Besides making sure that Modex’s infrastructure is secure and that all “live” products have passed a security pentest, Daniel Mihai – also known as Danezu – is keeping track of everything that’s happening in the cybersecurity industry to not get caught off-guard. Daniel holds the Offensive Security Certified Professional (OSCP) certificate and he is also a Certified Ethical Hacker. More on what he does at Modex, how he became a tech guy and how he sees the cybersecurity landscape in this new #WeAreModex interview.
Daniel is a Computer Science Polytechnic graduate and has worked in the IT industry from the beginning, mostly in corporate environments: IPSOS, AVIRA, Intel, METRO SYSTEMS. “Initially my inclination was towards System Administration which quickly grew from Windows to Unixes. Windows was boring and mainstream. More customizable and more interesting. I really liked compiling my own Gentoo flavour with all flags and custom kernel!”
In addition to being a Certified Ethical Hacker – a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system – Daniel also holds the Offensive Security Certified Professional (OSCP) certificate. OSCP is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.
Refining his cybersecurity knowledge
His cybersecurity career really took off once he worked as Quality Assurance Engineer at AVIRA. “Working mostly in command-line and developing testing scenarios from security products, I was one of the first people to take part in the establishment of Intel Corporation in Romania. They opened new offices by hiring people straight from LinkedIn, which was not that common at that time. I was the Team Leader for the Security team on one of their projects”, recalls Daniel. Switching into seniority, he upped his career with a serious role as part of a fully operational team of pentesters in METRO Systems.
Speaking about the pentesting part of his career, Daniel says: “In many instances I have found vulnerabilities through which a hacker could extract sensitive info from the application’s database. I’ve also discovered that through another vulnerability I was able to execute a remote code on the server. And all these findings have greatly contributed to enhancing the protection level for the company’s security systems!”
Getting to work at Modex
What’s the story behind Daniel’s arrival at Modex? “I have long known Alin Iftemi and his ventures with the Moneymailme project. I initially joined Moneymailme doing some work on the security part. I can basically say that I was already a part of the team when Modex was launched. As the team expanded, I became more and more involved in the project and all the developments related to it.” Speaking about the working environment at Modex, Daniel says: “The team is great, my colleagues are very open-minded and lots of people are having fun while still being dead-serious about their work.”
Daniel also offers some details about the job requirements as Head of Security. “I have so many responsibilities, sometimes they scare me”, says our colleague with a smile. “Jokes aside, as part of my job I have to make sure that all ‘live’ products have passed a security pentest, that the development processes and the company’s infrastructure are secure, and also make sure that policies are enforced so that equipment is configured in a secure manner. In addition, I provide assistance whenever there are concerns about or the issues are related to security in any aspect of the company, I manage some cloud services and infrastructure as well, and also stay up to date with the latest news from the cybersecurity and cyber-crime domains so I won’t get caught off-guard!”
The evolution of the cybersecurity landscape
We were curious to find out how has the cybersecurity landscape changed since the start of the pandemic and since many of us started working from home. More ransomware attacks? More attacks targeting the users’ personal devices? More attacks on the company’s networks? Daniel explains: “The cybersecurity landscape is always changing and, of course, this massive work-from-home trend has changed its focus, even though not so much. With regards to virus and malware, ransomware is the de facto threat. Also, there is clearly an increase in the level of skills and expertise of attackers, because some governments pump huge amounts of money into cyber attacks. There are teams of thousands of people who work for governments and only design attacks towards other rival countries.”
Looking ahead, “the cybersecurity field starts to integrate AI technology both as aggressive and defensive manners”, adds Daniel. “Since the next big attack becomes even more difficult to predict, companies invest a lot of money into redundant layers of security, hoping they won’t become the next target.”
Enhancing security with Modex’s products and services
From Daniel’s perspective, how effective are Modex’s products and services for a company that wants to enhance its cybersecurity defence? “Modex is a company which offers various products and services that could serve many different purposes. From a security industry perspective, Modex can correctly fill a gap in the forensics analysis. Forensics is the science of decoding a hack and understanding where and when something happened. To achieve that, you need reliable log data, which is also immutable to have reliable proofs. Modex uses quite a complex technology. Blockchain is fairly easy to understand at a high level, but ensuring security means you need to be able to understand it at the source code level, as well, an area that I still have to work on.”
Fishing, not phishing
If you’ve been following closely the #WeAreModex series of interviews with our colleagues, you already know what they like to do in their free time. Some are talking walks and treks, learning to play the guitar, or even learn a new language. Others have a strong passion for dancing, so salsa and bachata are guilty pleasures which make them smile after a busy day at the office. We were curious to discover how Daniel likes to spend his time off, so we ended our discussion on a lighter note, speaking about his hobbies. “I’m passionate about chess and fishing – not phishing – but time becomes more expensive as you get older!” We second that, Daniel!