It's time for another Stories From Cybersecurity piece! This is where we interview people in the cybersecurity industry to explore the diverse routes into this line of work. We also like to discuss key issues in the industry and get the opinions of those on the ground. This time we're talking to Knightsbr1dge, a cybersecurity professional based in the UK. As you may have guessed, Knightsbr1dge is a pseudonym. We offer all of our interviewees the option to use a pseudonym to protect their privacy, should they wish to do so. Let's take a look.
When did you become interested in tech?
Going right back to my first PC takes us back to about ’97 when my parents bought a HP computer. I can’t recall the make/model but it was great! At 15 I built my first PC and that's when I knew I wanted to pursue a career in IT.
My passion for IT carried through to college and university, where I became known as the 'go-to' techie.
How Did You Start Your Cybersecurity Career?
I started my first IT job in the City and loved every minute of it. Then the 2008 crash happened and I was let go. I had a love for aviation so after struggling to find another IT job, I ended up working for the airlines. I spent a couple of years flying around the world as a flight attendant, which was a great break from the IT stuff. It gave me the reset I didn’t realize I needed at the time.
On one of my many trips from London to LA, I remember reading The Art of Deception and thinking “wow that’s pretty awesome” and spent the next few days reading up on social engineering and cybersecurity. The more I read the more I knew that “hacking” was where I wanted to end up.
That's when I decided it was time to restart my career in IT. Before long, I managed to secure a government IT job.
I’ve been back in IT for about 6 years now. I’ve been my current role as a Linux sysadmin for about 2 years and took my RedHat SysAdmin certification last year.
I’m now on an internal managed PenTest Training track working with my mentor to get up to scratch. This is great because I do the training around my current role internally and my mentor has over 12 years of cybersecurity / pentesting experience so I’ve got a great resource to lean on.
I’m currently tacking the OSCP, which is sort of a right-of-passage when it comes to becoming a “hacker”. I’m about halfway through and it's been exactly what I thought it would be and what I expected. Late nights, head-banging, moments of joy when something works, with an equal measure of frustration when things don’t (or do work but you have no idea why!).
In your opinion, what are the biggest cyber threats and challenges we face in 2020?
Social Engineering / Phishing. With a much bigger drive for businesses to work remotely or from home, the landscape of a typical business is now much larger. We’ve gone from businesses operating from potentially a single location to being spread out as far as cities and counties.
There’s no longer a “safe space” to work from behind a corporate firewall and that presents a great opportunity for would-be hackers to have a go at getting into some of the more sensitive parts of a business. It’s much easier to courier a malicious USB to someone's home address under the guise of the “IT department”, then it would be to leave one lying around a company car park and hoping it gets picked up and plugged in.
How do you see the cybersecurity industry changing over the next decade?
Given the push for more remote working, I think we’ll see blockchain being used more widely as security and privacy continue to come at a premium.
Do you have any advice for aspiring hackers or other cybersecurity professionals?
Yeah, don’t rush into it. Take the time to work and gain the experience you need and build a strong base to work from. I spent a few years as a web developer, then became a sysadmin, from there I went into Identity and Access Management and finally ended up as a Linux sysadmin. This was great as it meant I had actual enterprise experience working with all sorts of technologies before diving into the security aspect.
I’d highly recommend doing this as it gives you a better understanding of the technologies you’ll be up against as a hacker / pentester / info sec professional. Also, keep up to date with infosec news (SecLists in great for this).
Do you have any educational cybersecurity resources you can recommend to our readers?
If you’re going down the pen testing route, I’d recommend grabbing a copy of The Hacker Playbook (2 and 3) and Tribe of Hackers.