If Aaron Trusky was the devious sort you would do well to keep him far from your computer network, passwords, files, banking data and even your family photos. Trusky is a well-versed and successful hacker, and he openly admits it.
Luckily for Tuscarora School District his hacking—gaining access to and tampering with online information—is intended to protect privacy and vulnerable information.
Trusky, chief information officer and technology coordinator at the Mercersburg, Pennsylvania, schools, is an “ethical hacker”—one who does what the bad guys do but for all the right reasons.
You hate to scare people, but anything on the internet can be seen by someone.”
To beat hackers at their own game, this IT guy thinks and acts like someone attempting to penetrate the organization’s networks and systems. By using the same methods and tools that hackers use he tries to find holes in the security. If he can get in, if he can compromise sensitive information, so can others.
After graduating from Elizabethtown College in 2006 with a bachelor’s degree in information systems, Trusky was an IT support specialist with Hollywood Casino at Penn National Race Course. In 2009 Trusky began working at Tuscarora, where he is responsible for overseeing the technical operations of the district, designing their infrastructure, supervising technicians and creating and maintaining the schools’ email accounts and public website.
He presently is enrolled in the CyberSecurity masters’ program at Utica College and, this past spring, became a Certified Ethical Hacker through the International Council of E-Commerce Consultants, a member-based organization that certifies individuals in various information security and e-business skills.
To be certified students must be employed in a position that requires the skills and must sign an agreement that the knowledge they leave with will be used only for good. They are deeply trained in security threats, attack vectors, hacking methods and tools. They learn about perimeter defenses, scanning and networks, intrusion detection and viruses. And, as an added bonus, Certified Ethical Hackers become part of a forum of like-minded people around the world through which they can discuss ideas and concerns.
“Basically it allows people to use the exact same skills and tools legitimately” as those who wish to do harm, said Trusky. “It’s all about what you are using it for. It can be used maliciously or to find the holes that someone on the outside would use to gain access.”
Normally those seeking ethical hacker certification through the work for government agencies or internet crime organizations, but Trusky said his inspiration to pursue ethical hacking came from high school students. At Tuscarora each student has a laptop. “We can see if they tried to gain access and passwords,” he said, noting that kids at that age are more savvy than ever. “That’s one of the scary parts of technology. They know more about IT security than I do.”
All types of data is stored on the district’s network,, including faculty and staff information and private student grades. A student hacking into the system to wipe out one bad science grade could compromise the entire district’s network, so Trusky’s job is to proactively keep attempts like that from taking place.
While a student at Elizabethtown College, he interned with high schools and loved the atmosphere. “I connected with the kids. I enjoy pushing them to be the next leaders,” he said. He said he’s had some students who messed with technology while in high school and got caught, who are now studying the subject in college, and they come back to tell him how they now understand the importance of security.
“You hate to scare people, but anything on the Internet can be seen by someone,” Trusky said. “The things we saw in the certification class were eye opening.” However, he added, that’s the exact reason why organizations and businesses need penetration testers and ethical hackers. The value in those positions is to find weaknesses that could take a system down but could be overlooked in traditional security sweeps and virus checks.
“Unless you are specifically looking for something, it might go unnoticed,” he said.
With the growth in technology knowledge and the tools that are available to the underhanded getting more sophisticated, does that mean we are doomed to more security breaches, leaving our personal information vulnerable and able to be hacked?
“I think it’s a twofold approach,” Trusky said. “With tools making it easier to maliciously hack there is always the opposite; there are always steps to mitigate.”