Breakers or Builders - What does the cybersecurity field need?

In cyber, you’re either a “breaker” or “builder”. That may be an oversimplification, but essentially, you are on the side of ensuring that security is baked into the system (builders) or you’re looking for the holes in the system so that they can be remediated (breakers). These roles epitomize the dual nature of cybersecurity, which encompasses not only the defense against impending threats but also the proactive search for vulnerabilities.

Breakers are the cybersecurity experts who specialize in penetration testing and ethical hacking. Their primary objective is to think like attackers and exploit vulnerabilities in systems before malicious actors do. By identifying and exploiting these weaknesses, breakers provide invaluable insights that help in fortifying security measures. Their work is crucial in preempting potential breaches, ensuring that systems are not only tested but also trusted.

On the other side of the spectrum are the builders. These professionals focus on creating robust systems designed to thwart attacks. Builders are involved in developing secure software, implementing strong network security protocols, and ensuring that cybersecurity measures are integrated during the initial phases of system design. Their role is vital in laying down the foundational security frameworks that protect an organization’s digital assets.

Are both needed?

Of course they are. Together, breakers and builders form a mutually beneficial relationship that strengthens an organization’s cybersecurity posture. Breakers identify and exploit flaws, which builders then address, reinforcing the system against similar attacks. This continuous cycle of breaking and building not only enhances the security of individual systems but also elevates the security standards of the entire industry. By understanding and valuing the distinct yet complementary roles of breakers and builders, organizations can develop a more resilient and proactive approach to cybersecurity, safeguarding their operations.

More on the Breakers

The role of "breakers" is analogous to that of a quality assurance tester, probing for vulnerabilities before they can be found by a bad actor and exploited. These professionals, often referred to as ethical hackers, are indispensable in preempting threats and strengthening the security framework of organizations. Their work involves a proactive approach to security that goes beyond mere detection, encompassing a deep understanding of potential exploits and the strategic implementation of defenses. In short, they are hired to think and act as a bad actor.

Breakers are equipped with a diverse toolkit, using tools and technologies in their penetration testing up to, and in many cases including, sophisticated code analysis. Using tools like Metasploit for crafting exploit code, Wireshark for analyzing network traffic, and DAST or fuzzing tools for assessing web application vulnerabilities. This is complemented by strong analytical skills, enabling them to dissect complex systems and anticipate attack vectors. Proficiency in programming languages such as Python, Java, or C++ is often essential, empowering them to uncover and understand software vulnerabilities deeply.

The journey to becoming a breaker typically begins with a solid educational foundation in fields such as computer science, information technology, or cybersecurity. Industry certifications like the Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and CompTIA Security+ not only enhance a breaker's credentials but also ensure they are equipped with the latest security knowledge and skills.

Although, many of the best breakers out there have no “classical” training or certifications.

Starting out in roles such as junior penetration testers or security analysts, breakers gain valuable hands-on experience in security assessments and vulnerability testing. As they progress, they often take on greater responsibilities, devising and overseeing comprehensive security strategies and implementations.

Take as an example a device manufacturer that has a Breaker in their security team. The Breaker will spend their time testing and probing the devices, the network it communicates on, and the software that runs on it trying to locate vulnerabilities. Since this breaker specializes in IoT security, they may detect a firmware vulnerability in home security cameras. This discovery would lead to a critical firmware update, securing thousands of devices from potential privacy breaches.

More on Builders

Where does that leave the Builders? Builders are akin to a master architect, tasked with building robust systems designed to repel cyber threats from the onset. These individuals are crucial in embedding security deeply within the very blueprints of IT systems and digital applications, ensuring that security is “baked in”, not a subsequent addition. By integrating security measures right from the design phase (often called shift left), builders create environments that are inherently secure, thereby shifting the model from reactive security measures to proactive security integration.

Builders possess a comprehensive toolkit that includes secure coding practices, an understanding of security-by-design principles, and mastery over various software development concepts. They are often proficient in development languages, employing these in conjunction with secure coding techniques to help identify vulnerabilities such as SQL injection and XSS (cross-site scripting). Their expertise extends to utilizing development tools and managing code through systems like Git. Having these skills allows the builder to “speak the language” of the developers they work with. Additionally, knowledge of cryptographic methods and security protocols is crucial for ensuring data integrity and secure communications within systems.

The pathway to becoming a builder may start with an academic background in computer science or software engineering, potentially augmented by specialized postgraduate degrees in information security. Professional certifications, like the Certified Secure Software Lifecycle Professional (CSSLP) or AWS Certified Security - Specialty, underscore a candidate's expertise in security best practices and cloud security solutions. Beginners might start in roles such as software developers or network administrators, gradually acquiring the experience necessary to move to senior positions like security architect, where they build secure systems across an organization.

Consider a security architect who devises a revolutionary encryption protocol that significantly bolsters data security across cloud services, effectively reducing the risks associated with data breaches. Another example could be a builder who implements a zero-trust network architecture within a major corporation, dramatically shrinking the attack surface by enforcing stringent access controls and continuous verification across all operations. These examples not only avert potential incidents but also expand the boundaries of cybersecurity measures, often establishing new industry standards.

Working Together

Like Peanut butter and jelly, or peanut butter and chocolate (depending on your preference) the builders and breakers can be good all on their own but are awesome when put together. The combined effect between breakers and builders in cybersecurity helps with developing robust security systems. Breakers, with their keen eye for finding vulnerabilities, play a vital role in testing and challenging the systems that builders design. This dynamic ensures that security measures are not only theoretically sound but also resilient to attacks. When breakers identify flaws, builders use this information to reinforce the system’s defenses, patching vulnerabilities and improving security architectures. Conversely, builders provide breakers with more structurally sound systems to test, pushing the limits of both roles and fostering a cycle of continuous improvement and learning.

Effective communication and cohesive team dynamics are essential for the success of security initiatives where breakers and builders collaborate. Regular meetings, detailed reports, and collaborative communication channels ensure that vulnerabilities identified by breakers are promptly and accurately relayed to builders. In practice, these teams might operate within agile frameworks, where security considerations are integrated into daily stand-ups and sprint planning sessions. This integration helps in prioritizing security tasks and ensures that everyone in the team understands the latest security objectives and the rationale behind them.

Choosing your path

For job seekers in cybersecurity, determining whether to become a breaker or a builder starts with understanding one's strengths, and more importantly, interests. Breakers typically enjoy the challenge of thinking like a hacker to identify and exploit vulnerabilities, requiring a mindset geared towards investigation and problem-solving. Builders, on the other hand, often have a passion for creating systems, focusing on integrating security into the architecture from the ground up. Both roles require a foundation in cybersecurity principles but differ in focus and daily responsibilities.

But I can’t stress enough how passion and interest play a role in where you should place your effort. If you are not interested in the area you go into in cybersecurity, you will not be happy long term.

So, you’ve made your choice on which route you want to take, now how do you get there? There is an abundance of educational resources and initial steps are available to guide and support the journey into cybersecurity. Whether you are leaning towards the penetration testing of a breaker or the architecture design of a builder, the following resources and actions will set the foundation for a career in this field.

Websites like Coursera and edX offer courses tailored to both breaking and building. Breakers might focus on courses in ethical hacking and penetration testing, while builders might seek out classes on secure software development and secure architecture. There is a great one on Udemy called “Application Security – The Complete Guide” that I can’t recommend enough!

While there is a lot of back and forth on the merits and necessity of certifications, there is little doubt that (as it stands today) most roles in cybersecurity require some level of certification. Obtaining certifications can also guide career paths. Breakers may pursue Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) certifications, while potential builders could benefit from certifications like Certified Secure Software Lifecycle Professional (CSSLP) or cloud security certifications like the Certified Cloud Security Certification (CCSP).

Engaging with communities through platforms like GitHub for open-source security projects or sites like Hack The Box and CTFtime for security competitions can provide practical experience and networking opportunities. Additionally, many channels exist on Discord to help foster a community of practice for those in cybersecurity.

Joining local cybersecurity meetups can be immensely beneficial. These groups frequently host speakers, workshops, and networking events that not only provide insights into both career paths but also offer opportunities to connect with potential mentors and peers. Many national organizations have local chapters, such as OWASP and WiCyS, have local chapters with regular meetups.

Contributing to open-source security projects is another excellent way for builders and breakers to showcase their coding and security abilities, all while giving back to the broader community. Additionally, securing internships or entry-level positions within security-focused companies or departments can provide pivotal, hands-on experience. This direct exposure is crucial in determining which cybersecurity path aligns best with your skills and interests, and it often opens the door to full-time professional opportunities.

Lastly, the field of cybersecurity is always changing, making lifelong learning essential. Keeping up with the latest threats and advancements through webinars, courses, and conferences is critical for maintaining relevance and expertise in either a breaker or builder role. Find people that are talking abou the topics that you care most about in cybersecurity and follow them on the various social media platforms like LinkedIn. This continuous educational journey ensures you remain at the forefront of cybersecurity innovation and defense.

While everyone’s journey into cybersecurity is different and there is no one true path, staying curious, engaged, and informed goes a long way into anyone’s cybersecurity path.