By Dave DeFusco
Employers in the internet era have had to become more creative in finding people to guard the digital gates to their computer systems unwittingly left open, exposing precious company data. This has created the need for a whole new class of virtual sleuths, called penetration testers, to simulate attacks on their systems to find and fix vulnerabilities that could be exploited by a real attacker.
One of them is Kevin Suckiel, who recently was awarded a master鈥檚 degree in cybersecurity from the Katz School of Science and Health. He recently landed a prized job at the prestigious Big Four consulting firm Ernst and Young that has him donning the blackest of hats to crack the networks of his company鈥檚 clients.
Also in the News: Fortune Magazine ranks the second in the nation, putting 麻豆区 in good company with the University of California, Berkeley, and Johns Hopkins University.
鈥淚t鈥檚 a lot of fun,鈥 said Kevin, who also holds a variety of industry certifications such as offensive security certified professional, certified ethical hacker and web application penetration tester. 鈥淚t鈥檚 technical stuff and I like doing it.鈥
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system. The test is performed to identify weaknesses, or vulnerabilities, including the potential for unauthorized parties to gain access to a system鈥檚 features and data. It鈥檚 also conducted to determine a system鈥檚 strengths, which combined with the audit of the system鈥檚 weaknesses, would enable a company to complete a full risk assessment.
鈥淸Katz Professor] David Schwed said pick something you want to do and be good at it,鈥 said Kevin. 鈥淚 knew I wanted to be good at penetration testing, so that鈥檚 all I focused on. I set up a lab at home and practiced for hours, day in and day out, using online resources. I didn鈥檛 stop. I was very hungry.鈥
Effective penetration testers are like professional athletes. They have to be determined and relentless, as well as curious, must practice continuously and then execute effectively. 鈥淎 lot of times you鈥檙e going to fail,鈥 said Kevin. 鈥淪ervers and systems are all configured differently. You have to understand what鈥檚 going on behind that log-in screen and you have to interpret the error response.鈥
He said the in-person cybersecurity master鈥檚 program (Katz also offers an ) gave him a good theoretical grounding and that the professors were accessible and encouraging. 鈥淭he professors at Katz are incredible at what they do鈥攙ery talented,鈥 said Kevin, 鈥渁nd the curriculum provided a solid foundation.鈥
For example, the program offers an elective course on Cybercrime, Cyberwar and Threat Actors, which examines the profiles of hackers, members of organized crime, and nation-states that conduct espionage. The discussion revolves around what fraudsters are after鈥攎oney, information or intelligence鈥攚ho the potential targets are and how they鈥檙e going to execute their schemes.
Students in the 30-credit program get hands-on experience with threat mitigation, detection and defense. When they graduate, they have access to jobs at the biggest companies in the heart of New York City, a global hub for cybersecurity.
As part of an extracurricular project, Kevin recently led the Cymple Bits Security team to a first-place victory in the ISACA Cybersecurity Case Study Competition for the second year in a row. The competition, which this year awarded $21,000 in scholarships, is open to students at U.S.-based universities, colleges and high schools, regardless of their majors or degrees. Katz鈥檚 Cymple Bits Security was one of 17 teams from seven educational institutions assigned to tackle the same case study.
For Kevin, the competition was a double win. In addition to leading the first-place team, he received ISACA鈥檚 academic award for 2022 Outstanding Student Contributor. 鈥淔rom a professional perspective, the competition helped me tremendously,鈥 he said. 鈥淚t gave me and my other team members a chance to think beyond the four walls of our classroom and strengthen our collaborative skills.鈥
Before he enrolled at the Katz School, Kevin was a New York City police officer and a member of the NYPD鈥檚 anti-terrorism unit, where he was responsible for conducting counterterrorism initiatives within the New York City transit system, including undercover operations and physical security assessments using various technologies. He said that experience prepared him for the master鈥檚 program at Katz and to become a penetration tester.
鈥淎s a police officer, you look at situations through the lens of an adversary,鈥 said Kevin. 鈥淭hat mindset branches over into cybersecurity. Threat intelligence is thinking like an adversary. Knowing how an adversary thinks is still really important, only now I鈥檓 on the electronic beat sitting behind a computer.鈥