Making sure the future of security is simple and accessible to everyone is one of Baloo’s main missions as a white hat hacker.
While the terms might be more familiar to fans of old-fashioned cowboy films, “white hat” and “black hat” have found modern relevance in the world of computer hacking. In the black-and-white cowboy films of yesteryear, the concept of the white hat vs. the black hat was originally developed to help audiences easily identify the hero and the villain. Today, these terms are now used to identify two types of hackers: white hat hackers and black hat hackers. Much like their cowboy inspiration, white hat hackers are considered to be in the hero camp, as they perform a valuable public service by stress-testing technology and looking for security vulnerabilities so they can be fixed before they’re exploited by their black hat counterparts. Black hat hackers, cybersecurity’s villains, are out for money, power, and chaos, using their talents to enrich themselves at the expense of others’ well-being. To learn more about how to become a white hat hacker, we sat down with Avast Chief Information Security Officer (CISO) Jaya Baloo to get her inside perspective on what white hat hackers do, how to become a white hat hacker, and why their work is so crucial to cybersecurity at large. Whether we notice it or not, cybersecurity is a huge part of each of our daily lives — and it’s time to start paying attention if we want to be safe. We live in a connected world that is poised to become even more connected in the future. Not only will we be more intrinsically connected to each other, but all of our devices will be interconnected as well. If the future is going to be made up of “smart” devices, that means we need to get smarter, too. Making sure the future of security is simple and accessible to everyone is one of Baloo’s main missions as a white hat hacker. “As new technology emerges, we’re seeing an increasing digital divide between the ‘haves’ and ‘have nots’ — and not only when it comes to the elderly and younger generations,” says Baloo. “During my travels, I’ve seen such stark challenges when it comes to tech adoption across the world, which is why it’s so important for me that security stays affordable and accessible to the most vulnerable populations.” Before joining our team in 2019, Baloo was CISO at KPN, the largest telecommunications carrier in the Netherlands, where she built and led KPN’s security team for seven years, directing the team to defend not only KPN but most of the critical infrastructure in the Netherlands. Before leading her team at KPN, Baloo worked as a Technical Security Specialist at France Telecom, following a number of years working at different telcos like Verizon. Outside of Avast, Baloo is also Vice-Chair of the EU Quantum Flagship, a billion-euro R&D program for quantum technologies, and a faculty member of Singularity University. But despite her impressive history and list of credentials, Baloo calls her entire career in security an accident. She was inspired to study computers after receiving one for Christmas at the age of nine. Although she didn’t have access to the internet until she turned 12 (with a dial-up connection), Baloo was a quick fan. After maxing out the family’s CompuServe bill, her parents canceled the service, leaving Baloo on her own to find different avenues to get back online. She soon learned about local dial-up systems through online chat rooms and decided to try to find one by setting up a wardialing program—a technique which involves automatically scanning lists of phone numbers in a local area code to search for modems, computers, bulletin board systems (i.e., computer servers), and fax machines. As Baloo recalls, “I was that desperate to get back online!” Since then, Jaya has used her powers for good and works towards a safer and more secure digital world. Baloo’s passion to be online was intense, but she didn’t always have a big community to back her up or inspire her. “When I was really young, I was the only girl in my class who was really interested in computers and getting one and playing with them.” At the time, Baloo only thought of technology as a hobby, the ultimate consequence of, “If you can’t see it, you can’t be it.” According to Baloo, “I suppose that came from the fact that I was the only girl. I never considered it as a potential for a professional choice because there were no female examples.” Today, Baloo is leading by example to redefine the image of who can be a white hat hacker. At the EU Quantum Flagship, for example, Baloo is one of few security people holding the position of Vice Chair; most of the other members are leading physicists. Together, the group provides insight into quantum computing developments and calls for action to continue the development of solutions to mitigate security concerns. Baloo’s job is to make sure they stay ahead of the curve. “If we allow it to, quantum computing will revolutionize fundamental science. But if we lead from only a security threat standpoint, only worrying about security threats, it will not progress.” Baloo calls her position at EU Quantum Flagship the greatest achievement of her career — a long way from the days when she felt being a girl who was interested in technology was “a quirky, weird thing about [her.]” Today, she underscores the important role that white hat hackers play, not just in cybersecurity, but in the world at large. And she encourages young women and students to join her. Admittedly, getting started on the good side of cybersecurity can feel a bit like being The Lone Ranger, at times. “Especially in infosec,” Baloo shares, “there tends to be a lot of competition and pitting people against each other’s relevant experience or technical merit. This scares a lot of people off.” But Baloo rallies young women and students to not walk away from the challenge. “Hold onto your passion, and don’t be afraid of being wrong. It’s the only way to learn something new.” To stay informed in a constantly evolving field, Baloo recommends leaning into self-study and community outreach by reading frequently, observing discussions on social media, and listening to researchers at conferences. The Wild West landscape may have changed, but the threat of black hat villains is not so different than it was years ago. Instead of black hat cowboys with handlebar mustaches, black hat hackers are now the villainous outlaws, attacking everyone from government institutions to remote workers around the world. Society needs white hat hackers to triumph over these threats. And today, everyone has the opportunity to become the hero.Why does society need white hat hackers?
Baloo’s path to white hat hero
Who can be a white hat hacker?
Working on “the good side” of cybersecurity