Because October is Cybersecurity Awareness Month, we have a special edition of the Hoodies behind Zerocopter, featuring Edwin van Andel, our CTO!
Please tell us a bit about yourself, who is Edwin van Andel?
An old grumpy hacker from the Netherlands. Started hacking around 1984, and never stopped. Living in a remote part of the Netherlands, to compensate for the hectic congress life :)
How would you describe your job title in a couple of words?
Fun mostly! Trying to get the hacker community connected and appreciated by the people who need them but don’t know it, or are still scared of the term ‘hacker’. The term that for us is a proud badge to wear, and generated a really awesome community.
How did you end up at Zerocopter? What was your role and position at first?
When I was asked to join Zerocopter, it was because I was present on a lot of stages to explain to the world that hackers can help, and that RD and CVD are great ways to make your company safer. So the first years at Zerocopter I was mostly doing the same thing, and I was also actively involved in creating tools and workflows to help clients to set up CVD policies as painless as possible, both to the company but also to the reporters. I kept on doing this even when I was promoted to CEO, but my time spent on the fun things was pressured in those years. So now we found a brilliant CEO CEO ;) and I can go back to the technical part of things as well as promoting the community more than ever.
What ( book/podcast/interviews/tools) would you recommend to someone (new) in this industry?
Difficult, as there are so many fields in which you can become an excellent hacker. I would go for some python books, so you can learn how to write your own tools, follow Darknet Diaries for cool hacking stories, go to the events in your area where you can meet other hackers, and go to thrift stores to buy old hardware and learn how to hack those without spending money. Jilles has excellent videos on what you need, and how you can succeed, for less than $20.
For those who don’t know, you were actively involved in creating the “Responsible Disclosure policy” in the Netherlands. Can you tell us more about how RD started and about the process of its creation?
The problem was that in the early days when you found an issue at a vendor and wanted to tell them about it, there were chances that they would accuse you of hacking. To show the actual issue, sometimes you had to go further than you actually wanted to prove your point. So there was no protection for people trying to help the world get better, also because it mostly concerned our own data. Luckily, the Dutch government saw this and together with the NCSC created the first Responsible Disclosure Guideline in 2013. If a hacker reported something to a party, didn’t share it with the press, didn’t download too much etc, so basically adhered to some ethical rules, then they couldn’t get prosecuted. Big win! In 2018 they renewed the guideline to the current CVD guideline, and even put my head in the document.
What would you say is the biggest challenge within the domain of security nowadays?
Well, let’s say for now that software becomes more secure through a lot of Bug Bounties, Pen tests and CVD. Then the next issue will be configurations and interaction. What I mean by that is that despite how secure the software is, it still has to be connected to other software. And those connections are easily done wrong, and thus creating security problems. Next to this, current issues are found in your supply chain. The weakest link is the one threatening your security. And all this next to humans……
What is your favourite stereotype about the hacking industry and why?
Do you mean the hoody? The one in every hacker picture? ;) The beautiful thing about the hacking community is that there are no stereotypes. No one cares on how you look, what you wear, what colour your skin is, or what your background is. They care about your brain. Your interest in puzzles. Your weird mind that sees patterns that are wrong, or that wants to show that something is flawed, no matter what is the device or software. Or even in food ;)
What is, from your perspective, the future of cybersecurity?
Hackers will rule the world. That’s a given. Let’s hope it’s the ethical ones who will be in the lead.
If you could give one piece of advice regarding security, what would it be?
Think. Deduct. Logic. And if you have kids, don’t try to shield or block them from trying. Just teach them to think ethically. Then whatever they do, they’ll do the right thing.
We hope you liked this special edition of our blog series and you enjoyed getting to know Edwin a bit better!