Community Spotlight - Lars Bo Frydenskov

This is the fifth community spotlight, in a series of articles highlighting the awesome people that take part in the local Danish non-profit Infosec communities/organisations in Denmark.

Tell us a little about yourself, work/background and why you got interested in info security.

My interest in cyber security initially started with the well-known and acknowledged podcast by Jack Rhysider, Darknet Dairies. At the time of discovering this great podcast, I had just finished my first year of my computer science degree, and like many of my peers, I found cyber security intriguing. At the same time I also found it absolutely mythological and unreachable. After two years of following Darknet Dairies and the amazing stories, I discovered De Danske Cybermesterskaber (DDC). I had started the first year of my Master in Computer Science, and I was developing the future model checking tool CGAAL, which later was published in October 2023, and presented by my dear friend Nicolaj Østerby. At the time my everyday life was characterised by math, computer theory and of course gaming. What sparked the interest in DDC, was the simple format of the qualifications; Complete six challenges and you move to the next round over the timeframe of a week.

After the completion of the first tasks, I got hooked, and used all my waking hours, which were not spent on my Master, on doing DDC that week. Every flag was a rush, and really gave my gaming “nerve” a tickle. Since then, I qualified to regionals, then nationals and the same again the year after, spending most of my free time reading, studying cyber and playing CTF. My Master thesis were also affected by my interest in cybersecurity and with my two good friends Falke Carlsen and Asger Weirsøe, we made a security analysis of the IOT protocol, Thread.

My professional life in cybersecurity started when I got hired by Aalborg University(AAU) as a research assistant, where I worked in close cooperation with Danny Bøgsted Poulsen on the static analysis tool MiniMC, and Rene Rydhof Hansen on the tech transfer project SB3D. My time at AAU was a time of application security, which changed drastically when I started my cyber security consultant role at Trifork Security. Today, my work day is characterised by operational security, where I specialise in offensive security(OffSec), Endpoint Detection and Response(EDR) and Vulnerability Management(VM). Most of my energy is used in consulting and assessments.

If you should give any advice to yourself when starting your infosec journey, what would it be?

I always had this picture of hackers, the darknet and security professionals as something mythological. Partly, because of imposter syndrome and because of a false expectation of the field, I avoided the cyber security path for many years.
So my advice would simply be: “Take a look at cybersecurity, it’s not as bad as you think (and to be honest not as frightening either)”

What aspect of cybersecurity captivates you the most?

The humans. All security incidents are rooted in people. I believe, when I write this, many will think about social engineering, which is indeed captivating, and many also will stop up and say “what about zero day vulnerabilities?”. Zero day vulnerabilities are also rooted in people, often a programmer’s mistake, but can also be a flaw in logic or, worse, intended, all developed and designed by people. The machines, computers and devices are reliably executing our command, we, humans, keep making the same mistakes and forget to stop and think, “can this be exploited?”. A good way to get people into thinking about security is simply hacking them, and until I find another way, I will spend my time improving my skills and doing exactly that(white hat of course).

How did you find VSec and how long have you been a part of the VSec community and what are your thoughts about the infosec community in Denmark in general?

I found VSec through my good friends Christian Bech Henriksen and Sarah Vangsøe Wohlin. The cybersecurity community is really blooming, and I think we should grab the momentum and get everybody in on it. In my view, cyber hygiene is just as important as personal hygiene. As an example it should come naturally for everybody to have a complex password, such as it is natural to wash our hands. In order to learn this new behavior, we have to start working with people early. I think we should spread our knowledge and passion to high schoolers and maybe middle schoolers as well, making it mainstream. Unfortunately, we are not quite there yet, but DDC and Cyberskills are really taking a giant step in the right direction. Let us keep working at it together.

Thank you for sharing your thoughts with the community! If you should point to someone in the community that the next community spotlight should be about, who should it then be?

My suggestion would be a young and aspiring professional, someone perhaps not yet in the field, but who can share their experience of how friendly the community is and how everybody can enter cybersecurity. Time of writing I have no specific person in mind.

I would also like to use this as an opportunity to widen my network, so if anyone interested in a dialog or just follow my professional journey you can catch me on LinkedIn: https://www.linkedin.com/in/lars-bo-frydenskov