October is National Cybersecurity Awareness month, but for hackers, every day is spent staying aware of new cybersecurity threats. We were excited to sit down with Matias Brutti, Okta’s senior manager of research and exploitation, whose team spends time hacking to keep Okta’s customers safe from any potential vulnerabilities.
Read on to see how they do it, and how Matias’ passion for hacking started with “numbers soup”.
When did you join us and why did you choose to work at Okta?
I joined Okta four and a half years ago as our first technical security hire. When I learned about Okta, I was excited for two reasons. From a business perspective, what Okta was doing made sense-- it’s an elegant solution to a very real problem. At the same time, I liked the challenge I was being presented with. Okta was going to provide the keys to the kingdom and I needed to make sure it was secure. I knew there was a lot at stake and it wouldn’t be an easy job. if that was not enough, start from scratch and build my own awesome team of hackers was exciting.
Tell me about your role here.
I’m responsible for Research & Exploitation or all of the offensive security at Okta--we provide code reviews, penetration tests, red teaming, design reviews, vulnerability management, Security Automation and last but not least, Security Research. In short, my team hacks Okta any way they can, all the time. I strongly believe, my role is to make sure that we identify vulnerabilities before a bad actor finds them, so identifying risk at any given stage is key to what we do. We also do the technical vendor reviews to make sure the technologies we’re using are safe. So when we’re not securing Okta directly, we’re testing products we use at Okta.
In addition to offensive security, because we quickly get bored on repetitive tasks, we try to scale by automating as much as we can and build an infrastructure to support such efforts in a secure way.
Lastly, the most fun part of our job is research, where we dig into whatever problems interest us allowing us to responsibly disclose them, write about them and even share our findings at conferences.
What does an average day look like?
I wake up early and spend time with my wife and two kids. Then, I’ll dive into reading curated news and blog posts to see if there is anything-- research, new vulnerabilities, attacks, actors-- that we need to be aware of. In our field, it is very important to know the latest and greatest in security. If I do see something, I either test it myself and/or I assign it to my team to ensure that Okta is not at risk.
Ther rest of my day is spent working on security initiatives, collaborating via email, phone calls, and meetings with my team, which I forgot to mention, are all remote. I learn about the problems we’re facing from a security perspective and figuring out how to work these engineering, product, and IT.
When it comes down to it, my day is filled with decision making. I need to know when to escalate a vulnerability and when it can wait, find new ways to improve Okta’s security posture. On the flip side, I love doing research and coding so I always find time to build new security tools or do interesting research. I manage a team, but I’ve always thought of myself as a peer.
What is the most challenging part about your job?
The most challenging part of my job is being a manager. I’m a technical person, and computers are easier to manage than people because there are less variables. I’m very lucky to have built an incredible team from scratch so figuring out how to be a great manager for them is an interesting challenge and a great honor to work with such great and smart individuals.
I guess, the other hard part is making the right decisions and investments at the right time. I need to be able to prioritize my team’s time and resources. But thankfully I have always had great people helping me along the way.I love that our CSO, Yassir Abousselham, trusts me and my team to do this.
What is your favorite part of your job?
At the core, we are a highly technical team so I still get to do technical work. Even though I’m a full time manager, I always do my best to find time and play with things and find vulnerabilities. I enjoy research and technical work and I love the fact that Okta not only allows but it also embraces it as important factor that makes our team.
How did you become a hacker?
I’ve been surrounded by computers for as long as I can remember. My mom is an engineer and she used to work in a computing center where she was doing programming on punching cards--yeah, that long ago. I still have images from being young and looking at the computers my parents were always buying (Commodore 64, atari, XT, 486s, etc). I remember messing around with the computers and my parents immediately saw how much I loved them and the potential that was there, so even though I was a nightmare, they always embraced my learning. I think when everyone else was getting alphabet soup, I was being fed number soup. Both of my parents also happen to be math professors, so numbers were an important thing at home from an early age, and we all know computers are just applied mathematics.
I always wanted to figure out how things worked. As soon as there was internet, I discovered hacking by reading forums. My friend and I would try hacking things but always just for fun and to simply learn. Then, when I came to the US for college, I started working on our IT team at my university and we would always push the security of things to play harmless pranks on each other.
But it was not until I moved back to Argentina (where I’m from), that my mom got an email about a hacking job that she shared with me. I was thrilled to see this was something I could get paid to do legally. The rest is history.
I am very fortunate to do what I love. Hacking for me is not a job, but who I am. Hacking you’ll never be bored. I like pushing the edge and hacking has a thrill to it. There’s always an adrenaline rush when you discover a vulnerability or when you successfully get a shell on something.
What do you like to do outside of work?
Nowadays, I spend most of my time with my kids! I have a three year old daughter and five month old son-- they are my everything, kids do change your priorities and perspective on life.
I love to bike, swim, and read sci fi novels. Being Argentinian, I also love ristrettos and cortados, “Asados” , alfajores and great Malbecs (you can never go wrong with a good Catena).
Okta in one word?
Identity. That’s our world and that’s what I guard.