Now a spy, actor and hacker, Andrew took a 180 degree turn leaving a career as a Bar Manager to study Computer Systems Engineering at Chisholm. After a year, he switched to Cyber Security and a world of new adventures opened up, to the point that he doesn’t know who he will be tomorrow.
‘Although I liked working in hospitality, I thought that I needed to do more. After seeing customers drunk, I thought there’s more I can do with my life than assist people to drink.’
‘As a mature student, I enrolled at Chisholm, with an interest in computers, but it was by chance that I stumbled on cyber security, and have not looked back.’
Andrew completed a work placement program offered through Chisholm with Cyber Security Company, Ctrl I.T. After work experience, he gained employment as a Social Engineer and Penetration Tester. Today, Andrew and his employer are paid to test the security of large organisations.
‘10 billion dollars worldwide is lost due to cyber-crime’ says Andrew.
He sets out to test security with a brief from organisations and range of targets or flags.
‘Companies hire us to test their security; we test the financial systems largely, especially if huge sums of money are moving around.’
‘I plan an attack by researching the organisation, the staff, review social media profiles, watch for patterns, and put together attack tactics.’
‘People think that hacking involves cyber-attack only, but as a Social Engineer and Penetration Tester, hacking is also conducted over the phone and in person.’
‘Sometimes, I’m “the man from head office”, or “the photocopier guy”, “the man from I.T.” or “the tradie.”
‘When I physically go into a company, the first thing I do is blend in, go to the kitchen, make a cup of tea and after becoming familiar, I move out to hack computers when someone leaves their desk from there.’
‘Before leaving, I take photographic evidence of the hack because without evidence, it didn’t happen.’
A report with actions for follow up is the final output. So, there is an upside to this. If organisations are better prepared for cyber and human attack, inform staff with increased security measures, then it becomes a safer place.