Survival Guide: Ron Rubens, CFO and COO, Intense School

When hackers go bad, they bust into your Web site and wreak havoc. But when they go good ... they may very well come from Intense School, a Fort Lauderdale, Fla., company that took part in the recent FOSE trade show. Among the certifications and education it offers, the IT company trains professional hackers -- computer criminals gone good, so to speak -- who are paid to break into their own employers' Web sites or networks to test how secure they are.The company, which also offers certification in assorted computer systems and securities, uses a boot-camp method of teaching that brings people up to speed in a short amount of time. Learning to be a pro hacker, for instance, takes about seven days. The boot camp trainers -- former system engineers, administrators, technical trainers and writers -- developed the classes to get people proficient in the various cyberevils. "Security is education," said Ron Rubens, the company's chief financial officer and chief operating officer, naming the National Security Agency and the departments of Defense and Energy as some of the federal agencies it's now involved with. Rubens talked to Managing Editor Evamarie Socha about the world of hacking. Why do hackers hack? Probably the No. 1 reason is to show off to their peers. There are some that actually do it for malicious reasons, targeting a bigger company for malicious purposes. Is most hacking malicious? For most companies that are secure, a small hack can do almost no damage but alert [the company] so it can prevent it. If companies are secure, people are going to try to get in, and some people do get in.But if they set up their security properly, [the hackers] won't be able to do anything once they're there, and the system will be shut down immediately. What makes one a good target? What do hackers look for? The bigger the company or the more perceptively secure they should be, the higher the target. That's just my opinion. Can a hacker find system soft spots?It's very easy for them to do a quick scan to see if there are vulnerabilities. And that is the kind of things that are taught in our classes: how to go out and scan yourself to see what vulnerabilities you're exposing to the world, such as wireless. So many companies have wireless networks that are so vulnerable; those are often easy doorways into companies. Is the federal government considered a good hacking target? I would say yes. If I were a hacker, I'd probably want to hack the biggest thing I could, the biggest thing that's going to make my hacker buddies proud of me. Once hacked, how likely is a system to fall victim again? If a company is hacked, and doesn't do a lot of things to protect themselves again, they're a likely target. Often, hackers will leave little things there to enable them to get in easier next time. If those things are undetected, well, then [the company or agency is] just leaving its door open. Once hacked, what is the first thing a company should do? Immediately shut down the doorway or whatever vulnerability [the hacker] used to get in. Then fix the problem and make sure all other vulnerabilities are fixed. [Look at] the recent SQL virus that did so much damage; to my understanding the patch for it came out a month after the vulnerability was found. Everyone who was damaged from that virus was simply IT departments that didn't buy a patch that was there to plug the dam. Are there ways to make yourself hackerproof? Security is education. And educating everyone in the company and having a real security policy that encompasses physical security, how you talk to customers, as well as IT. Security is not just about a firewall. That paves the way to be as safe as possible, but I don't think that anyone can be hackerproof if they talk to someone in the outside world or allow access to the outside world.