For our March issue, Certified Ethical Hacker Paul Debogorski, who handles companies’ and individuals’ cybersecurity needs from Martin to Broward counties from his home base in Jupiter, discussed a wide range of topics, from the way viruses commonly spread to how he does his job. Here are some extra insights from our conversation.
On working for himself versus for the government: I prefer running my own company for a lot of reasons. With the government … sometimes the biggest hurdle is time. There’s a running joke in the government that just to get permission to use the bathroom takes three congressional hearings and a presidential order. So you can imagine how difficult it would be just to get a simple thing done with forensics or cybersecurity, or even just purchasing hardware.
On legal cases with which he has been involved: There have been a couple times. I haven’t gone to testify in court as of yet, but there was a divorce case. Each side was accusing the other of some untoward things. I was given the family’s iPad to examine to see what was true, what was not. I did my examination, and as a result of that, the father was granted full custody of the kids and was given alimony. It was proven that his allegations were the ones that were correct, whereas his ex-wife’s allegations were frivolous, and she was just trying to deflect from all the things that she was doing.
On being a “Certified Ethical Hacker”: It’s using the exact same tools, tactics, software and hardware that a real hacker would use, except that in the case of an ethical hacker—or a white hat hacker—it’s used to protect businesses. One of the ways we do that is through a penetration test, where company X will hire me and say, OK, we need to assess just how strong our systems are against hacking. With their permission ahead of time, I do everything a real hacker would to try to break into their systems from the outside. Once I’m done, I give them a report, usually 500 or 600 pages of information that says, here’s how I got in, here are the weaknesses in your system, and here’s how to fix them.
On the necessity of companies to hire experts like him: I look at it this way: I’m an IT guy. I do cybersecurity work and forensics work because that’s my expertise. Whereas I am in no way qualified to be a doctor or an engineer. I go to the people that know what they’re doing—going to the doctors or the contractors to do that work—and the same would be for most small businesses. While they may be excellent in their field, they might not necessarily have anybody on staff who has any kind of IT expertise. So that’s why they need someone like myself to come in and do the work for them.
On the hacking collective Anonymous: I kind of have a love-hate relationship with Anonymous, because, granted, they don’t have certifications; they don’t necessarily have the permission of the company, which in a lot of states in and of itself makes that activity illegal. The fact that they generally go against people doing illegal things, that’s why I feel so conflicted about them. On the one hand, they’re helping the little guy against something illegal that’s happening. On the other hand, they themselves are committing illegal acts, by and large, by doing this without the permission of the company or organization.
On the possibility of cyberweapons triggering a future world war: I believe it, because of how interconnected the world is. If it has a connection to the internet, it can be broken into—somehow, someway. That’s why I’ve been a big advocate of telling companies that having one single thing protecting your system is generally a bad idea, because that’s a single point of failure.