Tribe of Hackers (2019) is a comprehensive guide for aspiring and seasoned cybersecurity professionals globally built around enlightening interviews with 70 security experts, including well-known figures such as Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. It provides valuable advice for everyone hoping to tool up in the rapidly evolving cybersecurity landscape.
Table of Contents
- Introduction: An insider’s view into the world of cybersecurity.
- There are lots of paths to becoming a cybersecurity pro
- Interpersonal skills are just as important as academic qualifications
- The best approach to cybersecurity is to keep it simple
- Cybersecurity adversaries don’t have the upper hand – defenders do
- Humans don’t undermine cybersecurity – poor training does
- Conclusion
- About the Author
- Genres
- Review
Introduction: An insider’s view into the world of cybersecurity.
Have you ever wondered about the intricacies of the cybersecurity world? Pondered what it takes to become a successful professional in this ever-evolving field, or how to keep your personal digital environment secure? These questions, and many more, often linger in the minds of many of us, as we navigate this digital age. After all, the world of cybersecurity offers endless lessons to learn and explore.
In this chapter, you will be guided through a rich tapestry of insights and experiences straight from the veterans of cybersecurity. Through the lenses of accomplished professionals, you’ll get a comprehensive overview of the field, debunking common myths and understanding the integral role of personal and professional skills in achieving success in cybersecurity.
This journey promises to not only enlighten you about the diverse pathways to success in cybersecurity but also empower you to make informed decisions about your personal digital safety. As you delve into these narratives, you’ll better understand the role of constant learning, practical experience, and a balanced perception about cybersecurity threats. Most importantly, you’ll grasp the profound role of interpersonal skills in propelling your cybersecurity career, and you’ll learn how to navigate the landscape of cybersecurity with a sense of confidence and clarity. So, get ready for an enlightening journey through the world of cybersecurity.
There are lots of paths to becoming a cybersecurity pro
Let’s kick things off with some insights from Lesley Carhart, an information security whizz who’s been in the IT industry for nearly two decade. She currently serves as a principal threat hunter at Dragos, Inc., and has a lot to share about cybersecurity.
Now, if there’s one misconception she wishes to debunk, it’s that security professionals should not only focus on the nitty-gritty of their niche but also comprehend the businesses they serve. You see, these organizations often aren’t security-focused themselves. So, the quicker security pros grasp this, the sooner they can help senior leadership strike a pragmatic balance between operations and security.
Another pearl of wisdom that Lesley imparts is that you don’t need a college degree or certification to be a cybersecurity hotshot. While a degree can help get your foot in the door or boost your chances of snagging a promotion, it’s not the be-all and end-all. The journey to becoming a cybersecurity pro is flexible with many paths to success. However, Lesley gives a heads-up: don’t just rely on degree programs to equip you with all the skills you’ll need in this field. She encourages self-study and active involvement in the community as key components for success.
When it comes to climbing that corporate ladder or starting your own cybersecurity company, she emphasizes networking. Get out there, interact, and get involved! Brushing up on your social skills might even give you an edge. Lesley’s seen smart folks miss out on opportunities because of poor interview or résumé skills. And remember, the cybersecurity world values creative problem-solving and an insatiable curiosity about how things work.
Finally, for anyone wondering how to keep their home network safe in this digital age, Lesley has some tips. Consider the necessity of your Internet of Things devices and try to separate them from your main computer network. For instance, keep your smart devices and tax-preparing computers on separate networks, and ensure they’re protected by a firewall.
Interpersonal skills are just as important as academic qualifications
Next, we’re learning from Ming Chow, a senior lecturer at Tufts University who’s made a big splash in the world of cybersecurity and computer science education. Let’s see what Ming has to share from his wealth of experience.
Ming believes there is no direct correlation between increased cybersecurity spending and breaches persisting. Here’s why: First, many assume more spending itself will fix the problem. Second, management may not grasp what exactly they’re protecting against or the real threats. Third, cybersecurity products can be complex and vulnerable themselves. And fourth, many breaches result from basic issues like weak passwords that money can’t prevent.
Luckily, Ming also suggests an effective way for organizations to up their cybersecurity game: emphasize it right from the onboarding process. He encourages constant drills and exercises, such as phishing simulations. This approach, he believes, helps to instill a serious regard for cybersecurity across the organization and spreads awareness, much like learning from a burnt finger not to touch a hot stove!
If you’re wondering how to get started in the cybersecurity field, Ming advises that it’s a vast, interdisciplinary field that offers room for both technical and non-technical skill sets. It’s accessible to almost anyone and doesn’t require fancy equipment or a college degree. But it demands hard work to stay up-to-date, intellectual curiosity to understand how things work, and hands-on experience. Ming often suggests beginners start by setting up a vulnerable web server at home, a practical exercise that offers real, hands-on experience.
Lastly, when it comes to climbing the corporate ladder or starting a company in cybersecurity, Ming believes that personality and emotional intelligence play a crucial role. Your academic or technical skills may land you a job, but it’s your interpersonal skills that will help you secure promotions and drive your success in the long run.
In short, Ming underscores the importance of continuous learning, practical experience, and strong interpersonal skills in making it big in cybersecurity.
The best approach to cybersecurity is to keep it simple
Next up: Bruce Potter, the CISO, or chief information security officer, at Expel and founder of the Shmoo Group. He’s been in the cybersecurity field for over two decades, and brings a wealth of experience to the table.
Much like Ming, Bruce stresses that mastering the basics is key for an organization to improve its cybersecurity posture. Instead of getting lost in the newest technological advancements, organizations could significantly strengthen their security by focusing on simple measures such as patching software vulnerabilities, limiting the use of USBs, and implementing two-factor authentication.
When it comes to the shared qualities of successful cybersecurity professionals, Bruce has an interesting perspective. He highlights the ability to make tough decisions, to say “let’s do this,” and follow through with what’s right, even when it’s not the easiest path. This ties in nicely with Ming’s idea of the importance of personality and emotional intelligence in this field.
On the topic of cybersecurity advice for the general public, Bruce’s focus is a little different. While he acknowledges that the vast majority of individuals are not prime targets for cyberattacks, he urges caution around trusting the companies providing Internet of Things devices and their associated cloud services. If a service is free, he suggests, it may not be entirely trustworthy. And in a somewhat surprising twist, he champions the use of Apple products for their robust security features.
In line with Ming’s emphasis on continuous learning, Bruce dismisses the concept of a “life hack,” pointing out that it’s really just another term for learning. His belief is that one should simply pursue learning without worrying about whether it qualifies as a “hack.”
When it comes to mistakes, Bruce doesn’t single out any massive blunders. Instead, he cautions about the danger of not recognizing and addressing numerous small mistakes, which can collectively cause significant damage – a reminder that continuous self-reflection and honesty are crucial in any professional journey.
In a nutshell, Bruce reiterates the significance of mastering the basics, making tough decisions, staying vigilant about the trustworthiness of tech companies, and embracing the joy of learning. Keep these nuggets of wisdom in mind as you navigate the fascinating world of cybersecurity.
Cybersecurity adversaries don’t have the upper hand – defenders do
Let’s now see what Robert M. Lee has to say about cybersecurity. Robert is a notable name in the realm of industrial cybersecurity and the CEO of Dragos, Inc.
We’ll begin with an insightful piece of advice from Robert. Contrary to popular belief, he doesn’t agree with the idea that in the realm of cybersecurity, adversaries always have the upper hand. Contrary to this, he argues that with the right defense strategies, defenders can gain the advantage. This complements Bruce’s suggestion of prioritizing fundamental security practices to maintain a robust defense.
Robert also highlights the importance of having knowledgeable analysts in an organization. These experts not only help choose the right technologies but also prevent the unnecessary expenditure on vendor products that may not be needed, thus offering a great return on investment.
Contradicting the widespread belief that increasing cybersecurity breaches correspond to increased spending on security, Robert sees no direct correlation. He explains that while breaches seem to be on the rise, it may merely be a perception issue due to increased awareness and detection of old issues.
Echoing Lesley’s emphasis on learning, Robert reassures us that a formal college degree or certification isn’t always necessary in cybersecurity. Much of his knowledge is self-taught, and he encourages newcomers to leverage the plethora of free resources available for self-education and to embrace continuous learning.
Robert’s cybersecurity specialty lies in industrial control systems and threat intelligence, areas where hands-on experience is highly valuable. His advice for others interested in these areas is to seek employment in places like utilities or industrial companies, where real-world experience can be gained.
For career progression, Robert reiterates the importance of stepping outside the traditional paths and engaging with the broader community. Much like Ming’s focus on communication skills, Robert suggests public speaking, writing papers, and offering training as ways to stand out and hone skills.
On the topic of practical cybersecurity advice for home users, Robert reassures people not to overthink or fear. He underscores the use of legitimate software licenses and two-factor authentication, reminding us of Bruce’s emphasis on getting the basics right.
Finally, his guiding point, or “life hack,” emphasizes that although threats are more significant than many realize, they’re often not as bad as imagined. This sensible mindset serves to center individuals and organizations, helping them navigate the vast landscape of cybersecurity.
In essence, Robert’s insights echo and expand upon the themes of understanding the basics, focusing on self-education, and maintaining a balanced perspective about cybersecurity threats.
Humans don’t undermine cybersecurity – poor training does
Jayson E. Street, a seasoned voice in cybersecurity and an advocate for hands-on involvement in the field, offers a wealth of insights that bring a fresh perspective to how we approach cybersecurity. His point of view is particularly interesting, starting with a compelling myth-busting statement: humans are not the liability in cybersecurity, rather, it’s our failure to properly train them.
He speaks to the perception that humans are the “weakest link” due to errors such as clicking on unsafe links or using weak passwords. Jayson flips this idea on its head, asserting that if we properly instill a security-minded culture in our users, they can instead become a powerful line of defense. This shifts the focus from blaming the user to empowering them to protect the technology they’re using.
Jayson also delves into the seemingly paradoxical situation of rising cybersecurity spending amidst continual breaches. He likens it to the eternal struggle between safes and safe-crackers – no matter how advanced the security, risk is never entirely eliminated. Rather, it’s a matter of mitigating risk to an acceptable level and constantly evolving our security practices to stay one step ahead of potential threats. His insights remind us that there’s no finish line in cybersecurity – it’s a continual race against ever-evolving risks.
In terms of career success in cybersecurity, Jayson stresses the importance of consistent good work, driven by passion. Regardless of your current role, excel in it while signaling your desire to grow and improve. He also identifies curiosity as a shared quality among successful cybersecurity professionals. This inherent desire to solve problems and find solutions, especially when they’re complex and challenging, is what makes someone stand out in the field.
For everyday people navigating the age of social media and the Internet of Things, Jayson offers practical advice – remember that online privacy is not guaranteed, and to keep your systems patched. This, he says, will do more to protect you than any antivirus software.
Jayson’s “life hack” is a beautiful reminder of human decency – be genuinely kind and respectful to others, not for personal gain, but simply because it might make their day better. This approach can foster unexpected positive outcomes in life. So, let’s not forget the human element which, as Jayson stresses, is at the heart of a secure and compassionate digital world.
Conclusion
Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street have a lot of insights to offer about cybersecurity. They debunk common misconceptions, such as the necessity for a degree or certification, emphasizing self-study, hands-on experience, and understanding the basics of cybersecurity as key factors to success. The experts underscore the need for cybersecurity professionals to comprehend the businesses they serve, advocating for a balance between operations and security. They also highlight the importance of interpersonal skills and continuous learning. Practical advice for the general public includes prioritizing fundamental security practices like patching software vulnerabilities, two-factor authentication, and being cautious about the trustworthiness of tech companies.
About the Author
Marcus J. Carey
Genres
Technology, the Future, Politics, Career Success
Review
Here’s a brief review of the book “Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World” by Marcus J. Carey:
“Tribe of Hackers” is a compilation of cybersecurity advice from some of the best hackers in the world, curated by Marcus J. Carey, a renowned cybersecurity expert and founder of the cybersecurity company, Threatcare. The book features insights and stories from over 70 hackers, including well-known figures such as Kevin Mitnick, Woz, and Bill Hixon, among others.
The book is divided into six parts, each focusing on a different aspect of cybersecurity: Offense, Defense, Recon, Research, Strategy, and Career. Each part is further broken down into several chapters, each written by a different hacker. This format allows for a diverse range of perspectives and experiences, providing readers with a comprehensive understanding of the cybersecurity landscape.
One of the standout features of the book is the emphasis on practical advice. The hackers who contributed to the book share their real-world experiences and offer actionable tips that readers can apply to improve their own cybersecurity. Whether you’re a seasoned cybersecurity professional or just starting out, there’s something in this book for everyone.
In the “Offense” section, readers will learn about the various types of cyber threats and how to identify and mitigate them. This includes chapters on phishing, social engineering, and malware, as well as tips on how to build a secure network and protect against ransomware attacks.
The “Defense” section focuses on strategies for securing networks and systems. This includes chapters on firewalls, intrusion detection systems, and encryption, as well as advice on how to implement security protocols and policies.
The “Recon” section covers the importance of gathering intelligence and conducting vulnerability assessments. This includes chapters on network scanning, password cracking, and web application security, as well as tips on how to use tools like Metasploit and Nmap.
In the “Research” section, readers will learn about the latest trends and developments in cybersecurity research. This includes chapters on topics such as machine learning, artificial intelligence, and the Internet of Things (IoT), as well as advice on how to stay up-to-date with the latest security research.
The “Strategy” section provides high-level guidance on how to develop and implement a cybersecurity strategy. This includes chapters on risk management, incident response, and security governance, as well as advice on how to communicate effectively with stakeholders and build a culture of security within an organization.
Finally, the “Career” section offers advice for those looking to start or advance their careers in cybersecurity. This includes chapters on networking, professional development, and career paths, as well as tips on how to build a personal brand and find job opportunities in the field.
Throughout the book, Carey also shares his own insights and experiences, providing additional context and perspective. He emphasizes the importance of staying curious and continually learning, and encourages readers to think creatively and critically about cybersecurity.
One potential drawback of the book is that some of the technical details may be overwhelming for readers who are new to cybersecurity. However, Carey and the other contributors do an excellent job of explaining complex concepts in an accessible way, making the book accessible to a wide range of readers.
In summary, “Tribe of Hackers” is an excellent resource for anyone interested in cybersecurity. The diverse range of perspectives and experiences shared in the book provide readers with a comprehensive understanding of the cybersecurity landscape and practical advice for improving their own security. Whether you’re a seasoned professional or just starting out, this book is a must-read for anyone looking to stay safe and secure in the digital world.