The owner of a Melbourne IT company that collapsed after a devastating hacking attack has won a security industry award for his dedication to spreading awareness of cybercrime issues.
The Australian Information Security Association crowned Alex Woerndle its 'Rookie of the Year' at its conference last week in Melbourne.
The honour tops off a redemptive journey for Woerndle from the owner of a business that lost 4,800 websites of its customers to an "evangelist" for the IT security industry.
In 2002, Woerndle founded Distribute IT, a domain registration and web hosting services provider. By 2011, the family business had grown to employ more than 30 people across Melbourne and Jakarta.
On the afternoon of Saturday 11 June 2011, a still-unknown hacker executed a malicious attack on the Distribute IT systems that would devastate the business, its customers, and Woerndle.
"Hackers got into our network and were able to destroy a lot of data. It was all done in a logical order – knowing exactly where the critical stuff was and deleting that first," Woerndle told CRN.
After a mad scramble that Saturday night, Woerndle said the company found the only way to get the hackers out was to "turn everything off".
"We spent the next 10 days reconstructing and rebuilding. But internal and external factors created a 'whirlpool' effect and we knew we couldn’t recover the business."
A "fire sale" was then arranged with industry giant NetRegistry and Woerndle said he "walked away completely exhausted and with nothing".
"When you lose a business like that you never get over the pain," Woerndle told CRN. "The family house was on the line."
Next: Victim warns others
After spending over a year attending to obligations related to the transfer of his business, he was approached by industry bodies like AISA to speak about his experiences.
"'No way! I'm not doing that,' was what I said initially," said Woerndle. "A lot of people saw me as the idiot who lost all his customers' data and I didn't want to talk about it."
But the requests kept coming in, and he realised that very few victims are "willing to say 'yes, that was me'", even though personal testamonials are crucial in convincing companies to implement rigorous security measures.
"Somewhere along the line, I thought that in a cathartic way [speaking out] would help."
Woerndle said that he then put together a presentation and toured it around to CIO groups and eventually to an AISA conference.
While on the speaking circuit, an employee from IT security provider CQR spotted him at an AISA conference and the meeting led to a job.
“A few eyebrows were raised when we appointed Alex but the merits were always obvious to us," said CQR's national director of information security Phil Kernick. "As a former business owner, he has instant credibility and has also become very knowledgeable on the technical side of information security."
Woerndle has now built a team of consultants around him for CQR's Melbourne operations.
"My days now involve speaking to clients and working with clients to give them the right security advice," he said.