stop studying cybersecurity
parent
7e2ea86cf6
commit
ae2b4b8c8f
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
title: "OPINION: stop studying cybersecurity because of me"
|
||||||
|
date: 2024-07-28
|
||||||
|
description: "im trying to get u into activism, not college"
|
||||||
|
tags:
|
||||||
|
- opinion
|
||||||
|
- security
|
||||||
|
- infosec
|
||||||
|
- resources
|
||||||
|
feature_image: /img/posts/please/cover.jpg
|
||||||
|
feature_alt: "a photo of two brutalist concrete towers towering out of a forest"
|
||||||
|
feature_caption: this cover image has nothing to do with the article, but i quite like this photo i took
|
||||||
|
---
|
||||||
|
|
||||||
|
> yoooo maia! i just started my first year of cybersecurity at uni, thank u for ur work it inspired me to get into this field!
|
||||||
|
|
||||||
|
while this message isn't real, i get ones like it all the time and it tends to confuse me. don't get me wrong: it puts a smile on my face that people can proudly tell me about some big life decisions i somehow put into motion. but to me thats like watching [oceans eleven](https://letterboxd.com/nyancrimew/film/oceans-eleven-2001/) and getting inspired to join a police academy. studying cybersecurity obviously won't stop you from following in my footsteps, but it just isn't necessary, not even if you intend to actually go into the corporate side of the field.
|
||||||
|
|
||||||
|
while i did complete a four year apprenticeship in software engineering (which definitely helped with acquiring some of the basic required skills), i have not studied cybersecurity—or anything else, for that matter. it's not just me either; basically everyone im friends with in both corporate infosec and the hacktivism scene has a similar background too, with some sort of basic computer science education and then lots of self-teaching and experience-gathering by just sorta... fucking around with stuff.
|
||||||
|
|
||||||
|
most people who study cybersecurity because of me don't seem to necessarily aim to become activists, but they all share a certain drive to do good for society. this is a humble cause, of course, but it unfortunately ignores the reality of the corporate cybersecurity world and seems to be built on a fundamental misunderstanding of my values. after you graduate with a cybersecurity degree you basically have three choices: fight for one of the very few security jobs where you actually help regular people instead of just propping up the broken system, give up all your morals and work for some of the biggest most evil corporations out there or state intelligence agencies (be it directly or indirectly), or simply never work in the field you just went to college for.
|
||||||
|
|
||||||
|
a lot of people who end up choosing the first or second path spend much of their career resenting hackers like me, either out of a sense of duty—concluding that i really am the enemy after all—or out of jealousy and regret. because no matter how hard you try to convince yourself that writing excel reports all day and getting drunk at defcon once a year is *The Hacker Life*, you cant help but think of how much fun all the outlaws are having. you become nothing but a cog in this system until maybe one day you're absorbed so much in its culture that you finally reach your hacking dreams and "level up" to working for the government, where you get to do cool hacker shit like pwning china and russia. you and your friends already get wasted with the DHS and NSA bosses at defcon anyways, so how bad could they really be?
|
||||||
|
|
||||||
|
of course not *everyone* working in infosec is like this. some of my best friends work in this industry and if you're reading this and are mad at me i *definitely* didn't mean you or your bestie. this is simply based on years of experience in and around the industry, plus many stories from my industry friends. i mean, back when the security community still largely congregated on twitter and i wasnt quite as jaded about it yet, i still tried to hang out with industry people a lot more because of the common ground we do technically share. and while i did make some friends, i also get to brag about {% footnoteref "jackie-singh", "with a neonazi history" %}an employee of the 2020 biden presidential campaign{% endfootnoteref %} having bullied and emotionally manipulated me for over a year (*if you know you know*)—and thats just one of many stories.
|
||||||
|
|
||||||
|
## okay but WHAT are you trying to inspire then?
|
||||||
|
|
||||||
|
i'm trying to get you to be your whole self. my own main driving force is standing up for my personal values and showing you that you can do whatever you wanna do in your life. and, okay, i guess that's a bit ironic to say after i just spent all the rest of article proselytizing about why you shouldn't study cybersecurity, but my point isn't that you absolutely *shouldn't* do that *ever*. what i'm trying to do (as i almost always am when i act extremely opinionated in response to possible misunderstandings) is give you a clearer view of how i actually view things to allow you to make a more informed decision beyond the simple thought that "oooh maia does something related to security, i know what i'll study!" i want you to properly think about decisions you make—especially those inspired by people you look up to—because it's so easy to get lost in the fog of parasociality and make decisions you might regret later.
|
||||||
|
|
||||||
|
besides that, i also want people to realize that you (and everyone else) already have the ability to fight for a better world with the skills you already possess, no matter how you do it. that can be by protesting in the streets, organizing and community building, spreading knowledge and information, providing community and at-protest medical support, reporting on-the-ground or from an investigative space, doing research work, running or supporting a community kitchen, providing technical support, hacking, or literally anything else that helps your cause or the community around it. at the end of the day im an anarchist and what im trying to do, side by side with all of you, is build a better world for everyone, step by step.
|
||||||
|
|
||||||
|
## how do i start doing the work you do tho?
|
||||||
|
|
||||||
|
this is another question i get asked very often and i usually don't answer it beyond telling people to stay curious, both because i dont want to get people in trouble for asking me about gray-area activities and also because i've so far been too lazy to actually make a good list of resources.
|
||||||
|
|
||||||
|
but here you go, i finally made that list! given some basic computer science knowledge (which you can acquire from free online guides and courses as well) the following bits of information should allow you to get a foot into the doors of the cybersecurity and hacking world. overall these resources should add up to some level of knowledge in most things i specialize in and with some extra work you should be able to surpass my skill level quickly (dont get caught, bestie :3)
|
||||||
|
|
||||||
|
* start [google dorking](https://en.wikipedia.org/wiki/Google_hacking) [whenever ur bored](https://twitter.com/the_dork_web) (just start with a query like {% footnoteref "confidential-and-proprietary", "yes, that's what that one telegram channel was named after in case you're wondering (iykyk)" %}`"confidential and proprietary" filetype:pdf`{% endfootnoteref %} and refine it to get to whatever kind of info u want)
|
||||||
|
* [learn OSINT](https://www.bellingcat.com/resources/2021/11/09/first-steps-to-getting-started-in-open-source-research/) ([list of useful tools](https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit))
|
||||||
|
* search [zoomeye](https://zoomeye.hk) or [shodan](https://shodan.io) for interesting servers. this makes dorking even more interesting and zoomeye even has built-in dork discovery features
|
||||||
|
* go read [phrack](http://phrack.org), [tmp.0ut](https://tmpout.sh/), [Paged Out](https://pagedout.institute/) and [PoC||GTFO](https://www.alchemistowl.org/pocorgtfo/) (and maybe even contribute to them)
|
||||||
|
* go read phineas fisher's [HackBack series of write-ups](https://theanarchistlibrary.org/category/author/phineas-fisher). while the technical details aren't all 100% up-to-date it's still worth reading for the philosophy alone
|
||||||
|
* check out some other personal/collaborative blogs, such as those of [Eric Daigle](https://www.ericdaigle.ca/), [lyra](https://lyra.horse/blog/), [xyzeva](https://kibty.town/blog), [nullpt.rs](https://www.nullpt.rs/) and [env.fail](https://env.fail/)
|
||||||
|
* participate in [CTFs](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)) (at your school, university, infosec conference or just online) or events like [bggp](https://binary.golf/) ([current season as of publishing](https://binary.golf/5/))
|
||||||
|
* watch [old and new conference talks](https://vimeo.com/38329327) and read vulnerability write-ups
|
||||||
|
* learn a scripting language like python to be able to quickly write one-off scripts (grabbing data from APIs, analyzing and processing data, etc)
|
||||||
|
* read up on opsec!! the [EFF SSD](https://ssd.eff.org/) is a good super basic intro but not enough for complete practical opsec *(PLEASE SOMEONE let me know of a better/more fitting basic resource to link here i cannot think of any)*
|
||||||
|
* learn about databases, there are tons of (free) courses for mysql and postgres online
|
||||||
|
* learn the basics of things like REST APIs, git and web hosting (try to set up your own website!)
|
||||||
|
* figure out how to write your own basic tooling (as an example exercise, try to port [goop](https://github.com/nyancrimew/goop) (or any other simple tool) into another programming/scripting language)
|
||||||
|
* always stay curious and dig into everything
|
||||||
|
* dont post about ongoing hacks, dont confess to crimes online, dont brag about your hacks. keep yourself safe <3
|
Binary file not shown.
After Width: | Height: | Size: 92 KiB |
Loading…
Reference in New Issue