Mark Bergman, Application Security Wizard
Where it all began
When mobile phones made their introduction, it became a teenage sport to dial friends anonymously, have it ring a few times and hang up (as no one had money for actual conversations). I got annoyed with this game and invented a hack for this: I used my dad's Intel 286 with QBasic to write a tool that could dial a number anonymously every N minutes for X hours or days in a row. It was fun building it, but I ended up never using it other than on my testing phone.
When I was close to finishing my secondary school, I wanted to get my hands dirty instead of working my way through University. I applied for a unique internal education at ING bank. I was the youngest applicant, but got hired.
Where it went to from there
Starting coding COBOL85 at the ING mainframes at the age of 16 I swiftly learned several programming languages and querying formats. After aiding in compiling the first TCP/IP stack on the ING test mainframe I decided to dive into WinNT development and before I knew it I was digging in the concepts of classic memory overflows and how they can be abused to gain access or more rights.
After my adventure at ING, I spent 4 years at KPMG. In 2016 I co-founded Outflank. Together with 3 former KPMG colleagues we decided to combine our skills to do even cooler security projects and be able to help our customers as our combined experience adds up to over 40 years of highly specialized expertise and a wide variety of knowledge. We now perform advanced attack simulations where we mimic a real hacker threat and purposely trigger alarm mechanisms in order to give organizations the field training on security they often need so much.
My coolest project ever
I love going where others don't go, from DIY to car restauration and sports, but also in security. The most thrilling project was a more recent attack simulation where my goal was to keep the command & control infrastructure running, refreshing and anonymized while the customers blue team was blocking IP's and profiling our communications. Developing against a cloud providers API, I was able to keep an attacker infrastructure growing at a rate of 40 NEW systems in approximately 60 seconds. Hacking together own tools and scripts in order to keep ahead of everything!