May 3, 2013 in City

‘White hats’ help keep cybersecurity

Young adults finding lucrative careers
Erik Lacitis Seattle Times
 
Associated Press photo

Adam Cecchetti is one of about three dozen young people in the Seattle area who work for Internet security companies.
(Full-size photo)

SEATTLE – He’s 26, likes industrial and electronic music, has a bleached-blond Mohawk haircut and sometimes, Mikhail Davidov says, he starts his day “at the crack of noon.”

The late hours are in front of a computer, working on reverse engineering, tearing apart computer programs to find their vulnerabilities.

Sometimes he works 18 hours straight. “There are few hackers out there who are ‘morning people,’ ” Davidov said.

These days, the front lines for security don’t only include soldiers carrying weapons.

They include computer whiz kids like Davidov, who works for the Leviathan Security Group , a 20-person firm that operates out of second-floor offices in a renovated 1918 building in Seattle’s Sodo neighborhood.

Chad Thunberg, chief operating officer of Leviathan, said he can relate to Davidov, remembering his own younger days.

Thunberg is 35, married, with two children and says, “I’m considered a grandpa in my industry. There was a time when I was the Mikhail equivalent. You live and breathe security.”

Davidov is one of about three dozen young people in the Seattle area who are the “white hat” hackers who work for Internet security companies.

With this area being a high-tech hub, it’s only natural that about 10 such firms or branches of firms exist here.

Cyberattacks are costing corporations – and consumers – a lot. In a six-year span starting in 2005, data breaches in 33 countries, including the U.S., cost the firms involved more than $156 billion, says the nonprofit Digital Forensics Association.

Every second, in various parts of the world, there are 18 cybercrime victims – some 1.6 million a day – says a 2012 Norton by Symantec study.

In his State of the Union address, President Barack Obama warned, “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems.”

That makes Internet security a booming industry, at an estimated nearly $1 billion a year in 2012, says the consulting firm Frost & Sullivan.

Another white-hat hacker is Adam Cecchetti, 31, who used to work at Leviathan and then in 2010 became one of the founders of Dij’ vu Security, which operates out of a second-floor renovated loft on Capitol Hill.

Davidov and Cecchetti are on the front lines of fighting off the “black hat” hackers. Yes, that is how they describe their enemy.

The latter includes those sending out phishing emails that look like they came from a legitimate source but are fakes trying to get your passwords and credit-card information.

Or maybe they are black hats trying to compromise a company’s website just so they can boast about it in hacker circles.

For the white hats, their unique skill at finding where a program is vulnerable and how to close the digital doors that the black hats use to penetrate a website is worth $120,000 to $130,000 a year, says Thunberg.

Their clients aren’t exactly keen to publicize that they seek Internet security, says Thunberg, and that’s often written into their contracts with Leviathan. Thunberg says his company’s average contract size is for around $70,000. Citing privacy, he only says that most are Fortune 1000 companies.

For both Davidov and Cecchetti, it was a conscious, and simple, decision to become a white hat.

Says Cecchetti, “I’m not in this business to harm people, or to take grandma’s savings, or deface somebody’s website.”

There is plenty of money to be made in Internet security.

“Things are very good,” Cecchetti said about Dij’ vu, which has a staff of a dozen.

Get stories like this in a free daily email


Please keep it civil. Don't post comments that are obscene, defamatory, threatening, off-topic, an infringement of copyright or an invasion of privacy. Read our forum standards and community guidelines.

You must be logged in to post comments. Please log in here or click the comment box below for options.

comments powered by Disqus