Back to Alumni News

Cyberattacks – the cost of doing business: Ning Wang

In the latest in our Alumni Voices video series, Ning Wang, CEO of Offensive Security, discusses the evolution of cyber threats, vulnerabilities, and mitigating risk.

For those who prefer to read, below is a transcript of the video.

My name is Ning Wang. I'm CEO of Offensive Security, which is a cybersecurity training and certifications company. I worked at McKinsey many years ago in the L.A. office.

Takeaways from McKinsey

I have learned a lot from McKinsey, and I always tell people I cannot believe how much I benefited from the years of working at McKinsey. I think two things that were really important to me that I learned from McKinsey. One is that it really taught me how to think strategically. You know, being a consultant, working on strategy, M&A, I learned a lot of those. Then secondly is that something I learned before McKinsey but it was in the scientific setting, which is problem-solving. In business, we are solving problems. It could be a marketing problem, sales problem, operational problem. McKinsey is really big on teaching you how to do hypothesis-driven 80/20 approach to do problem-solving and is becoming a second nature. And I use that all the time.

Moving into cybersecurity

I worked with a really good mentor and friend, and at the end of our work together, we were trying to figure out what to do next. At the time, I really wanted to do something that's meaningful, not just as a career, but having impact in the world, in the community. I picked two areas of interest for me. One is fintech, the other one is cybersecurity. And then a cybersecurity opportunity came up, and that is HackerOne. He was a CEO, still is the CEO. And I followed him. And then we were at HackerOne for three years together. I was there for three years as CFO and COO, and that was my first entry into cybersecurity.

The evolution of cyber threats

In the last five years, there is significant increase in digitization in the workplace. And also in the last two, three years, because of pandemic, the remote work is so much more prevalent. What that means is attack surfaces are so much bigger. There's more systems, more devices, and more end point for the, I call the “black hackers”, the bad guys to attack. So in terms of the type of vulnerabilities, it hasn't changed that much. But in terms of volume, there's a significant increase. But in terms of the nature, in terms of what has been happening, that hasn't changed that much, you know, they exploit the human weakness and through phishing or social engineering, and through that they escalate their privilege, and they get their payload into the sensitive area and then take either the data or take control over the system. So the type of things that you see hasn't changed that much, but the volume has changed, and the attack surface is much bigger now.

Mitigating risk

You know, with the way we live and the way we work, so much of our days or our lives are filled with digital technologies. It's no longer just the phones, it’s also the basic infrastructure. So I'm sure people heard about the Colonial Pipeline. That's our basic everyday living infrastructure. So what happens is that the way to settle, the way to solve cybersecurity problem is to make sure you design systems with security in mind. But the fact is, we're living with so much technology in everyday life and everyday work. And those systems are old, and it's not possible to replace all of them. So there will be vulnerabilities in our systems that if, however, we are mindful, we are intentional, that we actually think cybersecurity is important, we can do some of the mitigation of all these key infrastructure, key systems, key networks that will help that will help improve the overall security of our society.

Related materials

Perspectives on mental resilience from a former monk: Kamal Sarma

– In our Alumni Voices video series, Kamal discusses mental resilience, mindfulness, and how we can build resilience at work.

Careers, comedy and other funny business: Anish Shah

– In the second of our new video series, corporate comedian and consultant Anish Shah discusses his career journey, the intersection... of comedy and consulting, and more.