Cybersecurity is a global concern and multi-billion-dollar industry.
Like any business organization, digital ventures need to include cybersecurity in their business vision, mission, strategy, and operational tactics to survive and thrive. Ethical hacking in the cybersecurity domain is a broad topic but I provide essential considerations for technology leaders responsible for the success of digital ventures.
Every aspect of technology and online business relates to cybersecurity. It is a particular interest for Cloud Computing, IoT, Mobility, Big Data and analytics services.
Even though this article is about cybersecurity, the principles also apply to overall Technology security. My aim is to create awareness for security and privacy that are tightly related topics. When security is compromised, privacy is most likely conceded too. For example, a minor security issue caused millions of Facebook account details to leak to the public domain recently.
Cybersecurity is a massive security domain and touches every aspect of security management, including identity management, authentication, authorization, and several other areas.
Related to advanced business and technology security, emerging blockchain initiatives unfold critical security requirements which digital ventures should consider.
Apart from adding appropriate measures for security, digital ventures should also consider the concept of ethical hacking to increase security intelligence and contribute to the overall digital intelligence of ventures.
The purpose of ethical hacking in digital ventures is to identify vulnerabilities in the systems, tools, and solution building blocks.
Early identification of vulnerabilities and resolving them promptly require deep security and cybersecurity expertise for ventures. The security team members need to take ethical hacking education and practice their learning in the workplace.
Ethical hacking requires broad security knowledge and technical specialty in several domains. For example, security functions such as authentication, authorization, accounting, and auditing are critical functions for introducing an ethical hacking process in the venture.
Ethical hacking is an antidote to criminal hacking.
Criminal hackers manipulate data, information, knowledge, assets, money, and the reputation of people and organizations for various purposes.
As opposed to criminal hackers, ethical hackers empower business processes and people. They improve conditions, resolve security issues, address vulnerabilities, and reduce risks for threats.
To achieve these critical goals, ethical hackers must be more knowledgeable and skilful than criminal hackers. Some professional, ethical hackers are more knowledgeable and skilled than criminal ones. In other words, ethical hackers must outsmart criminal hackers to serve digital ventures.
Ethical hackers use various security management tools. One of the prominent tools is the packet analyzer, aka sniffer, in the technology sector and security communities. A sniffer can be a software or an appliance intercepting packets in the network and capturing network traffic as communication packets.
Digital ventures may need an ethical hacking process for auditing and corrective actions to meet rigorous industry compliance requirements.
The ethical hacking process covers six broad domains and expertise in digital ventures from my experience in the field. They are architecture and design expertise, industry awareness, core security expertise, analytics, technical capability, interpersonal and business stakeholder expertise.
I want to touch on each domain and expertise within the ethical hacking context. The purpose is to guide the capability requirements of ethical hackers in digital ventures.
Ethical hackers are technical specialists. However, they need to understand system architecture and design constructs. Awareness of architectural governance schemes is crucial for ethical hackers. They must be capable of seeing the big picture in the venture.
Knowledge of the business processes, consumption model, application landscape, data platforms and practices help them to see the big picture.
Industry knowledge and expertise are also critical to see the big picture. They need at least to understand the rules and regulations in venture industries.
In addition to the big picture, ethical hackers also need to dive deep into details of comprehensive security and cybersecurity components. Their expertise must cover all components, and their skills must be up-to-date. An awareness of security issues and threats at the global level is a must.
Analytics is an essential cybersecurity function. To this end, ethical hackers must be capable of analyzing systems, hosting infrastructures, networks, design solutions, business applications, data, and databases. These areas require a sharp eye for details.
Digital ventures consist of many applications written in various programming and scripting languages. Thus, ethical hackers should be able to understand coding and scripting for languages used in the venture’s applications.
They need to possess core hacking techniques such as sniffing, scanning, reverse engineering, disk and memory forensics, and vulnerability analysis.
Knowledge of operating system is also essential. Many ventures use multiple operating systems proprietary as well as common ones such as Linux, Windows, Unix, ZoS, Android, macOS, and iOS.
Every digital venture has a network and is connected to several other networks. Thus, networking and internet-working skills are critical for ethical hackers. They need to understand network protocols, wireless protocols, network architecture, infrastructure frameworks, network application patterns, network devices, networking functions, network management tools, connectivity flows, mobility, data communications, and integration of local and wide area networks.
Data is bread and butter for digital ventures. Hence, ethical hackers must find effective ways to deal with data sets from many angles. They need to understanding data platforms, practices, storage, data lakes, data lifecycle management, databases, information processing, and expert knowledge systems, especially in artificial intelligence initiatives. Besides, these specialists must possess skills for dealing with Big Data and analytics in growing ventures, especially for special forensic investigations.
Mobility is embedded in digital ventures. Ethical hackers must understand the digital technologies, mobile networks, mobile workflows in the venture’s networks, including their protocols and device relationships.
Ethical hackers have a broad understanding of the mechanisms and implications of emerging technology stacks such as IoT (Internet of Things), Cognitive Computing, Cloud Computing, Edge and Fog Computing, Artificial Intelligence, and Big Data Analytics.
The key differentiating factor of ethical hackers from criminal hackers is their interpersonal skills. These talents must be of a caring, trustworthy, and reliable nature. As opposed to criminal hackers, ethical hackers must empathize with employees, sponsors, and consumers. They need to act non-judgementally and be approachable to people, always guiding for corrective actions.
Digital ventures can have multiple stakeholders at different levels. Ethical hackers must have exceptional stakeholder management skills. They should be able to communicate at all levels and speak the business language rather than technical jargon. Business stakeholders expect them to articulate risks, issues, and dependencies at technical and business levels.
In these ventures, ethical hackers work with the technical team and liaise with project managers, product owners, legal departments, and business executives. Understanding the processes, methods and tools of projects are essential for ethical hackers.
Ventures may need urgent assistance, guidance, and action in critical situations. This is called incident management. Thus, as most skilled security experts, ethical hackers focus on incidents urgently and spend very little time in problem management, which includes root cause analysis for resolution. During critical incidents, they rapidly identify risks, issues, and dependencies and only contribute to problem management after the incidents are resolved.
Finally, sponsoring executives in digital ventures may need the input of ethical hackers to create new solutions in the invention and innovation process.
To conclude, security and particularly cybersecurity, is a critical business factor in digital ventures. The ethical hacking process and leveraging the necessary capabilities of ethical hackers can help the ventures address incidents, resolve the problems, prevent threats, and produce with an innovative mindset iteratively and consistently.
Thank you for reading my perspectives.
Related articles on News Break