When is ethical hacking appropriate? I was recently asked by Kaitlin Milliken of the Worcester Telegram  to comment on the growing field of ethical hacking and how it fits in with an organization’s cyber security program. Here’s an excerpt from her article:

Companies across the country — including Sudbury-based SystemExperts Corp. — have capitalized on the demand for ethical hackers and specialize in cyber security services.

SystemExperts Chief Executive Officer Jonathan G. Gossels said he takes pride in his company’s long-term relationships with clients, some spanning as long as 25 years. Customers range from the Mount Auburn Cemetery in Cambridge to JPMorgan Chase. SystemExperts tests clients’ digital defenses on a yearly basis or if there is a change in management.

Mr. Gossels and his team of nine experts determine how much security each company needs based on its size and the types information it stores. After this assessment, analysts look for potential risks, using techniques that include ethical hacking.

“Everyone needs to do it,” Mr. Gossels said. “It’s like an annual physical.”

SystemExperts’ tests fall into two phases. First, analysts conduct “Internet Exposure Profiles,” focusing on vulnerabilities in a company’s firewall. The test aims to strengthen the digital filter that distinguishes benign web traffic from malicious hacking attempts.

The second assessment, referred to as “Application Vulnerability Testing,” determines the risk of internal hacking. At this stage, specialists ensure that users within the company cannot change their online privileges and gain access to sensitive information, including customer credit card and Social Security numbers.

“There’s a lot of money invested in programs [for the tests], but the most expensive part is having smart people who use them,” Mr. Gossels said.

According to Mr. Gossels, running these tests takes three to five days. While programs scan the computer networks, analysts convert pages of raw data into tangible security suggestions before sending reports to clients.

Although the company has historically looked for employees with years of experience, SystemExperts hired its first recent graduate last year from Pennsylvania State University. Mr. Gossels has also created internships for students with interest in cyber security.

Click here to read the full article.