…

3. From the experiences you’ve shared, what do you feel upon seeing the effects of hacking?

Hacking can severely affect both institutions large and small. No matter how secure or robust your safeguards, all it takes is one person. Personally, as a father, I will always do my best to protect my family and that includes safeguarding their PII (personally identifiable information) online.

4. Can you tell us what you know about ‘white hat’ or ethical hacking?

Ethical hacking is finding security vulnerabilities before the bad guys do. Then you report it to the concerned party. Some ethical hackers give out deadlines before disclosing them to the public. In this way, this will put additional pressure on the complacent parties to act on it right away.

5. In what situations can you view hacking as a good and practical thing to do? Please elaborate.

If you really care about your user’s data then companies should enroll in bug bounty programs like HackerOne or Bugcrowd.

6. What do you think is/are the downside/s of ethical hacking?

The downside is some “ethical” hackers may try to extort thus giving out a bad name to it. There are also trust issues between hackers and companies. As you may notice, not all companies are enrolled in bug bounty programs or allow ethical hacking into their systems.

There is also a lack of education about this topic. You can tell by asking anyone in your company about it.

7. Research suggests that businesses are hiring a growing amount of ethical hackers to test the security in their IT systems. In your opinion, how do you think can this impact the security of our cyber society moving forward?

This is true but I sincerely doubt this is happening in the Philippines. But one thing for sure is that there is a massive concern about the lack of cybersecurity professionals worldwide. If anyone is looking for a branch in IT to explore, they should look into cybersecurity.

8. Finally, could you describe to us what do you think about the practicality of modern-day businesses and services hiring ethical hackers?

Hiring ethical hackers is a considerable cost and may disrupt normal day-to-day company processes. Also, not all persons are familiar with ethical hacking.

Ethical hacking is a two-way street. Both parties, the hacker and the company, should work together to succeed and protect user data or their systems.