In cyber warfare, like in chess, the game outcome is not determined by a single exploit (or move), but rather by a patient silent-predator strategy.
The same can be said of hackers sniffing a corporation’s many interfaces until they have an “in”.
When a hacker further exploits the corporation without detection – till it’s “checkmate” and Doomsday arrives. Suddenly the company makes headlines with its data leaks and everyone gets busy with damage control and corporate reputation PR, millions in equity and funds are lost, and sadly, a few executives lose their jobs as well.
I learned how to think like a hacker from my uncle, Vladimir Liberzon.
Vladimir was a Russian and Israeli chess grandmaster. At his prime, he was a chess force to be reckoned with, practicing disciplined moves and strategies that made their way into chess textbooks. His skill made him one of the most consistent performers of his time in Russia, Europe and Israel.
What I absorbed in my youth from “Uncle Vladimir”, as we called him, I took not only to the chessboard hobby but also to life and my greatest passion — Cyber Warfare. It is amazing to see the parallel lines we can draw between these two mind-battlefields. I saw that by anticipating the opponent’s moves, multiple steps ahead, I could be on both the defense and offense to protect my pieces and wipe out all of his, to win the game.
With this insight I founded Pcysys. My objective was to give every CSO his own “grandmaster” of cyber in the form of intelligent penetration testing software. The ability to perform machine-based pen testing, that continuously thinks and acts as hackers do, is the best way to make sure that corporations have their cyber defense line as tight and strong as it can be. Defense lines must adapt to threats at the same pace as hacking techniques advance.
The fact is that today more than 95% of cyber technology expense is invested in defense technology, which does not have the ability to evolve and align that defense with a hacker’s perspective in mind, one that takes into account multi-step attack “vectors” or “kill chains” rather than just desperate vulnerabilities.
Whether we like it or not, it’s a two sided game that we’re managing day in and day out thinking a few steps ahead. Software and AI are the key to giving corporations the upper hand.
For those who want the full story of this grandmaster, read more about him here: Wiki
And if you can see how your corporation could use a grandmaster to protect against cyber warfare, please drop me a note to firstname.lastname@example.org.
Arik Liberzon, led an elite cyber warfare group at the Israeli Defense Force’s computer service directorate. His group was responsible for penetration testing strategic asset networks and national mission-critical systems. Following a decade of mastering the penetration testing profession, Liberzon applied his mastership of ethical hacking in software and together with serial IT entrepreneur Arik Feingold, founded Pcysys in 2015.
Liberzon holds a B.Sc in Aerospace Engineering from the Technion Institute of Technology, a Masters Degree in Finance from Ben-Gurion University and an MBA from Tel Aviv University.
Co-founder & CTO
How we improved our QA with Shift-Left testing
This article is part of Pentera’s Engineering Series – a behind-the-scenes look at the technologies we develop to keep companies secure. In this piece, we look at the testing processes that we use to QA our platform and deliver a high-quality solution. It almost goes without saying that testing is a critical part of the...
Five steps to mitigate the risk of credential exposure
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft. While CISOs are aware of growing identity threats and have multiple tools in their...
WiFi – The Untested Attack Surface
Much of a company’s assets are connected to Wi-Fi networks. However, security teams are often less likely to validate these networks. This pushed us to wonder what we might find if we were to test a corporate WiFi network. After running the Pentera platform™️ over Wi-Fi, we found several vulnerabilities, which helped us gain insight...