Ethical Hacker
by Jacob Kamhis
The original article was published in the Oct.-Dec. 2013 issue of Pacific Edge Magazine. You may view the magazine's layout here.
Computer hacking is a double-edge sword. Which side of the blade is sharper depends on whether the hacking is malevolent or ethical.
Jason L. Martin, president of Secure DNA, decided to become an ethical hacker after he graduated from the University of Hawaii at Hilo with a degree in biology. He had his sights on medical school until he discovered computers were his niche during the dot-com boom.
Hilo-born Jason worked in information technology (IT) at Kona Community Hospital when the management called in professional hackers to evaluate the facility's network security. “I didn’t believe you could make a career out of this,” Jason says. He watched how the pro hackers worked on the hospital's system and was hooked. He later joined KPMG's security assessment team and honed his skills further in the IT security field.
Jason always enjoys figuring out how things work. So it’s only natural that picking security locks intrigued him in his youth. He studied lock-picking procedures using online sources and often fell asleep by picking a lock in the dark. Today, when Jason speaks at IT security conventions, talks to clients or trains staff, he uses the lock analogy to show how easy it is to be hacked. He instructs others how to pick them as well.
As the growing wave of malevolent hackers intruded on consumers’ lives and stole business data, Jason felt he had to add his own technological weight to assist clients under attack or limit the possibility of network intrusion.
Companies often seek help after a security breach. Secure DNA must put out the technology fire fast. In some cases, Jason becomes the client’s temporary “chief security officer” and his employees monitor the client’s network from their remote workstations.
But Jason also points out there’s more to IT security than digital ones and zeroes. Intruders may enter through the back door, which is why Secure DNA staff dress up as pest exterminators to pretend they’re searching the client's premises for bugs. When, in fact, they’re testing how easy it is for them to gain entry into the client's office and access the company network through a workstation's computer.
The intruders secretly lay down CDs or flash drives infected with malware, which are called “bread crumbs.” The infected CD may be falsely labeled as a popular movie. A client's employee picks it up, uses it. A second staffer thinks he found a cool USB drive and plugs it in to store files. Weakness in the client's security policy quickly becomes evident.
The intruders may decide to deepen this form of “penetration testing.” They stick orange-dot decals in file cabinets or areas that contain critical data. The orange dots prove to shocked client executives how far a real attack can go. Finally, the client receives a video of the mission and realizes the time has come for an IT security fix.
“With the aloha spirit, workers are non-confrontational. Employees hesitate to challenge potential intruders,” Jason says. “At the least, employees should be trained to report suspicious behavior. There’s no patch for human error.”
Companies that remain unaware of Internet dangers may also face another form of network intrusion called “spear phishing.” This is where an e-mail campaign lures computer users into clicking on a fake link from a purported retailer. “Waterholing” occurs when malevolent hackers infect a popular Web site. Employees who visit the site automatically download malware that infects the network.
Education is key to keeping up in this ever-changing field. To this end, Jason runs ShakaCon, an annual IT security convention in Honolulu. “We found that our customers don’t travel to IT security conferences on the mainland,” he explains, such as DevCon or Black Hat. “So we bring the conference to Hawaii.” Secure DNA also performs free security testing for small, non-profit organizations while it creates good paying jobs for local employees. It's all in the company name: “Security is in our DNA,” Jason reveals.
How is growth scale tipping for this IT security company? Secure DNA’s projected 2013 revenue is $4 million, a 30-percent increase over 2012. The company has nearly two dozen workers in Honolulu, the Philippines and Palo Alto, California, in the Silicon Valley area. Seventy percent of the business is local and mainly generated by the coconut wireless.
Jason joined Secure DNA in 2006 when it was owned by Anthony Giandomenico. Jason and his Honolulu-born partner, current executive VP Ernest Shiraki Jr., formed the consulting division. Jason took over the reigns as president when Giandomenico left the company in 2010.
“I wanted to create a better digital environment for Hawaii and the world,” he says. “I want to see Hawaii be safe.” The irony is that for Jason, security starts by picking locks.
Jason L. Martin, president of Secure DNA, decided to become an ethical hacker after he graduated from the University of Hawaii at Hilo with a degree in biology. He had his sights on medical school until he discovered computers were his niche during the dot-com boom.
Hilo-born Jason worked in information technology (IT) at Kona Community Hospital when the management called in professional hackers to evaluate the facility's network security. “I didn’t believe you could make a career out of this,” Jason says. He watched how the pro hackers worked on the hospital's system and was hooked. He later joined KPMG's security assessment team and honed his skills further in the IT security field.
Jason always enjoys figuring out how things work. So it’s only natural that picking security locks intrigued him in his youth. He studied lock-picking procedures using online sources and often fell asleep by picking a lock in the dark. Today, when Jason speaks at IT security conventions, talks to clients or trains staff, he uses the lock analogy to show how easy it is to be hacked. He instructs others how to pick them as well.
As the growing wave of malevolent hackers intruded on consumers’ lives and stole business data, Jason felt he had to add his own technological weight to assist clients under attack or limit the possibility of network intrusion.
Companies often seek help after a security breach. Secure DNA must put out the technology fire fast. In some cases, Jason becomes the client’s temporary “chief security officer” and his employees monitor the client’s network from their remote workstations.
But Jason also points out there’s more to IT security than digital ones and zeroes. Intruders may enter through the back door, which is why Secure DNA staff dress up as pest exterminators to pretend they’re searching the client's premises for bugs. When, in fact, they’re testing how easy it is for them to gain entry into the client's office and access the company network through a workstation's computer.
The intruders secretly lay down CDs or flash drives infected with malware, which are called “bread crumbs.” The infected CD may be falsely labeled as a popular movie. A client's employee picks it up, uses it. A second staffer thinks he found a cool USB drive and plugs it in to store files. Weakness in the client's security policy quickly becomes evident.
The intruders may decide to deepen this form of “penetration testing.” They stick orange-dot decals in file cabinets or areas that contain critical data. The orange dots prove to shocked client executives how far a real attack can go. Finally, the client receives a video of the mission and realizes the time has come for an IT security fix.
“With the aloha spirit, workers are non-confrontational. Employees hesitate to challenge potential intruders,” Jason says. “At the least, employees should be trained to report suspicious behavior. There’s no patch for human error.”
Companies that remain unaware of Internet dangers may also face another form of network intrusion called “spear phishing.” This is where an e-mail campaign lures computer users into clicking on a fake link from a purported retailer. “Waterholing” occurs when malevolent hackers infect a popular Web site. Employees who visit the site automatically download malware that infects the network.
Education is key to keeping up in this ever-changing field. To this end, Jason runs ShakaCon, an annual IT security convention in Honolulu. “We found that our customers don’t travel to IT security conferences on the mainland,” he explains, such as DevCon or Black Hat. “So we bring the conference to Hawaii.” Secure DNA also performs free security testing for small, non-profit organizations while it creates good paying jobs for local employees. It's all in the company name: “Security is in our DNA,” Jason reveals.
How is growth scale tipping for this IT security company? Secure DNA’s projected 2013 revenue is $4 million, a 30-percent increase over 2012. The company has nearly two dozen workers in Honolulu, the Philippines and Palo Alto, California, in the Silicon Valley area. Seventy percent of the business is local and mainly generated by the coconut wireless.
Jason joined Secure DNA in 2006 when it was owned by Anthony Giandomenico. Jason and his Honolulu-born partner, current executive VP Ernest Shiraki Jr., formed the consulting division. Jason took over the reigns as president when Giandomenico left the company in 2010.
“I wanted to create a better digital environment for Hawaii and the world,” he says. “I want to see Hawaii be safe.” The irony is that for Jason, security starts by picking locks.