by Kaitlin Milliken, Correspondent, Worcester Telegram, July 16, 2017

WORCESTER – Students participating in Worcester Polytechnic Institute’s Cyber Security Club stare at their laptop screens, typing long lines of code.

They hope to find vulnerabilities in software and hack into a computer system. Each task they complete earns points.

Alex Gaines, president of the club, anticipates these weekend-long hacking competitions throughout the year.

“There’s no sleep involved,” he said. “It’s fueled completely by pizza and Mountain Dew.”

Mr. Gaines hopes to take his skills from WPI’s cyber security events into the workplace after graduation. One possibility: the growing field of ethical hacking.

Unlike cybercriminals, ethical hackers intentionally break into companies’ computer networks and report the vulnerabilities they discover. Businesses can then make changes to prevent future security liabilities.

As more information becomes digital, hacking becomes a greater threat. In 2016, more than 188,000 residents in Massachusetts were affected by a digital security breach, according to the Massachusetts Office of Consumer Affairs and Business Regulations. To reduce the likelihood of a data breach, companies increasingly rely on cyber security defenses, creating an increased demand for ethical hackers.

According to Randstad Technologies, an international company with locations in Woburn, 46 percent of internet technology executives name security as a focus for this year. Randstad’s Hot Jobs Report shows a 15 percent growth in cyber positions during 2016.

“We’re seeing tremendous growth [in the cyber security industry],” said Michael Berlin, a representative from Randstad. “It’s almost double digits every single year.”

However, the demand for specialists eclipses the supply of ethical hackers. As a result, security experts can command high pay and lucrative benefits. The median salary for a security engineer is $129,000 annually.

“The opportunity … is bigger than it’s ever been,” Mr. Berlin said. “We see cases where employees are starting to eclipse management salaries.”

Companies across the country — including Sudbury-based SystemExperts Corp. — have capitalized on the demand for ethical hackers and specialize in cyber security services.

SystemExperts Chief Executive Officer Jonathan G. Gossels said he takes pride in his company’s long-term relationships with clients, some spanning as long as 25 years. Customers range from the Mount Auburn Cemetery in Cambridge to JPMorgan Chase. SystemExperts tests clients’ digital defenses on a yearly basis or if there is a change in management.

Mr. Gossels and his team of nine experts determine how much security each company needs based on its size and the types information it stores. After this assessment, analysts look for potential risks, using techniques that include ethical hacking.

“Everyone needs to do it,” Mr. Gossels said. “It’s like an annual physical.”

SystemExperts’ tests fall into two phases. First, analysts conduct “Internet Exposure Profiles,” focusing on vulnerabilities in a company’s firewall. The test aims to strengthen the digital filter that distinguishes benign web traffic from malicious hacking attempts.

The second assessment, referred to as “Application Vulnerability Testing,” determines the risk of internal hacking. At this stage, specialists ensure that users within the company cannot change their online privileges and gain access to sensitive information, including customer credit card and Social Security numbers.

“There’s a lot of money invested in programs [for the tests], but the most expensive part is having smart people who use them,” Mr. Gossels said.

According to Mr. Gossels, running these tests takes three to five days. While programs scan the computer networks, analysts convert pages of raw data into tangible security suggestions before sending reports to clients.

Although the company has historically looked for employees with years of experience, SystemExperts hired its first recent graduate last year from Pennsylvania State University. Mr. Gossels has also created internships for students with interest in cyber security.

Outside of specialty groups, companies of all sizes that store personal information online employ cyber security experts.

Middlesex Savings Bank of Natick, which operates a branch in Southboro and a commercial office in Westboro, has an in-house technology team. While employees fix day-to-day computer issues, they also focus on keeping digital data private. They work with security consulting firms to test their network’s defenses. The team then makes changes based on the results.

Michael Sundberg, bank vice president-information technology program assurance, says ethical hacking helps build multiple layers of safeguards to keep customers’ banking information safe.

o fill ethical hacking positions, businesses may provide training for less skilled analysts. Specialized courses allow junior employees to become certified in ethical hacking and penetration testing. Companies also reach out to those who have enrolled in comparable educational programs during their time in school.

WPI offers cyber security classes to its students. The department celebrated its 20th anniversary last year.

“We teach people both sides: how to defend … and how to think like an attacker,” said Thomas Eisenbarth, an associate professor of electrical engineering.

Mr. Eisenbarth teaches Introduction to Cryptography and Communications Security, a class that focuses on protecting digital information. He said the course is full most semesters.

While hacking can create valuable job prospects, students could abuse their skills. To prevent the misuse of hacking techniques, cyber security courses require members to sign an ethical hacking agreement. The document specifies that students can only to practice hacking on class related activities, prohibiting unmonitored activity.

Undergraduates at WPI can enroll in digital security courses, and graduate students can pursue a master’s degree in computer science with an emphasis in cyber security. According to Mr. Eisenbarth, graduates with an ethical hacking background will help meet the demand in the job market.

“Increasingly, our lives are online,” Mr. Eisenbarth said. “Transactions are digital and we need more security.”

http://www.telegram.com/news/20170716/ethical-hacking-at-wpi-search-for-computer-vulnerabilities