Information Security — White Hats of Enterprise America
Hacking is typically associated with mischief, but many companies increasingly look to a different type of hacker to understand certain vulnerabilities in their own systems. Having someone poke holes in your network can help you to make necessary updates, saving users from exploitation. We looked into what hacking means to many of the up-and-coming security specialist stars of the future.
The dark side of connectivity
Brooke Hessney is one of Aerotek’s leading account managers, working with top companies and government agencies in the Raleigh, NC market. One of those companies is a world leader in network technology and employs hundreds of software engineers specializing in network security.
“We’re all aware of the innovative trend towards the internet of things, or IoT. It’s not just our phones and laptops that are always on and connected to the internet, but increasingly our cars, houses, offices and almost every place in our lives. With all these spaces and devices connected to the internet, network security and integrity becomes really important. If you’re a business, all these open connections increase the chances of being hacked or infiltrated. That’s where we come in, helping companies find this new breed of software engineers, engineers who are highly trained to anticipate possible infiltration and design processes and systems to shut them out. Sometimes, the best people suited to this high-stakes job are people who know how hackers or infiltrators think and work.”
Hacking as training
We confirmed Brooke’s insight about what can make a great security analyst when we turned to the online conversations among engineers on forums and subreddits. One thread was started by a poster seeking advice for becoming a top network security specialist. One clearly seasoned professional on the forum offered this advice to the up-and-coming software engineer.
“I believe that a good security specialist understands how things are working inside, he feels it. There is no recipe on how to become a hacker ‘slash’ security specialist. Maybe it's just being an advanced programmer with a specific mind-set and specific beliefs. But if you want me to recommend anything, I could recommend K&R first, it's classic and it's the best book on C [programming language], and then there is a book called The Art of Exploitation.
We applaud his suggested focus on the more traditional book-learning approach to learning the trade, rather than practicing security hacking tactics in the real world on real systems.
There aren’t too many jobs or industries where a popular TV show provides inspiration and education for aspiring specialists. But, we found a rich conversation on one subreddit where a poster cited Mr. Robot as their reference for advanced expertise. The user asked — “How can I get computer skills like Elliot?” — referring to the show’s antihero Elliot Alderson, who plays a hacker by night and an ace cybersecurity specialist by day.
Helpful responses included this suggestion for starting with the right operating system of choice — “In the show we can see Elliot and Tyrell using a modified version of Linux, which is ‘Kali Linux,’ a tool created for network testing that pretty much has no boundaries in term of control possibilities.”
More strategic career advice came from another user who, self-admittedly, came over from the dark shadows of hacking into the bright light of the corporate cyber-security workforce.
“Learn to program. When I was younger, I used to go to this site: http://www.hackthissite.org/ It has a bunch of games to play where you can proceed and do harder and harder ‘hacks.’ It's actually pretty cool. I'd recommend that as a starting place for you. I have been programming for the last decade, and I'm not going back to hacking. Now I work on software [security] for an internet browser…”
Government-level security jobs
Brooke Hessney told us some of the top security specialists we place are working on government contracts. “One of our projects was for a company providing telecommunications systems to government agencies in Washington. As you can imagine, working on the cutting edge of advanced systems and network technology and working on solutions for a U.S. government agency can be very exciting for this special breed of software engineers. It looks great on the resume.”
Government agencies like the NSA and the FBI are increasing their energy and resources focusing on preventing unwanted intrusion into government systems. Much like their counterparts in private industry, many government agencies are sourcing their hacking prevention talent from the pool of reformed network penetration specialists. This trend was confirmed by a conversation on a security-focused subreddit, where a poster said, “NSA is really, really trying to hire many more hackers. They're offering scholarships, hosting conventions aimed at high school grads. Basically just like the Army.”
A passion for security
As Brooke describes it, many of the biggest technology companies in the software and network industries, “have literally thousands of products and services. Each of these must be tested and re-tested over again for what’s called penetration testing. They’re testing against increasingly rigorous encryption and compliance standards.”
“The specialists we’re hiring into this workforce of software security engineers have a deep passion for this challenging work. Many have side projects they work on that feed these passions away from their day job, designing and developing software apps, security products and even games on their own. Their skills, it turns out, are inevitably constructive and productive. What unites them is the need for security in today’s world. Security seems to be at the forefront of the conversation — a conversation happening everywhere in the workplace, in government and in all our daily lives.”