What is Cyber Security and How to begin Your Cyber Security Journey?
Today we are going to discuss about what is cyber security, what are the essential components or per-requisites for cyber security, what is the mindset required and how to begin?
To understand the term cyber security we first need to understand the term hacking.
So what is Hacking?
Hacking is nothing but an art of manipulating things into doing what they are not meant for, for example a toy like a remote control car turned into a detonator that’s hacking, A website for placing orders online being used as a file hosting platform or better spilling out users personal data or credit card information that’s hacking or turning your soda can tab into a fishing hook that’s hacking. In its very essence hacking is molding, manipulating and aligning things in the favor of the operation that you want to happen and the best part is that operation was never meant to happen.
Hacking is not limited to the virtual world of computers, it has significant impact in the physical world too. There are different branches of hacking dealing with the physical aspects for example breaching a perimeter for gaining access to sensitive stuff or manipulating humans into revealing sensitive information or performing a desired action or dealing with physical components of a circuit board for gaining access to sensitive stuff and much more.
Now many of us are biased towards thinking that hacking is something wrong or evil and that is fair enough because we have been watching so many incidents now a days and I am not here to change your perspective or convince you.
What we are interested in, is to understand the person behind a hack.
Who is he? What kind of mindset and skills does he possess?
Broadly portraying a hacker is a person who possess in depth knowledge of the technology which is being deployed on the system and is good at connecting dots, thus enabling him to understand in’s and out’s of what is happening.
This unique ability and skill set enables him to have an upper hand over the people who have designed or deployed the system, thus having a high probability that he will manage to find a misconfiguration or a flaw in the design or the implementation of the technology on the system and leveraging that he will manage his way to get access to the information which he was not meant to.
Now what I have describe right now is a brief touch on what happens behind the curtain which manifest into a magical experience for the viewer who understands and spectates how a hack happened what is mind blowing that we see an individual or a team collecting little tit bits of information and putting it all together to map out where and when to hammer and finally getting there way in.
Cyber Security is just one more step on top of this. Once you know how to break into a system now you should also know how to secure it. Let me be more precise, once you know how you managed your way into the system you have either developed or discovered a path to the sensitive information and in cyber security it is a goal of yours to destroy such paths before the bad guy treads over it.
Now when we talk about what per-requisites or essential components are required to get started in the field we are overwhelmed by the specifications or the in-depth knowledge required. It may be simple in the case of a back end PHP engineer or a dot net application developer to figure out where to look and what to learn in order to accomplish their goals but still things are not easy they have to go through a learning curve and over time they become proficient with their art because most of the times the new unknown lies within proximity of there expertise and over time they have developed complex pattern reorganization in there niche such that the have a hunch for things in their respective fields.
Things are quite different in the case of a cyber security person at least in the beginning of their career. When we talk about breaching and securing complex technologies deployed over complex infrastructures we encounter a stack of technologies acting as layers for passing information. This is where things get tricky, to breach a system we need to know how each technology in the stack is working and how can we mold it or manipulate it to align it for our purpose and our specific goal, for this to be true we need to have a decent level of understanding of what is happening and what is the role of each technology in the stack and clearly map or speculate in’s and out’s of the system so that we could find the weakest link and start the agnostic process of hacking.
Now things are not that easy, you see every system is different and contains different stack of technologies deployed over them. The vastness of the technology makes it impossible for a single person to know each and every detail which is crucial for initiating a hack or to even consider it as an attack vector. As I previously discussed in the case of a developer the new unknown lies within their proximity most of the time, but this is not the case in cyber security, most of the time we face different configurations and arrangements and each time we have to be proficient at mapping out things.
Now the next question that arises is that.
How should we begin our journey in Cyber Security?
Well that’s a really tricky question to answer and I am not qualified enough to answer it yet but I do have some thoughts that may bring clarity to you.
First of all we have to understand there is no one size fits all solution to this. It really depends on who you are and what you want, to be more specific, it is about what skill set you currently poses and where do you want to branch out in such a vast industry of cyber security. For example if some one wants to be a hardware penetration tester who is dealing with logical boards and other electrical components, he or she many not find it useful to learn about web applications or firewall rules, an in depth knowledge of circuits would be rather beneficial to him or if someone is proficient in development due to there previous experiences in a particular technology he or she would be really good at code analysis of an application and can easily find potential vulnerabilities or bad coding practices which are undetectable to the untrained eyes or if someone has proficiency at structuring and deploying databases and knows SQL in-depth that person is already well trained and knows this technology inside out we just have to change his perspective on it and with a few mindset shifts that person understands what is a SQL Injection and clearly knows how to perform it as well as how to protect against it.
To get a foot hold in cyber security I would highly recommend to learn the basics of Linux operating system, Networking and Web Applications, knowing these three major pillars of technology will help you to understand a macro picture of how things are integrated with each other in a stack and by doing few CTF you will understand how a hacker moves from one layer of technology to another.
And don’t be discouraged if you don’t have a technical background. When I went for my first cyber security training my trainer was from a commerce background which had nothing to do with tech and yet he found his passion which was cyber security, he got involved with development and coding during his college and is now an information security trainer as well as a researcher and also performs role of a penetration tester. He is really proficient at performing buffer overflow attacks and had always helped me in navigating with clarity.
For you to know what is best for you and to get the best out of your potential I would suggest you few immediate steps to get on track.
- Look at what others did to be in a position that you desire.
- Reach them out and ask meaningful questions like how should you build your foundation given your specific strengths and don’t disappoint them with a question that is few google searches away.
- And remember keep your points precise and clear, arrange them in bullet points to save them time and effort.
- Why I have suggested you to do so is because you have to understand that there is someone who is really proficient or world class at what you want to do, such people have experiences of what works and what doesn’t plus they know how to get there in most effective way possible. For example they will tell you the type of exercises or projects that you should indulge yourself in for the kind of skill set you want to acquire so that you don’t deploy your time and energy in the wrong one. Similar to the previous example of the hardware penetration tester.
- And once your mind is clear with a roadmap of what you should do. Go and get coached on the subject you are interested in, may it be network penetration, web application penetration, cryptography, forensics, social engineering or etc. If someone has already accomplished what you want to accomplish you don’t waste time fumbling around by yourself like a loser. You wont figure it all out by yourself just cut your learning period in half and be on point with your skills.
In my personal experience I was really fortunate to find people who were genuine and were eager to help, you will be astonished how polite people are irrespective of there designations and have such an intent to contribute.
Now I haven’t explained terms like what is a CTF, white hat, black hat or white box testing, black box testing or grey box testing because I want you to explore them, they are just few google searches away and a person who is non serious wont even bother to look them up and complains that he is unable to get started in cyber security.
Key factor behind hacking is that you are either driven by curiosity or by an intent or may be both.
These are just my thoughts, its just one person’s opinion, its just one person’s perspective. I have just briefly touched on the vast topic of cyber security on a superficial level. I don’t want anyone to feel limited by my views and would like to know your views on it.
Let’s keep in touch.