Behind the Scenes: The Dual Role of Hacking and Defense
Interview with Antoine Neuenschwander, Tech Lead Bug Bounty & Security Incident Responder at Swisscom
Antoine Neuenschwander heads up the Bug Bounty Program and serves as a Security Incident Responder at Swisscom. With over 15 years in the cybersecurity realm spanning various roles—from software development to IT security operations and penetration testing—he's deeply rooted in the industry. Outside of work, he wears the hat of an ethical hacker. Catch him at GOHack23 to delve into his wealth of experiences and find out how to get started in cybersecurity.
Antoine, how did you get into cybersecurity? What fascinates you about this field?
I became interested in cybersecurity very early on, along with other computer science topics. The deciding factor, however, was my first job as a software developer at a security manufacturer, when I was allowed to really immerse myself in the subject for the first time. What fascinates me is how assumptions about the security of systems are repeatedly disproved. It's like a magic show, where you try to uncover the secrets behind each trick.
What fascinates me is how assumptions about the security of systems are repeatedly disproved. It's like a magic show, where you try to uncover the secrets behind each trick.
What do you love most about your current role? And what challenges do you encounter in your daily work?
I like dealing with the many layers of abstraction in computer systems while interacting with many people across the organization. On the other hand, my work is determined by a great many external factors, so regular planning is difficult.
Swisscom is an education partner for GOHack23. What motivated you to support this cybersecurity event?
Cybersecurity is a growing field and there is a significant shortage of skilled workers. Swisscom has recognized that there is a need for action. Through our partnership at GOHack23, we are supporting the development of new talents.
Through our partnership at GOHack23, we are supporting the development of new talents.
As head of the Bug Bounty program at Swisscom, how do you think you benefit from your experience as a hacker in this role? Are there any deeper insights or benefits that understanding both sides gives you in your day-to-day work?
To me, it's paramount. Without understanding the techniques and tactics of the other side, you can only inadequately protect an organization.
In your spare time, you work as an ethical hacker. However, you reject this term and prefer to describe yourself simply as a hacker. Why is this distinction so important to you and what message do you want to convey?
The term "hacker" often carries negative undertones and is quickly associated with criminal activities. However, at its core, it refers to individuals who, through relentless tinkering, acquire unique skills, regardless of how they utilize them. Just as we don't refer to locksmiths as "ethical locksmiths," we shouldn't be quick to label all hackers with suspicion.
GOHack23 is expecting a diverse crowd, including newcomers to the field. What advice would you give to someone interested in a cybersecurity career, perhaps even considering joining Swisscom?
Grasping the foundational knowledge can seem daunting. I'd suggest first getting a broad overview of the various disciplines. At the same time, diving headfirst into a specific area can yield invaluable experiences. But for me, more than mere technical know-how, what matters immensely are one's attitude, perpetual curiosity, and the will to continually learn and grow.
Discover what Ethical Hacking and Bug Bounty are all about. Hear about current cybersecurity topics from compelling speakers. Meet Antoine and other cybersecurity experts at GOHack23.
