We talked to National Cyber Defense Specialist Jacques Van Zijl a.k.a the PaleEmp1re to learn more about his exciting journey in cybersecurity and get his take on the key issues happening in the industry right now. Let's take a look at Jacques' story.
How Did You Get Started in Cybersecurity? When Did You First Become Interested in IT in General?
Like most people, I discovered my core interests at an early age. I was never really a fan of sports, and I was also diagnosed with Autism, which I think shaped what I decided to focus on. With sports out of the picture, I got stuck into gaming and IT. I was especially interested in software and hardware, and what made tech work.
At age 11, I started working weekends at an internet provider called Solomon Systems in Newcastle, South Africa. It was then that I learned about hackers. The topic immediately captured my attention, and I found myself curious to know more about hacking to deepen my understanding of this fascinating world we live in. It felt like a game - your curiosity motivates you to discover and explore.
My time in that job sparked my interest in hacking and got me started on my hacking journey. At the time, I was helping there at the weekends - working for free cleaning PCs and dusting off servers. As time went on, I got to work with my boss on Linux systems and learned a lot about Linux hacking.
At the age of 16, I was running gaming networks from my house and also taking part in hacking. My main focus at the time was hacking WiFi since it was extremely expensive in South Africa at the time. This was where it all really started - and the 1995 movie Hackers didn't do much to stop me (it fueled my interest).
From there, I started joining Red team and Blue team exercises and set my sights on researching forensics. I got a degree in Computer and Information Systems Security from Intec College, and then went on to earn four Microsoft Certifications, as well as complete other development courses. My hard work and research paid off, and I was fortunate enough to travel to 21 counties over my 19 year career.
I've helped enterprise organizations across Canada understand and respond to the modern threat landscape with up-to-date security, cyber research and cyber forensics.
If I had to sum up what I do now, it would go like this: I use my cybersecurity and threat management expertise to identify and thwart increasingly sophisticated and varied cyberattacks in collaboration with enterprise clients and Government Defense Force. I also train Microsoft technical and sales staff.
What Skills Do You Think Are Necessary to Be a Good Cybersecurity Professional?
It's like any sport or skill; the more practice you do, the better you are. Practice in a demo lab to get your skills up to scratch and follow the right crowd of people on YouTube and LinkedIn.
I’m a firm believer that your biggest asset is your curiosity. It will lead you to what you love, and no certification can give you that. With that said, certifications are still great for enhancing your knowledge in a particular area. I do most of mine at https://cqureacademy.com/. The modules they provide are hugely laser-focused. If you're new to the game,
I'd recommend you do CEH and get a feeling for what you enjoy. Once you know what you like, you'll know what path to take and can get deeper into specific topics. You might find that after a year or two that your path changes - that's the thing about curiosity and exploration; you're never done.
Do You Think Organizations Are More Focused on Security Now than They Were in the Past? What More Do You Think Needs to Be Done?
Ransomware and process injection have really changed the landscape of hacking because hackers can now bypass most AV that has never evolved into EDR [ endpoint detection & response ] and NDR [ network detection & response ].
Hackers today are more educated because of YouTube, and the darknet, where serious hackers can buy sophisticated software with bitcoin. The world's top hackers can charge up to $120K per year, and spend their time conducting lots of coding attacks with sophisticated software.
In the past, we never had physical hacking gear like rubber ducky, LAN turtles, Key Croc, and so on. The world of hacking is very different today, and it's always evolving. It's complicated, but organizations need to keep up if they want to protect their systems.
What Do You Think Are the Biggest Cybersecurity Threats We Are Facing Right Now?
Relentless passion - yes, hackers have a passion for seeing how far they can get. This presents a considerable challenge in cybersecurity because we're still in the infant stage, where we wait for hackers to gain access before we take action. With Machine Learning and Artificial Intelligence advancing every day, hackers will be able to break 16 character passwords with ease soon.
What Advice Do You Have for Those Looking to Get into Cybersecurity?
Try to shadow someone in the cybersecurity industry or get a mentor; it will help you advance your skills faster. Cybersecurity is a vast world, so you don't want to waste your time. Instead, you want to be focused on the topics that you're passionate about and want to learn more about.
You can find me here:
Some additional resources:
Awesome simulation hacking tool by Red Canary: https://github.com/redcanaryco/atomic-red-team
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments: