80s Gamer to Hacker: Our Cyber Security Master
“I started with the ZX Spectrum and Commodore 64. I was always into computers - starting with computer games.”
An 8-year-old gamer, turned developer, turned hacker, turned cyber-security master: Meet Justin Atkins, Webexpenses’ Head of Security, Infrastructure and Architecture.
“When I was young, I watched the movie ‘War Games’. Back then, they never used to have firewalls: They had mainframes directly connected to modems,” Justin recalled.
The premise of ‘War Games’ was something called wardialing: “A single wardialing call would involve calling an unknown number, and waiting for one or two rings, since answering computers usually pick up on the first ring. If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If a human or answering machine answers, the wardialer program hangs up.”
Once it’s been determined that the number reached a mainframe computer, the information could be used to gain access to the entire system.
Watching as a child, Justin thought it was cool that you could sit at your computer at home and affect events around the world. “To me, back then, the hackers were super cool. I didn’t have any idea how to do what they do. Now, looking back at it, what they were doing was so simple,” he said, recalling how as a child he didn’t think what they were doing was actually possible.
A tech novice
After springing an initial fascination with computers, the passion grew when Justin’s dad bought him his first personal computer in the late 1980s. The Amstrad PC2086/30:
Fast forward to the 1990s. It was for university for Justin, but computer programming and digital studies weren’t anywhere near where they are today - and many had to learn at home or on the job.
So when it was time for further education, Justin studied Pure Mathematics, Physics, and Psychology.
Then, when a local company was looking for a junior developer during the 90s tech boom, Justin took the role. He began rewriting HR systems from the now-defunct FoxPro into the then-new language Borland Delphi using client-server databases.
From there, Justin began to work his way up. He was promoted to Senior Developer, then Technical Supervisor. When that company was acquired, Justin was promoted to Principal Developer. In the new role, Justin began to develop his skills regarding code, strategy, R&D, and systems architecture.
In order to create secure systems, Justin became a hacker... a Certified Ethical Hacker. Learning how ‘bad guys’ break into systems to understand system vulnerabilities.
“The best way to create a system with a solid defence is to understand the offensive game,” according to Justin.
Computer hacking “is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose.” So by understanding system weaknesses, Justin could write, advise and evangelise defensive code.
It was around this time in the first decade of the new millennium that the Internet was really starting to take off. Everything was moving online. Hackers were busy hacking.
And this meant that ethical hackers were needed to build defensive systems.
And because vulnerabilities are created in software, and companies are always creating new software, vulnerabilities became an ever-present risk.
Around this time, Justin was working as a Principle Developer for a leading HR software when an old colleague reached out to see if he could look into the infrastructure of a newly acquired expense system called Webexpenses.
“If Architecture is designing a record player, infrastructure is the record player,” explained Justin.
His task was to make sure that the ‘record player’ was keeping data secure (away from hackers) and that the integrity (blocking data alterations) of the information remained intact. Among other system needs, like resilience and scalability.
Today, Justin continues to keep Webexpenses and clients' data secure, integral and available. He is a big believer in getting the basics of security right. "Cybercriminals want a maximum return for as little effort as possible and therefore target the common mistakes organizations make. Default or simple passwords, password reuse, poor security awareness, and lack of backups, are to name a few. You can protect yourselves against most threats by simply doing the basics of security right."
Advice for cybersecurity newcomers
“If you like problem-solving, puzzles, and adversarial resolutions, then cybersecurity might be for you,” Justin advised. “What makes a good security person is, essentially, beating the bad guys. If you get your kicks out of stopping the bad guy, then that’s a good move.”
While it didn’t exist when he was getting started, there are now degrees in cybersecurity. So if you think you might be interested in it, he recommended you try some hacking.
Justin’s final pieces of advice for anyone interested in cybersecurity?
“Never stop learning. Cybersecurity is not a destination; it’s a journey. I’m always learning: In 2017, I got my CISSP certification - you live it and breathe it - and I use it every day. Because hackers may find a new vulnerability, we need to keep learning in order to stay a step ahead.”
“But if you want to be a hero, that’s not going to happen. It’s a thankless task because most of the time people don’t even know you’ve stopped 15 hacks in a day through your actions.” Justin laughed. “So I think it takes a certain mindset to do it.”