Learning Cybersecurity & Hacking

“Follow the white rabbit.”

It’s one of the most iconic scenes in 1999’s The Matrix. Trinity hacks Neo’s terminal and types the message to him. Many at the time asked if the scene was even possible. The next question invariably is, “How can I learn to do that?” The short answer: Yes, it is possible to access a user's machine, and thus their terminal, to type a message to the user at the other end. That is where reality in the movies ends. While possible, it’s neither practical nor worthwhile.

How does someone learn how to hack and do cybersecurity?

Frankly, the best method to learn hacking is through curiosity. In today's world learning about cybersecurity or hacking does not happen separately. Curiosity is needed throughout the process of learning these 'arts'. That process can be started through online courses likeCybrary's "Ethical Hacking" course, degree programs at various universities, self-teaching via online tutorials or videos¹, on the job training², and even the Girl Scouts³. The most important piece of learning to do cybersecurity and hacking is to have an unconventional mindset like a hacker. In short, think outside the box⁴.

Hacking vs. Cybersecurity

Hacking is an art form. It is a methodology that culminates in a marrying of coding and computer knowledge. As a verb, it is the process by which a user can coax a system into doing things it probably shouldn't do. Cybersecurity is the field that grew out of the need to study, catch, and prevent hackers from enacting damage to computer systems. Both entail learning a great deal in compressed timeframes; playing cat and mouse. Hacking requires learning about various types of hardware, software, and business policies (for social engineering). Cybersecurity entails learning not only the things that hackers do, but laws regarding hacking (computer fraud and abuse), and practices like chain of custody for forensics.

How to “Hack The Planet”⁵

I. Gain an understanding of Operating Systems Not just one but as many as possible. Start with learning Linux. Linux is one of the most utilized operating systems within the hacking community. It also runs quite a few, if not most, of the backend servers across the globe.

II. Learn to code.
But… isn't coding difficult? Nonsense.

⁶

This is literally a one-line program that can be run in Python. All it does is print Hello World to the screen. When one understands this line, learning to code for hacking won't be so difficult. Coding is necessary to create custom toolkits or to build scripts on a compromised system. There are plenty of resources for learning to code. Those resources include online classes, YouTube Videos, books from a bookstore, and local colleges. As most hacking software is written for Linux, the code is freely available to, and readily readable for, anyone willing to open the files and see how they work.

III. Learn about Networking. Why learn about networking? Networking is one of the most fundamental parts of hacking. Without networking there would be no internet, nor any real reason to hack. Without networks there would be no cell network, no cell phones. The quickest way to learn about networking is setting up a personal network. This could be a home broadband connection with a personal router, or it could be part of a work effort to expand the small business network. Another option is configuring a virtual network, which is a method used to train for Cisco network certifications. eLearning classes in network fundamentals, YouTube videos, and books or online tutorials can all help in this area.

IV. Never stop asking this simple question:

“How does this work?” And always ask “What if…”

How to Secure the Cyber Planet

I. Gain an understanding of how hacking works.
While similar to hacking practices, this would be from the standpoint of closing the holes that hackers find. Two jobs for the price of one! Not only do cybersecurity professionals have to think like hackers, they also have the job of saving the information or evidence for legal teams. For a security professional, understanding code (e.g., Python, C/C#, Java, ), Internet of Things (IoT), networks, and other aspects of Information Systems is paramount. Attending conferences like DefCon or BlackHat taking eLearning classes, college classes, online Tutorials, White Papers of potential security threats, and personal exploration, all assist in this process of understanding. For Red Teams, this may mean participating in Capture the Flag Events. For non-Red team members, testing skills in legal arenas like Hackthebox.eu is helpful.

II. Learn about the criminal justice side of hacking.
When a business hack occurs, it can have a direct financial impact on a business. Some of the best ways to learn about this topic are via online courses, by obtaining a degree within cybersecurity, or speaking to a professional in the field of cybersecurity.

III. Obtain a strong grasp of Computer Forensics. Understanding forensics allows for a strong chain of custody, which can boost a legal case in a court of law. Gaining these fundamentals can be accomplished by sitting in on a cyber case in court, taking an eLearning course in computer forensics and investigations, reading court briefs of cyber-attacks, taking a course in a local college, or reading articles from professional periodicals from the field (i.e. Journal of Digital Forensics, Security and Law).

References:

1. Peters, Juliette (2020, Jan 28). How eLearning Can Increase Company Cybersecurity Across the Board. Infosecurity Magazine. https://www.infosecurity-magazine.com/opinions/elearning-cybersecurity-board/

2. McKinney, Floyd (2018, Apr 05). Is Yours a Cybersecurity Learning Organization?. SCMagazine. https://www.scmagazine.com/home/opinion/executive-insight/is-yours-a-cybersecurity-learning-organization/

3. Colon, Marcos (2017, Jun 19). Girl Scouts Offering Cybersecurity Badges. SCMagazine. https://www.scmagazine.com/infosec-insider/girl-scouts-offering-cybersecurity-badges/

4. White, Sarah (2016, Dec 13). Preparing the next generation of cybersecurity experts won't be a quick fix, so businesses will need to get strategic. InfoWorld. https://www.infoworld.com/article/3149103/cybersecurity-skills-arent-being-taught-in-college.html

5. Iain Softley. (1995). Hackers. United Artists.

6. https://www.cybrary.it/blog/0p3n/2-python-hackers-attackers-machine/