Alum Makes Career as a Hacker
Jon Gaines
Class of 2016, Cyber Security A.A.S.
Jon Gaines has helped local and international companies find security loopholes and areas of security weakness that could be used by unscrupulous hackers to reach secure data – from databases to phishing scams. He explains, “We get to do what the bad guys do, legally.”
As a teen, Gaines recalls being “a bit of a troublemaker” when it came to computers. “I liked to figure out how things worked; ‘What will happen if I break it?’” At the age of 18, Gaines heard a news story about people who hacked websites, legally. He immediately began working toward the goal of becoming a professional “white-hat” hacker.
Though very knowledgeable, Gaines knew he needed a degree. After exploring several programs, he chose Herkimer College’s Cybersecurity program because of its faculty and course content. “The course lineup was more well-rounded than the other colleges I looked at.”
Immediately upon graduation from Herkimer, Gaines was hired by Leet Systems. “We did any type of hacking – digital mostly, but sometimes we would physically try to break in; picking locks and that sort of thing. We did phishing campaigns, tricking people into giving away their names and private information.”
Gaines worked for Leet Systems for two years while studying for his bachelor’s degree in Networking & Cybersecurity from Champlain College. Then he moved on.
“Leet was very small – there were three other employees –besides me – when I started working there. I felt like there was no room to grow. It just wasn’t big enough.” So Gaines began working for Stratum Security. While most of his projects for Leet Systems were local or national, Stratum Security has an international client base. “I might be working on a site for a company in Australia; tomorrow I might work on one in France,” he says. “I’m not traveling yet, but it’s cool to be working on sites around the world.”
His biggest accomplishment? “It’s every hacker’s crowning glory getting into critical data [on big websites, like those of the healthcare industry] and then tell them about it,” he explains. “Most people work at it for years, but I got lucky. I found two undiscovered vulnerabilities in an Industrial Control System (ICS) which are being added to the international database of vulnerabilities in my first two years.”
Despite his accomplishments, Gaines remains modest. “It’s really not as glamorous as it sounds,” he says. “There are others that I can tap into. But in general, it’s just me, Google, and my intuition.”