It's time for more Stories From Cybersecurity! This time we're talking to Noah Conners, cybersecurity professional, and creator the SudoZeus security blog. Here's Noah's story.
Hey Noah, can you introduce yourself and tell our readers how you became interested in cybersecurity?
My name is Noah Conners and I am from Kansas City, MO, in the USA.
I stumbled into education, IT, and the security field by accident. I waited before going to university because I didn’t know what to do with my life after high school. I worked in a factory, as a roadie setting up concerts. When I finally decided to go to college, I had no direction and no idea where my life would take me.
It all changed when I took a class on C++. I instantly fell in love with coding. It was the idea of being able to create something from nothing that gave it the allure for me. It felt like magic at the time. From there it was like I exploded out of a cannon. I wanted to learn EVERYTHING about computers.
I was very fortunate to have a father in the military. He saw I was developing a passion and put me in contact with someone who worked in the S.O.C. at his work. It was in this conversation with the security expert I first learned about the OSI model, Kali Linux, and hacking.
Again, I was propelled into a world I knew nothing about and was fascinated. I remember thinking, “I can hack companies… and get paid?”. It seemed like a dream job. I began to devote most of my time outside of school learning the basics of networks and how they operate. I remember the first-time booting Kali in a virtual box. I think it took me a couple of days to even get it to boot correctly but when it finally did the rush was something I will never forget.
What's happening in your career right now?
Now its 3 years later and I have graduated from college and am working with a supplier of health information and technology solutions. I am currently studying for the CEH(Certified Ethical Hacker) and the GRE (Graduate Record Examinations) for grad school.
I attend my local monthly security meet up known as secKC. Instead of going on vacation last year (it seemed like a vacation to me) I went to Defcon 27 and had so much fun. Highly recommend.
What skills do you think are needed to be successful in cybersecurity?
Technical skills aside it helps to have a keen interest in people. At the end of the day the adversaries you will face on the job are just people somewhere. Understanding their motivations and mindsets is just as important as understanding cybersecurity principles.
Another is always pushing your self to leave your comfort zone and learn something new. The cyber landscape is forever changing and growing and you should grow and change with it!
How do you see the ethical hacking industry changing over the next decade?
In my opinion, it is already starting to become a "normal" industry. As more and more younger people flock to the security industry it is being seen as less taboo to hack as a career. I also believe that the industry will start to have more of an autonomous feel as deep learning and artificial intelligence become more ingrained in business processes.
Do you have any advice for aspiring ethical hackers?
1) READ A LOT
This is no understatement. If you want to be successful in the industry you must be knowledgeable about your environment.
2) Start somewhere
I found early on that it does not matter where you start, you just must start somewhere.
I get asked a lot, “What is better to start in? Web application security testing, network security testing, etc”. My advice is to pick what interests you most and roll with it. All roads lead to Rome.
3) Get your foot in the door
Whether you are in college or not landing a job in IT is the first step in getting into the security industry. A low-level help desk position in a company can open a lot of doors as you progress and grow. IT teams work hand in hand with the rest of the organization’s departments and it increases your exposure to different experiences.
4) Keep an ear out
Pay attention to what is happening in the cyber world around you. There are hundreds of websites that have cyber news and daily updates on what threats are out there. It is important to stay informed not only because employers expect you to be, but because paying attention to how the “bad actors” are operating helps you be a better defender and advocate for security.
5) Virtualization and CTFs
A great way to practice hacking in a safe environment is to utilize virtualization technology. This enables you to use tools hackers use on a machine that is not open to the internet and will not cause any extensive harm if you happen to release some crazy malware.
On that note another fantastic way to learn is by doing. Finding great CTFs(capture the flag) online can help you hone your skills. Some websites I love are HackTheBox.eu and VulnHub.com. Doing writeups is a great way to review what you have learned and also share it with members of the hacker community!
If you want to follow Noah's progress and catch some great cybersecurity content, follow him on Instagram.