Chesley Moodley is an Information Security Consultant at VikingCloud with 15 years of experience in IT and cybersecurity. He is part of VikingCloud's Cyber Threat Unit, the company's elite team of ethical hackers, working with clients based in Europe, the Middle East, and Africa (EMEA). Chesley performs offensive security services, including penetration testing, and is also focused on VikingCloud's global go-to-market cybersecurity strategies and services, addressing new ways to improve and expand customer solutions.
Chesley has worked with some of the largest organizations in the world, assisting them with numerous technology disciplines and a broad spectrum of services, including designing and building entire security operation centers. Over the years, he has earned numerous certifications, including Certified Ethical Hacking, Certified Red Teaming Professional, GRC (governance, risk, and compliance), Qualys, FortiGate NSE, and is a member of the ISC2 organization.
Chesley frequently also engages with online course providers to lend his experience to educate students worldwide who are looking to advance their careers in the cybersecurity sector - providing him with a way to give back to the industry and help motivate and educate a new generation of cybersecurity talent.
Chesley also contributes his expertise to the VikingCloud Blog and delivers technical talks to local Managed Service Providers in South Africa.
Interview with Chesley
Q: What's your favorite security vulnerability and why?
A: My favorite vulnerability is a logic bomb (time bomb). One version of it is to distract defensive monitoring mechanisms while an attacker makes an escape from a breached network. An example is where you may receive a compressed (Zip,7zip, Winzip) file either delivered via email, USB, or just sitting on a computer desktop with a relatively small size - so it seems. Once it's unzipped, a program inside triggers a massive series of uncompressing, landing a file that can eat up a standard 500GB hard drive and crash the entire computer. This vulnerability was big in the 80s and 90s when it was a problem for many. We don't see as much of it anymore, but it's still cool.
Going forward, anything to do with Microsoft Active Directory, Log4jshell, and Proxylogon is also exciting.
Q: What is the primary cause of breaches that you see most often? Do you have any relatable stories you can share?
A: There is a systemic problem I've seen, which is a lack of support from leadership. This is ultimately a culture and awareness habit. It starts from the executive level, demands for a zero-password reset, removal of USB blocking, and other breaks in policies for convenience. This snowball effect begins to grow within an organization, relaxing regulations within leadership. Eventually making support of stricter environments harder to maintain.
Technically speaking, breaches often happen because of poor administration of configuration. Not all hacks are what we learn about in our certifications or the cool things we do in proof-of-concept. Don't trust what something is meant to do out of the box, but what it actually is. During our offensive engagements, we've found default administrator credentials on internal web servers and no lockout policies on external web applications exposed to the Clearnet (www). We come across these quite often.
Q: If you could give one piece of advice to our customers, what would it be?
A: The movies and television scenes where a person hacks into something within a minute — are false. It's funny how you see these things on-screen and think, let's break through this 256-bit encryption in seconds. Hacking takes time and involves a lot of failures. But with anything, persistence is key.
Nothing is 100% secure. Weekly we hear of credible facilities and companies experiencing breaches. Check your work, audit administrations, engineers, and architects - internally too. Cybersecurity is for everyone, and anyone so make sure you plan for when a breach occurs - from the custodian with a key card who practices physical access to the credit card provider that masks customer data.
People have the best intentions to build and manage defensible business systems, but you should always maintain a healthy skepticism and assume that nothing is ever too secure and risk-free. Offensive services like Red Teaming and Penetration testing are the best, proven way to close risk gaps and learn more about the technical components you work with every day.
Chesley's IT and cybersecurity background and knowledge make him a powerful asset to the VikingCloud team. His strong dedication to providing his expertise to the cybersecurity community and to VikingCloud is admirable, and we are proud to have him on our team.
Learn more about Chesley on LinkedIn: https://www.linkedin.com/in/chesley-moodley/
