Banks break in: Q&A with our Cybersecurity Specialist

Steve is what's known as an "ethical hacker" - someone who'll dig into digital systems and look for ways to get in that shouldn't be there. Recently, Steve's received certification from the International Council of E-Commerce Consultants - the world's largest cybersecurity technical certification body.
 
Q: Hacking has quite a negative connotation. Just what is "ethical hacking?"
 
A: Back in the day there were "hackers" and "crackers" the crackers were generally the bad 'guys', and the hackers were the good 'guys'. But it all has a negative connotation now. And hackers aren't just teenagers with hoodies in dark rooms.
 
My job is to simply make sure systems are safe. I've learned a number of ways to get into systems using different methods and tools. If I learn how to get in, I can protect it more effectively.
 
Q: So you're a bug hunter. You hunt bugs?
 
A: (laughs) Yeah I suppose that's it. I'm inquisitive. I like to know how things break and how they can be fixed.
 
Q: What exactly are you looking for?
 
A: You are effectively looking for ways in - vulnerabilities in systems. More to the point, vulnerabilities that can be exploited. 
 
Sometimes, a system will have a vulnerability and it may not be exploitable. So there might be a weakness but you can't get through . . .yet. It could be a tool hasn't been developed or the way a system is set up you can't penetrate it straight away but then there might be another way around things. 
 
It's all about finding vulnerabilities, what we can remediate and what can be fixed. If things can't be fixed, then we may have to look at changing the product, or find the right security tool or look for another way of preventing access.
 
Q: Does that happen often - when things can't be fixed?
 
A: No. Not really. There are times when common things are found and are quite easy to fix but sometimes there are things we find that take a bit more work and more thinking to sort out.
 
Q: You must be the only person in the organisation who's happy when they find something wrong!
 
A: Well, you're happy when you've found something because it's knowing it can be fixed! That's what's important. And remember, it's not just me. We now have several certified ethical hackers on our [security] team. 
 
There's about a dozen of us all working to make sure systems are as secure as possible. In fact, recently we've taken on four new cybersecurity apprentices, who are released to us one day each week on their way toward completing their Computer Networks and Cybersecurity Degree with University of Wales Trinity St David.
 
We all do different things from operational to compliance and design. For instance, we work with the NWIS Network team with regards to authorising firewall rule changes between us, health boards and third parties. We all work together, making sure things are secure - quietly getting on.