Introduction
A twelve-year-old tucks her first cell phone securely in her jean pocket. Delighted to know she can now text her friends and watch You-tube videos, she is oblivious to the fact that her phone also connects her to the rest of the world. An HR director, working in the corner of his local coffee shop accesses his company laptop from an unsecured public wireless network to assess performance reviews. The head of a developed country swipes through the news on the latest premium smart-phone, equipped with a camera and microphone, having refused to download any sophisticated software to protect the device.
Not unlike most of the four billion internet users around the world, these people see nothing concerning or even unusual about their actions. Such online behavior is quite common, according to today’s online activity standards. Consumers focus on connectivity, the speed and quality of connected internet access, and how it makes their lives more efficient. By these same standards, we know that they’re taking significant cybersecurity risks that can compromise their identity and personal data and potentially alter their lives for the worse.
In 2018, over half the world’s population is active on the internet and 3.3 billion use social media. (Almost) everyone— individuals, organizations, and government agencies—is vulnerable to cybercrime. Stories of breaches regularly make the evening news; it is no secret that we are fighting an invisible, silent war that makes no distinction between age, race, or socioeconomic status.
Global cybercrime cost $105.45 billion in 2015 and is projected to reach $181.77 billion by 2021. Things will only get worse as countries capitalize on the growth a digital economy promises. Commercial giants and governments around the world fight threat actors daily. However, even these influential organizations are often too late. It can take weeks, months, and even years to recover from far-reaching attacks that are typically unseen, unheard, and not trackable. Even Warren Buffet thinks that cyberattacks are now the biggest threat to mankind, more so than nuclear weapons.
The cybersecurity market has grown exponentially to meet the demands of government regulations and to defend against and respond to cyber threats. Despite the clear need for better prevention and recovery methods, a chronic shortage of qualified cyber- security experts will grow significantly over the next few years as the number of breaches and their level of sophistication grows. Mainstream media rarely addresses cybersecurity issues. Furthermore, too few high school graduates and college students know that cybersecurity is a viable career path. Anyone who chooses this path can earn a great living with exciting travel opportunities and job satisfaction.
When I started out, there were very few books to guide those of us who were curious about this industry and not nearly enough mentors to hit up for advice. As I traveled the world helping companies prevent and recover from cyberattacks, I learned that organizations and governments are struggling to connect, recruit, and retain candidates with the right skillset.
Today, many of my colleagues and I are happy to help guide anyone thinking of pursuing cybersecurity, but there’s still a considerable lack of awareness at the educational, continuing education, and professional levels. I wrote this book to help those interested in this career and to open their eyes to this growing opportunity.
Everyone writing a book on cybersecurity is, in their own way, helping to demystify and find ways to invite others to be part of this profession. Many of the published books focus on the how-to series, e.g. how to become an expert hacker of a specific platform. These are useful technical books. Born 2 Hack shares the bigger picture of how cybersecurity works, and includes my experiences and lessons learned from the trenches.
My hope is that, after reading this book, you, an aspiring cybersecurity expert, are able to carve your unique pathway into this field. This book is for anyone who has an interest in cybersecurity and who wants to know who the players are, but isn’t sure how to start. The good news is that there’s no absolute starting point, so no matter where you are now, there’s likely a way for you to get your foot in the door.
How to read this book
In chapters 1 and 2, I describe how cybersecurity came into being, how it led to my career in a field that never existed, and where we are now.
In chapters 3, 4 and 5, I differentiate “white hats” from “black hats” (hackers) and detail why consumers, businesses and governments urgently need cybersecurity experts. Along the way, I offer best practices that help protect people and organizations from being compromised.
The final section, chapters 6, 7, and 8, outlines how aspiring “white hats” can begin their journey, no matter where their starting point might be. They can also be inspired by other successful experts in carving their own careers. Finally, I offer my closing thoughts, what latest technologies will impact cybersecurity, and where ethical hackers have even more opportunities.
Throughout the book, I share my stories—the good, the bad, and the strange—some of which are detailed and openly discussed in the press, while others are modified to protect the innocent. I’ve also outlined some of the biggest and documented cybersecurity investigations as use cases to help you better understand what we’re facing.
Who this book is for
I offer something of interest in this book for everyone, regardless of your level of expertise:
• for “budding” cybersecurity candidates—how to get into cybersecurity.
• for “curious” citizens—what is cybersecurity?
• for “experienced” professionals—how to make pathways and deepen your career.
Feel free to delve into the chapters that you deem most relevant. However, I hope and sincerely recommend that you read this book in detail. Stick with me, and let this book help you demystify the inner workings of the cybersecurity industry and how you can carve your very own trail.
Endnotes
[1] According to the 2018 global digital report more than two thirds of the world’s population has a mobile phone, that is 5.135bill on people, and it is also the preferred choice for going online.
[2] Cybercrime is defined as a crime in which a computer (or a connected device) is either the object of the crime or is used as a tool to commit an offense.
[3] Threat actors are cybercriminals; individual(s) who form the threat and are classified according to the severity of the threat posed (see Chapter 3).