The depth and scope of NowSecure Platform testing gives customers assurance that their mobile AppSec programs meet the highest industry standard.

Media Announcement
magnifying glass icon

Hacking Experts Discuss Emerging Cyberthreats

Posted by

Dawn Isabel

Security Research Engineer
Dawn is a security research engineer at NowSecure with an extensive background in penetration testing. She enjoys hacking on iOS and watchOS, and has constructed several jailbreaks for Apple Watch. Her prior roles include building and running a university penetration testing service, leading a mobile tools development team, and several years in consulting. Dawn strives to make deep technical topics accessible to diverse audiences, and has delivered talks and workshops at OWASP AppSec, WiCyS, Converge, DefendCon, SUMIT, and the Women’s Society of Cyberjutsu.

One NowSecure Connect mobile app security testing and mobile DevSecOps virtual conference tradition is our Hack to the Future panel, where we discuss the issues and challenges at the top of hackers’ minds. Our third annual panel reunited experts Jasmine Jackson, founder of the Accelerated Training Program (T-ATP); Tennisha Martin, executive director of BlackGirlsHack; and Dr. Katie Paxton-Fear, a cybersecurity lecturer for Manchester Metropolitan University, for a lively session. 

If there’s one challenge that is ever-present in the cybersecurity community, it’s the threat of burning out. Mental health has always been a concern as evidenced by organizations such as Mental Health Hackers and Cybermindz, but COVID made it more acute. Cyberscoop reported that a 2022 study of cybersecurity professionals conducted by Cybermindz and the University of Adelaide in Australia found that burnout rates for cybersecurity pros in some cases met or exceeded that of frontline healthcare workers.

Tips for Battling Burnout

How do high-performing hackers manage the risk of burnout? The answers might surprise you!  The stereotype of the always-on hacker hunched 24/7 over a computer keyboard —and the frequent expectation that security professionals should spend a sizable chunk of their free time growing their skillset —has led to the assumption that hackers prefer hacking to any other pursuit. But the art of hacking requires qualities like creativity, curiosity and empathy that need to be nurtured and exercised. Our panelists offered some of the ways that they combat burnout and simultaneously foster the very things that make them great hackers.

“I actually experienced burnout during COVID, so something that I implemented was vacations,” said Jackson. “For me, taking vacations and literally turning off the computer and walking away has really helped a lot.  

Martin took up gardening and gave herself the grace to take what she calls ‘do nothing days.’ “I will sit there and watch absolutely bad TV, put my phone on do not disturb and give myself the ability to take a break,” she said. 

And Paxton-Fear enjoys knitting, crocheting, sewing and digital art. “My partner has described me as bursting with creative energy, and that really, really helps to do something outside of the computer and hacking,” she said. “It really does give me time to decompress.”

People should treat AI like their family member who talks too much. – Jasmine Jackson, Founder, The Accelerated Training Program (T-ATP)

AI Calls for Caution

Creativity and connection were top of mind as the conversation turned to the first annual SquadCon in Las Vegas and the prevalence of talks discussing the impact of AI. Technologies driven by generative AI such as chatbots and image generators have exploded into the mainstream far faster than anyone expected. Yet while the average internet user is likely familiar with these tools, far more uses of AI already operate largely unseen.  

As companies race to leverage AI to gain efficiency, grow market share, and innovate on complex problems, how can hackers contribute? Despite our concerns, the most important first step is using the tools and technology ourselves to gain the perspective and understanding required to dissect the potential risks. In many respects, our approach to securing AI won’t be that different from securing any new technology.

Our panelists raised concrete concerns about the rapid pace of AI integration — including mitigating bias in datasets, protecting user privacy and preventing the further marginalization of underrepresented communities. 

Martin shared concerns about AI facial detection capabilities being used for job interviews, for example. “If you can’t necessarily see my face appropriately because [AI] has a hard time with Black women, what is that saying about my job prospects?,” she asked “That makes me 30% less likely to get the job.”

“Like every other piece of technology that we’ve ever invented, we’re going to bolt on security and privacy and diversity inclusion issues without considering how that might fit together,” said Paxton-Fear. “In a way, I’m disappointed but not surprised.”

Jackson hasn’t explored ChatGPT too much other than managing to break it by putting it into an infinite loop, nor is she eager to embrace the technology.

At the same time, there was broad agreement that the security community must find a way to counsel about the risks of AI without being alarmist. “People should treat AI like their family member who talks too much,” advised Jackson. “Don’t tell them anything that you don’t want someone else to know.”

Automakers Drive Data Collection

Our discussion wrapped up with a detour into automotive privacy inspired by the Mozilla Foundation’s Privacy Not Included blog. Their comprehensive review of the data collection and privacy policies of 25 car brands may have shocked the public, but our panel of experts was decidedly unsurprised at the breadth of private information that can be siphoned off by your vehicles.

Martin said that the car industry’s chief concern revolves around safety, followed by convenience. She asked what kind of information the automotive manufacturers gain access to when people add car mobile apps to their smartphones, such as your contacts list or emails, as well as the fact that many of them sell that data. Paxton-Fear quipped, “I’ve never been so glad that I live in the UK and we have GDPR.”

Our hackers closed with some predictions about how the hacking community will need to evolve to keep up with current challenges and the explosion of new technologies in every area of our lives. Watch the entire Hack to the Future discussion by registering for the free NowSecure Connect: Stranger Vulns 2 on-demand broadcast.  

Until next year, happy hacking!