Imagine logging onto your computer and realizing you’ve been hacked. Someone out there knows your passwords, your net worth, has access to all your online transactions, banking information – you name it. Then times that by a hundred if you’re a company. Now they have access to all your employees’, customers’, and vendors’ information.
Viet Luu ‘14 is a security consultant for Secureworks, a Dell company whose services include protecting its customers’ computers, networks, and information assets from malicious activity such as cybercrime. Luu gets paid to think and act like the bad guys out in cyberland in order to help a company build safer computer systems.
Many of Luu’s work is in e-commerce and PCI compliance, as well as hospitals’ HIPPA compliance.
“I’m a member of the Secureworks Adversary Group. We are professional computer hackers who break into companies’ networks using the latest tactics, techniques, and procedures. Generally, our client gives us goals to see if we can achieve them, like steal pre-release quarterly earnings data, or make off with classified CAD drawings. We define the objectives to reach those goals within a limited timeframe. At the end of the engagement, we write a report on how we did it so they can remediate the issues.”
Luu’s tactics center around real-life scenarios, as he explains, “I conduct social engineering or phishing attacks. I email or call clients to get sensitive information from them. These exercises lead to educating our clients on the hazards of opening up emails with offers that look too good to be true or even opening up attachments they weren’t expecting from someone they know. It’s so easy now for people to impersonate your email address and use your company’s logo within an email.”
The world of cybersecurity has some interesting phrases, like kill chain, payload, phishing, and social engineering, but they can all have serious consequences affecting your data. Once Luu’s team can gather enough data they can pinpoint certain targets at a company and access their key information. They can send them a phishing email that contains a payload attachment. Payloads create a backdoor that remotely gains access to not only all of your information but the internal network of the company – multiplying backdoor access tenfold.
“We provide a full report to our clients explaining how we penetrated their system, but we also offer solutions as part of our services. Our blue team helps them fix their vulnerabilities. We then come back in a few months and retest to make sure they are now secure.”
Another aspect of Luu’s job is keeping up on the latest trends by combing through internet articles, Twitter, LinkedIn, security forums, and blogs about the newest malware, exploits, and advanced persistent threats (APT) groups. His department is oftentimes given the latest software program and then told to break it. Of course, they have to then figure out a way to fix it.
Luu was born and raised in Hong Kong. His family moved back home to Vietnam when he was nine years old, and then they came to America when he was 12. He’s been living in Michigan for over 19 years. Luu’s interest in computers started when he was young. He would buy broken computers from garage sales and watch YouTube instructions on how to fix them. He also taught himself basic programming in order to create his own video games. When he graduated high school Luu didn’t know what path in technology he wanted to take. He just knew he wanted to pursue some form of it. Luu came to Davenport and double majored in Computer Networking and Network Security.
It was while competing in the Collegiate Cyber Defense Competitions (CCDC) that Luu met Nate Drier ‘08 who planted the seed that he could get paid for hacking into a company’s network.
“While attending Davenport I participated for three years in the CCDC and we even won first place at the state level one year. I made so many connections through it. I was introduced to the first company I worked for there. They called me up after graduation and asked if I wanted to work for them as a security analyst.”
One of Luu’s favorite memories about DU was taking the class Introduction to Computer Security, where the professor divided the class into two teams. Throughout the semester each team had to keep hacking the other’s network and servers while defending their own.
“We had to incorporate what we learned from the instructor into updating our computers. Every day I would go home and research on the internet so I could be one step ahead of the other team with both my hacking and defensive abilities. I still use what I learned in that class on the job today.”
Luu seemed destined to work in technology and connecting to Davenport just seemed like a natural fit. DU helped shape his future in network security.
“I’ve received valuable instruction, participated in memorable competitions, and made numerous business connections that can be credited back to my education. I’m very grateful for the education I received at Davenport.”