When Sherri Davidoff began her career in cyberspace, the word “cybersecurity” didn’t exist.
Now she’s a professional hacker, and works with businesses to ensure their systems are secure.
Davidoff is the CEO of LMG Security, a cybersecurity consulting and training company in downtown Missoula. Now almost 10 years old, LMG has helped thousands of businesses across the country protect their data, including banks, hospitals, government agencies and manufacturing companies.
LMG helps prevent breaches by hacking into clients’ businesses, administering risk assessments and finding vulnerabilities in the system.
Recently, NBC’s Today Show aired a segment about the women-owned business.
“In a nutshell, we break into companies and we write reports about it,” Davidoff said. “If a company gets hacked, we come in, we clean them up, we handle the investigation, and we really try to get to the root of the issue to make sure it doesn’t happen again.”
She never imagined hacking for the good guys would be her passion – until she landed a part-time cyber-job during college.
“I remember seeing an ad in college for people who wanted to stay up late and eat pizza, and I was like, that’s me, I like to stay up late and I eat pizza. I checked both of those boxes,” she said.
“That turned out to be an amazing thing, because I ended up handling, what would later be called cybersecurity incidents for [Massachusetts Institute of Technology], and eventually I became the primary incident handler for MIT’s network,” Davidoff said.
Initially, her tasks involved monitoring the network and looking for viruses. But over the years, hackers and their attempts to obtain personal information have evolved with technology.
“I always just considered it this part-time job. I never thought I would do one thing forever, but cybersecurity is so diverse and the problems are so complex,” she said.
Every day provides a new set of challenges that Davidoff and her staff of 30 specialists must resolve.
On a wall in the office, a cluster of notification letters from large companies like Target and Equifax are framed. It shows a history of major national and international data breaches – and how businesses have changed in response to laws and consumer expectations.
LMG offers training for business owners and their employees focused on password creation and protection from phishing attempts, or tricking a computer user into revealing information or clicking on a link in an email.
“Every business is different,” she said. “Imagine you were living in the early days of the construction industry before they had 2-by-4s, before they had standardized sizes of lumber or before they had building inspections.
“That’s where we are with IT right now, so when we go into a business, we really have to help them develop a custom security program that fits with the equipment and vendors that they have in place. Cybersecurity is not one size fits all.”
Hacking is a professional industry, so assistance by cybersecurity specialists is necessary when something goes wrong.
“It’s organized, it’s a business,” Davidoff said. “There are cyber-criminal enterprises around the world and organized crime groups have turned to cybercrime. That’s why it’s such a challenge, because all of the small businesses that we have in our community, they’re under attack by professionals around the world – well-funded professionals.”
One of the ways she learned how to hack was through an early job with a consulting company, breaking into business buildings in order to find possible weaknesses in infrastructure. This information would be relayed to business owners who could then solve the issue.
“It was an eye-opening experience, but it makes you understand how easy it is to break into things. I’ve never looked at physical security the same way. It only takes 30 seconds for you to lose your laptop and then it’s gone,” Davidoff said.
In an industry that deals with hackers and criminals, it always helps to have a little fun. Life-size cardboard cutouts of Disney characters and Elvis Presley are scattered around the LMG office and a PacMan arcade machine blinks and flashes downstairs.
“It’s good to have a sense of humor,” Davidoff said.
But LMG specialists take security seriously.
Davidoff’s new book about data breaches will be on shelves this spring, and she’s written a textbook on analyzing network-based evidence in order to investigate breaches.
As information technology advances, hacking will take a new role, especially as home systems hooking up to the grid, she said.
“As your building lighting systems get wired to the internet, as your access control systems get wired to the internet, your coffee pots, your cars, your heating and ventilation systems, all of those are things that an attacker can take over and hold for ransom,” she said. “The question is, how do we defend against that?”
LMG will continue to serve companies that rely on secure networks, and that can only happen with the help of experts.
“This is where I think we have to be very proactive to take cybersecurity seriously,” Davidoff said. “Again, these are professionals, they’re criminals. Once you start wiring things up, if you’re not thinking about reducing risk and closing vulnerabilities, somebody is going to think about those vulnerabilities. If you’re not fixing them, someone is going to take advantage of them.”