Cloud Village at DEF CON
Client Secura was so pleased with this solution that supervisors Roy Stultiens and Ricardo Sanchez suggested submitting the project to a number of hacker and security events. Siebren's solution has a big impact, says Stultiens, Security Specialist at Secura: "The end product offers added value to the cloud security scene worldwide. Under the motto 'If you don't dare, you don't win', we submitted an entry and we are very happy and proud that we are accepted at the world's largest!
Siebren dreamed of attending DEF CON as a visitor until a few days ago: "I was sitting with friends and casually glanced at my phone and then saw the message. DEF CON is the leading event in my field, and now suddenly I'm a speaker on the Saturday programme of Cloud Village, which is DEF CON's podium for cloud security. It's very surreal, also to have to arrange everything quickly for the trip to the United States."
Training security expertsTraining security experts
Cybersecurity is a specialism in ICT in which a lot is happening. Experts have to learn continuously and there are two ways to do that, according to Siebren: "You can learn theoretically, by reading a lot and getting certificates, but you can also learn practically. You do that with training courses and, for example, Capture The Flag events, in which you have to penetrate a (simulated) digital environment or secure it. You can see that as a game form and I developed it for the Microsoft Azure Cloud environment." This was much needed, as security professionals could only get theoretical information up to now.
Everything in the cloud
Secura is a well-known name in cybersecurity, as an expert in audits and penetration tests of applications, networks and systems; in short: testing how safe everything is. Now that more and more work is done in the Cloud, new risks are added, Siebren explains: "In the past, organisations had their networks on their own, physical environment, but now they are switching to Cloud environments from large parties such as Amazon and Microsoft. That is more scalable and easier to set up, but it requires a different expertise than that of the old administrators and misconfiguration creates many security risks." CTO Ralph Moonen is very complimentary about Siebren's work and is eager to put the tool to good use: "For Secura, Siebren's work is very important, and we are very proud that he gets to present his work at DEF CON. I hope we can continue to develop the tool in the future."
Making knowledge freely available
Secura is going to use the tool mainly internally and as a challenge for recruitment. In addition, the Azure training environment will remain publicly accessible, and Siebren finds that very important: "In cybersecurity you have to be able to learn quickly, you can't pay for the next certificate every time. With this environment everyone can learn, even if you can't work it out you can ask for hints." Siebren himself started programming when he was 9 or 10 years old and continued to do so during studies at VMBO and MBO, until he could get started with cybersecurity at Fontys Hogeschool ICT: "I was dependent on knowledge that was offered for free, for example on YouTube, forums, etcetera. I understand that education can have a price tag, but knowledge must be accessible for free. If not, I wouldn't have been able to learn what I can now."
Siebren Kraak is going to work for Secura in the coming months as a holiday worker. He has meanwhile graduated from his studies at Fontys Hogeschool ICT and will start in September with his pre-master Cyber Security at the Radboud University. DEF CON 30 takes place in Las Vegas, Nevada from 11 to 14 August. Siebren and his colleagues from Secura BV will speak at the Cloud Village event on Saturday. DEF CON attracts more than 30,000 visitors from all over the world.
Author: Guido Segers