Advertisement
  1. News
  2. /
  3. Business

How a Tampa Bay ethical hacker helps companies with security

Jessica LaBouve of A-LIGN works with companies to make their applications and platforms more secure.
Jessica LaBouve, a penetration tester for cybersecurity company A-LIGN, poses for a portrait in the A-LIGN office on Thursday, Sept. 12, 2019 in Tampa. Companies hire A-LIGN to figure out where their digital security weak spots are, and LaBouve is one of the "benevolent hackers" that finds them. [ALLIE GOULDING  |  Times]
Jessica LaBouve, a penetration tester for cybersecurity company A-LIGN, poses for a portrait in the A-LIGN office on Thursday, Sept. 12, 2019 in Tampa. Companies hire A-LIGN to figure out where their digital security weak spots are, and LaBouve is one of the "benevolent hackers" that finds them. [ALLIE GOULDING | Times]
Published Sep. 19, 2019
Updated Sep. 19, 2019

TAMPA — Jessica LaBouve breaks it to companies gently. Their pride and joy, the application or platform they spent so much time developing, isn’t secure.

“It’s almost like you’re telling them their baby’s ugly,” she said.

LaBouve, 24, is a penetration tester for Tampa cybersecurity company A-LIGN, an ethical hacker who kicks the metaphorical tires on a company to find their security weaknesses. But instead of exploiting a weakness she finds, LaBouve points it out to the company and tells them how to improve. She likens it to what a personal trainer does.

“You really don’t like (personal trainers) when you’re working with them,” she said. “But when you see the results, you’re like, ‘Oh. This is why I’m doing this.'”

RELATED STORY: YouTubers with 1.1 million followers create security, privacy concerns for Pasco schools

A-LIGN is a cybersecurity auditing company that helps companies shore up their security practices to meet industry and legal standards.

Most of the issues LaBouve finds are common missteps. Google a “Top 10 most common vulnerabilities” list and chances are, LaBouve has found one of them in each audit she does. Among the most basic offenses are employees who use the default username and password, which is guessable, or keep login credentials in an easily-findable spreadsheet.

“The easy stuff shouldn’t be the stuff that I’m finding,” LaBouve said.

RELATED: Q&A: A-LIGN CEO Scott Price talks cybersecurity compliance and the local workforce

LaBouve and her team primarily test a company’s web applications — such as a website — and their network — a company’s computers, servers and internal network. Internal networks are where she often finds some of the most glaring vulnerabilities, as companies tend to protect their systems from being penetrated from the outside. LaBouve likens it to letting your guard down when living in a gated community.

“You think you’re safe from the outside, so you don’t lock your door. You don’t check your windows,” she said. “I’m going around companies and I’m checking their windows, and I’m checking their locks. I’m making sure they didn’t leave a key under the mat.”

She also does “social engineering” tests, where she interacts with employees and tries to get them to disclose login credentials or give her access to spaces she shouldn’t be allowed. Often, she’ll send emails impersonating an employee such as a human resource representative, asking them to reset their email and follow up with a call to make sure they got the email. There hasn’t been an audit yet where she wasn’t able to obtain at least one set of login credentials.

LaBouve finds that she stands out in an often male-dominated field. She was the first person to graduate from Middle Georgia State University’s cybersecurity program in 2017, and was often one of just a handful of women in her classes.

“When I walk into a room, your last thought is a (penetration) tester,” she said.

But that only helps her do her job better, she said, especially when she needs physical access. If they don’t consider her a threat, her job is easier.

LaBouve’s ability to communicate with her clients and break down complex technical topics is an asset, especially for those who aren’t as technically minded.

“I’m here to guide you through this process,” she said. “I want to make you better and myself better.”

It’s easy to blame a company for having lax digital security, but LaBouve said it isn’t always an issue of laziness or incompetence. The security landscape is evolving rapidly, and there are so many things to keep track of that some fall through the cracks.

Keeping up with the field, then, is paramount to successfully vetting a company’s security. LaBouve and her colleagues stay up to date with their skills by completing certifications, volunteering in the community to expose themselves to different people and methods, and attending conferences.

Spending the majority of her week breaking other people’s security means she thinks deeply about her own digital vulnerabilities. LaBouve isn’t on many social media platforms, and doesn’t put out much information about herself. At home, she has a robot vacuum, but it isn’t connected to the internet. And she doesn’t have any home assistants, such as Amazon’s Alexa.

“You have to walk a fine line, right? You don’t want to be paranoid and terrified,” she said. “But at the same time, be cognizant of the risks you’re taking and what you do.”

Part of staying sharp and present at work for LaBouve is finding joy outside of the office. She describes herself as having an “always-on-the-go” drive, and opts to be outside or with friends. Much of her spare time is spent at the gym, where she practices powerlifting.

“I’ve always been into different things,” she said. “I think that’s why the hacking works, too. I like to be unconventional.”

ALSO IN THIS SECTION

  1. Muhammad Abdur-Rahim points out the location of what he believed to be a former African American cemetery next to the parking lot of FrankCrum Staffing, 100 S Missouri Ave. in Clearwater. Now, it appears the cemetery may have been on an adjacent lot where the building stands. [JAMES BORCHUCK  |  Times]
    Archaeologists were scanning a vacant lot for bodies until an old city record pointed them to an adjacent property.
  2. Construction continues on the new Wiregrass Ranch Sports Campus of Pasco County located in Wesley Chapel. The center will feature a 98,000 square foot sports center with eight bio-cushioned hardwood courts that can be utilized for basketball, volleyball, mixed martial arts, gymnastics, wrestling, soccer, futsal, cheerleading and dance. [OCTAVIO JONES  |  Times]
    The $44 million facility is expected to hold its first tournament in September
  3.  [Getty Images]
    While credit scores will fall for millions, millions more will see their scores rise.
  4. Lucky's Market ahead of its St. Petersburg grand opening just two years ago. [Times (2018)]
    Only one Florida Lucky’s Market will remain a Lucky’s. The future of the Tampa Bay locations is still unclear.
  5. Internet crimes are on the rise in Florida. [AP Photo]
    Also: Why were the SunTrust Financial Centre lights purple? And the cost of owning an electric car.
  6. AdventHealth's central Pasco emergency room at t 16625 State Road 54 is shown here. The hospital chain recently purchased 18 acres on State Road 52 at the northern entrance of the Mirada development west of Dade City. [MICHELE MILLER  |  Times]
    The hospital chain pays $4.5 million to buy 18 acres from a Metro Development Group affiliate.
  7. [Getty Images] [Getty Images]
    It would probably be good to ask his thoughts, the advice columnist writes.
  8. Renderings by Arquitectonica of the proposed Red Apple Group condo project in St. Petersburg. Courtesy of Arquitectonica [Courtesy of Arquitectonica]
    $300 million. 45 stories. A little closer to existence.
  9. A group of East Lake residents has erected signs protesting a 44-home development proposed by Tarpon Springs developer Pioneer Homes. Tarpon Springs commissioners recently voted to annex the site into the city. [Courtesy of Marc Washburn]
    The action targets a plan to build 44 homes on land between Keystone Road and Highland Avenue, double what was allowed in the East Lake District.
  10. People gather around an auctioneer at the liquidation sale following local bike store Flying Fish Bikes closing [Romy Ellenbogen]
    The liquidation sale was packed with people hoping to get discounted bike gear.
Advertisement
Advertisement
Advertisement