Walter O’Brien is a well-known name in the world of computer and cyber security. Although he is famous today as the founder and CEO of Scorpion Computer Services and the executive producer of the hit CBS show Scorpion, Walter was well-known far before that. At age 13 he hacked into NASA’s servers that were administered by the NSA simply to obtain the blueprints of a space shuttle to hang on the wall of his bedroom. Today, at age 41, he is the mind behind the “global think tank for hire,” Scorpion Computer Services, Inc.
The Irish security and computer expert has contributed many software and tools to the tech world through his business, Scorpion Computer Services, and his experience in the field is considered invaluable. Below are the transcripts from the interview with Walter O’Brien:
Q: Tell us about the astounding journey of Scorpion Computer Services, Inc.
Walter: Initially, Scorpion Computer Services was limited to my homeland of Ireland. My computer consulting business started getting clients when some financial institutions came to know of my problem-solving skills using computers and started to hire me to implement my work on their systems.
When I later moved to the USA on an EB1-1 Visa, I wasted no time expanding my team to handle services outside the domain of computer systems. That is the reason why Scorpion Computer Services today provides many services such as due diligence, physical security, medical research and compliance management.
Q: How did you come up with the name Scorpion Computer Services?
Walter: I had the nickname ‘Scorpion’ back in school because one time I fought back when I was bullied. It is common for Irish folk to have nicknames related to animals or birds, and since I shared the trait of being deadly when cornered and being loyal to my friends, I earned the name Scorpion. I first logged into the ARPANET using the “handle”, Scorpion. Then, I started my business in the field of computer services using my hacker handle to name my business Scorpion Computer Services.
Q: How did the CBS television show Scorpion become a thing?
Walter: Scorpion Computer Services grew to a point where hiring couldn’t keep up with the demand for services. Concierge Up came up with an ingenious solution to solve the company’s hiring problem: Create a television show based on the real Scorpion Computer Services to capture the attention of the talented young generations that could one day work for our company. People typically “concierge down” tasks—for example ordering flowers or performing something routine. But with Concierge Up you hire people with high IQs to work on complex, mission-critical problems. When Scorpion Computer Services’ business grew, we were faced with the problem of inspiring intelligent people to work with us on such interesting projects. With the television show Scorpion, we hope to inspire people to work with us.
Q: You have been quite influential in the field of application security. What do you think are the most important elements in that field?
Walter: There are many instances when all the scenarios of a program are not thoroughly tested. This means unidentified defects, overlooked while testing, remain in the delivered software. These defects leave the program vulnerable to exploitation by hackers. Examples of untested scenarios include sending badly formed messages to a backend server to crash it or logging being turned off if the configuration file is missing.
Hackers often try numerous unique scenarios to identify exploitable system vulnerabilities. Once found, they may exploit these vulnerabilities at untold costs to the business.
An essential strategy in the field of application security is to ensure that the exploitation of flaws in securing applications leads to consequences for the person or persons in charge and to have some migration integrity. It is often the case that people responsible for costing a company a whole lot of money and reputation remain untouched after an event because the institutions do not know who is ultimately responsible for application security.
As for migration security, you would be surprised by how many companies cannot prove that what was developed is what was requested, and what was tested is what was shipped to production.
Q: How has application security changed over the years?
Walter: First, there is much more awareness of application security now than previously, which is good. However, the fact that people stop at simply talking about application security and do not address the root causes means that the many tools on the market today are not fully utilized by companies. For example, ScenGen, an artificial intelligence engine developed by Scorpion Computer Services, can help identify all the possible scenarios of an application and achieve 100% regression test coverage.
Although companies have Chief Security Officers regularly giving talks about the latest threats in the cyber world and insurance companies keeping pace with the times, companies fail to implement the practices required to thwart attacks by hackers or handle technical issues properly. People are still more comfortable with paying for losses than paying to solve the security issue once and for all because it costs less in one go. Moreover, security firms usually hired today are more focused on providing a certificate of security for the auditor than actually correcting problems found in the infrastructure.
Q: Speaking of Scorpion Computer Service’s and thereby your tools, tell us about WinLocX.
Walter: WinLocX was a system I developed during my time at Sussex University. The system helped to translate software into foreign languages. WinLocx fit in with the time it was created, leading global companies were looking for the software to help them sell their tools and software written in The English language in non-English speaking markets.
Q: What do you think makes someone good at developing secure applications?
Walter: The most important thing in developing secure applications is the experience. Experience gives insight into the field and helps you broaden your perspective to think beyond the horizon. It is invaluable to have someone on your team with enough experience to think like a hacker. He or she approaches the issue in a manner that helps you look at areas normally overlooked. It is also important to develop software with test cases in mind. Test cases should be developed at the beginning, while identifying requirements so the software is designed to support only what will be tested and you know what you have to test your product against. This is approach is more commonly known as Test Driven Development. Designing quality software up front provides far and away more benefits than trying to “test quality after the software has been written. Of course, testing is a critical aspect of the software development life cycle, but the cost of correcting a defect increases rapidly as software goes from inception to delivery.