Oftentimes, most of us think of terms like ‘Hacking, and Hacker’ as some sort of nefarious individual that can hack into our Facebook accounts and steal our data. While there are impersonators, imposters, and deceptive individuals active and present on platforms like Facebook, the truth is that these are indeed NOT actual Hackers.
First
and Foremost, like any Security Professional will tell you, it is true that you
must have the ability to think like a hacker in order to fully secure your
system. This is true. However, all of us who work in the Cybersecurity Industry
in the USA must uphold ourselves to a
higher standard because of the
information and skills that we learn on the job. A true security professional is aware of the
implications of misusing and/or abusing their power.
Such as, legal implications. I was once at an ISC2 conference in New Orleans back in 2018 when a round-table conversation sparked a story about a professional who was hired to perform a Penetration Test for a Mid-Size Corporation in the Midwest. This professional was way more advanced professionally than me at that point, he was a Pro Pen Tester, and he knew what he was doing. He was very good at his job.
Long story short, and fast forward to what happened. He was thrown in jail while performing recon on the target. As it turned out, he was hired by a disgruntled janitor posing as a Manager at the company. This Janitor did not have the authority to hire him to perform this work. Therefore, when the Pen Tester called from jail and tried to explain that he was there to perform a sensitive job, it didn’t matter, because all of the signatures were from the Janitor, not management.
From my perspective, this is a high-level pen tester with years of experience, and even he fell victim to impersonation. That being said, be careful who you get your information from. You never know when you could be a target of deception, and not everyone who claims to be a ‘Hacker,’ or ‘Manager’ for that matter, actually is one.
I myself have been questioned many times throughout my cyber career by civilians asking why I don’t just hack people’s phones, or social media platforms. I know the answer, and I know the reason why. Furthermore, I take my responsibility as a Cyber professional very seriously and I’d rather not end up in jail for practicing blue snarfing on someone’s headset. I can, but I won’t.
If you are interested in becoming a Cybersecurity Professional, or more specifically an Offensive Security Pro, I recommend that you do your own research, read the books, articles, join the groups, reach out to other professionals in the field, take the classes, go to meetups, and learn as much as you can before testing/deploying/etc.
About the Author: Ashley Oliver is an experienced Cybersecurity Consultant, Engineer, Mentor and Teacher based in the Central New York area. Ashley has over 11 years of experience. Ashley is a SME in several areas of security including Network Security Engineering, Architecture, Policy, Standards, and Compliance. Ashley's rare and unique experience is based on her love for the Shell, and perfect design. Ashley has knowledge of NIST, and is very proficient in Layered Security, DLP, Encryption, IPSec, and more. She has a highly technical background, which is command-line (CLI) intensive, as well as high-level design and customer interfacing experience. Ashley is always more than willing to share and to teach.
Questions? Email: olivercomsolutions@outlook.com
Interested in Ashley's Cybersecurity Mentorship Program? Book Your Discovery Call Here
No comments:
Post a Comment