In this edition of Get to Know the Snodgrass Team, we interviewed Christopher \”Chris\” Kreutzer, CISA, C|EH, ECSA, Senior Manager in the Technology Services Group.
You’ve been involved with Snodgrass’s network security attack and penetration testing for about eight years. What do you enjoy about conducting these tests?
The part I enjoy most about penetration testing is delivering results that can impact any company, since cybersecurity has been a trending area, especially over the previous five years. When we deliver information regarding areas of weakness in a company’s security, we inform the client that the weakness can impact the company on multiple levels, and if not acted upon, can have severely negative consequences. Breaches are in the news all the time. It feels rewarding to know we are helping the security posture of companies, and our audience is usually receptive to hearing what we have to tell them.
You’re a Certified Ethical Hacker. Tell us about what interested you in obtaining this designation and how you use this knowledge and training in your role.
I felt this certification was a foundation for penetration testing beyond just learning how to run scans and review results. Studying for the certification exam helped me understand the next step after finding a weakness and where to go after exploiting a vulnerability. I still regularly use the information I learned while studying for this exam. Once I obtain information during testing, I identify what I can do with the information to find the next weakness and ultimately gain root access on a company’s network.
Snodgrass emphasizes that our clients opt for social engineering since humans are security’s weakest link. How do you keep this type of testing relevant since criminals and technology evolve over time?
The simple answer is identifying what will make your target respond. This is usually a result of providing a personal incentive that makes the person want to click (e.g., “How does a discount sound?”) or something a user feels the need to reply to because of pressure (e.g., a spoofed email from boss). There is more to this though, as we have traveled around the country conducting social engineering tests. As we’ve talked with people within different companies and industries, the information we’ve collected helps us formulate ideas. Also trending news stories and pop culture that is relevant at the time of the test can be useful as well.
What are your thoughts on cryptocurrency? Have you ever or do you currently mine?
Personally, I’m not into cryptocurrency. I’m not a financial advisor, but I personally think it’s just like any of type of investment in that you are gambling with your money, and if you’re comfortable with that then, by all means, do as you please. I don’t invest in crypto for many reasons, and I highly suggest doing quite a bit of research on cryptocurrencies before investing as new ones are being created and publicized daily, which may or may not be as smart to invest your hard-earned money into.
I’ve never mined for cryptocurrency. It takes a lot of resources to do so, and, currently, some of the necessary computer equipment is easily accessible and costs a premium to obtain, so researching the cost/benefit of doing so should be investigated before undertaking this process. You might find out you could stand to lose a lot of money doing so, especially if you do not fully understand what you are doing.
What is something you have learned at this stage in your career that you wish you had known earlier?
This is something that can generally apply to life outside of work as well: appreciate the positives that you have around you. I have met and worked with many great people at my time with Snodgrass, and some have unfortunately left and pursued other opportunities in their careers. You can always look back and appreciate the memories you had with them, but I think it’s often overlooked because of the busy lifestyles that most of us live today.
What are some of your outside interests?
First and foremost, I enjoy helping my son learn new things and supporting him with anything he wants to try. For me, I enjoy working out, golfing, and playing video games. I have also been learning how to play guitar over the past year.
The Snodgrass team are industry-recognized experts who are highly sought after as speakers and trainers and for their leadership. Stay tuned for our next edition and get to know other members of our team!