Advertisement
  1. News
  2. /
  3. Business

How a Tampa Bay ethical hacker helps companies with security

Jessica LaBouve of A-LIGN works with companies to make their applications and platforms more secure.
Jessica LaBouve, a penetration tester for cybersecurity company A-LIGN, poses for a portrait in the A-LIGN office on Thursday, Sept. 12, 2019 in Tampa. Companies hire A-LIGN to figure out where their digital security weak spots are, and LaBouve is one of the "benevolent hackers" that finds them. [ALLIE GOULDING | Times]
Published Sep. 19
Updated Sep. 19

TAMPA — Jessica LaBouve breaks it to companies gently. Their pride and joy, the application or platform they spent so much time developing, isn’t secure.

“It’s almost like you’re telling them their baby’s ugly,” she said.

LaBouve, 24, is a penetration tester for Tampa cybersecurity company A-LIGN, an ethical hacker who kicks the metaphorical tires on a company to find their security weaknesses. But instead of exploiting a weakness she finds, LaBouve points it out to the company and tells them how to improve. She likens it to what a personal trainer does.

“You really don’t like (personal trainers) when you’re working with them,” she said. “But when you see the results, you’re like, ‘Oh. This is why I’m doing this.'”

RELATED STORY: YouTubers with 1.1 million followers create security, privacy concerns for Pasco schools

A-LIGN is a cybersecurity auditing company that helps companies shore up their security practices to meet industry and legal standards.

Most of the issues LaBouve finds are common missteps. Google a “Top 10 most common vulnerabilities” list and chances are, LaBouve has found one of them in each audit she does. Among the most basic offenses are employees who use the default username and password, which is guessable, or keep login credentials in an easily-findable spreadsheet.

“The easy stuff shouldn’t be the stuff that I’m finding,” LaBouve said.

RELATED: Q&A: A-LIGN CEO Scott Price talks cybersecurity compliance and the local workforce

LaBouve and her team primarily test a company’s web applications — such as a website — and their network — a company’s computers, servers and internal network. Internal networks are where she often finds some of the most glaring vulnerabilities, as companies tend to protect their systems from being penetrated from the outside. LaBouve likens it to letting your guard down when living in a gated community.

“You think you’re safe from the outside, so you don’t lock your door. You don’t check your windows,” she said. “I’m going around companies and I’m checking their windows, and I’m checking their locks. I’m making sure they didn’t leave a key under the mat.”

She also does “social engineering” tests, where she interacts with employees and tries to get them to disclose login credentials or give her access to spaces she shouldn’t be allowed. Often, she’ll send emails impersonating an employee such as a human resource representative, asking them to reset their email and follow up with a call to make sure they got the email. There hasn’t been an audit yet where she wasn’t able to obtain at least one set of login credentials.

LaBouve finds that she stands out in an often male-dominated field. She was the first person to graduate from Middle Georgia State University’s cybersecurity program in 2017, and was often one of just a handful of women in her classes.

“When I walk into a room, your last thought is a (penetration) tester,” she said.

But that only helps her do her job better, she said, especially when she needs physical access. If they don’t consider her a threat, her job is easier.

LaBouve’s ability to communicate with her clients and break down complex technical topics is an asset, especially for those who aren’t as technically minded.

“I’m here to guide you through this process,” she said. “I want to make you better and myself better.”

It’s easy to blame a company for having lax digital security, but LaBouve said it isn’t always an issue of laziness or incompetence. The security landscape is evolving rapidly, and there are so many things to keep track of that some fall through the cracks.

Keeping up with the field, then, is paramount to successfully vetting a company’s security. LaBouve and her colleagues stay up to date with their skills by completing certifications, volunteering in the community to expose themselves to different people and methods, and attending conferences.

Spending the majority of her week breaking other people’s security means she thinks deeply about her own digital vulnerabilities. LaBouve isn’t on many social media platforms, and doesn’t put out much information about herself. At home, she has a robot vacuum, but it isn’t connected to the internet. And she doesn’t have any home assistants, such as Amazon’s Alexa.

“You have to walk a fine line, right? You don’t want to be paranoid and terrified,” she said. “But at the same time, be cognizant of the risks you’re taking and what you do.”

Part of staying sharp and present at work for LaBouve is finding joy outside of the office. She describes herself as having an “always-on-the-go” drive, and opts to be outside or with friends. Much of her spare time is spent at the gym, where she practices powerlifting.

“I’ve always been into different things,” she said. “I think that’s why the hacking works, too. I like to be unconventional.”

ALSO IN THIS SECTION

  1. Casey Cane has resigned as chair of Pinellas County’s Housing Finance Authority in the wake of a Tampa Bay Times story about his failure to disclose an arrest for a financial felony when he was 19. He also serves as a Palm Harbor fire commissioner. Casey Cane
    Casey Cane failed to disclose his arrest for a financial felony in 2006. He said he didn’t think he had to reveal that information.
  2. Tampa Mayor Jane Castor speaks to about 75 people Tuesday at a city conference on innovation and collaboration. (City of Tampa photo by Janelle McGregor) Janelle McGregor
    City Hall brought together startups and the nonprofits that nurture them for a discussion of possible ideas to improve city operations and service.
  3. Tampa Bay Lightning owner and financier Jeff Vinik told investors in a letter Tuesday that he is closing Vinik Asset Management, the hedge fund he relaunched earlier this year. (Times files)
    The Tampa Bay Lightning owner and longtime financier announced the decision to close Vinik Asset Management in a letter to investors on Wednesday.
  4. Pat and Harvey Partridge visit Waiheke Island in New Zealand in April. Courtesy of David Partridge
    The husband-and-wife team that founded St. Petersburg’s Partridge Animal Hospital were known for their compassion and kindness to all creatures great and small.
  5. The lobby bar at the Current Hotel on Rocky Point in Tampa serves eclectic cocktails and locally brewed coffee. SARA DINATALE  |  Tampa Bay Times
    Take a look inside Tampa Bay’s newest boutique hotel.
  6. The Florida Supreme Court building in Tallahassee. SCOTT KEELER  |  Times
    The Tampa Bay Partnership, Greater Tampa Chamber of Commerce and Tampa-Hillsborough Economic Development Corp. filed a brief in the Florida Supreme Court.
  7. Tech Data's headquarters in Largo. TD AGENCY  |  Courtesy of Tech Data
    Largo’s Tech Data would be the fourth in as many years, though the potential sale seems far from a done deal.
  8. Former WTSP-Ch. 10 news anchor Reginald Roundtree, shown here with his wife Tree, filed a lawsuit Friday against his former employer alleging he was fired because of age discrimination and retaliation. [Times file] WTSP  |  FACEBOOK
    The suit comes after a federal agency took no action on age discrimination complaints he had filed.
  9. Guests of the Flying Bridge at the Tradewinds Resort, which is now under new ownership. [DOUGLAS R. CLIFFORD  |  Times]
    The new owner says he plans to keep its management and 1,100 employees.
  10. The University of South Florida has earned national accolades for its push to raise graduation rates. Student loan debt in Florida is so crushing that it makes it hard to afford a house.
    Staggering debt loads make it hard to buy a home.
Advertisement
Advertisement
Advertisement