

Cybersecurity as a socially conscious career choice for young hackers - trevorstarick
http://www.forbes.com/sites/jmaureenhenderson/2013/09/30/selling-cybersecurity-as-a-sexy-and-socially-conscious-career-choice-for-young-hackers/?

======
epoxyhockey
Nothing new here, except for a big ad for cyberaces (dot) org.

The lesson: most kids who crack systems as a self-declared white hat will be
punished, some will get lucky with job offers (that they never seem to accept
at the end of the day - humm).

Like the elders were advising 10-20 years ago: don't bother with trying to
play by the rules. Start your own consulting firm or just keep it to yourself.

------
diminoten
Hamad was expelled not for finding the vulnerability, but for running Nessus
against the system _after_ he reported the vulnerability, allegedly as a means
of checking to see if it had been fixed.

Young Hamad shouldn't have done that, and would be fired from _any_ job in
cybersecurity for doing the same thing against a client's network without
authorization.

~~~
atmosx
I don't consider running a "Nessus scan" such a huge misdeed. Expelled for
running a nessus scan? No, way.

~~~
diminoten
Fine, all moral decisions aside, you'd lose your job for the analogous
situation in the professional world.

------
mpeg
Apart from the fact that it's pretty much impossible to find a job in
cybersecurity unless you have some wanky certifications.

When I was younger I tried to break into that world and it was pretty much
impossible. Companies I contacted to notify them about their security flaws
seldom replied (and when they did, it was never to thank me)

On the other hand, I could always find buyers for exploits in alternative
markets, or credit card numbers, or rooted servers.

My moral compass prevented me from going too deep into that stuff, but I know
people who ended up setting DDoS -for-cash services, etc. (and they/we were
just kids !)

I get it that you're trying to sell courses here, but come on...

~~~
wglb
This is really not the case.

Certifications are often frowned upon by some of the better pen testers.

Programming skill will get you most of the way there. It is by no means
impossible.

~~~
mpeg
I worked in this company where we had a dedicated security team, the
pentesters were either outsourced or underpaid goons with an excel cheatsheet
of things to try. The managers were MBAs with CompTIA certs.

Now, this is only my experience, but I've never really seen all-rounded
security people being valued in companies, apart from maybe small
consultancies where getting a job is probably mostly governed by luck and
being in the right place, at the right time :)

~~~
FreakLegion
It depends both on the company and on the role.

Certs can be important for contract/services work, so if you're looking at a
company that bills people out to clients, and that would be your role, you'll
probably needs certs, as some clients (e.g. government) require them.

If you're looking at joining an internal security team at a company -- even a
big one like Visa or Intel -- the certs tend to be less important. Plenty of
people, as you move up the management chain, have certs, but usually because
the employer footed the bill.

My evidence is anecdotal, obviously, but everyone I know who's joined an
internal security team got the gig based on skills and experience. None of
them had certs. (And the offers I've received myself weren't based on certs,
since I don't have any!)

------
sp332
This reminds me of Hackers for Charity which connects bored hackers with
charities who need IT help. It keeps the teens from hacking systems they
shouldn't, and gets them something to put on their resume so they have an
easier time getting a legit security job in the future.

------
wglb
_If you’re good, you have nowhere to practice right now except the open
internet, where it’s a federal crime._

Not quite true. Many massive sites offer rewards for finding vulnerabilities.
Be sure you comply with their terms of service while doing so.

~~~
danielweber
Plus you can get VMs with vulnerabilities to test against.

But don't hack other people. Bad things lay that way.

------
VladRussian2
HBGary, Palantir and the likes... socially conscious, green, recyclable.

~~~
tptacek
That's one _tiny_ company that no longer exists, and another that doesn't do
information security.

~~~
diminoten
Would it factor into your hiring process, if someone had a story like this and
applied to your company?

------
theboss
I'm the coach of a high school Cyber Patriot team and it is really
interesting.

The high-schoolers are more hungry for information and more interested than
the College CCDC team I work with (a very top team).

With that being said, there are so many outlets for these younger hackers to
practice. CTFs everywhere on the internet, cyber challenges are all over the
internet, and there is always something completely new to learn (Oh...you
learned WebSec pretty well...but what do you know about exploit development).

The problem is we need more people who know what they are doing to work
closely with the high school students and keep them focused and keep them
exploring the discipline.

A bored student without Allen Pallers thing here will usually be a bored
student with it. The CyberAces weekend in my state is in March. What are my
high schoolers supposed to do until then if they are truly bored?

------
peterwwillis
Social consciousness is simply being aware of the problems that people face.
It doesn't mean you're "making a difference" at all. Most people in
cybersecurity don't, because most of the jobs are focused on improving a
public or private entity's bottom line, not helping people with their day to
day struggles.

Want a socially conscious job that helps people? Don't pick a career where you
track down holes in the dyke and report back their location to your corporate
or government master. Pick a career where you build a better dyke (and don't
hold people for ransom to use it)

Aside: i'd love to see these blatant advertisements-as-news-articles banished
from the front page for good.

~~~
aclevernickname
I think your aside is responsible for more than a few of your upvotes.

~~~
peterwwillis
That's possible, though the comments above the aside could just as easily be a
reason for downvotes. People are probably weighing the voting decision against
both and choose accordingly. True democracy in action!

