Stephen MacLachlan, Security Analyst in the Cyber & Security Solutions business area since 2020, uses his skills to detect and correct criticalities in computer systems. He acts as a hacker, but with the intent of improving security, rather than compromising it. In particular, at the Global Security Operation Centre (SOC) in Chieti, Stephen is responsible for providing public and private customers with “attacking” Red Team services, as opposed to the “defending” Blue Team. Specifically, such services include penetration tests, vulnerability assessments, and both dynamic and static application security testing.
As Stephen elucidates, “the main goal of these activities is to explore vulnerabilities, finding areas of risk and reporting findings back to our customers, in order to fortify their cyber security posture”. Moreover, Stephen continues, “working at the SOC allows me to share my ethical hacking knowledge with other teams that deal with Cyber Threat Intelligence, Real Time Security Monitoring and Incident Response, acquiring from them precious notions in the Blue Teaming field, which allows me to improve my Red Teaming techniques”.
Stephen’s work allows him to operate in a “virtual” environment, while having an impact on the “real” world, identifying cyber attack points in a wide range of contexts. Stephen remembers a Red Team engagement conducted for a financial institution: an activity involving the simulation of a wide range of attacks to determine the effectiveness of security monitoring and alerting capabilities, as well as weaknesses in incident response procedures.
Another example of his work was the hacking of a satellite that had actually been sent into Space. The occasion was the Hack-a-Sat 4 competition, during the DEFCON31l conference, in which Stephen represented the company alongside the Italian “mhackeroni” team, which came first.
The activities of a Security Analyst not only bring benefits to the customer, but also have positive impact on the entire sector, helping the international community to keep risk profiles for all computer systems up to date. Stephen particularly recalls the discovery, during a research activity, of two vulnerabilities recognised and categorised by the US Government’s National Institute of Standards and Technology: “for a hacker,” remarks Stephen, “detecting unknown vulnerabilities is undoubtedly the best possible result”.