Rudi Dicks is a Senior Cyber Security specialist at BDO’s Forensics and Cyber Lab, and spends his days hacking companies.
Dicks is an experienced ethical hacker, with an array of qualifications, who specialises in offensive security, penetration testing, and vulnerability assessment.
Offensive security involves the testing of cybersecurity systems with the owner’s permission, and requires a set of skills ranging from development and network security to social engineering.
Becoming a hacker
Dicks said he developed his hacking skills in high school before progressing to network security.
“Cyber has always been my passion. I started experimenting with hacking and cybersecurity in high school and then went into networking and began looking after security for clients,” said Dicks.
Dicks went on to complete a number of cybersecurity-related certifications, including Certified Ethical Hacker and Offensive Security Certified Professional qualifications.
The examination for the security certification requires the entrant to connect to a VPN and hack into five virtual machines within 24 hours – without prior knowledge of the system.
His other qualifications include: CompTIA A+; CompTIA Security+; Microsoft Certified Systems Engineer; and Cisco Certified Network Associate.
Dicks said cybersecurity professionals can come from any background and feature a variety of specialised qualifications.
He said the most important thing is to have a passion for the field.
“People who are good at what we do love their work, and often play mini-games to break into virtual machines in their spare time,” he said.
“Problem solving and critical thinking are critical skills in the cybersecurity field, and you have to enjoy solving puzzles and being challenged.”
Unlike malicious hackers, Dicks uses his skills to assist companies in keeping their security up to date and helps them protect against cyberattacks.
This involves training, administration, risk assessments, and penetration testing.
Dicks has over 15 years of experience in network design and server administration, and has conducted penetration tests for multiple top 100 companies.
He regularly tests the security of a company with the client’s permission, but without staff receiving knowledge of the active penetration testing.
This simulates a real cyberattack and allows the company to identify and fix any vulnerabilities or weak points in its security.
Interesting projects Dicks has worked on include a penetration test for an international financial institution.
Dicks said although the institution had serious security systems in place, they incorrectly assumed that if a website has a folder or page not directly accessible, it cannot be accessed by other means.
Dicks stumbled into the company’s ATM login system using this exploit, and was able to tap into its live data.
“We sat in real-time and watched people drawing money,” he said.
“We could see live information such as balances, withdrawal and deposit amounts, and credentials, although some sensitive information was blacked out and remained inaccessible.”
Dicks said the deck is often stacked in favour of the attacker in these situations, which makes penetration tests an important part of cybersecurity – as it helps to define possible attack vectors.