Slashdot Mirror

← Back to Stories (view on slashdot.org)

You Don't Need to Start as a Teen to be an Ethical Hacker (Video)

Posted by Roblimo on from the stand-up-hook-up-shuffle-to-the-door-jump-right-out-and-count-to-four dept.

Meet Justin Whitehead. While a lot of his contemporaries were going to college, he became an Airborne soldier. After that he went to college, became an IT technian, got some experience as a Computer Forensic Analyst, and met people who looked like they were having a good time as penetration testers. So he took some recommended classes,got hired by One World Labs, and last week at B-Sides Austin, he and coworker Antonio Herraiz gave a talk titled 'Spanking the monkey/How pen testers can do it better.

Justin is 40, an age where a lot of people in the IT game worry about being over the hill and unemployable. But Justin's little video talk should give you hope -- whether you're a mature college student, have a stalled IT career or are thinking about a career change but want to keep working with computers and IT in general. It seems that there are decent IT-related jobs out there even if you're not a youngster; and even if you didn't start working with computers until you were in your 20s or 30s.

56 comments

  1. hi by Anonymous Coward · · Score: 0

    im 44 and one of the top actual hackers in world//// been that way for like 15 years....im employable all right....haha
    guess what i aint helpin the nsa or friends EVER...

    1. Re: hi by Anonymous Coward · · Score: 0

      And you still haven't had your pickle tickled I'm guessing

    2. Re: hi by Anonymous Coward · · Score: 0

      Sounds like something gays would do, tickling pickles. Are you suggesting this poster engage in man on man love with you?

    3. Re: hi by Anonymous Coward · · Score: 0

      How about some man on your mum love?

  2. Over the hill? by Anonymous Coward · · Score: 0

    I've yet to see proper code written by someone under 30. Including myself. No, I'm not over 40 yet, but everyone who I know who is, and is still writing code are rock solid coders. I can take a friggin' static analyzer to their code, and not get a single issue found.

    Posting AC, as I'm terribly age-racist here.

  3. can't find a job at 40? by Anonymous Coward · · Score: 0

    seriously?

    I feel far more competent at 40+ than I did at 25.

    And I did learn how to hack before I was a teenager.

    1. Re:can't find a job at 40? by CaptainDork · · Score: 1

      The smart hackers know how to and when not to.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:can't find a job at 40? by Anonymous Coward · · Score: 1

      Possibly my 25 year old body, but not the mind that went with it. I know more, understand more, can learn more, and think better than I could then.

    3. Re:can't find a job at 40? by Anonymous Coward · · Score: 0

      Yes, thankfully being caught twice and let off with minor penalties - I learned my lesson.

    4. Re:can't find a job at 40? by Anonymous Coward · · Score: 0

      Face it, youth is the peak human condition. Everything else is just denial.

      Face it 40 isn't old and if your out of shape and look like shit you have only yourself to blame.

    5. Re:can't find a job at 40? by Anonymous Coward · · Score: 0

      I recently turned 40 but people tend to think I'm 30 and despite being the 2nd oldest, I can code circles around everyone in my company.

    6. Re: can't find a job at 40? by Jason+Levine · · Score: 1

      Youth has the edge on age when it comes to body fitness. However, age has the edge on youth when it comes to experience. By the time you get to 40, you've made a ton of mistakes and have (hopefully) learned from them. You know what works and what doesn't. Youth likes rolling its eyes at Age and running headlong down a path that Age says won't work. Sometimes Youth succeeds, but more than likely Age is proven right.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    7. Re:can't find a job at 40? by unimacs · · Score: 1

      Huge bellies, size 36 pants, and being out of breath from going up a flight of stairs are the results of being over 40. They are the results of being out of shape. Even wrinkles at 40 to a certain extent are the result of lifestyle choices.

      I was in good shape in my 20s too and it would be a lie to say I "feel" better now than I did then. Personally I wouldn't mind having my 25 year old body back but even at 50 I've still got more speed and stamina that a lot of twenty somethings. And frankly, learning has continued well beyond that age. There's a lot of stupid things I did back then and I've got more skills.

    8. Re:can't find a job at 40? by Anonymous Coward · · Score: 0

      As they say, youth is wasted on the young.

    9. Re:can't find a job at 40? by Anonymous Coward · · Score: 1

      I'm turning 35 and while I can't deny the effects of aging I'm more fit than I was in my 20s. God I had a horrible way of life and was actually left panting for going up a flight of stairs.

      Aging is a multifactorial process. I envy the mindlessness I had back then. By around 30~35 people usually realize they too are truly going to die someday and I already had my share of dying around.

      Not that I did not know then but realizing it is a whole different matter.

    10. Re:can't find a job at 40? by Anonymous Coward · · Score: 0

      can we all just agree this label of ethical hacker is sum bullshit? kthx.

    11. Re:can't find a job at 40? by clicker666 · · Score: 1

      I'm turning 49 in a month. I take care of all the end user support in our organization. My predecessor retired from his position, and I'm planning on doing the same in 11 years. I'm not socially awkward and have a lot of life experience, which makes it easier for me to teach people who might otherwise be put off by me being a "young pup". Health wise, I had a wake up call in my early 40s and have lost weight with diet and weightlifting, gave up smoking, and am now an amateur powerlifter..

  4. How's he encouraging more women to join the field? by Anonymous Coward · · Score: 0

    Typical article about yet another white male in the IT field. Why not an article on a black or a woman pen tester, Roblimo? Why must you hate?

  5. Just what infosec needs: washouts by Anonymous Coward · · Score: 0

    Justin sounds like a great guy but the way his story is being pitched does a disservice to anyone dumb enough to buy in to the hype.

    Justin was able to turn around his career by being a self-starter. Infosec is fashionable right now but it's attracting talent-less hacks like flies as a consequence. During the gold rush the late ones to buy pick axes didn't strike their fortune and this slashvertisement sounds like it's selling hope to desperate has-beens looking for a new career.

    The consensus among employers hiring "hackers" seems to be that they don't want you unless you have your Cisco/CompTIA certs. As a consequence: selling people the notion they can escape being useless in the modern economy by becoming a career "hacker" is doing them a disservice. The credentials required for that narrow specialization are identical to the credentials required to get a job that doesn't require shaving a Mohawk on your head and are in almost equally hot demand.

    Hackers don't need to be convinced to study the material, they need to be convinced to play the Human Resources game. If you're selling the material, just recruit people in to networking. It doesn't sound as glamorous but that's the point: you don't have to be a self-promoting ninja savant to make a career out of it.

    1. Re: Just what infosec needs: washouts by Anonymous Coward · · Score: 1

      Most all of the twenty-somethings I have met want nothing to do with tech aside from kik, snapchat, and twitter.

      Daughter: "I have this horrible error on my laptop and I cant do anything."

      Me: "Ok. What does the error say?"

      Daughter: "I dont know. I didnt read it."

    2. Re:Just what infosec needs: washouts by Anonymous Coward · · Score: 0

      Thank you

    3. Re: Just what infosec needs: washouts by Anonymous Coward · · Score: 1

      My favorite is when they say they want to be "game developers".

      It's like "professional athlete" for people who want to smoke pot and not exercise. At least aspiring MLG are honest about their fantasy.

      My software development hobby has turned towards games by accident. I don't like video games but they're a good way to test/learn AI.

  6. Worst First Comments... by OakDragon · · Score: 1

    ...Ever!

    --
    Dark Reflection
  7. Fixed that for you by Anonymous Coward · · Score: 0

    You Don't Need to Start as a Teen to be an Ethical Hack (Autoplaying Video)

  8. WE ARE SLASHDOT by Anonymous Coward · · Score: 0

    HOORAH!!!

  9. Autoplaying or no work? why slashdot why by Anonymous Coward · · Score: 0

    This video autoplays on my browser and it is very frustraing at work with my sound on, I load it in my vivaldi beta and it says i must install adobie media installers dmg and install install so install can download and install the flash player media plugin. Please help Someone at Slashdot Fix your autoplaying video flash bugs. Thank you.

    1. Re:Autoplaying or no work? why slashdot why by Anonymous Coward · · Score: 0

      Wow. You are displaying an awesome level of ignorance. Autoplay is gone, and /. videos are now HTML5. Except for you, on WizzbangLSD browser build 0.0014.

  10. Seriously? by khasim · · Score: 1

    The title could be reworded to "Masturbation/How pen testers can do it better."

    I think I'll skip that video. Thanks.

    1. Re:Seriously? by Anonymous Coward · · Score: 0

      Too late, it's already autoplaying

    2. Re:Seriously? by s.petry · · Score: 1

      Block taboolya.com and ooyala.com, problem solved. If you don't run NoScript by now, shame on you.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  11. Ethical masturbation? by Anonymous Coward · · Score: 0

    Discuss.

  12. Re:How's he encouraging more women to join the fie by rHBa · · Score: 1

    How's he encouraging more women to join the field?

    By giving talks about Spanking The Monkey of course, how could that possibly fail?

  13. Workers are not hackers by Anonymous Coward · · Score: 1

    People who get into security for a paycheck are not hackers, they're security professionals. Hackers are people who do it on their own time, for its own sake. It's not tinkering if you're getting paid for it. Just a semantic nuisance that annoys me, as a non-hacker, and a security professional, but also as someone who has been around REAL hackers for 20 years. If I was independently wealthy, I would not spend my time "hacking," because I am not a hacker. Security is a job to me.

    Calling security professionals "hackers" unduly deprives true nerds of a designation they deserve to reserve. A 9-5er CEH is not the same as someone who bug hunts for free because that's his version of playing basketball. Maybe it's a dead horse, but it's a dead horse that still stinks to high hell.

    1. Re:Workers are not hackers by Anonymous Coward · · Score: 0

      I tried to draw this distinction myself but you expressed it far more elegantly than I was able to do.

    2. Re:Workers are not hackers by Anonymous Coward · · Score: 0

      People who get into security for a paycheck are not hackers, they're security professionals. Hackers are people who do it on their own time, for its own sake. It's not tinkering if you're getting paid for it. Just a semantic nuisance that annoys me, as a non-hacker, and a security professional, but also as someone who has been around REAL hackers for 20 years. If I was independently wealthy, I would not spend my time "hacking," because I am not a hacker. Security is a job to me.

      Calling security professionals "hackers" unduly deprives true nerds of a designation they deserve to reserve. A 9-5er CEH is not the same as someone who bug hunts for free because that's his version of playing basketball. Maybe it's a dead horse, but it's a dead horse that still stinks to high hell.

      I do both. By day, I do it for others hired gun, and by night I work on my own stuff unpaid (not illegal activities, but things I am interested in). I think it makes me a better asset than the people just in it for the money, they just get to learn what they are told to learn and no more.
      I work with some guys who fit your description who are just there to make up the corporate numbers and tick some boxes, but then, I work with some others who are equally as mad tinkerers with odd skillsets. Guess who get given the really oddball difficult to deal with non standard things?
      Anon, because some of my co workers might get mad.

  14. If you didn't work with computers until your 30's by Anonymous Coward · · Score: 0

    Don't expect me to hire you until you are 40.

  15. Key is continuous learning by SuperKendall · · Score: 1

    I'm well over forty and I'd say none of those things apply (well, perhaps a little balder). I'm not as strong as I was at 25 but I'm not weak either, and I can go up many flights of stairs without winding... basically all of those things are a warning that you should stay active.

    But that's beside the point, the biggest problem you list, the inability to learn new things, is what happens when you stop learning long enough. The longer you go without doing new things, the harder it is to get back into it... your mind may not be quite as plastic as when you are a kid, but I'm not sure it's any more incapable of learning at 40 than at 20. It's just there is more life baggage built up around you to overcome...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  16. Announcement: Slashdot is now Irrelevant. by Anonymous Coward · · Score: 0

    I realized all the thinly veiled and thickly veiled AstroTurf articles about women in IT, and articles like this one about "being relevant after 40", and other garbage.

    It's not news relevant to my industry, or chosen profession.

    At all.

    It's completely irrelevant.

    There are much better sources of information.

    The key is to smell the waft of giving you reasons to discount yourself and discourage yourself.

  17. Re:How's he encouraging more women to join the fie by s.petry · · Score: 1

    WTF is with at douche bag SJW in every goddamn post recently? Your rant will not work here pal, we are better educated than you! Come out of hiding and debate, I triple dog dare you!

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  18. Mostly this by s.petry · · Score: 4, Insightful

    But I have to add that all of the hype is plain old wrong if you want to be a career IT security specialist. Hacking, or actually performing a penetration test, is a very small portion of the job. Seems like all of the hype around coding currently to try and flood the market with people thinking they can "hack" to reduce wages may be happening here. I don't know if that's true or not, but seems reasonable given the treatment of "coders" lately.

    I was also confused at the "people over 40 can't find jobs" stuff, because after I hit 40 my desirability went way up. Maturity, especially in IT security, is a well sought after trait.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Mostly this by Anonymous Coward · · Score: 0

      Yep. Surely low level IT positions are harder to get, but there are plenty of jobs for 40 and up. They are senior positions; they pay more and demand more responsibility. Anyone who is complaining about no jobs for 40+ doesn't have the resume to get a senior level position.

    2. Re:Mostly this by Anonymous Coward · · Score: 0

      Security is part of risk management, and you do not get a deep understanding of risk factors and impact until you have real world exposure.

      Having some grey hair is not a career limitation. Oddly enough, it actually helps ground what you are saying as it is backed by years of experience. There is a world of difference on how a corporate board reacts to a 25 year old Wunderkind saying "Don't do that", and a seasoned and bloodied middle age advisor saying exactly the same thing.

      The Wunderkind gets all the "sexy" jobs of performing audits, vulnerability assessments and penetration tests. I get to deal with governance, risk and compliance issues. At the end of the day, we both are information security professionals, but the younger generation is focused on tactics, and I'm dealing with strategy and business outcomes.

    3. Re:Mostly this by s.petry · · Score: 1

      The Wunderkind gets all the "sexy" jobs of performing audits, vulnerability assessments and penetration tests.

      Well no, this is not really true. Younger IT Security people are doing a lot of other things. Trying to sneak in doors behind people, drop flash drives to see who plugs them in, copy/paste HTML code to make fake phishing campaigns too. To the horror of many, they find that they have to write reports on their findings and actually communicate with people. They have to make recommendations, and be absolutely sure of their facts with documentation, documentation, and even more documentation.

      The media is focusing on what is maybe 10% of an IT security person's job. This reality chases many people from this line of work.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  19. Cookie Cutter Outside the box... by Anonymous Coward · · Score: 0

    This seems like a marketing video with a lot of keywords while giving little information. Most pen-testers are script-kiddies. It sounds like he is using the same tools as everyone else, not developing anything new, only writing a report rather than filling in boxes on a form.
    It sounds more like he is trained in PR and is attempting to make a success story and campaign out of thin air.
    I think i'm the monkey for watching the entire video. The company that "took a chance" on him, thanks for hiring Vets but i think the 13 year old "hacker" has more out of box experience than the entire company if Justin is any indicator of their team.
    His lack of any off hand configs / mods / changes he keeps referencing makes me think he runs the "out of the box" (read: they have a box and he picks a config out of it) script like everyone else.
    I know it sounds shitty, but pen-testing is not glamorous, isn't difficult, out of the box and isn't hacking.

  20. Re:How's he encouraging more women to join the fie by Anonymous Coward · · Score: 0

    As a White Male, I was actively discouraged from joining the field by my parents who thought it was for criminals. Toughen up buttercup.

    The high salaries reflect the insane number of hours required to be good. These aren't classroom hours where you stretch 2 hours learning in to an 8 hour day.
    These are obsession hours:
    -Google searches and phone calls scratching at the surface of a subject that doesn't even have a book written about it yet.
    -Loved ones getting upset because you're on your laptop while they're trying to sleep, and daydreaming about a problem while they're trying to have a conversation with you.
    -Waking up in the morning and realizing you've been dreaming about the problem while you slept.

    Hackers don't need the validation of their peers to do the work. I've never worked as a security professional so I can't comment on the work environment. When I see more women doing this stuff for fun, I'll decry the fact that they don't do it for money.

    If there was so much interest a woman executive should be able to put help wanted advertisements in a magazine targeted at women and correct the market inefficiency by hiring at a discount. I don't see that happening. If you want to social engineer demographics start at K-12 but don't be surprised if the "easy money" has moved on to some other specialization by the time you have a bunch of techno-hipster HS graduates flooding the job market.

  21. Headline is technically correct by wonkey_monkey · · Score: 1

    You Don't Need to Start as a Teen to be an Ethical Hacker

    You don't need to start as a teen to be anything. You have to start as a baby like everyone else.

    --
    systemd is Roko's Basilisk.
  22. Sounds awesome to me... by MichaelMacDonald · · Score: 1

    Please, PLEASE, put noobs like this in charge of important stuff we want to hack... PLEASE. Just sayin'

  23. "stand up,hook-up,shuffle to the door" by master1588 · · Score: 1

    Mega-props for the lyrics. I haven't seen that in tech circles, well, ever. And now, "C-130 rollin' down the strip, 64 Rangers on a one-way trip, mission top-secret, destination unknown, ..."

  24. Transcript by CODiNE · · Score: 1

    Where is it? Let's not further exclude the deaf from the internet, daily life is marginalization enough.

    --
    Cwm, fjord-bank glyphs vext quiz
  25. face palm by Anonymous Coward · · Score: 0

    It's amazing how many trolls are missing the point of this interview.

  26. Sure it can be too late! by duck_rifted · · Score: 1

    It became too late to become an ethical hacker when the FBI started bullying people into working for them. "Here, come disrupt your life no matter the consequences to you or your family, or we'll destroy your life." Screw that. Some fields can't pay enough to be worth their risk. When story after story about the people who can hack involve their being bullied by their government, it's just not worth it to learn those skills.

    Or at least this is my impression. If I'm wrong, then it might help if electronic security were further legitimized at the academic level. We haven't had an overhaul of related academic majors in too long. You can study "Information Technology," which boils down to how to connect routers and work spreadsheets, or you can study Computer Science, which these days boils down to a practical approach to calculus and a primer to teach yourself how to actually produce software. But the shortcomings of this academic template aren't going to matter until the PhDs making money on it speak up.