Security expert Dave Aitel shares his hacking journey with Avast CISO Jaya Baloo
“I’ve always found the best way to get a kid to learn how to hack is to tell them to just never use the computer,” Dave Aitel confides to Jaya Baloo in Episode 8 of our podcast Avast Hacker Archives (AHA). Dave is speaking from experience. When Jaya asks him about his earliest hacking exploits, he harkens back to high school days, when his parents enforced a strict “hands-off” policy with their home computer. They kept it locked in his father’s office.
Dave saw this as a challenge. And not a terribly difficult one. Before long, he was picking the lock to the office door, booting up the system, and playing Trade Wars on early BBS’s. Finishing his thought on how to create the hacker instinct in someone, Dave adds that, after you forbid them to use the computer, “they will find a way to learn how to erase logs before you have the time to instruct them on that type of thing.”
We are thrilled to feature Dave in our 8th AHA episode. He’s the founder of the Aitel Foundation, co-author of “The Hacker’s Handbook,” and listed by eWeek Magazine as one of the 15 Most Influential People in Security. And that’s only part of his resume! Dave is a well-known keynote speaker at industry events such as BlackHat and DEFCON. Lately, he’s been very active with the No Starch Press Foundation, for which he is the Program Committee Chair, and he’s been working heavily in the government cyber policy area.
But it was that early verboten tinkering on his parents’ home computer that gave him his start. After high school, he applied for a scholarship with the National Security Agency (NSA) and got it. The NSA paid for Dave’s college, and, in return, Dave worked for the agency post-graduation. He became an NSA employee at 21, joining the group a lot of his peers saw as “the enemy.”
The NSA were perceived as square, uptight administrators, but Dave quickly learned that they were all essentially cyberpunks, like him. He joined the agency at a time when it was just beginning to diversify, and he tells Jaya how he did his part to neutralize any sense of elitism within the organization by, very rebelliously, parking his ‘85 Toyota Camry in the employee parking space reserved for the Director of the NSA. The agency’s motto is “One team, one mission,” and Dave began to spread his spin on it: “One team, one parking lot.”
But jokes aside, Dave gives the NSA a lot of credit for its evolution, both structurally and culturally, over the last 20 years. It’s progressive in form and function, and it reflects the cybersecurity climate. Dave mentions to Jaya that the Director of the NSA personally posted a Pride Month video. It’s the first time that’s ever happened, which makes it a historic moment, and it’s a direct result of having such a large number of LGBTQIA+ members in the cybersecurity community.
Additionally, they cover a range of topics from the myth that hackers make a lot of money (spoiler: Dave says they usually just break even) to the reason the term “zero-day” is a fallacy (another spoiler: it presupposes that nobody else in the world knows about that vulnerability). Dave explains how security patches can actually hurt cybersecurity in general, and he names the most commonly compromised programming languages (third spoiler: you’ve heard of all of them).
Okay, enough with the spoilers! There’s a lot more in this episode, including Jaya’s question, “If you could go back and tell yourself something to do, or not to do, what would that be?” Dave’s response includes the words “crazy,” “out-of-control,” and “socially awkward,” and “out-of-control,” but you’ll have to hear it for yourself to get the whole answer.
Are you ready to delve into the mind of another hacker? Please enjoy Avast Hacker Archives, Episode 8!