If he only knew. She gave the guard a little wave and forced herself to stroll nonchalantly into the cold.
Two hours after her little show for the Westgate guard, Valerie popped a few Skittles in her mouth and checked the time. Not-really-birthday-boy Brian was late logging into his computer. If she and Jay could crack Westgate, maybe her boss would finally let her work in the field with one of the covert ops teams.
The terrorist hunters—mostly buff, stoic, former military guys oozing swagger—often took along a computer specialist to monitor and control the target’s computer systems and perimeter alarms, allowing Aggressor International’s “wet work” guys to sneak up on the terrorists. Valerie had volunteered, but Duncan Hollowell had shut her down.
Something about fraternization. Because the big, strong, soldier types always went for the quiet nerdy girl, right?
She snorted.
Valerie wanted to kick terrorist butt too, even if her methods didn’t involve guns. She was one of Aggressor’s best white hat hackers. Duncan had no good reason for denying her beyond the fact that she didn’t have the literal balls.
Even the military had gotten over it.
Sexist.
On the desktop, her cell phone buzzed. Kevin Xu’s name lit up the display.
She sat up and swallowed her mouthful of fruity candy. Kev had been head of IT at Aggressor until a few months ago, and they’d kept in touch after he passed the bar and became a technical patent attorney at Bidwell, Muñoz & Christie, a law firm in Crystal City.
“Can I come back?” he asked after they went through the standard greetings, almost sounding serious.
She laughed. “What happened?”
“Our system administrator is a joke. We got hacked last night, and he easily could have prevented it.”
“How’d they get in?”
“SQL injection. We were running an out-of-date version of the mail server that had a known exploit.” He sighed. “Jesus, there’s so much potential for damage. To our clients, our cases, and God knows what else. Bidwell seems extra nervous.”
Kevin was right. The admin should have found the problem on his own, and the timing was even more unlucky considering Valerie had found that exact vulnerability in their systems a few weeks ago, along with several others.
“Why do people bother to hire Aggressor if they aren’t going to do anything with the info we give them?” she asked on a sigh.
There was a long pause. “What do you mean?”
She frowned. “BMC hired us to do a pen test. Duncan sent the results and recommendations last month.”
“Huh. I didn’t hear anything about it,” he said with irritation. “Then again, I’m not a partner, so I’m not privy to everything.”
“I’m also guessing the admin didn’t want to let the entire firm know how incompetent he was. Even more so considering he failed to patch the holes.”
“You want a job?” Kevin asked. “I’m thinking we’ll have an opening soon.”
“Ha, not in a million years.”
They chatted for a few more minutes, and then she got back to work on Westgate. But she couldn’t help wondering how many of the clients she hacked didn’t follow her recommendations to protect themselves. It wasn’t often she got a glimpse beyond sending the report.
The thought popped up again at home that evening when she was hanging out in a chat room where white hat hackers—probably some black hats too, who were sometimes the same people—and network administrators discussed tools, let each other know about vulnerabilities and how to fix them, and talked about the computer security industry.
A post from P1ut0 caught her eye. She shifted on her comfy couch, its worn microfiber catching at her sweatpants, while Santigold played through her headphones.
Her apartment wasn’t huge, or especially new. The kitchen was the size of a hamster cage, and the living room sofa had to double as her office, but for one person it was fine.
“Did you see that Parker + Fuchs got p0wned?” P1ut0 asked, talking about the giant personal products corporation based in Cleveland.
P + F was another Aggressor client from more than a year ago. They’d actually been pretty full of holes. A simple scan had identified several known, easy-to-fix issues within their system.
But even if they’d taken her advice, that didn’t mean new vulnerabilities hadn’t cropped up. Something as simple as a software or hardware update might bring defects that black hats could use to force their way in. Once someone identified the bug, any company using the affected system became an easy target until it was patched.
