Sharyn Horowitz << back to resume
Project: Feature
Article - "Ethical Hacker"
Client: Ernst & Young LLP
Role: Writer
Challenge: Show potential employees
& clients the interesting & important work done by Ernst &
Young people
One Saturday night a few years after the Gulf War, Air Force Lieutenant Chris Prosise and his team entered a US hospital in the Middle East. Their mission: penetrate the network. They walked past the admitting desk, laptops under their arms. No one paid any attention as they checked hallways for unlocked doors.
One unlocked door led to a closet, and inside the closet was a network hub — frighteningly accessible. They were not surprised; this is unfortunately all too common. Before leaving, they connected laptops to the network and initiated automated attack and penetration programs.
By morning, they could have accessed patient records, modified financial data, even prescribed drugs. They picked up their computers and left in plain sight, unchallenged. Mission accomplished, but Chris's work was just beginning. Chris and his team of security engineers spent the next week training system administrators and correcting identified vulnerabilities to prevent malicious intrusions.
Chris served in the Air Force for 4 years, after graduating from Duke University with a degree in electrical engineering. During his time with the Air Force Information Warfare Center, he constantly broke into critical systems to identify weaknesses, and then helped to develop and implement security architectures to prevent intrusions by malicious hackers.
Last July, Chris Prosise joined our eSecurity Solutions (eSS) line. His experience in the Air Force helped him develop Ernst & Young's Incident Response Methodology. Today, Chris and other members of the E&Y eSS team provide incident response services to clients, ready to respond on site within 24 hours of a security breach.
Chris is also part of the team that teaches the Extreme Hacking - Defending Your Site course, Ernst & Young's innovative course for security specialists. In the class, security specialists learn how to penetrate their systems in order to better protect them. The course features team exercises reminiscent of Chris' training in the Air Force.
Though he doesn't fit the hacker stereotype, Chris is proud to call himself an "ethical hacker," a professional who uses hacking techniques to develop a profile of a client's security systems in the interest of solving their problems.
Chris finds his work at E&Y similar to his military missions. "The level of vulnerability is about the same," he says, "surprising when you consider the importance of the information."