Toast of the Town- Josh Shomo (Senior Security Engineer at Bishop Fox)
1. What makes you excited about going to work every day?
I love working with hackers and developing offensive capabilities. There’s a thrilling feeling when you’re able to identify a vulnerability and break the puzzle a defensive team puts together to keep you out. It’s very rewarding - finding that foothold, helping the team patch it, and hunting for the next one. I’m lucky to work with brilliant people to build tools and platforms to make these operations even faster.
2. If you could change one thing about security operations with a snap of your finger, what would it be?
Just one thing? I’d want all security operations to embrace the principle of assumed breach, the assumption that attackers are already in your network and are working their way towards your sensitive information. I wish it were enough to build a fortress around your network perimeter, but matter how strong the defenses are, a motivated attacker with enough time and resources (and maybe a few 0-days) will always be able to find a way in. What then? Under assumed breach, a vigilant team of experts keep watch over internal networks to catch and kick out attackers before data is corrupted or stolen.
3. Which security content do you like sharing with others or appreciate that is shared with you?
I like reading bug bounty write-ups and CVE write-ups. It’s fun to watch the creative path a hacker took to get a piece of code to work in unintended ways. Also, as a coder, I can hopefully learn how to write more secure code myself.
4. Tell us your work philosophy in 10 words or less.
How hard could it be?
5. What’s your favorite thing to operate (other than security) and why?
I’m a gamer so I have to say my PS5. This is my first PlayStation since PS1, and I’m really enjoying getting caught up. Just finished Horizon: Zero Dawn and can’t wait for the sequel.