What does cybersecurity look like to you? Do you see a cold, robotic engineer performing a quarterly pen test in your conference room? Are you up at night worried about international rings of cybercriminals? Maybe it’s just a term you saw on the compliance checklist. At ProCircular, it’s about the people, and we are highlighting some of the industry’s brightest this Cybersecurity Awareness Month!
Dawson Medin is Iowa’s cybersecurity wunderkind! Joining the company in its infancy, he is a favorite among clients and peers for his considerate demeanor and incontestable engineering skills. He is fiercely committed to data security and he is the antithesis of the cynical, withdrawn hacker stereotype.
Dawson is an Offensive Security Engineer and Team Lead, based at ProCircular’s headquarters in Coralville, Iowa. A force to be reckoned with, Dawson has hunted down and exploited vulnerabilities in billion-dollar companies’ internal networks. He gains administrative access to their domain, often in more ways than one, then puts his findings in a report and discusses solutions with the responsible parties. The ethical hacker’s goal is to discover and exploit every chink in your armor, and they are racing every cybercriminal in the world to do it.
It was a pleasure to sit down with Dawson and get his thoughts on ethical hacking, the current state of cybersecurity, and the path that has brought him here:
How long have you been professionally involved with cybersecurity?
I started with ProCircular three and a half years ago. In high school, I lead a cybersecurity club, and I was looking for sponsors. I heard about a start-up expo and career fair in Cedar Rapids, and I went. I met Solomon Smith, [one of ProCircular’s founders], and told him about what we do, hoping for sponsorship. Instead, I got an internship!
Tell me about the cybersecurity club, were you a founder?
Yes, I created it. We had anywhere between four and seven club members from Alburnett; then, we joined up with two other schools to have up to fifteen members. We learned everything in sandbox environments. Iowa State University puts on these cyber defense competitions every year, and that’s what we started doing.
So, your internship with ProCircular was your first time doing offensive cybersecurity work?
Exactly. I had done [offensive security] in simulated environments, but I had never done it for a real company before. That would have been illegal!
What does it mean for you to be an ethical hacker?
We try to break into somebody’s environment to find all the weaknesses before the bad guys do – well, many of the weaknesses, I wouldn’t say all the weaknesses, but as many weaknesses as possible before the bad guys do.
Over the past three years, what has been the most significant change you have seen across the cybersecurity landscape?
Technology is becoming more and more incorporated into everything. I mean, it is incorporated already, but I think the biggest change is that endpoint protection has gotten better. People are starting to realize that you can’t just do what’s called signature-based or static-file base. It’s starting to become more behavioral.
Has that behavioral-based endpoint protection been automatically incorporated into new technology, or has awareness improved so that consumers opt for the more secure solution?
I think awareness is getting a little better, but I wouldn’t say it’s anywhere near great.
If you could wave a wand and solve one problem in the cybersecurity industry, what would it be?
Passwords. Better passwords and more people using MFA. Long passwords are very difficult to crack. A 16-character password made of lowercase letters is stronger than a 8-character password with capitals, numbers, and special characters. Use a short phrase that’s easy to remember, and never share your password with anyone.
Lastly, if you walked down your driveway and found a winning lottery ticket worth $10,000,000, what would you do?
I’d put a lot of it in a savings account, pay off the house, err, maybe plan a vacation. But I’d show up to work tomorrow; I like what I do!
Ethical hackers are the experts that show you the weakest points in your security posture so that you can mend them. Most commonly, ethical hackers find those gaps by performing penetration tests. They keep up to date with the latest attack methods and tools to beat out the malicious hackers who want to access your data.