Best part of my job: I hack for a living
When we first heard about Edvin, it went like this: ‘Have you met that really cool guy in IBM Slovenia who hacks ATMs for a living?’ And we said, ‘No! But we want to!’
Edvin is a Senior Security Consultant, and he is part of our IBM X-Force Red Security team working around the world with our clients to make their products safer.
We asked him to share some insights into his career, ethical hacking, IBM, and the path of continuous learning.
What is the simplest and most perfect con in your opinion?
The human factor remains to be the weakest link and biggest threat to information security. Cybercriminals are using social engineering attacks to trick individuals within organizations in order to gain access to sensitive information and systems. These attacks rely on psychological manipulation rather than exploitation of technical vulnerabilities. Some of the biggest data breaches have been initiated this way and it remains to be a very big problem.
You are hacking ATMs for a living. What does that look like and has a bypasser ever stopped you from doing it?
Hacking ATMs is by far my favorite assessment in our security services portfolio, and we offer a comprehensive ATM evaluation.
I’m proud to be a part of a brilliant international ATM testing team. For nearly every test, we can demonstrate a “jackpotting” attack on the ATM, allowing us to dispense as much cash as we want. The only limit is how fast the cash dispenser works. It’s always interesting to see our clients’ faces when we make the ATM spit out cash for no legitimate reason.
X-Force Red has developed its own methodology, which is ATM-vendor and model-agnostic. We assess network, application, and physical system security by identifying and exploiting vulnerabilities in the ATM.
The most common vulnerabilities we encounter are related to insecure data storage and boot process, weak physical locks, absence of drive and/or network encryption, misconfiguration, and more. We operate legally and with authorization from the organizations we work with. This is why nobody has ever stopped us from carrying out our ATM assessments – at least not so far.
What inspired you to become an ethical hacker and how did you start your career?
I’m curious by nature and I have a passion for technology. I like the challenge of understanding how systems work and discovering vulnerabilities that others may overlook by thinking outside of the box.
My first presentation in elementary school was on the topic of computer viruses. At that time, I was obsessed with researching the ILOVEYOU worm, which infected millions of personal computers. During that time, I wrote my first program in Visual Basic, learned the basics of Linux, and built my first website.
I’ve been hooked ever since. I later obtained an MSc in Information Security at the University of London and got my first job as an Information Security Architect in Slovenia.
What is the best part of your job?
I hack for a living. It’s as simple as that.
My day-to-day consists of identifying vulnerabilities and hunting for weaknesses in our clients’ systems before malicious hackers can exploit them. This includes infrastructure, network, application, ATM penetration testing, and more. My job is sometimes challenging, but it’s also thrilling and rewarding.
How do you keep yourself up to date on the latest trends, tools, and techniques in ethical hacking and cybersecurity?
I follow some popular security news sources and experts on social media platforms. I also like to participate in online communities as well as cybersecurity conferences and seminars.
Due to the nature of my work, I have to educate myself, pursue relevant certifications, and enroll in various trainings. Information security is a very fast-paced industry. It requires constant learning, keeping up with the latest trends, and exploring new tools and techniques. This is also the reason why my job never feels monotonous.
What are some of the common misconceptions or myths about ethical hacking that you would like to debunk?
People often think we strictly use technical skills during our assessments. While these are essential, we also heavily rely on critical thinking and problem solving. Our work involves a lot of creativity and social interactions, since we’re still in a people’s business. We have to communicate our findings and recommendations to our clients in a clear manner in order for them to understand what was discovered and how to remediate the identified risk.
You joined IBM a couple of years ago. How do you see IBM as an employer?
IBM has provided me the opportunity to work on incredibly interesting projects with some of the biggest companies in the world. This alone motivates me to wake up for work in the morning.
What skills are essential to become an ethical hacker?
In order to succeed as an ethical hacker, you have to stay curious and think outside of the box. You will encounter going down rabbit holes quite often in this line of work, so it’s important to have structure, patience, and good judgement as well.
What would you say to your 20 years old self, and what is your advice for people considering this kind of career?
Cultivate a passion for continuous learning. Information security is an incredibly vast and rapidly developing field, which rarely permits you to stay ahead of the curve. Therefore, it’s paramount to keep learning and to stay up to date with the latest security trends, implementing them as much as you can in your day-to-day work.
If you’re interested in the work Edvin does, or want to learn more about our career opportunities in IBM Security, please visit our careers website, or join our talent network to receive updates on career opportunities and events from IBM.