When Czarl Jalos “tests a pen,” no ink is involved. 

Highline student Jalos is studying cybersecurity and is enrolled in the Network Security Engineer associate of applied science degree program.

Today, he is employed as a pen tester at Accenture, a popular information technology company. One of Accenture’s main clients is Amazon. 

As a pen pester, or penetration tester, Jalos’ job duties focus on simulating cyberattacks and identifying vulnerabilities for AWS (Amazon Web Services) products. While Accenture offers services for hardware and network security, Jalos currently focuses on web applications.

“For example, we test the authentication of web apps where we use either brute force or SQL injections to find out if a database can be accessed,” said Jalos. “Or, we can test if a cookie has an expiration date or if the same cookie can be used in different systems or devices.”

Insecure database access or poor cookie management can lead to sensitive data, such as passwords or financial information, being compromised.

“Besides authorization and authentication, we also check for cross-scripting,” said Jalos.

Cross-scripting refers to the execution of malicious script code that has been injected into client-side scripts. One way Jalos combats cross-scripting is via input validation. If a site has an input box where users can enter text, they may also enter code snippets. With input validation techniques, Jalos can prevent the user’s code snippets from running altogether.

“We also check the logic flow of the application,” said Jalos. “We do code reviews and look for vulnerabilities where we can mess up the logic of the business, like going from ‘step one’ to ‘step six.’”

“Another thing that we test is the dependencies that the software uses. For example, if there are CVEs or vulnerabilities in outdated dependencies, we report that to the client too.”

Finally, after completing the cybersecurity audit, he sends a detailed report to the client.

With the Network Security Engineer program, Jalos hopes to expand his horizons beyond the security of web applications and into the realm of pen testing for computer networks. After completing this associate of applied science degree, Jalos plans to earn a bachelor’s degree in Cybersecurity.

After talking to an adviser, Jalos said he felt confident in choosing Highline for his education because of the various opportunities offered within the cybersecurity field.

“A couple months back, I was looking into a college that provided a cybersecurity degree plan. I looked into Highline because they have a lot of pathways in cybersecurity to build onto,” he said.

Prior to launching his career in cybersecurity, Jalos adds that he also worked as a software engineer.

“From software engineering I gained the knowledge to read code, which pen testers need. I had an opportunity to explore cybersecurity and fell in love with it,” said Jalos, “Cybersecurity is so broad, where you can specialize in many areas, but I think the fun part is the pen testing.” 

As Jalos continues his studies at Highline, he said he looks forward to expanding his skillset and entering the next chapter of his career.

Catherine Rasgaitis is web editor of the Thunderword.