BY day, Dr David James Sykes runs a dental practice in Umhlanga — but beyond the surgery, he is also a qualified penetration tester helping businesses identify cyber vulnerabilities before criminals do.

Sykes, who holds a CompTIA PenTest+ certification and operates GreyHat4Hire, says his interest in cybersecurity began in childhood after witnessing a hacker remotely take control of his grandfather’s computer.

Also read: Multi-million rand rising main project complete

“I sat there stunned. I needed to know how they did that,” he said.

That curiosity continued through his university years, where he balanced dentistry studies with cybersecurity research.

“Dentistry became my career, but security research was always running in the background,” Sykes explained, adding that the two paths eventually converged as cyber threats escalated in South Africa.

His dual expertise has led him to advocate strongly for improved cybersecurity within the healthcare sector, including publishing work in the South African Dental Journal to raise awareness among practitioners.

In denial
Sykes said many dental and medical practices remain underprepared, often assuming cyberattacks “won’t happen to them”.

“The concerning group is everyone else — the practices that haven’t looked because they assume they’re safe,” he said.

He warned that healthcare providers hold highly sensitive patient data and carry legal responsibility under POPIA to protect it, making breaches both a reputational and legal risk.

Among the most common vulnerabilities he encounters in small businesses are the reuse of passwords across multiple platforms without multi-factor authentication (MFA).

“When one platform gets breached somewhere in the world and those credentials leak, an attacker doesn’t need to be clever. They just try the same login everywhere,” Sykes said, describing the process as largely automated.

He emphasised that basic steps can drastically improve security.

“A password manager and MFA on every critical account — that’s two steps, and your entire security posture improves drastically.”

Technical issues
Phishing remains the easiest entry point for cybercriminals, according to Sykes, who said attackers exploit human behaviour rather than technical weaknesses.

“A staff member gets an email that looks legitimate… they enter their credentials… and it’s done,” he said.

He added that these emails are designed to trigger emotional reactions such as fear or urgency – “Your account will be suspended.”
“SARS requires immediate action.” “Your payment has failed.”

“That spike of anxiety is deliberate. It bypasses rational thinking and pushes you to click.”

As a “greyhat” hacker, Sykes operates within strict legal and ethical boundaries, but says his work requires thinking like a criminal to identify weaknesses.

“If you’ve ever locked yourself out of your house… you try the windows, you instinctively thought like a burglar. Cybersecurity is exactly the same mindset,” he explained.

He stressed that his role is to find and fix vulnerabilities before they can be exploited, noting that this approach ultimately strengthens protections within his own dental practice as well.

Sykes emphasised that smaller businesses are not immune.

“You’re not too small to be a target,” he said, warning that many breaches go undetected for months while attackers quietly access systems.

“Criminals aren’t looking for the most valuable target; they’re looking for the easiest one. If your doors are unlocked, you’re on the list.”

For more from Northglen News, follow us on Facebook, X or Instagram. You can also check out our videos on our YouTube channel or follow us on TikTok.

Click to subscribe to our newsletter – here