With a consuming curiosity, obsession with lock picking – both physical and abstract – and sharp technical mind, Len Noe has been breaking and building things nearly all of his life. Hacking, as he discovered at a young age, was not only a form of self-expression and creativity, but also a powerful tool that could be used in many different ways – even to extend one’s own physical capabilities and cognitive capacity.
Today, as a white hat hacker and global sales engineer at CyberArk, Noe uses his unique skills to help organizations get inside the minds of attackers, so they can protect themselves and strengthen their cyber resilience.
We sat down with Noe to hear his story and find out what he’s been up to while grounded at home during the pandemic. Plus, we had to see for ourselves how this self-proclaimed “cyborg” is transforming his own body – chip by chip – in the name of research and cybersecurity advancement. But more on that later.
Frogger and Solving the Unsolvable Puzzle
Noe’s interest in technology can be traced back to his father, a gadget lover and early tech adopter who introduced him to the Commodore 64 in the early 1980s.
Noe remembers the precise moment his own technology fascination turned into a full-blown obsession. He was reading a coding newsletter that outlined steps for building a simple computer game – Frogger, to be exact.
“I made a coding error while following the instructions,” he recalls, “but the mistake actually made it so that my frog wouldn’t die,” he says. “That was when it clicked for me, and I started to think more critically about why this happened and how I could manipulate the outcome.”
With the frog (somewhat) proverbially out of the well, Noe started to realize the capabilities of technology went far beyond the pages of instruction manuals and computer magazines. And he’s been pushing the boundaries ever since.
He’s spent decades honing his skills – mostly by practical application. And his career as a grey-turned-white hat hacker has had numerous twists and turns along the way. But one thing has never changed: the thrill of cracking the code and solving the “unsolvable” puzzle.
It’s what Noe says he loves most about his job – finding new, creative ways to exploit technology systems and pinpoint even the tiniest of flaws so that organizations can strengthen protections and help prevent attacks. And he’s making a name for himself as a global technology evangelist in the process. He’s presented threat research in more than 20 countries and keynoted major security conferences around the world.
Attack and Defend
Pre-COVID, you’d often find Noe side-by-side with customers, sleeves rolled up – tattoos revealed – surrounded by computers. His high-energy presentations dig into the why and how of some of the world’s most sophisticated attacks. In fact, this hands-on approach has prompted some rather uncomfortable conversations with airport security staff about the bag of suspicious-looking tech tools that accompanies him to each engagement.
One evening, after a presentation in Brazil, Noe came up with a new, interactive way for organizations to expand their skills as defenders. After returning home and fleshing out the idea alongside friend and colleague Andy Thompson, the CyberArk Attack & Defend series was born. In these capture-the-flag style workshops, attendees use real-world attack tools, techniques and procedures (TTPs) to execute the high-profile attacks seen in today’s headlines. Then, they swap roles and interact with CyberArk solutions to learn how to detect and defend against the same attacks.
Noe explains that most security professionals spend a lot of time reading about attacks, but few have actually seen one being perpetrated in real time.
“In this virtual war room, people get a very realistic perspective of what they’re up against,” he says. “We see the moment of clarity when they sit down and with four lines of code, they’ve performed a devastating Golden Ticket attack, for example. The look in their eyes says, ‘I get it, I understand this is not witchcraft.’”
What started out as a workshop has grown into a global multi-track series offering a range of attack simulations and defensive countermeasures – in the cloud, on the endpoint, across the DevOps pipeline and more.
Biohackers: The Invisible Threat
This training is helping security professionals stay a step ahead of attackers. But what happens when they come up against someone who is both the attacker and the attack vector?
What if a rogue employee on a mission to take down the company goes as far as biohacking their own body, implanting an RFID microchip that unlocks physical doors to company buildings and secretly stores and pilfers out sensitive data and files? Or, potentially worse, someone who conceals an entire Linux system beneath their skin, passes every physical and digital security check and makes off with your most valuable corporate assets?
It may sound like futuristic science fiction, but it’s reality today, Noe warns, and something security teams must absolutely pay attention to. And he, of all people, would know. You see, it’s never been enough for him to just study cutting-edge cyber defense; he believes he must live it. Over the past several years, Noe has undergone a series of bio-implant procedures to “become more than human” and along the way, delve deeper into the mind of an attacker.
His personal biohacking journey and long cyber career make Noe uniquely qualified to explore the collision between human augmentation and cyber warfare. And on May, 19 he’ll take to the virtual RSA Conference stage to do just that. His highly anticipated talk “Biohackers: The Invisible Threat” will outline the past, present and future state of biohacking and bioimplants; demonstrate how compromising contactless technologies can threaten physical and digital security; and help security professionals prepare for this new frontier.
As our own talk with Noe wound down, we asked him how someone so deeply entrenched in the attacker’s psyche stays on the straight and narrow. Noe says he’s happy to call himself a white hat, fulfilled by helping others defend against evolving threats, and doing work that he and his family can be proud of. And since he said it himself, we’ll close with this shameless plug: “The fact that I’m working for a security company that I actually believe in makes it really easy to be on the good side.”