Ethical Hackers

Working in the field of cybersecurity, Wayne Nordstrom wears many hats. He is a network engineer, a network security architect, and a Linux security engineer. One of the roles that Wayne Nordstrom fulfills is that of an ethical hacker.

An ethical hacker breaks into or tries to break into the digital network of an organization. The difference between ethical hackers and other hackers is that ethical hackers do this legally with the goal of ensuring that an organization’s network is secure. Another difference between hacking and ethical hacking is the reporting requirements. Ethical hackers give feedback to the organization on the result of their attempts to breach network security. Part of the job of an ethical hacker is keeping up with the latest technologies and hacking techniques to ensure that they mimic the tool set and skill set of malicious hackers.

The first thing an ethical hacker does is define the goal of the hacking activity or penetration testing activity. The scope of the testing or the specific network components involved is also defined. The analysis of the target is then begun. During this phase the ethical hacker gleans as much information about the network and allied technologies as they can, information such as IP addresses, ports, OS types and versions, and so forth. The ethical hacker then begins the break-in phase and attempts to defeat the network’s security protocols. If successful, the hacker accomplishes the defined goal and creates a report about the network’s vulnerabilities, along with recommendations on how to strengthen the network.

Cloud Jacking and Multifactor Authentication Defenses

Working toward a BS at the University of Maryland, Wayne Nordstrom is an IT engineering specialist studying networks and cybersecurity. Wayne Nordstrom is interested in emergent technology threats, including cloud jacking.

Driven by the reliance on cloud computing, cloud jacking typically involves misconfiguration and is conducted via code injection. Such attacks can be introduced directly into the cloud platform’s code through SQL injection or third-party libraries using cross-site scripting. When users unknowingly download and execute the maliciously injected code, hackers are given various levels of control, including eavesdropping and the modification of sensitive data and files that have been placed in cloud storage.

One cloud-jacking safeguard that companies should take is multifactor authentication (MFA), which goes beyond simple passwords/PINs to require an additional factor, such as token, device, fingerprint, or facial scan. Companies are also setting up MFA with continuous authentication, which helps ensure that the same person who was first authenticated and identified at the gate continues to be the person using the system. 

What is Penetration Testing?

Wayne Nordstrom is an experienced cybersecurity engineer and consultant with multiple technical skills and qualifications. During the course of his career, he has focused on carrying out system security assessments for various IT systems. A former senior network and applications security engineer at CVS Health, Wayne Nordstrom has skills in penetration testing.

Penetration testing, also known as a pen test, is a security drill where cybersecurity experts simulate a cyberattack in order to identify and exploit system vulnerabilities. The aim of a simulated attack is to point out weak areas in a system that attackers could capitalize on so that businesses proactively address them in good time before hackers attack. Previously, it was difficult for hackers to penetrate systems as it required a lot of time and skill but technological advances have, in recent times, made it simpler for intruders to compromise systems.

Penetration testing varies from one organization to another depending on what needs to be assessed during the security exercise. This test often includes all major components of a system including networks, physical security modules, applications, and devices.

To achieve the best results, penetration testing should be done by someone who doesn’t have prior knowledge of system security configurations, preferably ethical hackers. These are external contractors hired and authorized by a company to hack into their system as part of efforts to boost system security. They possess excellent technical skills that make them best placed to discover areas that system developers could have missed out when they were developing the system.

 

Microsoft's System Center Configuration Manager - IT Applications

Holding an associate degree in cybersecurity, Wayne Nordstrom is proceeding to pursue a BS in Networking and Cybersecurity at the University of Maryland. For three years, Wayne Nordstrom served as a senior desktop engineer with Suffolk University. In that role, he managed academic computing labs and also helped the institution develop Microsoft's SCCM tools for the installation and configuration of software and operating systems.

Microsoft System Center component products are available as bundled suites, and each requires a separate license. Microsoft System Center Management Licenses provide users with permission to install and execute management server components. Management Licenses (MLs), in accordance with Microsoft's licensing terms, allow users to run a product in one operating system environment (OSE) with one server. Among the System Center products are System Center Configuration Manager SCCM, System Center Virtual Machine Manager SCVMM, System Center Service Manager SCSM, and Data Protection Manager DPM.

A client-focused tool, SCCM enables the centralization of administrative actions such as software updating and deployment in a scalable and secure manner. The product provides real-time actions on-premises on internet-based devices (including desktops and laptops) with the aid of cloud-powered analytics. It also enables the review and management of compliance settings. 

ISACA Launches Foundation to Expand Diversity in Cybersecurity

Cybersecurity expert Wayne Nordstrom is currently pursuing a degree in networks and cybersecurity at the University of Maryland’s Global Campus. Wayne Nordstrom is also a member of ISACA, an international association that focuses on IT governance.

In July 2020, ISACA launched One in Tech, a philanthropic foundation aimed at increasing diversity in the tech scene. Driven by the belief that technology can even the playing field for the most underserved populations, One in Tech will focus on democratizing IT skills by equipping people in underserved regions with the resources they need to participate in the digital future.

To achieve its goals, One in Tech will run three programs: Young Leaders in Tech, SheLeadsTech, and WeLeadTech. Young Leaders in Tech will teach programming to underrepresented students from kindergarten through grade 12 and encourage them to pursue careers in cybersecurity. SheLeadsTech will provide women with educational, mentorship, and networking opportunities in technology field, enabling them to advance their cybersecurity careers. Lastly, WeLeadTech will focus on minority populations who face systemized obstacles preventing them from entering the cybersecurity field. The foundation will partner with leading tech companies to open up opportunities for these groups.

In all three programs, One in Tech will depend largely on partnerships with other organizations, such as colleges, community groups, schools that run after-school programs, and corporations.