I’m an ethical hacker

In recent years, the explosion of digital technologies has considerably increased the number of new web and mobile applications and, more recently, IoT. The probability of discovering security breaches is therefore higher. Elias, pentester at Orange Cyberdefense, acts as a hacker in order to identify them.

Can you explain what you do at Orange?

I evaluate the security level of companies web and mobile applications. For this, I carry out penetration tests which consist in acting as a hacker in order to identify weaknesses (vulnerabilities) and provide recommendations to fix them before being exploited by malicious hackers. In other words, I am an ethical hacker. These audits are performed remotely, or within the customer’s premises when the systems are only accessible from the internal network. Most of the time, I perform the tests before the websites or apps are launched, but I also audit systems that have already been breached to understand how it has happened and how to prevent it from happening again.

What has been your career path towards this role? 

I am an IT engineer with a computer security specialization. It’s a passion, and most of my security knowledge comes from online research. There are many websites dedicated to penetration tests. They offer challenges which consist in hacking virtual environments by finding and exploiting vulnerabilities and extract proofs of intrusion. I naturally became an IT security auditor a little more than 4 years ago. 

What are the 3 skills you need for your role? 

You need to have good technical knowledge in networks, security and IT development. You also need to be thorough because it’s a very methodical job which requires you to make sure to have carried out all the necessary tests and taken all of the evidence of the found flaws. But also dedication, because it’s not uncommon to spend several hours finding a vulnerability.

If you wanted to attract someone to the same job as you, what are the 3 points you would highlight?

Hacking systems to find entry points is a continuous and exciting challenge. The results are immediate and rewarding as we help customers protecting their systems. Sometimes we even discover that companies are been spied on for years! We work across various environments and regularly discover new technologies, which we need to learn about. Technology surveillance is an integral part of this job. Each new mission is a new challenge. What more could you ask for!