Tribe of Hackers Cyber Security Advice from The Best Hackers in The World Review.
"Tribe of Hackers Cyber Security Advice from The Best Hackers in The World Review."
I enjoyed how this book was written, and the information was relevant for someone like me pivoting
into cybersecurity. The perspectives of the many contributors deepened my passion and curiosity for
the field. Only a few points were redundant (for example, everyone choosing Hackers as the best hacker
movie). Most contributors provided helpful advice, and some I would sit down with for coffee. I can see
why the authors chose the contributors they did, but it would be difficult to write a review for all 70 of
them. Marcus Carey’s advice to utilize open-source data as a learning instrument stuck with me. One of
Ian Anderson’s responses also stuck with me: “… There are a series of steps where an attacker may
make a mistake. As defenders, we need to seize upon these opportunities to detect, respond, and build
back our controls to prevent the next attempt.” I pondered on the notion of predictability and how
intuitiveness could be a skill. I do not know if every organization utilizes the NIST Cybersecurity
framework, but I think it would be beneficial. There is a stereotype that experts hoard knowledge, but
many contributors shared something new they had learned. By not only citing the resource but sharing
knowledge, they allow for other creative perspectives. Some of the contributors’ stories and advice
were phenomenal, including Charles Nwatu, Terence Jackson, Kim Crawley, Emily Crose, Ming Chow
(Soft skills are important!), Whitney Champion, Keirsten Brager, Cheryl Biswas (Yes girl, yes!! Follow your
passion and don’t listen to negative voices), Kelly Lum (I also have imposter syndrome!), Davi
Ottenheimer, Astha Singhal, Jayson E. Street (Very humble!), Robert Willis and Robin Wood. Georgia
Weidman especially is a “shero” of mine. I have her book and hope to use her guidance to develop more
skills in penetration testing. I loved her response to the question, “What is your advice for career success
when it comes to getting hired, climbing the corporate ladder, or starting a company in cybersecurity?”
She responded, “Recognize that no one knows everything, and everyone is constantly learning.” I admire
the fact that she wrote a book for 40-something-year-olds like me to try hacking. She’s humble enough
to admit that we all are learning regardless of our technical skill level. So, over some crawfish, I thought
to myself, “How would I answer these questions?” Here are my answers!
" We will never completely prevent breaches. Breaches may be similar, but not all breaches are the same. Cybersecurity will always be a lucrative business as technology continues to evolve. Look at the VA Breach. It was caused by an employee taking a laptop home with several veteran security numbers. Other breaches may be Advance Persistent Threats (APT), for example when China intruded into OPM systems and collected data."
Santina White
99
Santina uses her time to create a cyber blog and read as much as she can while she searches for the right fit.
She is not just a cyber seeker, but someone who wants to be given a chance in a fun work environment where she can be vulnerable but not disregarded. I hope to contribute to Tribe of Hackers at some point,
but for now, this is merely a hypothetical writing of my response to the book's questions.
If there is one myth that you could debunk in cybersecurity, what would it be?
The biggest myth in cybersecurity is that hackers and those interested in all things cyber hang out in a
dark basement with hoodies on to help them channel code. In this world there are different types of
hackers, such as white hats, grey hats, and black hats. Any hacker that is able to run tests, find attacks,
or point out vulnerabilities is a good one. You can be an introvert or an extrovert, and you need to think
out of the box a bit which might not happen in a dark isolated room.
How is it that cybersecurity spending is increasing but breaches are still happening?
We will never completely prevent breaches. Breaches may be similar, but not all breaches are the same.
Cybersecurity will always be a lucrative business as technology continues to evolve. Look at the VA
Breach. It was caused by an employee taking a laptop home with several veteran security numbers.
Other breaches may be Advance Persistent Threats (APT), for example when China intruded into OPM
systems and collected data.
Do you need a college degree or certification to be a cybersecurity professional?
No, but jobs are competitive, and your resume is the first screening tool. Some hiring managers will look
for experience while some will look for education. If you lack either one or both, my recommendation is
to talk up your technological knowledge and basic problem-solving skills. I lack experience, and though I have a graduate degree, it is in Leadership and not Cybersecurity. I can discuss my analytical thinking and problem-solving processes in an interview. If you lack experience, you may still find a hiring manager willing to train you or help you get certified. I’ve sat on an interview panel, and the candidates who impressed me most
lacked experience but found ways to pivot and explain what they do know. I felt their passion and knew
they could be mentor and train.
How did you get started in the cybersecurity field, and what advice would you give to a beginner
pursuing a career in cybersecurity?
I don’t work in cybersecurity. My current job is in disaster analytics assistance. However, I consider
myself as a cyber seeker. I have my own blog and ardently read and learn as much as possible. My
advice to my fellow beginners is to find a respected mentor who can help you navigate through your
career and join meetups and organizations. I recently joined Women in Cybersecurity, and I love it.
When I worked for the Air Force, I would look up leaders on LinkedIn or read their military bios. I learned
a lot about training and the paths they took. You can start there. You can also network and connect to
the contributors in this book. A few were interested in connecting with and getting to know me. Search
for those you may want to connect with.
What is your specialty in cybersecurity, and how can others gain expertise in your specialty?
I started out in my mid 40s. My advice is to read, attend TEDTalks or training webinars, and blog. Try all
aspects of cybersecurity until you find where you fit in, whether it’s Blue Team, Red Team, Governance or
your own startup.
What is your advice for getting hired, climbing the corporate ladder, or starting a company in
cybersecurity?
First, my advice is to be confident in what you want to do in cybersecurity. Share your goals and your
plan with your mentor. Share publicly when you reach a milestone. Keep a small circle for advice and
show the world your accomplishments.
Second, be good to everyone, customers and coworkers. I learned that some peers may vouch for you or know someone that knows someone. Blossom where you are planted, but if the pot gets too small or
you don’t feel you can grow or explore, go and plant yourself somewhere else. Use the connections you
have made and let them advise you.
What qualities do you believe all highly successful cybersecurity professionals share?
Integrity. Curiosity. A desire to learn as much as possible.
What is the best book or movie that can be used to illustrate cybersecurity challenges?
“Sandworm” and “This Is How They Tell Me the World Will End” illustrate how cyber-attacks evolve and
how different presidential administrations and organizations handle cyber challenges. Both illustrate the
importance of research in cybersecurity. Each book I read leads me to another book.
What is your favorite hacker movie?
My favorite movie that involves hacking is Black Panther 2. During the movie, King T’Challa’s mother,
Ramonda (Angela Bassett) explained how Wakanda’s official apps were hacked into with tracking devices. She essentially highlighted the danger of the Internet of Things before the Council of Delegates.
My other favorite movie is The Shawshank Redemption. In this movie, the Fuzzy Britches (RIP, Raquel Welch) poster hid a perfect masterminded escape from a prison system. Andy Dufresne (Tim Robbins) is an example of an ethical hacker, a good person who had to break the system.
What are your favorite books for motivation, personal development, or enjoyment?
I enjoy reading Christian books in my free time. When I was going through a difficult time, the book “Think Better, Live Better” by Joel Osteen helped me with my perspective. I also love the book “Left to
Tell” by Immaculée Ilibagiza. The book is about a woman who hid in a closet from the Hutu army during
the Rwandan genocide. Talk about a prayer warrior! She inspired me that God can deliver from any and
every situation, whether a hellish attack or getting a job. My favorite author is Charles Stanley.
What is some practical cybersecurity advice you give to people at home in the age of social media and the Internet of Things?
My practical advice is not to post everything online. Pictures capture location info as metadata. You
should be cautious about posting where you are located. Post vacation pictures after the vacation is
over. Don’t share your location through social media. Also, when you purchase an IoT device, read the
instructions. I purchased a washer machine and started my first load as I was getting ready for bed.
When my load was finished, the alarm on the washer sounded like a cell phone and I was kicking sheets
and air thinking someone was in my apartment. So, for many reasons, you should learn what your IoT device does. If you don’t know everything that your device can do, then you don’t know how the device
can be a security risk.
Remember, not all hacks are malicious. Some are just invasive and annoying.
You should also educate your family and friends on the simple housekeeping of cybersecurity. If your
antivirus is expiring, get it up to date. Having firewalls will not necessarily protect you.
What is a life hack you’d like to share?
You can get so much further if you are willing to collaborate with others. No one comes into a job knowing everything. Also, make sure you give credit.
What is the biggest mistake you’ve ever made, and how did you recover from it?
I was a curious youngster, and I thought it would be cool to open up electronics. I grabbed a screwdriver and opened up a Donkey Kong tabletop game. I shocked the skibob out of myself. There was black smoke and a spark split and burnt my lip. I learned later that my father was into technology, and I would have been better off asking him for help. So, the lessons here are to ask for help and never open a monitor. Cut me some slack. I was 7 or 8, maybe 9.