Posted by SecExtra on February 17th, 2008

7am:- My alarm goes, set to Radio 2. I get up and take my dog, Jake, out for a run in the nature reserve close to my house, which also happens to have the largest lake in Hampshire. I use the opportunity to indulge myself with some bird watching too.

8am:- Me and Jake get back home from our morning run. Obviously it’s Jake’s turn to for a quick hose down in the garden, before I get myself washed and ready.

8.30am:- 90% of the time I’m working onsite with clients, so I leave and head into London, stopping by my local newsagent to pick up a EuroMillions ticket (£95 million jackpot tonight!) and a copy of the FT. On the train I flick through the FT and then read ex-hacker Kevin Mitnick’s book which provides some insight into the world of real hackers and how they think. Today I’m meeting with a global financial company in the City. They want to establish how secure the company’s systems are from attack, primarily hackers looking to cause havoc. Having previously been the victims of industrial espionage they are aware of the dangers of the internet and the possible loss of their intellectual property (IP).

10.00:- I arrive at my clients’ offices for a pre sales meeting and meet with Mike to talk about our range of services and whether we’re appropriate for this project. This particular customer is very risk-aware and wanted to know exactly how “hackable” they are and request a proposal from DNV ITGS detailing our full penetration testing services. In English, penetration testing means gauging the vulnerability of a system by actually hacking into a client’s computer system.

12.00pm:- With the meeting over, I find a quiet corner to grab a coffee and check my emails and read through various security bulletin emails to check for any new security testing tools or exploits. I download a couple and ‘have a play’ to see if it does what it says it will. Similarly, if there are any new high risk vulnerabilities or new Microsoft security patches I’ll review them so I’m aware of the implications for the next testing assignment. As a Principal Consultant I also look after a team of other security consultants. I’ll check in with them to make sure their current projects are running OK and to schedule. Pen testers are great when it comes to the ‘fun’ testing bit of the projects, however, the report writing side of things has a habit of taking a backseat. One of our recent jobs produced an enormous amount of issues, much to the clients surprise. It’s essentially my job to make sure we’re delivering to time and budget across the whole project.

12.45pm: – Lunch time. Today I’m catching up with an old colleague for a quick burger. We swap industry hearsay and then it’s time to trek over to Canary Wharf to check in on a testing project.

2.00pm:- I meet my colleague Rupinder to start some penetration testing activity for another Financial Services company. We finished mapping their network a couple of weeks ago, which essentially identifies all potential targets/points of entry. The customer has large number of hosts (firewalls, routers, servers, workstations) on the network and, unfortunately, we only have time to test approximately 50 of them. Some of the hosts belong to 3rd parties and so are left out of scope, for the moment. Over the next two days we will systematically work through the targets and gain access to various parts of the system, eventually gaining full domain-level across until, in hacker speak, ‘we 0wn3d the network’.

6.00pm:- As it’s Friday it’s time for our weekly team meeting in our local close to our London Bridge offices; time to enjoy a well earned beer and discuss current hacking issues, such as the latest 0-day exploit or Bluejacking, which is an increasing threat now so many phones are fitted with Bluetooth technology.

8.00pm:- Head off back to home in Hampshire for dinner with my wife before watching some TV. I doze through Tonight with Jonathan Ross and hold out for the EuroMillions draw to see if I’ve scooped the £95 million jackpot. I haven’t. I double check my Blackberry for any urgent emails before heading to bed. Vive Le Weekend!

www.dnv.com/itgs