A few weeks ago, the University of Virginia (UVA) published a Q&A article with MetaCTF Founder and UVA grad Roman Bohuk in their alumni publication UVAToday.
Bohuk shared some insights that are relevant to anyone curious about the cybersecurity space, which we have highlighted below. You can read the whole article here.
Teach engineers to think like hackers
Asked about how MetaCTF helps clients learn cybersecurity skills, Bohuk described how teaching employees to “think like hackers” is the key to keeping your organization secure.
“In order to secure something or write secure code, you have to know how a system works at every level and how the different moving parts work together. One of the best ways to learn that is by breaking that system. Participants are expected to research and use the internet to solve these challenges. Sometimes, we mimic the services developed by that company and have participants find and exploit flaws in that. We help developers and employees think as ‘hackers.’
As opposed to presentations and videos, our trainings are completely hands-on, and they simulate real-world scenarios. They often have a competitive element, which makes it very engaging. For example, instead of warning web developers about the dangers of SQL [structured query language] injection, we create a website that is vulnerable by design and ask them to break into it themselves.”
Don’t wait until you product is built to think about cybersecurity
Asked about the biggest misconceptions regarding cybersecurity, Bohuk raised the need to incorporate a security mindset into the entire product development process.
“It seems that many people think that cybersecurity is just something that you can add on at the end after a product is already created. We want to help create a digital world that is secure by design.
There are some basic vulnerabilities out there, like cross-site scripting and SQL injection, that everyone has probably heard about over a hundred times. Despite that, they’re still extremely common, and many websites are less secure than people think. Computer science and programming are very hot topics right now, and many people start working in the field and developing applications and creating software without learning any basics of cybersecurity.”
Have a plan to respond to security breaches (including Russian cyberattacks)
Asked about President Biden’s push for businesses to prepare for possible Russian cyberattacks, Bohuk described the importance of considering your incident response options before an attack occurs:
“Small businesses, who often cannot afford a dedicated cybersecurity staff, are just as good of a target as any big corporation. Many technical employees lack sufficient cybersecurity training, and I am still regularly surprised by stumbling on rudimentary vulnerabilities in random public websites.
There is a common saying that it’s a matter of when you get hacked, not if. Having a good incident response plan in place is just as important.”
Want to learn more about how MetaCTF trainings can keep your organization secure? Schedule a demo here or contact us!
Head of Business Development