You Don't Need to Start as a Teen to be an Ethical Hacker

Meet Justin Whitehead. While a lot of his contemporaries were going to college, he became an Airborne soldier. After that he went to college, became an IT technian, got some experience as a Computer Forensic Analyst, and met people who looked like they were having a good time as penetration testers. So he took some recommended classes,got hired by One World Labs, and last week at B-Sides Austin, he and coworker Antonio Herraiz gave a talk titled 'Spanking the monkey/How pen testers can do it better.

Justin is 40, an age where a lot of people in the IT game worry about being over the hill and unemployable. But Justin's little video talk should give you hope -- whether you're a mature college student, have a stalled IT career or are thinking about a career change but want to keep working with computers and IT in general. It seems that there are decent IT-related jobs out there even if you're not a youngster; and even if you didn't start working with computers until you were in your 20s or 30s.

Re:can't find a job at 40?

[CaptainDork]

The smart hackers know how to and when not to.

Re:can't find a job at 40?

Possibly my 25 year old body, but not the mind that went with it. I know more, understand more, can learn more, and think better than I could then.

Re: Just what infosec needs: washouts

Most all of the twenty-somethings I have met want nothing to do with tech aside from kik, snapchat, and twitter.

Daughter: "I have this horrible error on my laptop and I cant do anything."

Me: "Ok. What does the error say?"

Daughter: "I dont know. I didnt read it."

Worst First Comments...

[OakDragon]

...Ever!

Seriously?

[khasim]

The title could be reworded to "Masturbation/How pen testers can do it better."

I think I'll skip that video. Thanks.

Re:Seriously?

[s.petry]

Block taboolya.com and ooyala.com, problem solved. If you don't run NoScript by now, shame on you.

Re: Just what infosec needs: washouts

My favorite is when they say they want to be "game developers".

It's like "professional athlete" for people who want to smoke pot and not exercise. At least aspiring MLG are honest about their fantasy.

My software development hobby has turned towards games by accident. I don't like video games but they're a good way to test/learn AI.

Re:How's he encouraging more women to join the fie

[rHBa]

How's he encouraging more women to join the field?

By giving talks about Spanking The Monkey of course, how could that possibly fail?

Workers are not hackers

People who get into security for a paycheck are not hackers, they're security professionals. Hackers are people who do it on their own time, for its own sake. It's not tinkering if you're getting paid for it. Just a semantic nuisance that annoys me, as a non-hacker, and a security professional, but also as someone who has been around REAL hackers for 20 years. If I was independently wealthy, I would not spend my time "hacking," because I am not a hacker. Security is a job to me.

Calling security professionals "hackers" unduly deprives true nerds of a designation they deserve to reserve. A 9-5er CEH is not the same as someone who bug hunts for free because that's his version of playing basketball. Maybe it's a dead horse, but it's a dead horse that still stinks to high hell.

Re: can't find a job at 40?

[Jason+Levine]

Youth has the edge on age when it comes to body fitness. However, age has the edge on youth when it comes to experience. By the time you get to 40, you've made a ton of mistakes and have (hopefully) learned from them. You know what works and what doesn't. Youth likes rolling its eyes at Age and running headlong down a path that Age says won't work. Sometimes Youth succeeds, but more than likely Age is proven right.

Re:can't find a job at 40?

[unimacs]

Huge bellies, size 36 pants, and being out of breath from going up a flight of stairs are the results of being over 40. They are the results of being out of shape. Even wrinkles at 40 to a certain extent are the result of lifestyle choices.

I was in good shape in my 20s too and it would be a lie to say I "feel" better now than I did then. Personally I wouldn't mind having my 25 year old body back but even at 50 I've still got more speed and stamina that a lot of twenty somethings. And frankly, learning has continued well beyond that age. There's a lot of stupid things I did back then and I've got more skills.

Key is continuous learning

[SuperKendall]

I'm well over forty and I'd say none of those things apply (well, perhaps a little balder). I'm not as strong as I was at 25 but I'm not weak either, and I can go up many flights of stairs without winding... basically all of those things are a warning that you should stay active.

But that's beside the point, the biggest problem you list, the inability to learn new things, is what happens when you stop learning long enough. The longer you go without doing new things, the harder it is to get back into it... your mind may not be quite as plastic as when you are a kid, but I'm not sure it's any more incapable of learning at 40 than at 20. It's just there is more life baggage built up around you to overcome...

Re:can't find a job at 40?

I'm turning 35 and while I can't deny the effects of aging I'm more fit than I was in my 20s. God I had a horrible way of life and was actually left panting for going up a flight of stairs.

Aging is a multifactorial process. I envy the mindlessness I had back then. By around 30~35 people usually realize they too are truly going to die someday and I already had my share of dying around.

Not that I did not know then but realizing it is a whole different matter.

Re:How's he encouraging more women to join the fie

[s.petry]

WTF is with at douche bag SJW in every goddamn post recently? Your rant will not work here pal, we are better educated than you! Come out of hiding and debate, I triple dog dare you!

Mostly this

[s.petry]

But I have to add that all of the hype is plain old wrong if you want to be a career IT security specialist. Hacking, or actually performing a penetration test, is a very small portion of the job. Seems like all of the hype around coding currently to try and flood the market with people thinking they can "hack" to reduce wages may be happening here. I don't know if that's true or not, but seems reasonable given the treatment of "coders" lately.

I was also confused at the "people over 40 can't find jobs" stuff, because after I hit 40 my desirability went way up. Maturity, especially in IT security, is a well sought after trait.

Re:Mostly this

[s.petry]

The Wunderkind gets all the "sexy" jobs of performing audits, vulnerability assessments and penetration tests.

Well no, this is not really true. Younger IT Security people are doing a lot of other things. Trying to sneak in doors behind people, drop flash drives to see who plugs them in, copy/paste HTML code to make fake phishing campaigns too. To the horror of many, they find that they have to write reports on their findings and actually communicate with people. They have to make recommendations, and be absolutely sure of their facts with documentation, documentation, and even more documentation.

The media is focusing on what is maybe 10% of an IT security person's job. This reality chases many people from this line of work.

Headline is technically correct

[wonkey_monkey]

You Don't Need to Start as a Teen to be an Ethical Hacker

You don't need to start as a teen to be anything. You have to start as a baby like everyone else.

Sounds awesome to me...

[MichaelMacDonald]

Please, PLEASE, put noobs like this in charge of important stuff we want to hack... PLEASE. Just sayin'

"stand up,hook-up,shuffle to the door"

[master1588]

Mega-props for the lyrics. I haven't seen that in tech circles, well, ever. And now, "C-130 rollin' down the strip, 64 Rangers on a one-way trip, mission top-secret, destination unknown, ..."

Re:can't find a job at 40?

[clicker666]

I'm turning 49 in a month. I take care of all the end user support in our organization. My predecessor retired from his position, and I'm planning on doing the same in 11 years. I'm not socially awkward and have a lot of life experience, which makes it easier for me to teach people who might otherwise be put off by me being a "young pup". Health wise, I had a wake up call in my early 40s and have lost weight with diet and weightlifting, gave up smoking, and am now an amateur powerlifter..

Transcript

[CODiNE]

Where is it? Let's not further exclude the deaf from the internet, daily life is marginalization enough.

Sure it can be too late!

[duck_rifted]

It became too late to become an ethical hacker when the FBI started bullying people into working for them. "Here, come disrupt your life no matter the consequences to you or your family, or we'll destroy your life." Screw that. Some fields can't pay enough to be worth their risk. When story after story about the people who can hack involve their being bullied by their government, it's just not worth it to learn those skills.

Or at least this is my impression. If I'm wrong, then it might help if electronic security were further legitimized at the academic level. We haven't had an overhaul of related academic majors in too long. You can study "Information Technology," which boils down to how to connect routers and work spreadsheets, or you can study Computer Science, which these days boils down to a practical approach to calculus and a primer to teach yourself how to actually produce software. But the shortcomings of this academic template aren't going to matter until the PhDs making money on it speak up.