IT Life: Fighting Phishing For A Living

Ethical hacker Aaron Higbee now runs the technology at phishing awareness firm PhishMe

Aaron Higbee is chief technology officer of PhishMe, the company that aims to combat spear phishing, by training the staff to recognise the warning signs of an email which is trying to trick you into revealing your credentials.

He’s been in the industry for sixteen years, as an ethical hacker, helping firms to shore up their security and deal with what is all so often the weakest link… their wayward users.


What has been your favourite project so far?
When I used to do security assessment work, my favorite projects involved tests for products that were not launched. There was a rush finding critical flaws that had the potential to cripple a budding product and there was satisfaction knowing my work helped protect the work and dreams of the product entrepreneurs.

Hacking Exposed

What technology were you involved with ten years ago?
Ten years ago I was a penetration tester for a company called Foundstone, known for writing the Hacking Exposed books. While there I also enjoyed teaching their Ultimate Hacking class.

What tech do you expect to be using in ten years’ time?
This is so hard to predict. I’m a petrol head. I hope to be driving a performance electric car. Not because I’m a green fanatic, but because the performance will have surpassed what burning hydrocarbons can do.

Nikola_TeslaWho’s your tech hero?
Nikola Tesla of course.

key_makes_dotcom_briefing_admission_12Who’s your tech villain?
Jon Postel? I’m kidding. It’s Kim Dotcom. I tend to root for certain ‘villains’. A lot of techies shake their heads in disbelief about what he (Kim Dotcom) has accomplished with simple file swapping. I think it’s remarkable.

What’s your favourite technology ever made? Which do you use most?
If you ask my postal carrier they will tell you that Amazon Prime is both my favorite AND most used technology.

What is your budget outlook going forward? Flat? Growing?
I’m not a good resource for opining on macro trends. I live in the information security bubble where as long as people figure out creative new ways to illicitly adapt and abuse technology the market is forever growing.

Apart from your own, which company do you admire most and why?
On the smaller size: Right now CustomInk impresses me. They built a killer web-based designer and coupled it with great customer service. I have a lot of respect for the platform they built.

On the larger size: Amazon. They disrupt any space they enter and usually do a good job.

Don’t over-hype your pet projects

What’s the greatest challenge for an IT company/department today?
Credibility. The IT department has to balance “must do”, “need to do” and “want to do”. If an IT department over-hypes a “want to do” to prioritise it over a “must do”, senior leadership will eventually figure it out. When your credibility to align IT goals with the business goals is lost, you might as well go elsewhere because your remaining time in that organisation will be miserably spent lobbying for justification of every move.

To Cloud or not to Cloud?
What?!? Someone renamed ‘the internet’ to ‘the cloud’ and didn’t get my approval? I must not have the clout I think I have.

What did you want to be when you were a child?
I had no idea. I was raised in a rigid religious household. What has made me good at information security was skepticism. A natural hacker rejects faith that a system is secure. They must prove it for themselves.

Is the Internet still free? Find out in our censorship quiz!