Meet a Qubist
Marco - Pro Hacker
Role: Security engineer
A year ago I moved here from Italy. I think I’m integrating just fine: I love kroketten! I have a passion for hacking and IT, sports, video- and boardgames. Also, I’ve dedicated two years of my life to judo. But here in the Netherlands I changed to skating on a longboard.
What do you do at Quby?
We take care of every aspect of security and safety at the company. Most is IT security, which means we keep our IT assets safe from threats. ‘Threats’ are roughly categorised as either external (malicious attacks) or internal (risks caused by employees). Then the other aspect is safety, which overlaps with facility management and concerns safety in the building.
How did you end up in the NL, and at Quby?
I wanted to go abroad to have new experiences and a better socio-economic environment, and Amsterdam was just a really good fit. When I had the first interview at Quby, I was really impressed. They gave me the tour through the office, and you could see a lot of information just hanging on the walls. There was a high level of transparency – which is very different to what I was used in my previous jobs. People seemed relaxed and I could tell there is a healthy balance between work life and personal life.
How do you make sure Qubists ánd our end-users are secure?
Most of the work is related to the cloud, where our data is stored. To put it in simple terms, we protect the cloud from evil. In more complex terms, we have a collection of tech controls that is prioritised by risk, granting the biggest risks the highest possible protection. Prevention is the other facet – we scan and try to hack our own systems to make sure they are not exposed to vulnerabilities.
Currently, Quby is getting ISO certificated. This demonstrates to our corporate clients that even though we are a small company, our security procedures are top notch.
What is the most fun about your job?
The most fun is interacting with my colleagues. It’s a young company and there’s always a chance to joke or talk with my amazing colleagues. I really value these interactions. I never go to work against my will, I’m always happy to go.
In terms of hard skills: since we are a small security team, there’s a multitude of areas to work on, so I can practice and maintain my skills. My job also involves a bit of hacking and testing, which is always cool. If you succeed in hacking, it’s satisfying, but even more so if you also find a solution.
"By embracing the the hacker’s point of view
you are more aware of the vulnerabilities”
What cool things have you worked on?
Well, one thing I’m proud of is how we got the board on board with security. In the beginning of the year security was unknown and taken for granted a bit. So we took a step back and explained everything. To see the results, the board paying attention and offering help, is a big achievement. It’s always difficult to bring tech and management together, and we’re succeeding.
We organised a Capture the Flag event where people try hacking, so they understand how easy it is to harm or exploit a system. By embracing the the hacker’s point of view, you are more aware of the vulnerabilities. Last year we did something similar with one of Quby’s teams and what they found was remarkable. You can tell Qubists have the right mindset for these events.
I used to leave my laptop unlocked a lot and you pranked me! Can you tell us about how you communicate security risks in the office?
Hahaha. Locking your laptop is very important. Our goal is not to create paranoia but awareness. Pranking is a good way to do that – people get a little upset but they also get the fun of it. It’s a much more constructive approach than following procedures and escalating.
So… is Quby secure?
There hasn’t been a big breach yet. We’re proud of that. We only had one incident, which was mostly privacy related and affected only a small amount of people. I was happy to see we could respond quickly and in an accurate manner.
Final question - what advice do you give to new Qubists?
Understand the concept of ownership. It’s a very flat company, you really have a good opportunity to make a contribution, even besides from your technical area. I joined the works council as a way to contribute outside the security domain. Be proactive and don’t wait for someone to tell you what to do. You have the opportunity to promote the changes you want to see in this company.
A special thanks to Marco for sharing about his hacker life. Stay tuned for another ‘Meet a Qubist’ soon!