Dustin Heywood, also known by his online handle EvilMog, began hacking into computer networks as a teenager in the mid-1990s. Now the 36-year-old is using his hacking skills for good as a penetration tester for IBM’s X-Force Red offensive security team, uncovering flaws and vulnerabilities in computer systems to make them stronger.
When did you first get into computers?
It was funny. I had terrible handwriting in school so I had to fight for access to a typewriter at the age of 7 or 8. Then I moved on to an electronic typewriter at about 10. I was typing 50 words a minute by the age of 10 or 12. I had to bring typewriters into tests and then I eventually got a laptop. Batteries back then didn’t work well, so you had to plug them in everywhere you went.
What did it feel like to be the only child in the classroom lugging around this typewriter or laptop?
Back then, you got teased a little bit. Back in the eighties and nineties, computers weren’t really cool. In fact, even when I graduated high school, computers weren’t seen as the “in” thing. You were viewed as the dork, which is interesting now how computers and technology are all of a sudden the cool “in” thing.
At what point did you realize you could turn this interest into a career?
I didn’t get into professional IT until my mid-20s just because there wasn’t really a career path to go straight into that field. I wound up doing general manual labour jobs in my early 20s until I dislocated my shoulder packing potato chips in a plant in Airdrie, Alta. I wound up taking a six-month course at SAIT [the Southern Alberta Institute of Technology]. The course was a network technician fast-track program, which basically taught you networking, systems administration and Linux. When I went to the classes, I found out I actually already had a lot of these skills.
In your view, what is a hacker?
When people traditionally think of a hacker, they think of criminals, cybercrooks etc. But that’s actually a bit of a misnomer. Hacking originated back in the sixties. The modern usage of the term is someone who creatively applies the programming knowledge or their knowledge of a system to extend it in a way that it was never intended, which is why the term gets used in things like growth hacker, biohacker, computer hacker etc.
Your early career in IT ended up taking you to Afghanistan.
I did two back-to-back tours in Afghanistan working for an IT contractor. Basically, my job was allowing soldiers to call their families back home, do video teleconferences and watch TV to make their life bearable on base. I actually had to rely on a lot of these hacker-like skills to make things do what they were never intended to do. No one ever intended to have TV streamed over satellite, over an IP network and into a remote base in Afghanistan.
In 2015, your handle, EvilMog, was outed by a university professor writing about your work in password recovery. How did that feel?
It was actually very liberating. The previous company I worked for didn’t like me doing anything external. For years, I was doing really cool research, but I couldn’t ever talk about it and that was really frustrating to me. But at X-Force Red, they let me go to conferences and let me talk about the research that we’re doing. So it’s been a very different cultural change coming here, being in the public and doing talks.
It’s funny that your handle has the word “evil” in it because you’re now hacking for good.
My mission is to make companies safer, but you have to put your head inside that evil aspect and think way differently than a normal person would. I'm always looking at what new functionality I can exploit. It’s why I like using EvilMog as a persona because it helps me get in that mindset.
What role do hacking contests play in your work?
We actually recruit from places like the Collegiate Cyber Defense Competition, where students have to go defend a network against industry attackers. Or the Collegiate Penetration Testing Competition, where students have to go attack an environment and we look at how they operate. I even volunteer at one, a southeast regional down in Atlanta, just because I like stretching students to their limit and seeing how they operate under fatigue. It really shows the true character of a person. It’s actually really cool.
It's almost like you're like a football scout watching a game and picking out the players you might want for your own team.
That’s exactly what it is. A lot of people we’ve recruited through these channels are actually now at X-Force Red as early professionals that we’re training up to be the next generation. It’s actually one of the most critical things that we do.
Stay ahead in your career. We have a weekly Careers newsletter to give you guidance and tips on career management, leadership, business education and more. Sign up today.