People ask me, “What do you do?” When I answer with, “I am a penetration tester,” I find that people generally just nod along and pretend they know what it is that I actually do. However, on the day where I am in the mood to razzle dazzle, I answer with “I am a hacker!” The reactions generally vary between priceless disbelief and excitement. But in every instance, I see the gleam of curiosity grow in their eyes.
Then I get asked the million dollar question: “How did you become a hacker?” When people find out that I am a “professional hacker,” some assume that I just go around hacking everyone and everything—that I am “in the know” about every little secret. The media has portrayed hackers to be like the character “Mr. Robot”—drug users and misfits who live a secret hidden life filled with thrills and excitement.
While I find what I actually do incredibly interesting and fulfilling, for me, the reality of a professional hacker is much like any office job I’ve ever had. There is a lot of paper pushing, documents to write, and meeting after meeting with what seems like every team in the company. The exciting parts – the actual hacking – can be a very tedious and a slow process. To manipulate something, you have to understand it, which means research is your best weapon.
I say this to tell you that unless you want to live a miserable clock punching existence as a penetration tester, you have to live for the hack. Hacking needs to flow through your veins. If this is your cup of tea, then keep reading because I am about to explain to you what it took for me to get my “big break” demonstrating my hacking skills in front of an audience during an interview at a Fortune 100 company.
It started for me as a somewhat unruly kid. I would press buttons just because you told me not to. I would step over the line in the sand just to see what you’d do. I was in trouble often from as far back as I can remember. I got my first computer in the 90s and had dial-up access. I tell you about this because this was ground zero for me. I wasn’t in it for the money, I was not in it for the career – I was in it because I found out that with AOL Instant Messenger I could get my teacher's IP and kill his Internet connection.
This frustrated the daylights out of him, and it really made me chuckle. Fast forward to high school... My passion for learning everything about computers has evolved into a more structured environment. I took advantage of every technology course my school had to offer. When I was not getting along with my programming teacher, she would ban me from using a computer and told me that I could learn to code with a paper and pencil. I wrote a whole blackjack game in pencil and paper. I typed it all up and debugged it then won 2nd place in the county programming fair with it.
Eventually, I tapped out every resource my high school could offer me, so I dropped out. I needed more of a challenge, so I walked in and got my GED, and then I started college at 17. All the while, I discovered 2600 and Internet Relay Chat (IRC). I was always making connections with other hackers. I always felt like I was in the right place.
Finally, I knew what I wanted to do: I wanted to become a professional hacker. I always heard that education was the way to go. That advice has not failed me. Your first battle when breaking into this industry will be getting the first job. Do everything you can do to stack those odds in your favor. I went to college and worked for a Bachelors of Science in Computer Information Systems. (A degree is great to have because it never expires.
You don’t have to get credits to keep your degree.) What gave me my first infosec job was a degree and a Network+ certification. I was working as a computer technican when I received an offer for an entry level Security Operations Center job working as a Network Security Analyst. During this time, I met a few penetration testers and spoke with them. I knew then that I had to continue learning. I set up a home lab with hackables like Mutillidae and Metasploitable.
I got involved with Capture the Flag (CTF) teams, and I went to OWASP meetings. I hung around IRC and got to know more people in the industry. The greatest thing about this first job was that they would pay for my certifications. Of course, I took advantage of this like any self-respecting hacker does with anything. They payed for my Security+ and Certified Ethical Hacker (CEH). I can’t stress enough the following enough: you have to allocate some money (and time) to invest in yourself.
If you’re investing wisely, the return on your investment will be unimaginable. At that point, I was equipped with a Bachelor’s degree, a Network+, a Security+, and a CEH with about a year and a half's worth of network security experience. All of those things together motivated me to start applying for jobs. A few months later, a Fortune 100 company responded. A hiring manager glanced through the available resumes looking for the right alphabet soup after someone’s name. In just a short couple of years, I had assembled that right alphabet soup. That is what put me in front of the interviewers.
This was only the first step. Remember how I mentioned before that I set up labs and competed in CTFs? Ultimately this lab work, not to mention the resulting skills I had acquired, landed me the job. Half the battle is getting in front of the interviewers. The other half is possessing the skills to back yourself up – both parts matter equally.
Not only did I need to get my foot in the door but I needed the ability. I don’t pay certification bashers much attention because what certifications will absolutely do for you is give you an advantage. It is very possible that you can get a certification and not learn a thing. It is also very possible that you will be overlooked because you did not have the right credential. However, my personal experience has shown me that I had a very competitive advantage by possessing the right pedigree.
What set me apart from the other candidates were the skills that I was able to demonstrate; the skills I obtained because at one point in my life, I was just a kid who liked to kick his teacher offline. I haven’t forgotten where I come from, and I never will. Study hard, and invest in yourself. Meet people, get involved, and most importantly, remember who you are.
To learn more about the types of jobs you can inspire to achieve in information security, please click here and here.
About the Author:
Tyler Wall is a security fanatic. Employed as a Senior Security Engineer by day and born with a natural curiosity for anything and everything that spills over into everyday life by form of his many (mis)adventures. He holds numerous security certifications and degrees and describes himself a catalyst for positive change.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.
