Because October is Cybersecurity Awareness Month, we have a special edition of the Hoodies behind Zerocopter, featuring Edwin van Andel, our CTO!
Please tell us a bit about yourself, who is Edwin van Andel?
An old grumpy hacker from the Netherlands. Started hacking around 1984, and never stopped. Living in a remote part of the Netherlands, to compensate for the hectic congress life š
How would you describe your job title in a couple of words?
Fun mostly! Trying to get the hacker network connected and appreciated by the people who need them but donāt know it, or are still scared of the term āhackerā. The term that for us is a proud badge to wear, and generated a really awesome community.
How did you end up at Zerocopter? What was your role and position at first?
When I was asked to join Zerocopter, it was because I was present on a lot of stages to explain to the world that hackers can help, and that Responsible Disclosure and Coordinated Vulnerability Disclosure (CVD) are great ways to make your company safer. So the first years at Zerocopter I was mostly doing the same thing, and I was also actively involved in creating tools and workflows to help clients to set up CVD policies as painless as possible, both to the company but also to the hackers. I kept on doing this even when I was promoted to CEO, but my time spent on the fun things was pressured in those years. So, later on, we found a brilliant CEO š and I went back to the technical part of things, as well as promoting the network more than ever.
What resources would you recommend to someone (new) in this industry?
Difficult, as there are so many fields in which you can become an excellent hacker. I would go for some python books, so you can learn how to write your own tools, follow Darknet Diaries for cool hacking stories, go to the events in your area where you can meet other hackers, and go to thrift stores to buy old hardware and learn how to hack those without spending money. Jilles has excellent videos on what you need, and how you can succeed, for less than $20.
For those who donāt know, you were actively involved in creating the āResponsible Disclosure (RD) policyā in the Netherlands. Can you tell us more about how RD started and about the process of its creation?
The problem was that in the early days when you found an issue at a vendor and wanted to tell them about it, there were chances that they would accuse you of criminal activity. To show the actual issue, sometimes you had to go further than you actually wanted to prove your point. So there was no protection for people trying to help the world get better, also because it mostly concerned our own data. Luckily, the Dutch government saw this and together with the NCSC created the first Responsible Disclosure Guideline in 2013. If a hacker reported something to a party, didnāt share it with the press, didnāt download too much etc, so basically adhered to some ethical rules, then they couldnāt get prosecuted. Big win! In 2018 they renewed the guideline to the current CVD guideline, and even put my head in the document.
What would you say is the biggest challenge within the domain of security nowadays?
Well, letās say for now that software becomes more secure through a lot of Bug Bounties, Pen tests and CVD. Then the next issue will be configurations and interaction. What I mean by that is that despite how secure the software is, it still has to be connected to other software. And those connections are easily done wrong, and thus creating security problems. Next to this, current issues are found in your supply chain. The weakest link is the one threatening your security. And all this next to humansā¦ā¦
What is your favourite stereotype about the hacking industry and why?
Do you mean the hoodie? The one in every hacker picture? š The beautiful thing about the hacking network is that there are no stereotypes. No one cares on how you look, what you wear, what colour your skin is, or what your background is. They care about your brain. Your interest in puzzles. Your weird mind that sees patterns that are wrong, or that wants to show that something is flawed, no matter what the device or software is. Or even in food š
What is, from your perspective, the future of cybersecurity?
Hackers will rule the world. Thatās a given. Letās hope itās the good ones who will be in the lead.
If you could give one piece of advice regarding security, what would it be?
Think. Deduct. Logic. And if you have kids, donāt try to shield or block them from trying. Just teach them to think ethically. Then whatever they do, theyāll do the right thing.
We hope you liked this special edition of our blog series and you enjoyed getting to know Edwin a bit better!