In honor of October being National Cybersecurity Awareness Month, we sat down with penetration tester Jonathan Lopatofsky to discuss what brought him to A-LIGN and why he thinks cybersecurity is important.
Where are you from, and how did you get involved in cybersecurity?
I’m from Williamsport, Pennsylvania. I became interested in cybersecurity in my first year of going to Pennsylvania College of Technology, and I decided to switch my major to cybersecurity. In my final semester, I attended a career fair at Penn State University where I met A-LIGN. I submitted my resume, went through the interviewing process and really liked the company so I signed on. The rest is history.
Tell me about your role at A-LIGN as a penetration tester.
As penetration testers, our role is to ensure that our clients receive top care as we go through their systems to ensure they’re secure. We do that by performing scanning reconnaissance, reviewing data information and attempting to exploit any vulnerabilities we find during scanning. We also do manual scanning where we attempt to gain access to the information of a company. This helps to make our clients more secure and show them any vulnerabilities that they can work to fix. It also helps us demonstrate how expensive and damaging a data breach would be to our clients.
What is the most valuable lesson you’ve learned at A-LIGN?
At A-LIGN, you must always be on top of your game, which means learning to work independently – while also working as part of a team. Penetration testers work remotely, so we must learn how to communicate and work as a team over long distances.
What is your best cybersecurity tip for Cybersecurity Awareness Month?
Create a complex password. Programs typically state that strong passwords should be 6-8 characters long and have numbers and uppercase letters. While those are good guidelines, there are also giant password directories that contain over 10 gigs of common passwords meeting those requirements. When we test the strength of passwords, we use those directories in what’s called a “dictionary attack” against systems. It’s important to do research on the password you plan to use – it might end up in one of those dictionaries or be easily breakable.
Do you have a memorable story showing why password security is important?
Once we were able to get access to a client’s supposedly secure system because it was locked with a simple default password that was very easy to crack. Once we entered the default password, we were able to quickly access the wireless server. Once we had that, we could easily access their wireless networks on both coasts.
What’s the best thing about A-LIGN’s penetration testing methods?
The best thing that we do is use scanning tools to our advantage. Scanning tools aren’t always reliable, so we go the extra step by running our scans, then go back through and check every result to see if it’s a false positive. This extra step ensures that we’re giving the most accurate information to our clients.
What is the best part of working at A-LIGN?
The best part is the people I work with. I’m fresh out of college, so it’s valuable to work with experienced professionals who teach me new things and encourage me to grow. What’s also great is that we all pull from the same knowledge pool, so there has been plenty of times for me to teach the more experienced members of the team too. As a recent graduate, I might have some newer knowledge that they weren’t aware of, and they’ve been happy to learn. We’re always teaching and challenging each other to become a better team.
What has surprised you most about working at A-LIGN?
When I first received the offer at A-LIGN, I thought it was too good to be true because of the awesome opportunity and benefits package. I was also very skeptical of the community because everyone always seemed so enthusiastic and happy. I got to attend the annual CLIMB event, where I met everyone and realized it’s not a fake attitude; everyone is so happy to be here and happy to contribute. It’s awesome to be part of such a rapidly growing organization because things are always changing for the better.
What do you do for fun outside of A-LIGN?
I’ve played soccer since I was six years old. Even though I quit playing on competitive teams after high school, I still try and play as much as I can. I also play tennis.
Why do you think cybersecurity is important?
It’s important because, at the end of the day, nothing is 100% secure. No matter what service or device you use, hackers will try and gain access and nothing is unbreakable.
Have questions about Jonathan Lopatofsky or joining the A-LIGN team? Contact us at [email protected] for more information!