By Dave DeFusco
Employers in the internet era have had to become more creative in finding people to guard the digital gates to their computer systems unwittingly left open, exposing precious company data. This has created the need for a whole new class of virtual sleuths, called penetration testers, to simulate attacks on their systems to find and fix vulnerabilities that could be exploited by a real attacker.
One of them is Kevin Suckiel, who recently was awarded a master’s degree in cybersecurity from the Katz School of Science and Health. He recently landed a prized job at the prestigious Big Four consulting firm Ernst and Young that has him donning the blackest of hats to crack the networks of his company’s clients.
Also in the News: Fortune Magazine ranks the online master's degree in cybersecurity second in the nation, putting Yeshiva University in good company with the University of California, Berkeley, and Johns Hopkins University.
“It’s a lot of fun,” said Kevin, who also holds a variety of industry certifications such as offensive security certified professional, certified ethical hacker and web application penetration tester. “It’s technical stuff and I like doing it.”
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system. The test is performed to identify weaknesses, or vulnerabilities, including the potential for unauthorized parties to gain access to a system’s features and data. It’s also conducted to determine a system’s strengths, which combined with the audit of the system’s weaknesses, would enable a company to complete a full risk assessment.
“[Katz Professor] David Schwed said pick something you want to do and be good at it,” said Kevin. “I knew I wanted to be good at penetration testing, so that’s all I focused on. I set up a lab at home and practiced for hours, day in and day out, using online resources. I didn’t stop. I was very hungry.”
Effective penetration testers are like professional athletes. They have to be determined and relentless, as well as curious, must practice continuously and then execute effectively. “A lot of times you’re going to fail,” said Kevin. “Servers and systems are all configured differently. You have to understand what’s going on behind that log-in screen and you have to interpret the error response.”
He said the in-person cybersecurity master’s program (Katz also offers an online master’s degree in cybersecurity) gave him a good theoretical grounding and that the professors were accessible and encouraging. “The professors at Katz are incredible at what they do—very talented,” said Kevin, “and the curriculum provided a solid foundation.”
For example, the program offers an elective course on Cybercrime, Cyberwar and Threat Actors, which examines the profiles of hackers, members of organized crime, and nation-states that conduct espionage. The discussion revolves around what fraudsters are after—money, information or intelligence—who the potential targets are and how they’re going to execute their schemes.
Students in the 30-credit program get hands-on experience with threat mitigation, detection and defense. When they graduate, they have access to jobs at the biggest companies in the heart of New York City, a global hub for cybersecurity.
As part of an extracurricular project, Kevin recently led the Cymple Bits Security team to a first-place victory in the ISACA Cybersecurity Case Study Competition for the second year in a row. The competition, which this year awarded $21,000 in scholarships, is open to students at U.S.-based universities, colleges and high schools, regardless of their majors or degrees. Katz’s Cymple Bits Security was one of 17 teams from seven educational institutions assigned to tackle the same case study.
For Kevin, the competition was a double win. In addition to leading the first-place team, he received ISACA’s academic award for 2022 Outstanding Student Contributor. “From a professional perspective, the competition helped me tremendously,” he said. “It gave me and my other team members a chance to think beyond the four walls of our classroom and strengthen our collaborative skills.”
Before he enrolled at the Katz School, Kevin was a New York City police officer and a member of the NYPD’s anti-terrorism unit, where he was responsible for conducting counterterrorism initiatives within the New York City transit system, including undercover operations and physical security assessments using various technologies. He said that experience prepared him for the master’s program at Katz and to become a penetration tester.
“As a police officer, you look at situations through the lens of an adversary,” said Kevin. “That mindset branches over into cybersecurity. Threat intelligence is thinking like an adversary. Knowing how an adversary thinks is still really important, only now I’m on the electronic beat sitting behind a computer.”