Career Advice Tuesday: So you want to be a hacker
June 21, 2011
Hi Mike & Lee,
I’ve been in IT as a help desk professional for a little while, and recently I’ve started to take a little more interest in internet security and ‘ethical hacking’. I’ve come to realize that I like problem solving and troubleshooting more than I actually like programming. I’m not really sure where to go from here. I’m just looking for some focus as to what I should be learning and playing around with.
I appreciate any insight or input you can provide.
Newbie Ethical Hacker
Mike here – I’m writing this one almost completely on my own. Most people who start out in information security come at it from one of two ways: either because they want to learn to hack, or because they’re an IT professional already and end up gravitating to the particular problems that security provides. And most good security professionals end up learning both sides of that equation at some point in their career, because it’s hard to be good on offense if you don’t understand defense, and vice versa.
In short, if you want to be in security, it’s a good place to start.
I’ll be honest, however: learning to hack is an incredibly difficult thing to do. It requires a very deep and broad understanding of the way that systems and networks work. There are a large number of potential attack surfaces, and each of them requires a very different but very deep set of knowledge in that particular area: for example, becoming adept at attacking web applications is a wildly different skillset than becoming skilled at attacking the network itself, or performing attacks against systems themselves.
Here’s my advice (and I’m biased, as I run a site called The Hacker Academy where we train people on this type of skills): find someone who is able to do what you’re looking to do and find out how they learned what they know. Have them teach you a little bit at a time. This may or may not be a training company, but don’t get fooled by all the companies offering to teach you hacking in a 5-day bootcamp – you can’t learn to be an ethical hacker in a week, any more than you can learn how to be a doctor in a week. Find a training program that lasts for as long as you want to continue learning and continues to grow.
If you want more advice on this one, feel free to email me. I can give a lot more specifics if I know what you know and what you want to learn.
Mike (and Lee)
Posted by mmurray | Filed Under Career Advice Tuesday