If you've been following our Stories From Cybersecurity Series from the beginning, then you know what we're about. For those that don't know, we like to interview people in the infosec and tech fields to highlight the varied experiences of people in the field. The cybersecurity industry is growing at a rapid pace, but it's still a relatively new field. This means there isn't a linear path to success in cybersecurity.
The industry is in dire need of new professionals to help us fight the ever-growing number of hackers out there. Serious data breaches are now happening at an alarming rate and the companies we entrust with our data are struggling to keep up. As the black hat hackers become more sophisticated in their techniques, we must too! That's why we want to inspire and enable the next generation of ethical hackers and other cybersecurity professionals to take the jump into the field.
Aspiring ethical hackers and IT professionals are often confused about how to get their foot in the door, what a path to the industry looks like, or what the industry looks like from the inside. We hope to address these concerns with this series.
Today we're looking at Nicholas's story.
NANCY: Hey Nicholas, please introduce yourself and tell us when you become interested in cybersecurity?
NICHOLAS: My name is Nicholas Patton, and I am a 24-year-old OSCP wannabe. I was born and raised in Texas, then moved to a small Christian camp in California at the ripe age of 11. This camp was located in the mountains about 2 hours away from any major city.
I've had a curiosity in technology for as long as I can remember and by the time I turned 12 I was certain about 1 single thing, I wanted my own PC. The next summer I worked a part-time job at the camp and made a little cash and later that year bought my own laptop that the camp was retiring and selling off to staff members.
NANCY: What happened next? Did your curiosity for tech lead to curiosity for security?
NICHOLAS: Well, at that age, I didn't quite have my internet feet yet and stumbled onto some sketchy websites. Before I knew it, my XP machine was chock-full of adware and spyware. Luckily my parents had an antivirus program on a disk that took care of them.
After my parents saw the kinds of things I was looking at, they installed some parental control software. I didn't appreciate this very much, so I began learning about ways to remove my "training wheels". One of the easiest methods for me was to simply burn a live CD of Ubuntu and use chntpw to change the Administrator password. I tried it, and it worked! This blew my little mini-nerd mind at the time and sparked a flame of fascination with computer security.
NANCY: Did you experiment with hacking at all during this time?
NICHOLAS: Yes. I continued to learn more and begged my parents to let me install a Linux distro. After they told me, "No!" repeatedly I decided to do it anyway LOL. I began learning basic Linux commands and discovering more in this entirely new world. My parents once installed an electronic numeric door lock on their bedroom to hide the things they would take from me and my little sister. I thought to myself, "They probably use the same passwords for everything".
So I started researching about man in the middle attacks [ MITM ] and how to use tools like arpspoof and sslstrip so their traffic would hit my machine unencrypted. I gathered their credentials that way and saw that a couple of the passwords used the same sequence of digits, and this number worked perfectly on the door as well.
I went to college then dropped out during the first semester. Feeling a little defeated, I went back to work for the camp. I then left the mountains and took a job at a mom and pop computer repair shop for about 6 months. I then attended a coding school where I was taught the basics of C and honed my Bash and Linux skills more thoroughly.
I have since left the school to pursue my real passion and to start self-studying for the OSCP certification, and everything that comes after that. I still consider myself a script kiddie, and it constantly feels like I'm just starting out on my infosec journey, but I am extremely thankful that those past events all helped guide me into pursuing this field further.
NANCY: What resources do you use to learn more about cybersecurity? Do you have any to recommend?
NICHOLAS: There are way too many great resources to list them all. As far as the defensive side goes I would suggest getting into reading a couple of whitepapers here and there, namely cshub, and SANS cyber defence. Practicing and learning on the offensive side is best done in a lab environment.
Luckily there are quite a few amazing online labs that will allow you to unleash your mischievous intent upon them. Hackthebox.eu provides a virtual lab environment with vulnerable Linux and windows machines, vulnhub.com hosts a multitude of virtual machine images to set up your own lab in a VM, Overthewire's Wargames serves up a ssh server that teaches Linux security starting at the fundamentals, and Owasp's Juice Shop is an insecure site that allows one to test web application security. I also need to mention a few resources that got me started on these, they were Null Byte on wonderhowto and The Cyber Mentor on YouTube.
NANCY: Do you have any advice for aspiring cybersecurity professionals?
NICHOLAS: Stay curious and research about everything no matter how simple, seemingly insignificant, or convoluted it seems on the surface. When things are overwhelming stick with it and keep exposing yourself to new and challenging concepts even when it seems like it's way over your head. If needed, don't be afraid to take a step back to learn the basics, there is absolutely nothing shameful in it. Having good fundamentals is the key to understanding more complex concepts. You can absolutely do it.
NANCY: If you could give our readers one piece of advice on how to safer online, what would it be?
NICHOLAS: Burn any and all electronic devices! No, just be very careful what you click on, what you agree to, and who you give your information to. Just be more careful, everyone.