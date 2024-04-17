



Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security companies, government agencies, innovative startups, and Fortune 500 companies. She is the founder of BSidesTLV and Leading Cyber ​​Ladies and a researcher at Tel Aviv University.

In this Help Net Security interview, she talks about the hacker mindset and how it affects cybersecurity. She explores the importance of ethical hacking in her cybersecurity strategy and highlights the role of bug bounty programs in strengthening cyber defenses and fostering innovation within technical teams.

In your experience, what are the key characteristics that make someone good at identifying and preventing cyber threats?

I believe the best analysts are those who exhibit a unique blend of paranoia and creativity. This truly intuitive ability connects the dots between seemingly unrelated events, allowing you to see one anomaly and understand it in the context of a larger scenario of a potential breach. Simply put, if you're always asking questions and imagining the unimaginable, cybersecurity is a great career choice.

How important are ethical hacking skills in modern cybersecurity strategies?

I like to call friendly hackers the internet's immune system. Hackers have an uncanny ability to think in unexpected ways and identify and find loopholes faster than anyone else. One of the topics that I have focused my research efforts on since 2014 is the increasing adoption of bug bounty programs.

We all know that in the Wild West, sheriffs could offer bounties for help finding the bad guys. In our day and age, bug bounty programs (vulnerability disclosure/reward programs) are used by companies like Intel, Microsoft, Google, Apple, and Meta to reward hackers who discover bugs and design flaws in their software. Here's how to do it. – Funded companies with top-level engineers failed to participate in their own security reviews.

Dozens of Fortune 500* companies have implemented such programs, harnessing the power of friendly hackers as an external element of their cyber defense strategies. I hope more companies will put this into practice!

* (In 2024, 17 of the top 50 companies on the Forbes 500 list have bug bounty programs, primarily those in the technology and communications sectors.)

How does a hacker mindset drive innovation within technical teams, especially in software development and data science?

The hacker mindset has a healthy disregard for limitations. I enjoy challenging the status quo and approaching problems with a what-if mindset: “What if a malicious attacker did this?” Or, what if we look at data security from a different angle? This has led technical teams to think outside the code and explore more unconventional solutions.

Essentially, hacking is creating new technology or using existing technology in unexpected ways. It's about curiosity, the pursuit of knowledge, and the question of what else can I do with this? I can relate this to movies like The Matrix. It's about not accepting reality as a “read-only” situation. It's about changing technical realities, knowing which software elements can be manipulated, modified, or completely rewritten.

How does fostering a culture of curiosity and continuous learning impact an organization's success, especially in technology?

Curiosity is one of the most important factors that fosters growth. Organizations with a “question everything” attitude are the first to adapt to new threats. First, seize the opportunity. and finally becomes obsolete. To me, the ideal organization is a technology-driven playground that encourages experimentation and celebrates failure as progress.

What advice would you give educators to help students explore and excel in technology and cybersecurity?

Pink Floyd famously said, “Hey, teacher, leave the children alone.” Educators should embrace students' natural desire to be free and encourage them to hack, tinker, and break things (legally, of course). Then give students room to reconstruct, but don't hand them over the answer. However, decisive innovation is required.

We'll guide you through the troubleshooting process, help you analyze your mistakes, and help you find creative solutions to solve your problems. Let's have fun! Cybersecurity doesn't have to be dire.

Teach your students how to use their skills to create great things and make the world a better place. I believe that the most important thing teachers can do for their students is to provide them with a moral compass, a guide to how and why to use their skills for good.

