Becoming an Ethical Hacker by Gary Rivlin

Author:Gary Rivlin
Language: eng
Format: epub
Publisher: Simon & Schuster
Published: 2019-05-06T16:00:00+00:00

• • •

IN MAY 2018, WEINSTEIN took the stage at the local security conference called DefendCon. This was his chance, at the age of forty-eight, to share some of the wisdom he’s gained from nearly three decades as a programmer and engineer, including thirteen in computer security. He called the speech “Building a Security Engineering Team,” but it was really his opportunity to deflate tired old tropes he had been hearing for much of his career in tech. He began with a sampling of headlines that underscored that the demand for people interested in info-sec greatly outstrips the supply. (One example: “Fight Against Hackers Hurt by Huge Shortage of Cyber Workers.”) But right away he was listing “fallacies” that get in the way of hiring good people.

Weinstein flashed a slide on the screen: ENTRY LEVEL IS NOT AN OPTION. That was fallacy number one and something he hears all the time in info-sec. “Companies will say, ‘We can’t afford to hire entry level; we need people who can hit the ground running,’ ” he said. But he had no security experience when he first went to work at Microsoft in his midthirties. “You can sit around and wait for the perfect unicorn, for the person who has all the skills you need for a role. But you’re probably going to be unhappy because most of the time you’ll be looking for that person for a long time.” He wondered if sometimes that attitude wasn’t a failure of management: surely a project can be broken down so there are tasks that can be accomplished by someone just entering the info-sec field. Rather than looking for the perfect background, he counseled, “Find people who want to solve problems.”

Second and third on Weinstein’s list of things a good hiring manager should never say: “The security mind-set is inborn, not teachable” and “Technical excellence requires an early start.” These are corollaries to the idea that the only people worth pursuing in the info-sec world have been coding since they were in diapers, as Parisa Tabriz had put it. Almost everything is teachable, Weinstein said. “If you cannot teach something, you don’t really understand it,” Weinstein told the audience. “You may be able to do it, but you don’t understand it.” More important than looking for natural talent, he advised, is finding people who want to be engaged in your project. “You hear that people have a natural talent in X,” he said. “What that really means is they found X engaging enough so they kept at it long enough until they got good at it. You have to be willing to be bad at something if you’re ever going to be good at it.” More important than skill level, he said, “is a curiosity to learn and a desire to get better.

“There’s a common belief among people in the industry that technical skill is all that matters. But I reject that,” Weinstein said. “If you’re technically very skilled but toxic to the people around you,

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.