So, you’ve got your computer science degree. Now, an elder of the internet comes to you holding a black hat and a white one. Will you hack to steal and disrupt? Or will you work to stop the bad guys? In reality, the choice, of course, never presents itself that way, and the distinction isn’t really that clear. There’s a growing demand for “good” or “ethical” hackers at companies and in government, but they need to be able to think like criminals, too.
Marketplace’s Jed Kim talked with Gary Rivlin, a journalist and author of the new book “Becoming an Ethical Hacker.” It’s part of the “Masters at Work” guides to interesting careers. Rivlin spent time with several of the field’s top information security professionals for the book. A quirky and fascinating bunch, they’re out to do good, he says, but there are practical rewards as well. The following is an edited transcript of the conversation.
Gary Rivlin: The draw would start with the salary and the demand. Cybersecurity folks are paid even more than the typical programmer. The demand is off the charts. [SecureWorld] last year was talking about this study that’s saying that there’s going to be a need for more than 3 million cybersecurity jobs across the planet. To those of us who are on computers living our digital lives, that’s frightening. To anyone who wants to get into cybersecurity as a profession, that’s certainly good news. There will always be a demand.
You have to think like a black-hatted hacker. You have to put yourself in their shoes and consider how they would get into this system.Gary Rivlin
Jed Kim: In your book, you spoke with half a dozen or so cybersecurity experts. What did they tell you is the hardest part of their job?
Rivlin: To me, it’s what they call the defender’s dilemma. As a defender, you have to win every single day. The attacker only has to win once. It’s a really, really stressful job because one breach and it negates every positive day you had up until then. There’s a puzzle aspect. You need to be creative. There’s no off-the-rack solution. As the cybersecurity people, the ethical hackers I spoke to, you have to think like a black-hatted hacker. You have to put yourself in their shoes and consider how they would get into this system.
Kim: You point out in your book that, among the hackers and the cybersecurity experts, it’s more skewed male. Why is it important to get more women into these positions?
Rivlin: There’s this notion that you have to think like a hacker. If all of computer security people are white men who live in the United States, that’s leaving out a whole lot of people who would like to break into our systems. We just need diversity, not just as a nice goal, though it is an important goal, but just for more practical reasons. As bad as the numbers are for programmers generally — roughly 20% of programmers, give or take, are women nowadays — the underrepresentation is worse in cybersecurity. We can do better, and we need to do better.
Related links: more insight from Jed Kim
Interested in reading Gary Rivlin’s book? It is a fun, quick read, especially if you’re into heists. Another big takeaway? The path to ethical hacker is varied and winding. There’s the former journalist, the child prodigy, the National Security Agency guy.
The Wall Street Journal recently got a look into the security team at IBM, code-named X-Force Red. Apparently, demand in the field has grown so much, so fast that “his team of corporate hackers contains more music majors than graduates with cybersecurity degrees, given the dearth of collegiate programs that focus on the quickly evolving field.”
Turns out you can get certified as an ethical hacker. The EC-Council offers several courses, including forensic investigation and penetration testing. Just a heads up, the final test to become a licensed penetration tester is 18 hours long.
E&E News has a postmortem on the first cyberattack on the U.S. electricity grid back in March. No blackouts like there were in Ukraine in 2015, but the threat is real, people.
All of this might remind you of the 1992 film “Sneakers,” in which Robert Redford leads a ragtag team of noble thieves. I brought up the comparison with Rivlin, and he says it’s one of his favorite tech movies along with “WarGames.” Trust me, “Sneakers” is not only a great film, it’s practically prescient when it comes to this topic. Don’t believe me? BirthMoviesDeath.com has an analysis. There’s the phrase “most undervalued movie of all time.” I agree. I agree.