Shane Shellenbarger: Why Hacking Is Harder Than Working

BlackBerry Cylance Engineer Shane Shellenbarger has some pertinent questions about this whole “hacking” thing.

Why get a real job when you can just be a hacker? I mean... the good guys are all out there putting in the work and getting it done. There have to be easier ways to breach a business.

Which begs the question... what IS the easiest way to breach a business? Watch our video and find out.

About Shane Shellenbarger

Shane Shellenbarger is a Senior Sales Engineer at BlackBerry Cylance. Shane is a cybersecurity Researcher with over 10 years of relevant experience in leadership, vulnerability research, exploit weaponization, networking, and software engineering.

VIDEO TRANSCRIPT

“My name is Shane Shellenbarger and I'm a Sales Engineer with Cylance. There's a lot of money to be made in the hacking industry, whether it be from a professional side of things or more of a black-market side. There are many agencies that will hire you to do that type of thing, including software developers, because they want to make sure that they can find all of the vulnerabilities before the black hat hackers find them and start exploiting them in the wild.

Why get a real job if you can just be a hacker?

Hacking is a lot of work. That's a very common misconception in the fact that it's not like the movies. It doesn't take just 30 seconds and then we've hacked the Gibson. It depends on how you're doing it. It could take months and months and months to finally write a fully functional exploit.

Are there easier ways to breach a business?

You could do phishing. Everybody can write an email so that's good. Phishing is a very common way of doing a lot of the same things that a common hacker might do. In the end we're really just trying to write or execute some sort of arbitrary payload on the target system.

Is preventative security possible?

We can definitely prevent the payloads from executing at the end. These are very common things that are going to be happening. All of the ‘bads’ are easily classifiable as bad. If they're going to run ransomware, ransomware looks like ransomware. If they're going to run command-and-control it looks like command-and-control. Using artificial intelligence and machine learning I believe we can classify and prevent those style of attacks.”