Absolutely everything on this blog pertaining to the term “hacking” is meant for training and educational purposes only. WE DO NOT ENGAGE IN NOR PROMOTE ANY ILLEGAL HACKING ACTIVITY!
This article is going to be an improvisation of a lot of different thoughts that have been floating around my mind lately with no ideal springboard to launch them from. So at points in the post it may actually even sound a bit like an incoherent ramble but trust that there’s a reason for my rhyme. There’s a methodology mixed into the madness.
I recently read an article by Zed A. Shaw, the creator of “Learn Code The Hard Way” titled, Your Side Projects are Your Future. The article was aimed at coders but as I pondered its message I saw how it was easily adaptable to hackers as well. Thus, after reading this if what I wrote made any sense to you, I implore you to go check it out. Albeit, more so if none of what I wrote made sense to you. Go figure. /shrug
In this industry we hear all the time that everyone’s path to cybersecurity is unique. In fact, we hear it so much that by now it’s cliche. But there is a lot of truth in this. I literally didn’t get started in cybersecurity until approximately 3.5 years ago. And though, if you know me, you’re probably saying something along the lines of the “math ain’t math-ing” but I kid you not, and I’ll tell you why I say that.
The reason is that up until around 4 years ago, there wasn’t a field formally known as Cybersecurity. And, it’s also obvious that by now you must think I’m a total delirious noob who doesn’t know what he’s talking about, right?
Well, I’m going to ask you something and please be honest with yourself and your answer. When you were last on the Twitter platform — not X, but, “Twitter” — was your timeline riddled with folks asking about how to get a job in Cybersecurity?
Now, before you answer with “heck yeah, they were all over the place”, I have another question: Are you sure they were asking about how to get a job in Cybersecurity, or were they asking about how to get a job in “hash-tag InfoSec?” (Information Security)
A’ha! Something just happened there didn’t it? If you’re confused just know that the veteran hackers among us who are reading this have no confusion about what just happened.
Follow me as we take a little detour down memory lane.
Now every hacker
wanna be
the hero of the day,
But that ain’t gone happen
if it’s not
the zero of the day.
Photo by Florian Glawogger on Unsplash
It was through the Occupy Movement that I first came to hear of the hacking group called Anonymous. Mind you, I won’t get into the circumstances surrounding my personal life at that time but my professional life however, which consisted of working at a hotel and trying to revive an independent music career over the internet, wasn’t looking promising at all. So as fate would have it, it’s absolutely safe to say that the events mentioned above were happening around the same time that I was searching for a career change.
Everyone’s path to this field is unique
I’ve told this story a lot but I’ll reiterate it here for the sake of the bigger conversation. I became very intrigued with the group of people who wore the Guy Fawkes masks that at the time, the media referred to as hackers. And on a very serious note, I curiously typed into Google search one day — “How To Become A Hacker” and it was at that point I realized my life trajectory would never be the same.
There were two particular results returned that set me on a path to becoming who and what I am today, an ethical hacker… or, well, the more politically correct term, an “Information/Cybersecurity Professional”. Looking back I realize how things could have gone terribly wrong real fast but the universe apparently knew the sincerity of my heart when I made that query.
Among the many hits that my query returned, one was an advertisement for the Certified Ethical Hacker (CEH) certification by EC-Council. This was significant to my career because as naive as I was, I didn’t even know there was such a thing as an Ethical Hacker. So the whole idea of someone being paid to legally hack revolutionized my thought process to the point that I was compelled to research whatever it would take for me to become that person.
In fact, I was so naive I even thought that just by obtaining the CEH certification it would make me an ethical hacker and grant me the legitimacy to hack legally. I ran with that idea and I made it my goal to obtain the CEH certification. (What a n00b, right?)
Also it was through enumerating the term ethical hacker that I first heard about the art, science, service, field, what have you, of penetration testing. And it was at that point I decided that’s what I wanted to do in my new career, work as a penetration tester.
Fortunately, very early in my quest I met some good people in the hacker-space who’d become my mentors. With their help I soon realized the thought of obtaining the CEH, and by having it, that would make me an ethical hacker, was a delusional one. I was able to course correct and as a result, I’ve been on this exhilarating journey of being a hacker ever since.
Now with that out of the way let’s continue, shall we?
You know, in hindsight I’m able to see the fallacy in my thought process. Today I look back and think, how could I have ever been so dumb? But fast-forward a decade or so later and I must say that I’m seeing a lot of people approaching the path into cybersecurity in somewhat of the same manner that I was approaching the path to ethical hacking.
To see this play out yourself, just log onto your favorite social media platform, tune into the conversations surrounding “how to get a job in Cybersecurity” and replace CEH in my story with [whatever shiny new cert or course is on the market these days] into their dialogues.
Photo by ConvertKit (Soon to be KIt) on Unsplash
They trying climb
the ladder
but they stint
ain’t making pay
They hating
then get madder
and with that
I had to say.
“Script-Kiddies
stop the chatter
cause y’all about
ya views”….
The hits
keep getting badder,
our chips
all across the news.
Content Creators or Cybersecurity Innovators
Today on the inter-webs there’s a new cybersecurity course dropping every week or so. Well, let’s say every month to be absolutely safe. Cybersecurity certifications are dropping out of the sky at an all time high. We’re running into cybersecurity experts, hackers, or supreme bug hunters on every corner that we turn. They’re literally like Ray Lewis out here, “on every tackle”. Everybody is a freaking expert these days.
Now, I realize this is going to hurt a lot of feelings and probably cause me to lose a ton of fake friends or followers but the reality of the situation is that these aren’t professionals in their craft who’re extending their time and knowledge to help you get into the game (translate, help you get a job in cybersecurity) nor or these authentic hackers teaching you the craft. I hate to break it to you, my friend, but these are snake-oil salesmen on a quest to separate you from your well earned cash and coins.
The cyber-space is full of cybersecurity charlatans!
Think about the rate that these courses and certs are dropping. We’re all human and are allotted the same 24 hours a day. There simply isn’t enough time available for what we’re witnessing in the cyber-space to be anything more than an illusion.
People, hacking and cybersecurity is hard work. It’s like the words of Coach Vince Lambordi that my man John Hope Bryant quotes, “the only place where success comes before work is in the freaking dictionary.” You are not going to get success without doing the work. There’s no way that you’re going to be able to watch a couple of videos, capture a few flags, get a certification and become a hacker or cybersecurity professional overnight.
I say this because what I’m seeing are tons of people dropping videos, mostly of themselves performing a walk-through of solving challenges that were created by someone else, putting an impressive video presentation behind it and calling it a course. The real work in such a scenario belongs to the platform of developers who built the challenges. Those people have a full-time job and get paid a very nice salary to create that stuff. They’re the workers here!
Don’t get me wrong, I’m not knocking anyone’s hustle but at the same time, I’m not going to allow someone to urinate on my head and try to convince me that it’s raining either.
“Oh, well, what’s the difference between you all at Grey Hat Developer blogging about solving challenges and capturing flags?” you say.
The difference is that we’re not packaging it up, putting a name to it, then turning around and selling it as training and certification that we’ve innovated. We’re simply just trying to find interesting ways to write about us solving the challenges.
In the least case scenario, what our articles intend do are serve as testaments of us at least “putting our hands on something” as we learn these new concepts.
Hopefully, the posts are detailed and written well enough to where anyone who may be tackling the same challenges could find a nudge in the right direction if they’re stuck on something we’ve already conquered. This is a blog!
Oh, and the reason that I brought up the X platform and the “How to get a job in Cybersecurity?” question that is still floating around is because I’d like to bring your attention to that question being nothing more than a trend.
I’ll say it again. Back in 2011 when I was still fairly new on Twitter, there wasn’t anyone in my threads asking about how to get a job in “Cybersecurity”. In fact, no one was even using the term cybersecurity. InfoSec was the term being used and Information Security was the field being discussed.
To be honest, it wasn’t until around the time of the Covid pandemic did I even start hearing a mass of people on Twitter asking “How to get a job in InfoSec?”.
Do you remember the whole BlackTechTwitter hash-tag that sprang up? They weren’t even in that tribe questioning the path to get a job in Infosec. The question then and there was, how to get a job in “Tech”! — period.
Shortly after, “Cybersecurity” became a trendy buzzword that marketers picked up on and well, here we are in our current state. The trend has faded and the number of people who aren’t working in cybersecurity are staggering.
They’re now pitching this facade that there’s a “shortage of cybersecurity workers” in hopes to cover up the deception fostered by the trend. Meanwhile, those who drank the kool-aid are wandering in a stupor still asking “how to get a job in Cybersecurity?”
They’re stealing
our identities
and all we got to lose,
No longer
can we sit
and watch the brawl
we gots to choose.
So while
y’all be making videos
we sharpen up
our axes,
We hunt
for vulnerabilities
then exercise
our tactics.
The Magic of Side Projects
And with that, we now go back to the article that I mentioned earlier by Zed A. Shaw about side projects.
Before the Cybersecurity trend and the platform was renamed, X, I was one of those people on Twitter asking about how to get a job in InfoSec. But there is something to be said about side projects — They’re magical!
Grey Hat Developer started as a side project in 2016 before becoming an official company in 2018. Today, this blog all in itself has become a staple of our existence. We have clients and I work as a consultant among other things. Outside of GHD, I also even work as a Cybersecurity Analyst for another organization. The irony is that although I’ve technically had a job in InfoSec for 6–8 years, by trend I “technically” didn’t land a job in Cybersecurity until about a year ago.
Currently, instead of asking how I can get a job in InfoSec, thanks to the trend, now I’m being asked by others how can they get a job in Cybersecurity. My answer: Get started today working on side projects.
You see, what I didn’t realize back then was that by working on my “side project” I was already working in InfoSec which, ironically, is what ultimately led me to getting a job in Cybersecurity.
In conclusion, we’re now on the brink of another technological evolution. (Can you guess what that is?) If you are just getting started in the field and aspire to get a job in Cybersecurity, with the plethora of charlatans floating around the web, before you go head first on your journey I implore you to first decide whether you want to be a Content Creator, an imitator, or a Cybersecurity Innovator.
I’m done with my ramble and rant. Hack On, Ladz & Gentz!
The fact Is….
Content Creators
pose as cyber pros,
But Info-Cybersecurity
Innovators don’t expose.
What they know,
Unless it’s
P-O-C’s
that we upload,
Threat Actors
try to infiltrate
while we uphold the code.
And so…
Are you an imitator,
Or Content Creator?
Cause here from where I sit
you’re starting to look like you’re a hater.
And while they keep on telling me
it’s getting greater later
What’s left of me
is the destiny of
a Cybersecurity Innovator.