Insight from an ethical hacker

Craig Stevenson, founder of HyperQube Technologies, discusses the ethics of hacking and why virtualization is an important tool with wide-reaching applications ...

As the internet grows, it becomes more and more difficult to physically store the real-world objects that store and manage its content. To understand what technology has sprouted on in the space of this need, and to learn more about the ethics of hacking, we spoke with Craig Stevenson, CEO at HyperQube Technologies.

ABERMAN: I’m looking forward to learning about HyperQube, but tell me first: what exactly is virtualization?

STEVENSON: Virtualization is a technology that many billion-dollar companies have been built on the backs of. So, in the beginning, you had one server for every single website, so you can imagine how many websites there are out there today. Imagine if every single one of those required at least a single physical computer. There wouldn’t be enough space to house it all. So, what people soon figured out was, 90 percent of the time, the computer they were running, for example, a website on, was only operating at 10 percent of its capacity, or maybe even less.

So what would be great is if you could take that other 90 percent, and essentially turn them into other computers. So, what virtualization does is, it takes one piece of hardware, and allows you, rather than just having one computer, to have a bunch of smaller computers that can scale up and down based on demand.

ABERMAN: And that’s effectively what Amazon Web Services is doing, right? Just basically renting slices of time on a large computer, as, effectively, little computers that run for specific moments and specific tasks.

STEVENSON: Absolutely. They’ve managed to build a rather nice business off the back of that piece of technology.

ABERMAN: Yes they have, and they continue to. And rumor has it that they’re coming to start here. I’m looking forward to that. But, HyperQube. How exactly are you using this technology to grow business here in the region?

STEVENSON: Sure. So, this is a really powerful technology, but the tools for producing and consuming this technology have all been aimed at highly skilled developers, which means it takes a long time before you can do anything productive with it. And what HyperQube is trying to do is, if I can describe a computer network to you in 30 seconds using plain English, it should only take you 30 seconds to build it and deploy it into any cloud of your choice. You shouldn’t need to know how that particular cloud works. That’s our end goal. I’m a firm believer that there are millions of potential customers for this technology that are currently being untapped, because of the specialized skills it requires to do anything with it.

ABERMAN: So, just to make sure I’m understanding this properly: if I set up an I.T. system in an organization, I’m going to have servers in the cloud, I may have servers in my office some place, I’ll have a lot of client computers, I’m going to have mobile devices, printers, all these different things that will be integrated into a single system. And that sounds to me like I’ve got a couple of problems, then. One, I’ve got to make sure everything operates together, but then two, I’ve got to make sure that my cyber security systems are properly deployed.

So, what you’re telling me is that I either have to have all that stuff built and integrated in the real world, and then I can apply cybersecurity technologies to see if they work. Or, I can create a virtual network that behaves as if it was real, and then I can apply cybersecurity technology and other things against it, to make sure that the system is safe and works properly. Is that what you’re doing?

Subscribe to the What’s Working in Washington podcast on iTunes.

STEVENSON: Yeah, that’s correct. Only organizations that had an incredible amount of resources at their disposal used to be able to do that. So, they’d build an entire test copy of something physical, essentially a duplicate of what they were going to be deploying in the field, make sure everything works, before they put it in the field. Then virtualization came along. And so now, they were building virtual copies of things before they were putting it in the field, but it still required a huge team of virtualization engineers. And what I’m trying to get to is, anybody who has the vocabulary to just describe a network should be able to build a copy of it, run tests on it, and figure out what to do.

ABERMAN: I’ve seen, in addition to your business, a fair number of startups over the last couple of years grow, a number who’ve been sold now, around this concept of creating virtual machines, virtual networks and so forth. It seems to me that this is a particular strength in our region, and perhaps one of the reasons why Amazon Web Services is growing so rapidly here. What is it about our region that creates the kind of software and engineering talent that’s suitable for this type of field?

STEVENSON: A lot of it came out of the government, but I mean, the Internet started here. You know, if you drive out the Dulles Toll Road to Sterling, Virginia; that literally is where the Internet is. Like, every time you access a Web site, there is a physical computer somewhere that that thing is running on, and most of the time, that happens to be in what’s called data center alley, out in Sterling, Virginia. So like, when you watch Netflix, those bits live in Virginia, and get streamed to your house. So, there’s just a ton of talent in and around that space in the area.

ABERMAN: For the less technical, it’s like in the ocean, where you have a heat vent on the ocean floor, and a lot of life because it’s warm. The Internet, as well, had an effect where the bandwidth is broadest, right in our region. So it literally creates this concentration of highly technically skilled people who are comfortable with the Internet. So, I think that gives us an idea of where the talent comes from. You’re in cybersecurity, and I was really interested, and I looked at your LinkedIn bio, to see that you described yourself, in fact you certify yourself as, an ethical hacker. Which, to my mind, is an oxymoron I guess. But, explain to me what an ethical hacker is, or why somebody would put that on their LinkedIn profile.

STEVENSON: The term hacker has sort of been taken over to mean something bad these days, but it never used to. Hacker was just a person who liked to take things apart, and figure out how they worked. And so, there’s actually just a certification that anyone can go take a test and get, that makes you a Certified Ethical Hacker. But the idea there is, we’re the good guys. So, when bad things show up and people want to figure out how they work, the good guys take it apart and figure out, essentially, hack it to figure out how it works.

ABERMAN: I love the concept of good guys, bad guys. Which really leads me to think out loud with you: sounds to me like cybersecurity is an arms race, or it’s a fight between the good guys and bad guys. Do you think it’s a fight that can be won?

STEVENSON: I wouldn’t say it’s a fight that can be won. I’d say it’s a battle that’s never going to stop. Like, good guys figure out some way to stop something, bad guys figure out a way around it. It’s just an arms race back and forth. But the good guys are getting a lot better these days. Companies are starting to care a lot more, so there’s a lot more resources being thrown at solving good guy problems.

ABERMAN: What do you think changing in corporate America that’s caused people to focus on this more?

STEVENSON: A lot of companies lost a lot of market capitalization from getting hacked. It’s really it’s really just incentives. Well, there’s two things going on. One: everything is connected to everything. So theoretically, from my phone, there’s a path to important corporate data on some corporate network. There’s a lot of things in between me and them to stop me from getting access to it. But theoretically, it’s all connected. So that’s one, that’s number one. And then number two, the bad guys are starting to have a huge financial incentive to go get that data. It’s all about incentives. Like if I’m a hacker, it’s a business. I’m trying to figure out what data can I steal, and how much can I sell it for. And that determines how much resources I can throw at stealing it. These days, the data sitting inside of companies could be worth billions of dollars. So that means, if there’s data out there worth a billion dollars, I can spend 100 million dollars trying to go after it.

ABERMAN: You know what’s interesting to me about this whole issue of data is that, the data is actually most valuable in the hands of the people that have legitimate businesses. The actual value of hacked data, on a per data bit basis, is actually very low. So really, you would think that businesses would have a lot more incentives here to protect their data than the bad guys wouldn’t trying to get after it.

STEVENSON: And in fact, that’s something that’s happening now. So, everyone hears about ransomware. The economic flip that happened there, bad guys realized that stealing someone’s data is worth X, but preventing that person from accessing their data was worth way more. So, I could go into an enterprise, and I could take a copy of all their data, and the enterprise would say, good luck, do whatever you want with that. But if I go into an enterprise, and I lock everything so they can’t get access to their own data. All the sudden, that’s a huge economic problem for that enterprise.

ABERMAN: Craig, before I let you go: we have listeners that are starting businesses, tech businesses, right now. What would be your best advice for them? What’s the biggest lesson you learned that you think they should all be aware of?

STEVENSON: You’re going to be wrong a lot in the creation and running of your business. And there’s tons of companies out there that fail because they got something wrong and they kept plugging at it, even though the market was telling them a different lesson. So, I would say the biggest thing we’ve learned so far is: run experiments to determine whether or not what you think is correct. And if the market is telling you you’re incorrect, fail, and fail fast, and move on. And this is actually one of the biggest advantages startups have over large enterprises. A large enterprise will throw a hundred million dollars down the hole because somebody had an idea, and they won’t let it go. Well, as a startup, we’ll throw 200 dollars at that idea, and very quickly find out if it’s wrong, and move on to the next thing.

ABERMAN: So, embrace the ups of a startup, but also the downs of a startup, in order to truly learn.

STEVENSON: Absolutely.

ABERMAN: That’s great advice. Craig Stevenson from HyperQube Technologies, Thanks for joining us today.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories