Samandeep Singh
Samandeep Singh

In an era where data breaches and cyber attacks pose an alarming threat to business, having an expert with an "offensive" mentality should be first on your list of 'to-do's.' But fear not. Combined with knowledge and innovative techniques, Samandeep Singh is here to help defend organizations while anticipating and neutralizing potential threats like never before. We touched base with Singh from his home in Finland to find out more.

In today's era, the requirement to be alert to data breaches and the escalating trend of complex cyber-attacks have risen to the highest concern for organizations across all sectors - a topic of excessive scrutiny.

Not only do they jeopardize a business's sensitive information, but they also threaten financial stability, disrupt operations, and cause reputational damage, things once positively engraved in its foundational stone.

So far, the evolving landscape in these fields of fraud demonstrates consistent upward trends, growing year-on-year, with experts tutting over a staggering 20% surge in data breaches from 2022 to 2023. To hone in deeper, research also indicates that over 353 million individuals experienced data compromises in the same year, encompassing subjects like leakage and exposure.

With international spending transactions amounting to $188 billion in 2023, cybersecurity seems likely to become more lucrative as organizations invest more than ever. A value expected to rise to a staggering $215 billion in 2024. But even as gradual awareness slowly spreads, why do hackers always seem to stay ahead of the game?

From evolving ransomware attacks to humanity's post-pandemic urge to store corporate data in "the cloud" or a switch to targeting smaller, vulnerable vendors, multiple answers point to companies falling victim to the risks, all thanks to a certain amount of unawareness in the detail.

Yet, from a hacker's point of view, side doors, if left ajar, can always be opened if not combed through with a fine brush.

"In a large-scale bank, for example," explains cyber security expert Samandeep Singh, "naturally as the variety of applications increases, so does the code base, with multiple people working on it. This gives room for errors in the code, so there is almost always a possibility that a vulnerability gets introduced in the application, which could lead to something."

He continues, "For example, one vulnerability I've seen is that if I send you -$1,000 or -$500 through my account - you won't receive anything. Because it was -$1,000, I will, in fact, be the recipient of that sum. Today, banks know this can happen, so they have multiple layers of security checks (both automated and manual) in place to potentially prevent this."

Amid these growing threats, another layer of security suggests seeking help from individual experts. Working as a "one-man army," Samandeep Singh is trained to test and implement applications and find vulnerabilities before hackers do.

His devotion to a proactive, offensive strategy, which captures more of a mindset approach to shielding business data, makes Singh an essential figure in the industry.

As a security professional "with over a decade of experience in security consulting, security research, and training," Singh's innovative approach differs from traditional defensive strategies, focusing solely on protecting vulnerable systems from attacks.

Why? Because Singh, based near Helsinki, thinks like a 'hacker,' identifying and exploiting weaknesses to test and strengthen overall security defenses.

"We don't think from the defender side of things; we look at the attack, which means that we approach the application or the code with the mindset that we need to find vulnerabilities, exploit those vulnerabilities, and bypass any protections that these applications might have," explains Singh.

An experience lived in real-time when embracing the online world for the first time.

"My curiosity for 'opening doors' started in high school when I tried to unearth how to access free internet," he explains. "This soon transpired on my university website when I struggled to contact one of the developers to report the vulnerability. Fast forward, and one of the developers visited me at the university to understand the vulnerability, how to fix it, and how to approach the security of this website."

One graduation and a few freelance start-ups later; the rest was history.

"Cybersecurity has gained more importance due to the nature of our data and our online presence, and because we probably have no control over it, what is threatened is our privacy," says Singh.

By staying one step ahead of cybercriminals, his offensive tactics provide customized solutions tailored to specific organizational contexts, leaving leaders with solid business recommendations and assessments that align with company goals and regulations.

"We dig deep," he adds. "We try to understand the application and ask the customers for access so that we know how the application is working. We review the code manually, focusing on the technical as well as the business logic vulnerabilities respective to the application in scope."

However, one thing is for sure regarding the overall process. No matter what sector businesses are in, the key to success is multiple layers of security, including training and educating developers and users alike.

Something Samandeep Singh holds close to his heart.

Besides his expertise in cyber security, Singh is also a co-organizer for BSides Singapore. The yearly nonprofit security conference for 'the security community by the security community' offers like-minded researchers the stage to present their journey, findings, or new topics or things they have learned.

"It's a time where everybody can come together, hang out, meet people in the same industry and network- even potentially hire new colleagues,' he excitedly explains. "They could even find students who could participate in the internship program or summer traineeship program."

"It's a fun event."

With another round starting on September 20, 2024, Singh vocalizes his excitement for the talks, training, and hands-on technical free workshops. Still, one thing he and his comrades are most looking forward to in this year's BSides Singapore event is "Carrier Village."

"This is where diverse experienced people in the industry will come together to support newcomers by offering mentorship opportunities and help them with their CVs, jobs, and how they improve their interview process, as well as communication," he concludes.

From here, the idea is to continue fostering a cyber-security-conscious culture where businesses, small vendors, or large organizations can eventually reduce the risk of breaches caused by human error and eliminate any further signs of hackers' presence.

With Samandeep Singh's expertise, relax as your cyber security posture strengthens as it protects data and faithfully fulfills your customers' and stakeholders' promises of loyalty.

For more information, visit his website at https://samanl33t.com/. Or sign up for the next networking event here.