Corbella: The Calgarian who leads the fight against hackers


Article content

In a mild-mannered way, Dustin Heywood is like The Girl with the Dragon Tattoo. Only, he’s a man and he has a monkey tattoo and one of a cat also. 

Advertisement 2

Article content

Both Heywood and the fictional character Lisbeth Salander, from the crime novel trilogy by the late Swedish author Stieg Larsson, love to ride motorcycles and are tops at hacking into computers for ethical reasons. That’s pretty much where the similarities end.

Heywood, who works for IBM in Calgary and grew up in Airdrie, is described by one of his IBM colleagues as “Calgary’s own global rock-star ethical hacker,” once only known in the hackosphere by his alias, EvilMog. 

Article content

“My wife and I got matching tattoos for our fifth anniversary,” says the 34-year-old from a conference room at IBM’s downtown offices on 11th Avenue S.W.

“She used to call me Monkey in high school, because my hair would grow out of the side and I wouldn’t shave so I’d look like a monkey, and her name is Katrina — Kat,” he adds as he starts unbuttoning his shirt cuffs to expose the large tattoos on his inner forearms. “When brought together, their tails form a heart.”

Advertisement 3

Article content

A graduate of George McDougall High School in Airdrie, Heywood later breezed through SAIT’s network technician fast-track program, that essentially crams two years of study into six months, since Heywood has been working at a high level with computers since the age of 12.

“A strange fact about me is I learned how to fly before I learned how to drive,” laughs Heywood, who was an air cadet and worked as a glider familiarization pilot.

Article content

While working odd IT jobs after graduating from SAIT, Heywood’s reputation as a computer whiz kid with cadet experience, reached the right person and he got a call asking if he would work as a technician for a Calgary-based internet service company running the “morale network” for Canadian soldiers at Kandahar Airfield in Afghanistan, including at forward operating bases, where he stayed from December 2007 to December 2008.

Advertisement 4

Article content

Heywood, whose official identification badge at the base labelled him as a “Network Ninja” — ensured that any time a soldier wanted to call his family back home, or even watch a hockey game, he made it happen.

“I learned a lot over there, thinking on my feet and being a mix between a network ninja and MacGyver,” he says, referring to the TV series character who uses every-day items to make complicated machines in order to get out of sticky situations.

“I’d have some random device here, some random device there and 400 feet of cable with a cut in it, that I’d fix with some tin foil, for example, until Fed Ex could deliver a needed part four days later.

“It was hot, it was sandy, but it was some of the most fun I’ve ever had in my life,” reflects Heywood. “Playing ball hockey with a Tim Hortons iced cappuccino — I actually won a Roll-Up-the-Rim-to-Win hat with the Kandahar green pattern, that’s still on my mantle. It means a lot to me. Making the soldiers smile, after being weeks away from base and missing their families. That was the best.”

Advertisement 5

Article content

Upon his return, Heywood worked in the systems department at ATB — where he often could be seen wearing big bunny slippers — before being scooped up by IBM in April. Now Heywood is “one of IBM’s global leaders for X-Force Red,” the company’s elite security testing team of ethical hackers who help businesses discover their vulnerabilities to cyberattacks.

For years, Heywood was only known online as EvilMog, but his true identity was “outed” in 2015, after a university professor referenced some of Heywood’s password assessment research and revealed his real name and pseudonym as a member of Team Hashcat, which is credited with creating one of the world’s fastest password recovery tools.

Later, he became a senior managing consultant for X-Force Red, which invented Cracken, a new powerful password-cracking rig that shows just how easily even complex passwords can be deciphered, which will be used worldwide to help organizations discover and defend against cyberattacks.

Advertisement 6

Article content

“There are two kinds of companies in the world,” explains Heywood, “those that have been breached and those who have been breached and don’t know it yet. Hacking is a fact of life.” 

Heywood says he’s gone into companies where they crack passwords and find that 300 of the employees are using the same password to the company network that they’re using for LinkedIn.

So, how can we protect ourselves from unethical hackers intent on stealing information for monetary gain?

“Make sure your passwords are never the same over different networks,” says Heywood.

“Treat your passwords like underwear. Don’t share them with anyone and change them often.”

Sounds like a big headache for most of us, but not Heywood. “I’d do this job for fun if I could,” he says, recognizing saying so is not likely the best salary negotiating strategy. “I was looking for a company that was misfit friendly. You look at IBM and you think button-down suits and ties, but the group we work for, they look for the oddballs, they celebrate the diverse.”

Monkey tattoos and all.

Licia Corbella is a Postmedia columnist.

[email protected]

Advertisement 1


Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

Source link

Leave a comment