Security Companies Hire Hackers, Ex-Spies To Fight Cyber Attacks
April 20, 2015 | Business Crime
Cybersecurity companies have hired hundreds of ex-government sleuths in recent years, capitalizing on the boom in business caused by hackers who stole more than 1 billion records in attacks last year.
It's a seller's market for the cyber war's special forces.
Just ask Scott Davies, 30, who left a career snooping on Australia's enemies in December for a similar gig at FireEye Inc. Or Brian Varner, 35, who swapped a job with the U.S. Department of Defense breaking into networks in the Middle East and other hot zones to be a security engineer at Symantec Corp.
"I have a blank canvas to paint whatever I want," says Varner, exulting at the lack of bureaucracy, not to mention his ability to work remotely from Florida.
The former spies, cyber-warriors and government-groomed hackers are becoming the cornerstone of the cybersecurity services industry, which is projected to bring in more than $48 billion in revenue next year, up 41 percent from 2012, according to Gartner Inc.
"The people coming out of the military and the intelligence community are really, really good," says Nir Zuk, co-founder of Palo Alto Networks Inc. and himself a former Israeli army computer hacker. "They know the attackers. They know how they work."
FireEye has hired more than 100 ex-government hackers since 2013, part of an international expansion that has cost more than $1 billion, according to Chief Executive Officer Dave DeWalt. Symantec has increased the size of its security services division by almost a third, to 500 people, in the past year.
Even smaller companies are snagging top talent. Lacoon Mobile Security, a mobile-security startup that Check Point Software Technologies Ltd. agreed to buy this month, has hired 15 people from Israel's Unit 8200, said Michael Shaulov, a Lacoon co-founder who, like Zuk, served in the Israeli military's computer-hacking group. The hires usually had five to eight competing offers and each earned more than $100,000 straight out of the armed services, Shaulov said.
"There's a bit of a run on security talent," said Rob Owens, an analyst at Pacific Crest Securities in Portland, Oregon, who has covered the industry for almost 20 years.
While CVs that include government hacking can supercharge careers, they're not a guarantee of safety -- or an easy fit in corporate America.
Bloomberg reported in February that JPMorgan Chase & Co. has put two former Air Force colonels in its cybersecurity division and that they clashed with the FBI, Secret Service and some members of their own staff about their insistence that Russia's intelligence services were behind a hacking attack on the bank last year. Law enforcement has determined the attack was the work of ordinary cyber-criminals, and insiders said the clash was an example of how military training can cause some to see state-sponsored attacks where there are none.
At Palo Alto Networks, one of Zuk's recent hires was Chief Security Officer Rick Howard, who spent more than two decades in the U.S. Army. He last served as chief of the computer emergency response team before entering the private sector. The $1 billion FireEye has spent on expansion is on top of the 2013 acquisition of Mandiant, a data-breach investigations company, which was founded by former Air Force special agent Kevin Mandia. That deal was valued at $1.05 billion.
Some investors have been leery of the costs of the added headcount.
FireEye spends 48 percent of revenue on research and development, the highest ratio of any of the 31 companies in the ISE Cyber Security Index, according to data compiled by Bloomberg. The index average is 18 percent.
While FireEye's shares fell from a high of $95.63 in March of last year to a low of $25.76 in October, in large part because of concerns about spending, the stock is up more than 30 percent this year amid signs that DeWalt's pitch to investors is gaining some traction.
"The costs are so much bigger now for the security industry than they ever were -- the threat landscape has changed so much," DeWalt said. "You can't just have a product. You need the people to match it. There's no shiny bullet that does it all."
The Investigators have skilled staff availible to carry out pentests.
A penetration test, occasionally called a pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorised means of accessing the organisation's systems) and malicious insiders (who have some level of authorised access).
The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.
This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
Security issues uncovered through the penetration test are presented to the system's owner. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.
Penetration tests are valuable for several reasons:
- Determining the feasibility of a particular set of attack vectors
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology
Penetration tests are a component of a full security audit.
For a no obligation and confidential discussion, call us on 0800 747 633, or email us by clicking here.
