June 25, 2013 at 12:46 pm #8499SephStormParticipant
So I am entrenched in a discussion on Linkedin involving who can be a hacker, who has the capability, who has the mindset, can it be taught?
I’d like your thoughts on this. I think almost anyone couldd be taught, and quite easily the thought process, the mindset. The skills will come, but it isn’t that difficult to teach patience, determination, the “If i can’t get in this way, i’ll find another way” way of thinking.
I look at this. A traditional IT person has a passion for technology he’ll need work on the patience after a few years in customer support 😉 how difficult would it be to make the transition? We traditionally find new ways around issues on a daily basis.
June 25, 2013 at 1:18 pm #53180UKSecurityGuyParticipant
The problem comes around the defination of ‘security hacker’.
Does it mean a security professional that can perform standard Penetration tests? Then yes, I’d suggest that skills can be taught, methodologies followed, and tools learnt.
Does it mean a security professional that can take apart a system looking for the vulnerabilities for the purpose of exploitation or investigation? Then no, I’d suggest that this is a mentality and passion, and something you either are, or you turn into – it’s not something that can be ‘taught’ to you.
June 26, 2013 at 12:44 am #53181TribanParticipant
Always an interesting topic for discussion. If you have the desire to take things apart to see how they tick then you have the mindset to become a professional hacker. Did you grow up with legos? Do you pick up puzzles in the toy stores and try to solve them while your significant other is looking for a kid’s gift? Do you reverse engineer the VCR so it can play blu-rays?? Then you might be a hacker… 😀
That is the mindset one needs for that. Now to the security side, it is all a matter of one’s knowledge base. One can certainly be taught how to run tools or go through a checklist of tests. But to excel in the field, you need to have some decent background and strong desire to continue learning. Never admit you can’t learn anything else, there is always more.
June 26, 2013 at 3:08 am #53182Phillip WylieParticipant
I think a good way to explain whether somebody could be an ethical hacker/pentester, is to compare it to other areas of IT. You have varying levels of technical skills. You have the people that everyone goes to, that always have the answers, and the people that have a hard time getting it, then you have various levels between the gurus and the technically challenged. I have seen some people that just didn’t have what it took to excel in IT and the help desk would be the best they could hope for. I think most people fall somewhere in the middle. I myself don’t fall into the guru category, but I have done OK. Over the years I have spent a lot of time learning new things outside of work. I started my IT career as a system engineer doing server support. I taught myself Linux right around the time I got into IT and now that skill is paying off now in my current roll as an ethical hacker/pentester. I taught myself web design and I took a couple hacking courses over the years. Those skills have helped me in my career. I think anyone can do it, but the level they achieve depends on how much work they are willing to put in. There are a lot of skills needed to be an ethical hacker and starting in other areas of IT will help you gain the skills needed to be an ethical hacker. Having an analytical mind and being a good problem solver are helpful. Those can be gained from other areas of IT. It all depends on how hard a person is will to work, that determines the level they will achieve. The really smart and talented people will get there faster, but anyone willing to put in the work and the effort can do it at some level. Once you have the prerequisite skill, a course like Pentesting With BackTrack (OSCP) will help you develop a hacker’s mindset.
June 27, 2013 at 6:11 pm #53183jrdotyParticipant
I was in an interview once where the interviewer gave me a mind puzzle. He gave me a pen and paper and said “I have a cake. I need to cut this cake into 8 slices but with only 3 cuts. Do it.” (The trick is that you cut it in the middle. Two slices to put it in fours and then one through the middle to double it.)
The interviewer’s point was not to see if I had the answer but to see how long I would struggle with it. His philosophy was that he didn’t care how much you knew but how much you could know by the end of the day. Did you come up to challenges and embrace them or do you instantly give up and go ask someone for help.
He later told me of someone they interviewed for a System Admin job who gave up on the challenge within a minute. Huge turn off. It reveals a lot about who you are interviewing. I do it in all of my interviews now.
I think that is a big quality in a hacker and most technical/scientific fields. Do they accept challenges, research, test theories, repeat? Or do they just go looking for the easy answer.
June 28, 2013 at 7:40 pm #53184SephStormParticipant
sorry, I was out of town for a few days. UKSG I agreewith you on the first point, but I disagree on the second, to an extent. I would agree that it is something you have to be into, but not that you are born with or is limited to a subset of people. Look at the hackerspace movement and other similar things, you have people who have never shown an interest in this arena, sometimes in their later years learning these new skills, developing and learning new technology. While something does need to spark the change, I think it foolish for us to limit acceptance in the community to only the rockstars who hacked phones at age 10.
“But to excel in the field, you need to have some decent background and strong desire to continue learning.”
Absolutely agree, you need a passion, but I think that passion doesnt always develop as a child, it can be nurtured later in life.
The specific topic that came up in discussion of the use of military personnel. Many people assumed that they would not be able to think out of he box, that they are robots. Having served with many, I disagree. I have served with people in many mos’ and seen that across the board, military personnel are just like civilians, the difference is when they put on the uniform, they have to play the game, say yes sir and no sir. They are just as capable, just as determined as someone else. Many work in high technology fields, satcom, EW, IT support, Intel, they can all be cyber warriors if they want to. Now, I am not a fan of just letting anyone go cyber willy nilly. I think they should have to demonstrate knowledge or a passion for technology.
You must be logged in to reply to this topic.