10 things* (and a bonus one) about hackers...
Chris Roberts
Strategist, Researcher, Hacker, Advisor, CISO/vCISO, and podcast co-host. Please remember Rule No. 1 "Do not act incautiously when confronting small bald wrinkly smiling men.
So, there’s the distinct possibility I might have gone on a recent rant about hackers and hoodies, masks, gloves and how the media stereotypes us AND how we’ve managed to do the same to ourselves thanks to some overzealous marketing departments. With all of that being said I thought I’d build off the involvement I had in Ellen's piece in TheStreet’s on things people don’t know about those of us in this industry.
1. Most of us do own hoodies, they are warm, versatile and comfortable to wear when out and about on physical penetration tests HOWEVER most of us don’t sit at the keyboard with the hood up, gloves on and our faces covered…lets adjust that particular stereotypes please.
2. Many of us prefer black or darker colors…we travel a LOT, we are not always able to stay in the best of shapes and black works to hide the extra padding we’ve accumulated (temporarily in many cases…) lets face it you don’t want a bunch of slightly chubby hackers breaking into your offices wearing fuchsia or orange do you?
3. A LOT of us are self taught, we have a thirst for knowledge that goes beyond just technical/traditional “geek” things…you’d be surprised if you engage us in conversation that we are typically well read, well versed AND articulate IF we could just work out how to converse with people sometimes :)
4. We are not always the best at communication, we typically think in patterns that are different than most others, we too often ask people to move out of the way and just let us “fix it” as opposed to taking the time to help educate all around us…and unfortunately we don’t like explaining things multiple times…we have to do a better job of communication with others at the user, manager and executive level, and they in turn need to do a better job of listening...it’s a symbiotic relationship that both parties have to do a better job of understanding…we know it.
5. Some of us will wear kilts a lot of the time, we wear them to conferences, to work, to meetings etc. Our community has no problem with kilts just as we have no problem with people identifying with ANYTHING they want to wear or BE. Whatever you want to wear, whatever or whoever you want to be IS acceptable in our community, the rest of the world needs to learn that lesson. HOWEVER if you call my kilt a skirt I will hollow out your head with a spork and replace it with the guts of a ZX80.
6. Unfortunately we are a male heavy industry, we don’t want to be, we have a LOT of work to do to be better at inclusiveness and understanding barriers and pretty much everything necessary to address the balances…we know it, we are working on it, the rest of the world could also take some lessons JUST as we have learned from others.
7. We typically like to disassemble things, not to cause problems but to understand how they work, to test them, to see if we can improve them and then to work out how to reassemble…often in a better way than they originally were….it’s on our blood and our brains, accept it please. I took the household vacuum cleaner apart when I was 8 to both see how it worked AND to make a hovercraft…these days I do the same thing with companies and their tech :)
8. Most of us are in this realm to do good, we don’t always go about it the right way, but the ultimate aim is to help things improve, to help humanity NOT go over the precipice or be sunk under the tsunami of technology that is upon us…we’re not perfect but we want to help...let us.
9. Many of us are former military, government or something that involved using things other than keyboards...we are not the weak nerds that Hollywood likes to insinuate (neither are we the chiseled man-stud-muffin known as Chris Hemsworth) but again, when talking with us please understand that no only can we lob an exploit into your enterprise from across the globe we can probably also shoot out the escape key on your keyboard from 1,000 yards.
10. Get out of the “English” mindset, again thanks to mainstream media the “hacker” is a white male in their 20’s and nothing could be further from the truth…the top country by scale is China, then followed by the US and then we have a HEAP of other countries most of whom don’t have the pale white skin associated with the typical “hacker”.
11. Hacker and hacking is not a negative thing. The primary driving force for change and new inventions in this field is hacking, it is the simple ability to understand the status quo and be able to change it.
So, there’s a few, as a community we could probably write a books worth more, we have our issues and our challenges, we are growing up and working on HOW to be part of the enterprises we are charged with securing, how to be part of society even though many of us prefer to avoid it…and trying to work out how to navigate a path forward in this fragile technologically challenged world we exist in.
Hope that’s helped let the debates begin...
Network, Web App & Mobile App Penetration Tester | Security Analyst / Cybersecurity Researcher | B.S. in Cybersecurity
5 年I hate to dredge up a topic from so long ago, but it does need to be sent out as a reminder. A lot of us that get into or want to get into, having a bit of a sheepdog mentality, we want to protect others not like us. I do appreciate # 9 that talks to this in a bit different way. Some of us have been into computers for decades but chose a different career path until now. Just because we can't say we've done tech support for 10 years in an employment provable manner doesn't mean that we haven't been doing tech support for a myriad of people for years. It also doesn't mean that we haven't instilled a security mindset into those around us, which can be especially tough with a group that thinks you can fix anything they mess up. We take an interest in how "things" work not that they are just supposed to work. There are a ton of career fields that need this type of thought. In mechanical fields you will find a bunch of people that decided to take apart the non-working watch to see why it doesn't tick anymore. The watch probably never worked again anyway but a lot was learned about mechanical engineering and springs under pressure and a bit of wonder how 6 foot of spring fit in that spot, to begin with. There are things within this that colleges can't teach it has to come from the individual. Just because a person can pass a test doesn't mean they understand what is going on and can fix the problem. The basics of troubleshooting can be taught but it is up to the individual to put those basics into the questions "Is this the way it is supposed to work?" if not "Why is it doing this?" "What could cause this?" "What would change this action?" In this field like many others, we forget the whole, we treat the symptoms of the problem without really digging into the cause. We forget the basics, which almost all problems stem from, and try to find the next best miracle cure. The opposers have banded together to do what they do. It is time that we drop the '80s mentality of "Someone might steal my job" and adopt an inclusive mentality that we all work together to solve problems.
40 Under 40 | Founder @TeachKidsTech | Best-Selling Author/Illustrator | SANS Winner | Principal Solutions Architect
5 年Jeff Bain Jr - #9 is literally stuff you have said to me at work ??
Unstoppable Learner, Manager, Resilient, Calm Under Pressure, Solution Goalie, ,U S Veteran,
7 年Thank you Chris Roberts I enjoyed your op-ed. I wish there could be a conversation where those of us who are not already in could get a foot in and learn if what we have learned is real. There are people who say they need to have more folks in the field yet the folks hiring want people already taught, experienced, cleared and ready to go.
Senior Member of Security Operations Team
7 年Try reading the jargon file - catb.org
Co-Founder & Creative Director @ITSPmagazine | Dr. in Political Science / Sociology of Communication l Branding Advisor | Content Marketing | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / +
7 年Dude... do not get me started on the hoodie, you know how I feel about it. It is my personal creative battle that I will take on as soon as I have some time to dedicate to it. Of course, all the other points are well presented as well. Somewhere I read that "Hacking is solving a puzzle." I thought it was a great definition of it. p.s. I would love to post this as a chronicle on the magazine if you are ok with it. It might inspire me to add to it.