Finland native Laura Kankaala recently joined our Detectify as a Security Researcher to contribute with our aim to make the internet safer. Her hobbies include playing video games and reading. She’s also active within the security community as a speaker, podcaster and board member of Disobey hacker conference.
image: Detectify Security Reseacher Laura Kankaala
It began in Turku
Laura Kankaala was born in Turku where she studied IT at Turku University of Applied Sciences. She became curious about hacking while she was still in university. Early on when she was engaged with building and developing systems, she realized that she was far more excited to learn about how she could exploit these. However, at that time, hacking was branded as a gray area if not even an outright criminal activity so she never imagined making a career out of it.
From sysadmin to pentester
She began her career as an Identity and Access Management Consultant with Trusteq, and there, she was in charge of system administration and did a bit of coding here and there. When it was acquired by KPMG she was able to shift her career into penetration testing, which she believes helps her a lot when grounding and writing about security research.
Regardless of whether she was red teaming or doing research, Laura’s motivation has been constant – focusing on end users. She elaborates, “…in order to protect the Internet experience for the users, we need to make sure that the applications and software they are using don’t contain vulnerabilities that could compromise their devices or leak their private information”.
Bringing ethical hacking to the public eye
Since then, the ethical hacking space expanded but Laura believes there is still a lot to do. She still believes that the way ethical hackers are perceived and even the ways that the vulnerabilities that this community discloses are handled, needs to be worked on. This is something she continues to push for and outside of office hours, she is spreading this knowledge to the public through her own podcast, We need to talk about Infosec. Her passion and credibility also earned her the opportunity to showcase how information in our connected society can be exploited in a TV documentary series with her ethical hacker mates, Team Whack.
“There needs to be solid cooperation and understanding of common rules between the researchers and companies. There are cases when vulnerabilities found by researchers are not well-received by the company. There are other cases where the researcher doesn’t know the best way of contacting the responsible parties which cause problems for the researchers. Right now safe harbour and responsible disclosure policies work to some extent – but not all companies have them.”
She describes her work as simple as trying to break stuff – in this case, systems – and figuring out how they can be fixed or defended against someone else trying to do the same thing. In most cases, she works directly with companies or organizations to understand how to build code that is resistant to be broken.
Breaking things with eagerness to keep learning
Besides “breaking stuff”, what she enjoys the most about working in IT security is the constant learning journey and new ways of working thanks to the close collaboration with other security researchers and even the companies’ internal security teams. In Laura’s words: “At the end of the day, one task – regardless of its complexity – can always be solved in different ways and it’s always eye-opening and humbling to experience that.”
We asked Laura what it takes to work in this industry and she answered:
“Patience and eagerness to learn new things all the time are important skills that not everyone has mastered. That’s it, I’d say. Of course, it helps a lot if you like computers!”
She went on and explained that eagerness to learn new things all the time is crucial since the future of cybersecurity is uncertain and ever-changing. For example, she says:
“The amount of data collected from users will keep increasing. Also, it seems that every electric device will become “smart”– a fancy word that stands for having Internet connectivity. Securing these devices and their backends will be a major undertaking, because these devices are already in use, but are very much lagging behind when it comes to security”.
There will always be a need for security researchers
Another exciting thing about this is that no matter how much the future of cybersecurity change, one thing is certain: there will always be a need for security researchers/ethical hackers to help companies and users to feel safer around their services and devices, and that is one of the reasons why Laura decided to join the Detectify family.
“I want to fix the Internet,” she says, “and I think we’re a fun bunch of people doing great things together. I appreciate the flexibility, the challenges, and the atmosphere we’ve got going on. I believe that what we are doing will help shape both the future of cybersecurity and the ways ethical hackers (like Detectify Crowdsource) are seen.”
Laura on automation: “automation serves us in two ways: it is basically a tool for making sure we clean out vulnerabilities before they even reach production, and on the other hand, it helps us to quickly act on when new vulnerabilities pop up or unnecessary attack surface is exposed, and fix it.”
Mac or PC? macOS – It’s Unix based.
Android or iOS? iOS
What’s your #1 security tip? Be curious and care about your privacy!
How do you keep up-to-date with tech and business? Twitter, Reddit – reading a lot overall!
What’s your favorite Detectify blog post? It must be some of the hostile subdomain takeover posts because those I remember reading even before I knew what Detectify was.
Detectify keeps growing by the day, which means that finding candidates who want to be part of driving change in a rapidly evolving cybersecurity space is our main priority. If you, like Laura, are excited about shaping the future of cybersecurity by “breaking stuff”, take a look at our open positions to join Laura in Stockholm!