Hollywood Loves Him, Cyber Clients Can’t Live Without Him: Meet Aon’s Adam Bixby, Ethical Hacker

Aon’s Adam Bixby shares how he launched his career as an ethical hacker, consulting for companies on their cyber risk profiles.
By: | September 14, 2021

Viewers of HBO’s Mr. Robot series have come to expect a lot of the show’s hacking sequences.

Beyond the dimly lit computer labs and quick keystrokes of most shows, Mr. Robot has shown a commitment to realism in its scenes, often making inside jokes for coders and earning praise from real-world tech and cyber security experts.

These scenes and their accuracy are in part a result of the work of Adam Bixby, managing director and proactive security leader in cyber solutions for North America at Aon. In addition to his role at Aon, Bixby moonlights as a hacking technical consultant for film and television.

He’s worked on a number of high-profile projects, including Mr. Robot, Ocean’s 8 and The Flight Attendant.

“It was really neat,” Bixby said. “I would go and recreate the hacking scenes in the lab environment I have at my house, and I would essentially record my screen.”

Though consulting for TV and film is exciting, Bixby’s full-time gig may be even more so. Bixby works for Aon as an ethical hacker, conducting risk assessments and tabletop exercises to help companies proactively address cyber threats — one of today’s fastest evolving risks.

Becoming an Ethical Hacker

Bixby first entered the cyber security world through a master’s program in forensic computer investigations at the University of New Haven. During his master’s program, he interned with Gotham Digital Science, an information and security consulting firm. There, he was introduced to the world of ethical hacking.

After graduating, Bixby remained with Gotham Digital, working his way up through the company.

“I worked my way from an intern all the way through the different ranks until I was essentially running the practice,” he said.

Bixby stayed with the company as it was acquired in 2016 by Stroz Friedberg and again six months later when it was bought by Aon, continuing all the while to rise through the ranks. In his current role, he helps companies analyze their vulnerability to cyber attacks by assessing their systems for vulnerabilities.

When he assesses a company’s risk, Bixby often begins by looking at a website like a normal user would.

He then begins looking for ways to break in.

“It’s like doing puzzles, day in and day out,” Bixby said. “You try to hack into their systems, and then you tell them how you got in and help them fix the issues.”

His work is clearly of the utmost importance for clients. In the first three quarters of 2020, there were 2,935 publicly reported breaches, according to reports from Security Magazine. 2021 has already seen a number of high-profile attacks, as well, including the widely-covered Colonial Pipeline Hack, in which company officials paid hackers a ransom of almost $5 million.

“If you’re only reactive to security, then that means you’ve already been breached and now you’re trying to call in digital forensics and incident response teams to come in and let you know how you got hacked,” Bixby said.

“At that point, sometimes it’s too late.”

Preparing Companies for Tomorrow’s Cyber Risks

Ransomware attacks, data breaches and other cyber risks aren’t likely to go away anytime soon.

In fact, so long as there are bad actors out there, attacks are only likely to get worse.

“As long as there’s bad guys out there, I don’t see [cyber risk] going away,” Bixby said.

In the wake of the Colonial Pipeline attack, the U.S. government is stepping up its efforts to help protect the country’s infrastructure from cyber attacks, and many are calling for minimum Internet of Things (IoT) cyber security standards.

Many businesses are also taking additional steps to increase their cyber security by rushing to hire chief information security officers, according to reporting from the Wall Street Journal. As with the bulk of the commercial insurance industry, there is a shortage of cyber security professionals, however. Cybersecurity Ventures projects that 3.5 million cyber security jobs will go unfilled in 2021.

To address these issues and to overcome security threats, businesses will likely be spending a lot of money over the next few years to manage cyber risks.

Globally, spending on cyber security products and services is expected to top $1 trillion over the five-year period from 2017 to 2021, according to Cyber Crime magazine.

“Security should not be an afterthought,” Bixby said. “It really behooves a lot of organizations to spend some time and money on enhancing their security.”

Businesses looking to defend themselves from cyber risk, then, should be proactively assessing their risk levels and training employees to combat phishing and other attacks that rely on human weakness to enter a system.

“I equate getting a proactive assessment with making sure that your windows and your doors are locked, rather than letting the burglar break in,” Bixby said. &

Courtney DuChene is an associate editor at Risk & Insurance. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance