Advertisement
  1. News
  2. /
  3. Business

How a Tampa Bay ethical hacker helps companies with security

Jessica LaBouve of A-LIGN works with companies to make their applications and platforms more secure.
Jessica LaBouve, a penetration tester for cybersecurity company A-LIGN, poses for a portrait in the A-LIGN office on Thursday, Sept. 12, 2019 in Tampa. Companies hire A-LIGN to figure out where their digital security weak spots are, and LaBouve is one of the "benevolent hackers" that finds them. [ALLIE GOULDING | Times]
Published Sep. 19
Updated Sep. 19

TAMPA — Jessica LaBouve breaks it to companies gently. Their pride and joy, the application or platform they spent so much time developing, isn’t secure.

“It’s almost like you’re telling them their baby’s ugly,” she said.

LaBouve, 24, is a penetration tester for Tampa cybersecurity company A-LIGN, an ethical hacker who kicks the metaphorical tires on a company to find their security weaknesses. But instead of exploiting a weakness she finds, LaBouve points it out to the company and tells them how to improve. She likens it to what a personal trainer does.

“You really don’t like (personal trainers) when you’re working with them,” she said. “But when you see the results, you’re like, ‘Oh. This is why I’m doing this.'”

RELATED STORY: YouTubers with 1.1 million followers create security, privacy concerns for Pasco schools

A-LIGN is a cybersecurity auditing company that helps companies shore up their security practices to meet industry and legal standards.

Most of the issues LaBouve finds are common missteps. Google a “Top 10 most common vulnerabilities” list and chances are, LaBouve has found one of them in each audit she does. Among the most basic offenses are employees who use the default username and password, which is guessable, or keep login credentials in an easily-findable spreadsheet.

“The easy stuff shouldn’t be the stuff that I’m finding,” LaBouve said.

RELATED: Q&A: A-LIGN CEO Scott Price talks cybersecurity compliance and the local workforce

LaBouve and her team primarily test a company’s web applications — such as a website — and their network — a company’s computers, servers and internal network. Internal networks are where she often finds some of the most glaring vulnerabilities, as companies tend to protect their systems from being penetrated from the outside. LaBouve likens it to letting your guard down when living in a gated community.

“You think you’re safe from the outside, so you don’t lock your door. You don’t check your windows,” she said. “I’m going around companies and I’m checking their windows, and I’m checking their locks. I’m making sure they didn’t leave a key under the mat.”

She also does “social engineering” tests, where she interacts with employees and tries to get them to disclose login credentials or give her access to spaces she shouldn’t be allowed. Often, she’ll send emails impersonating an employee such as a human resource representative, asking them to reset their email and follow up with a call to make sure they got the email. There hasn’t been an audit yet where she wasn’t able to obtain at least one set of login credentials.

LaBouve finds that she stands out in an often male-dominated field. She was the first person to graduate from Middle Georgia State University’s cybersecurity program in 2017, and was often one of just a handful of women in her classes.

“When I walk into a room, your last thought is a (penetration) tester,” she said.

But that only helps her do her job better, she said, especially when she needs physical access. If they don’t consider her a threat, her job is easier.

LaBouve’s ability to communicate with her clients and break down complex technical topics is an asset, especially for those who aren’t as technically minded.

“I’m here to guide you through this process,” she said. “I want to make you better and myself better.”

It’s easy to blame a company for having lax digital security, but LaBouve said it isn’t always an issue of laziness or incompetence. The security landscape is evolving rapidly, and there are so many things to keep track of that some fall through the cracks.

Keeping up with the field, then, is paramount to successfully vetting a company’s security. LaBouve and her colleagues stay up to date with their skills by completing certifications, volunteering in the community to expose themselves to different people and methods, and attending conferences.

Spending the majority of her week breaking other people’s security means she thinks deeply about her own digital vulnerabilities. LaBouve isn’t on many social media platforms, and doesn’t put out much information about herself. At home, she has a robot vacuum, but it isn’t connected to the internet. And she doesn’t have any home assistants, such as Amazon’s Alexa.

“You have to walk a fine line, right? You don’t want to be paranoid and terrified,” she said. “But at the same time, be cognizant of the risks you’re taking and what you do.”

Part of staying sharp and present at work for LaBouve is finding joy outside of the office. She describes herself as having an “always-on-the-go” drive, and opts to be outside or with friends. Much of her spare time is spent at the gym, where she practices powerlifting.

“I’ve always been into different things,” she said. “I think that’s why the hacking works, too. I like to be unconventional.”

ALSO IN THIS SECTION

  1. A citrus grove in eastern Hillsborough County. [Times (2017)]
    The U.S. Dept. of Agriculture is predicting a 3.3 percent increase for the struggling industry.
  2. Gas prices may go up as much as 5 cents this week, AAA, The Auto Club Group, said. Pictured is a man filling up at a gas station in St. Petersburg in 2017. [DIRK SHADD   |   Times  (2017)] SHADD, DIRK  |  Tampa Bay Times
    Gas dropped 10 cents on average in Tampa Bay last week and 6 cents on average in Florida.
  3. Artist Danny Acosta completes re-lettering  of the Southernmost Point in the Continental U.S.A. marker in Key West after much of the paint was stripped off in Hurricane Irma in 2017. [Florida Keys News Bureau via the Associated Press]
    Less than 10 percent of U.S. counties are "vacation home'' counties.
  4. The Maple Street Biscuit Company opened in April on the 600 block of Central Avenue. [SCOTT KEELER   |   Times]
    The popular Jacksonville biscuit shop has recently opened a handful of Tampa Bay locations.
  5. [Getty Images] PHOTOGRAPHER: RASMUS JURKATAM; RASMUS JURKATAM  |  Getty Images
    A frustrated business card user learns that his on-time payments don’t boost his personal credit score.
  6. Regina Temple is the new president and CEO at Regional Medical Center Bayonet Point. HCA West Florida
    Read this and more Pasco County business news.
  7. The City Council has called for consultants to design an outdoor concert pavilion with a fixed covering over 4,000 seats in the middle of its proposed overhaul of the downtown waterfront. That decision is causing some friction in the city as officials prepare to present preliminary design drawings to the public. City of Clearwater
    Some in the city are divided over Clearwater’s $64.5 million plan.
  8. Tampa Bay workers are more likely than employees in other metros to quit because of a boss they don’t like, according to a recent survey. Pictured are job seekers at a Tampa job fair in June. [OCTAVIO JONES   |   Times] JONES  |  Tampa Bay Times
    Tampa Bay and Miami tied for the percentage of employees who quit because of a boss.
  9. Recent sunny day flooding in Shore Acres, a St. Petersburg neighborhood vulnerable to rising sea levels. [Times] Susan Taylor Martin
    The organizations will explore the impact of climate change on Florida.
  10. The University of Florida's Institute of Food and Agricultural Sciences - Pasco Extension opened an incubator kitchen on Sept. 23. It's  at 15029 14th Street in Dade City. The goal of the kitchen is to create educational opportunities for food entrepreneurs and help them to start new businesses. Whitney Eleamor (center left) developed the idea for the kitchen. PAIGE FRY  |  Paige Fry
    The ribbon-cutting ceremony was held last week for the Pasco County Extension Service community kitchen.
Advertisement
Advertisement
Advertisement