The goal is to make the world a better place - but everything starts with curiosity
I've been lucky enough to interview Ann, who has a passion for "white hat hacking". On
daily basis is Ann a real IT security nerd, both in his work, but also in the
private. Why and how you can read more about here.
Ann, 29 years old. Have read cand.merc.it on CBS. Today employed at NNIT as IT security specialist through NNIT graduate program. Before she found out that she wanted to work with IT security, she traveled the world, and has also helped to translate the book "Coding for children".
Based on Children Height
I first met Ann for an event in Coding PiratesWhere she taught children in hacking.
This aroused my curiosity, of course, we must hacking down for children.
I was curious as to her story and thought that IT security really is a field which are all
need to have a curiosity today.
Copyright and Ethics
side of IT security that caught her. When she began to study at CBS, she got through
his studio projects to dig deep. And as it can, it went up and
was more geeky in her specialty with IT security standards.
Programming came little by chance, says Ann. She had messed with it at leisure, but
it was only when she got programming on the table in the study, she discovered how quickly,
you could begin to use what you learned. In fact, says Ann, that you should just throw themselves
out of it and try a programming language. She recommends to anyone interested to go online
and sample some free courses, for example, Codecademy. You can start with one of the
easier language like Python, but the most important is to have walk-on courage. If you are completely new and
will learn the principles of programming, you can also try to play with Scratch.
The good and the bad
There are good and bad hackers. The hackers whose purpose is to harm others and
destroy data called "Black Hat Hackers". The good is called the course "White Hat Hackers".
How do you see yourself as a white hat hacker?
A white hat hacker to improve things – they do so not to destroy things or on own
personal gain. White hats obtain permission from those who are being hacked and
helping to close security holes. I work clearly to make the world a better
place, whether I sit with hacking or other tasks.
An attacker is not only one that is doing something with computers. A hacker is curious and will
constantly finding out how things work and how they can be changed or improved. The
can be digital, but also everything else, for example, there are many who "hacker" furniture
from Ikea for exciting new applications. It is more an approach to the world and it is
curiosity, above all drives you. Although I have a lot to learn - even more
areas than hacking. So I would rather be called IT security geek than white hat
There are also some who believe that this part of the IT security industry is not for girls,
but there will soon be surprised - some of the best in the industry are girls, and behind a
computer screen is not the sex that determines what you can, that is your knowledge,
skills and your willingness to learn.
Hacking is also everyday
How is your work?
As a graduate, I have worked with IT security from many different angles. During the periods,
I have worked with hacking, I sit for a day and find holes for customers. It may
for example, on a site where there is a vulnerability that allows malicious
the hackers could damage the site or extract data. Our customers are for example public
customers or pharmaceutical companies such as Novo Nordisk – they prioritize often security
enormously high, because it is about people's health and life. We combine mostly with tools
For example, scanning for vulnerabilities, and then we work with risk assessments,
When a vulnerability is critical. The job is very creative problem solving, because we have not
the answers in advance.
It is also important to work with IT security from multiple angles. For example, we make
also training material for developers to dress them properly about the safety and risks
and considering security from the start when developing.
The work also has another effect on everyday life: the more you work with IT security, the
more småparanoid you too. You do this because you all the time have to put you in
the attacker's site and try to anticipate the worst that can happen, so you can give them struggle to
line. An example of the small-paranoia is the chip that we have in our credit card, which is in reality a
risk that it can be scanned by a credit card reader, while I'm standing in the subway - so I
make sure to block the signal, as long as the card is in my wallet.
Protect the treasure chest
In IT security talks Ann on "blue team" and "red team", which have different roles. Both
teams should try to familiarize themselves with how an attacker thinks, and the goal is to protect
treasure chest - that systems and data.
The red team is the attackers who try to get to the treasure chest. It is for
example, white hat hackers who look for holes. The blue team's defense team, which
must defend the treasure chest. They do this for example by setting up firewalls, manage accesses
and watch for suspicious activity.
It's fun to put the game up and find vulnerabilities, but Ann says she equally
like sitting on the defense team.
Ann says also that she really like when they put a 'hackathon' up in NNIT.
So they sit over the weekend and practicing different tools and play games to
get new ideas and learn, both as attackers and defenders. For example, through Capture
The Flag (CTF) game (see links at the bottom of this article).
What has been the most fun task you've been to?
It is more fun when going detective work in the job, and I have to solve a new problem. It may
be when I try to find security holes, but it's also when I sit with development
and trying to get the code to be working, or trying to solve a problem in the architecture. I have
example helped to set up a system that controls access. It sits as a
octopus with his long arms into all possible systems, and encountered a lot
problems to be solved when you have such one to fit into a company's
What motivates you on daily basis?
It promises to be better and assimilate me special knowledge that can help the customer. It's great to be able to
find and help mitigate the risks in the customer system, the customer does not even know
exist, or do not know how best to solve.
In NNIT graduate program I have also the chance to geek out a lot, meeting
many different people and collaborate globally. I work for example with
colleagues from China, the Philippines, the Czech Republic and many other countries. It's great that we are many on
the same program that works across the entire company. We have a really good relationship and
also takes on vacations together.
What is your recommendation to others who want to be white hat hackers?
You can be a way, start anytime. It's about being curious and go on.
Start by learning the principles of programming (for example, through websites such as
Codecademy) and try their hand at a lot of Capture The Flag (CTF) game that can teach you
find pitfalls in systems (see links at the bottom of this article). Here you are also sure
you are allowed to try to find and exploit security holes.
Always make sure to have permission from anyone trying to hack!
For children and young people who are interested in IT, I would also like to emphasize that NNIT has a
school service for elementary school classes: We are very aware that we need to support children and
young in their interest in IT. We need a lot of specialists in the future, so we want to
help promote the interest.
- Ann uses PIA as its VPN
- If you know English and will sniff hacking, Ann recommend this course "Hack
Yourself First” Troy Hunt - here you can also try out the things you learn on a
insecure website for the purpose.
- Want to know more about NNIT and their graduate program, read more her
If you want to take on Capture The Flag (CTF) game, Ann recommend starting
with some of these (all in English):