Tribe of Hackers

Introduction

Tribe of Hackers stands as an extensive and enlightening resource tailored for both aspiring and seasoned cybersecurity professionals worldwide. The guide unfolds through illuminating interviews with 70 distinguished security experts, featuring prominent figures like Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. It not only caters to those seeking to fortify their skills in the rapidly evolving cybersecurity landscape but also imparts invaluable advice.

Ever found yourself intrigued by the nuances of the cybersecurity realm? Contemplated the prerequisites for achieving success in this dynamic field or pondered over securing your personal digital space? These queries often linger in the minds of many as we navigate the complexities of the digital age. Indeed, the world of cybersecurity is a vast reservoir of lessons waiting to be explored.

Within the pages of this Blink, you'll embark on a journey guided by the rich insights and experiences of seasoned cybersecurity veterans. Through the perspectives of accomplished professionals, you'll gain a comprehensive understanding of the field, dispelling common myths and recognizing the pivotal role of personal and professional skills in attaining success in cybersecurity.

This expedition not only aims to shed light on diverse paths to success in cybersecurity but also equips you with the knowledge to make informed decisions about your personal digital security. As you immerse yourself in these narratives, you'll discern the significance of continual learning, hands-on experience, and a well-rounded perception of cybersecurity threats. Crucially, you'll grasp the profound impact of interpersonal skills on propelling your cybersecurity career, learning how to navigate the cybersecurity landscape with confidence and clarity. Prepare for an enlightening journey through the intricate world of cybersecurity.

Chapter 1: Diverse Paths to Cybersecurity Excellence

Our exploration begins with insights from Lesley Carhart, a seasoned information security expert with nearly two decades of experience in the IT industry. Currently serving as a principal threat hunter at Dragos, Inc., Lesley has a wealth of knowledge to share about the world of cybersecurity.

One crucial misconception that Lesley aims to dispel is the notion that security professionals should solely focus on the intricacies of their specific niche. Instead, she underscores the importance of comprehending the businesses they serve, especially considering that these organizations may not inherently prioritize security. Recognizing this reality enables security professionals to assist senior leadership in finding a practical balance between operational efficiency and security measures.

Lesley's wisdom extends to the realm of educational qualifications. Contrary to the belief that a college degree or certification is the definitive path to cybersecurity success, she emphasizes the flexibility of the journey. While such credentials can open doors and enhance promotion prospects, Lesley asserts that they are not absolute prerequisites. Self-study and active community involvement, she suggests, are integral components for success in the dynamic field of cybersecurity.

In terms of career advancement, Lesley places a strong emphasis on networking. Whether aspiring to climb the corporate ladder or establish a cybersecurity venture, she advocates for active engagement and interaction. Recognizing the value of social skills, she cautions against underestimating the importance of effective communication in interviews and on résumés. In the cybersecurity domain, where creative problem-solving and an insatiable curiosity are highly valued, these interpersonal skills can make a significant difference.

For those seeking to secure their home networks in the digital age, Lesley provides practical tips. She advises considering the necessity of Internet of Things devices and recommends segregating them from the main computer network. For instance, keeping smart devices and computers used for sensitive tasks on separate networks, fortified by a firewall, can enhance overall security.

Chapter 2: The Vital Role of Interpersonal Skills in Cybersecurity Success

Our next source of wisdom is Ming Chow, a senior lecturer at Tufts University and a prominent figure in the realms of cybersecurity and computer science education. Ming's wealth of experience brings valuable insights to the forefront.

Ming challenges the common assumption that increased cybersecurity spending directly correlates with a reduction in breaches. He identifies several factors contributing to this misconception: the belief that more spending alone will solve the issue, a lack of understanding among management regarding the specific threats they are safeguarding against, the inherent complexity and vulnerabilities of cybersecurity products, and the fact that many breaches stem from fundamental issues like weak passwords that financial investments cannot fully address.

Fortunately, Ming provides a constructive solution for organizations seeking to enhance their cybersecurity posture: integrating cybersecurity awareness from the very beginning, starting with the onboarding process. He advocates for continuous drills and exercises, including phishing simulations, to instill a genuine appreciation for cybersecurity throughout the organization. Drawing parallels to learning from a burnt finger, Ming suggests that practical experiences create lasting impressions and awareness.

For those aspiring to enter the cybersecurity field, Ming emphasizes its vast and interdisciplinary nature, welcoming individuals with both technical and non-technical skill sets. He dispels the misconception that fancy equipment or a college degree is a prerequisite, emphasizing instead the importance of hard work, intellectual curiosity, and hands-on experience. Ming recommends beginners start with practical exercises, like setting up a vulnerable web server at home, to gain real, hands-on knowledge.

In terms of career advancement, Ming underscores the significance of personality and emotional intelligence. While academic and technical skills may secure a job, he asserts that interpersonal skills are the key to promotions and sustained success. In essence, Ming highlights the trifecta of continuous learning, practical experience, and robust interpersonal skills as essential components for achieving excellence in the dynamic field of cybersecurity.

Chapter 3: Simplifying Cybersecurity Excellence

Our journey through cybersecurity insights continues with Bruce Potter, the Chief Information Security Officer (CISO) at Expel and the visionary founder of the Shmoo Group, boasting over two decades of profound experience in the cybersecurity domain.

Bruce aligns with previous perspectives, emphasizing the pivotal role of mastering the basics for organizations striving to bolster their cybersecurity defenses. Rather than getting entangled in the allure of cutting-edge technologies, he advocates for strengthening security through fundamental measures like timely software patching, judicious USB usage, and the implementation of two-factor authentication.

Highlighting the shared attributes of successful cybersecurity professionals, Bruce spotlights the capacity to make tough decisions and adhere to what is right, even when the path is challenging. This echoes Ming's emphasis on the importance of personality and emotional intelligence in the field.

When offering cybersecurity advice to the general public, Bruce diverges slightly. While acknowledging that the majority may not be prime targets for cyberattacks, he urges caution in trusting companies providing Internet of Things devices and their associated cloud services. He introduces a note of skepticism regarding free services, suggesting they may not be entirely trustworthy. Surprisingly, he advocates for the use of Apple products, citing their robust security features.

In tandem with Ming's focus on continuous learning, Bruce dismisses the notion of a "life hack," asserting that it essentially boils down to the concept of learning itself. His philosophy centers on the pursuit of learning without fixating on whether it qualifies as a "hack."

Bruce steers away from highlighting colossal mistakes, underscoring the danger of overlooking numerous small errors that, when compounded, can lead to significant damage. This serves as a reminder of the importance of continuous self-reflection and honesty in the professional journey.

In summary, Bruce reinforces the essence of mastering the basics, making tough decisions, exercising caution in trusting tech companies, advocating for continuous learning, and embracing the joy of learning. These insights serve as invaluable guideposts as you navigate the intriguing landscape of cybersecurity.

Chapter 4: The Defender's Advantage in Cybersecurity

Our exploration of cybersecurity wisdom continues with insights from Robert M. Lee, a prominent figure in industrial cybersecurity and the CEO of Dragos, Inc.

Contrary to the prevailing belief that adversaries hold the upper hand in cybersecurity, Robert asserts that, with the right defense strategies, defenders can gain a significant advantage. This aligns seamlessly with Bruce's emphasis on prioritizing fundamental security practices for a robust defense.

Robert underscores the pivotal role of knowledgeable analysts within an organization. These experts not only aid in selecting appropriate technologies but also prevent unnecessary expenditure on vendor products, yielding a substantial return on investment.

Challenging the common notion that increased spending correlates with reduced cybersecurity breaches, Robert sees no direct connection. He attributes the apparent rise in breaches to an increased awareness and detection of longstanding issues.

In harmony with Lesley's stance on education, Robert dispels the myth that a formal college degree or certification is mandatory in cybersecurity. Drawing from his own experience, he encourages newcomers to leverage the wealth of free resources available for self-education and embrace a mindset of continuous learning.

Specializing in industrial control systems and threat intelligence, Robert highlights the value of hands-on experience in these domains. He recommends seeking employment in sectors like utilities or industrial companies to gain real-world exposure.

For career progression, Robert emphasizes the importance of unconventional paths and active engagement with the broader community. Similar to Ming's focus on communication skills, Robert suggests public speaking, writing papers, and offering training as avenues to stand out and refine skills.

Offering practical advice for home users, Robert advocates for simplicity, emphasizing the use of legitimate software licenses and two-factor authentication, aligning with Bruce's emphasis on getting the basics right.

Finally, Robert's guiding perspective, or "life hack," centers on maintaining a balanced mindset. While acknowledging the significance of threats, he encourages individuals and organizations not to let fear overshadow reality. This pragmatic approach serves as a valuable anchor for navigating the expansive realm of cybersecurity.

In essence, Robert's insights resonate with and expand upon the themes of mastering the basics, emphasizing self-education, and cultivating a balanced perspective on cybersecurity threats.

Chapter 5: The Human Element in Cybersecurity: Training as the Key

In this chapter, Jayson E. Street, a seasoned voice in cybersecurity and a passionate advocate for hands-on involvement in the field, presents a thought-provoking perspective that challenges common notions. His insights shed light on the pivotal role of training and culture in cybersecurity.

Jayson boldly challenges the prevailing belief that humans are the weak link in cybersecurity, arguing that it is not the individuals themselves but rather the failure to provide proper training that poses a risk. By instilling a security-minded culture in users, they can transform into a powerful line of defense. This reframes the narrative from blaming users to empowering them to protect the technology they engage with.

Addressing the paradox of increased cybersecurity spending amid ongoing breaches, Jayson draws an analogy to the perpetual struggle between safes and safe-crackers. He emphasizes that risk can never be entirely eliminated, and the focus should be on mitigating it to an acceptable level while continually evolving security practices to outpace potential threats. This insight underscores the ongoing, dynamic nature of cybersecurity.

In terms of career success, Jayson underscores the importance of consistent, passionate work. Regardless of one's current role, excelling in it and expressing a desire to grow and improve can pave the way for advancement. Curiosity emerges as a shared quality among successful cybersecurity professionals, driving them to solve complex and challenging problems.

For individuals navigating the digital age, Jayson offers practical advice – recognizing that online privacy is not guaranteed and prioritizing the patching of systems, which he contends is more effective than relying solely on antivirus software.

Jayson's "life hack" is a poignant reminder of human decency – advocating genuine kindness and respect towards others, not for personal gain, but for the potential positive impact on their day. This approach, he suggests, can cultivate unexpected positive outcomes in life, reinforcing the notion that the human element is central to creating a secure and compassionate digital world.

Summary

Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street collectively provide a wealth of insights into the realm of cybersecurity, dispelling common misconceptions and offering valuable guidance. One key theme across their perspectives is challenging the conventional belief in the necessity of a degree or certification. Instead, they advocate for the importance of self-study, hands-on experience, and a solid understanding of the foundational principles of cybersecurity as essential elements for success.

These experts stress the significance of cybersecurity professionals not only mastering their specific niche but also comprehending the businesses they serve. They advocate for achieving a balance between operational efficiency and robust security measures, recognizing the imperative for professionals to navigate the intersection of business operations and cybersecurity.

Interpersonal skills and continuous learning emerge as critical components in their collective advice. The experts highlight the importance of effective communication, decision-making, and emotional intelligence for cybersecurity professionals to thrive in their careers. Continuous learning, they assert, is key to staying abreast of the rapidly evolving cybersecurity landscape.

Practical advice for the general public, as provided by these experts, revolves around prioritizing fundamental security practices. This includes timely patching of software vulnerabilities, implementing two-factor authentication, and maintaining a cautious approach towards trusting tech companies. Their insights collectively guide individuals towards establishing a strong foundation for personal digital security in the ever-evolving digital age.

About the author

Marcus J. Carey, the visionary behind the highly acclaimed Tribe of Hackers cybersecurity book series, boasts an impressive career spanning over two decades in penetration testing, incident response, and digital forensics. His journey in cryptography commenced with the US Navy, and he holds a master's degree in Network Security. As the founder and CEO of Threatcare, a cybersecurity and software services company, Carey has been a driving force in the industry. Recognized for his significant community contributions, he is a sought-after speaker at various security conferences.

Jennifer Jin, an alumna of the University of Texas at Austin, distinguished herself as the Head of Communications at Threatcare. In this role, she orchestrated diverse responsibilities, including event planning, content marketing, and customer support. Beyond her professional pursuits, Jin extends her impact by serving on the National Board of the Alpha Kappa Delta Phi International Sorority, showcasing her commitment to leadership and community engagement.