Nothing new here, except for a big ad for cyberaces (dot) org.
The lesson: most kids who crack systems as a self-declared white hat will be punished, some will get lucky with job offers (that they never seem to accept at the end of the day - humm).
Like the elders were advising 10-20 years ago: don't bother with trying to play by the rules. Start your own consulting firm or just keep it to yourself.
Apart from the fact that it's pretty much impossible to find a job in cybersecurity unless you have some wanky certifications.
When I was younger I tried to break into that world and it was pretty much impossible. Companies I contacted to notify them about their security flaws seldom replied (and when they did, it was never to thank me)
On the other hand, I could always find buyers for exploits in alternative markets, or credit card numbers, or rooted servers.
My moral compass prevented me from going too deep into that stuff, but I know people who ended up setting DDoS -for-cash services, etc. (and they/we were just kids !)
I get it that you're trying to sell courses here, but come on...
I worked in this company where we had a dedicated security team, the pentesters were either outsourced or underpaid goons with an excel cheatsheet of things to try. The managers were MBAs with CompTIA certs.
Now, this is only my experience, but I've never really seen all-rounded security people being valued in companies, apart from maybe small consultancies where getting a job is probably mostly governed by luck and being in the right place, at the right time :)
Certs can be important for contract/services work, so if you're looking at a company that bills people out to clients, and that would be your role, you'll probably needs certs, as some clients (e.g. government) require them.
If you're looking at joining an internal security team at a company -- even a big one like Visa or Intel -- the certs tend to be less important. Plenty of people, as you move up the management chain, have certs, but usually because the employer footed the bill.
My evidence is anecdotal, obviously, but everyone I know who's joined an internal security team got the gig based on skills and experience. None of them had certs. (And the offers I've received myself weren't based on certs, since I don't have any!)
From everything that I can see, there is pretty much negative unemployment for seriously good, uncertified, high-talent penetration testers. I directly know of a few places that are very seriously trying to staff up with non-goons. I expect some to show up on HN tomorrow, in fact.
This reminds me of Hackers for Charity which connects bored hackers with charities who need IT help. It keeps the teens from hacking systems they shouldn't, and gets them something to put on their resume so they have an easier time getting a legit security job in the future.
I'm the coach of a high school Cyber Patriot team and it is really interesting.
The high-schoolers are more hungry for information and more interested than the College CCDC team I work with (a very top team).
With that being said, there are so many outlets for these younger hackers to practice. CTFs everywhere on the internet, cyber challenges are all over the internet, and there is always something completely new to learn (Oh...you learned WebSec pretty well...but what do you know about exploit development).
The problem is we need more people who know what they are doing to work closely with the high school students and keep them focused and keep them exploring the discipline.
A bored student without Allen Pallers thing here will usually be a bored student with it. The CyberAces weekend in my state is in March. What are my high schoolers supposed to do until then if they are truly bored?
Social consciousness is simply being aware of the problems that people face. It doesn't mean you're "making a difference" at all. Most people in cybersecurity don't, because most of the jobs are focused on improving a public or private entity's bottom line, not helping people with their day to day struggles.
Want a socially conscious job that helps people? Don't pick a career where you track down holes in the dyke and report back their location to your corporate or government master. Pick a career where you build a better dyke (and don't hold people for ransom to use it)
Aside: i'd love to see these blatant advertisements-as-news-articles banished from the front page for good.
That's possible, though the comments above the aside could just as easily be a reason for downvotes. People are probably weighing the voting decision against both and choose accordingly. True democracy in action!
Avoiding supporting centralized systems is being socially conscious. Working for established interests such as national governments, and particularly large financial institutions and megacorporations does not a moral compass make. How about startups as a socially conscious career choice for young hackers? At least that way when the evils of capitalism seep in you get to learn about them first hand.
Hamad was expelled not for finding the vulnerability, but for running Nessus against the system after he reported the vulnerability, allegedly as a means of checking to see if it had been fixed.
Young Hamad shouldn't have done that, and would be fired from any job in cybersecurity for doing the same thing against a client's network without authorization.
The lesson: most kids who crack systems as a self-declared white hat will be punished, some will get lucky with job offers (that they never seem to accept at the end of the day - humm).
Like the elders were advising 10-20 years ago: don't bother with trying to play by the rules. Start your own consulting firm or just keep it to yourself.