I am an author and academic. My goal is to teach a million people about cybersecurity and help us to envision a more connected future. I first got interested in hacking when I was in my 20s. I had tried to start a company for a third-party video game market, but the website got hacked. I thought: "This is really destructive. I need to know how to counteract this."
There are financial auditors, and we need auditors for technology, too. That's what ethical hacking is. We go in, perform an audit and check how secure the technology systems are. There are companies that can be hired to perform this service. They're called "red teams" and they provide reports on what clients need to fix to improve their cybersecurity. Another approach is to use an internal team for testing and monitoring — these are called "blue teams." Here, at the University of Virginia, we use a combination of both. We're a large university with several buildings and a hospital. There's a lot of infrastructure we need to protect.
There's a third approach, but, in some ways, I think it exploits the community. It's called a "bug bounty program." Essentially, a company announces that anybody may try to break into their system, and they'll pay a fee if any of the bounty hunters is successful. Bug bounties can be up to hundreds of thousands of dollars, and there's also a black market for this.
At the same time, what I think is beautiful about this field is that the tools are accessible to everyone. Certain things might be difficult to discover, but the tools are easy to use.
Today, given the choice between not having water and not having WiFi for a day, many people might choose to go without water. There's a dependence on technology for productivity — in the development of smart cities, for example. If you lose parts of a smart city to hackers, you could lose the WiFi and the water.
Recently, a man wrote to me. He'd stumbled across my book in Barnes & Noble. He was working in pest control but looking for a career change. Now, he's a member of the cybersecurity community. I think, if we find more people who are interested in hacking for benevolent reasons, we'll start to have a more positive impact.