>Some expletives have been edited out<
>The catching of feelings is encouraged<
>Heavy Hip Hop references included<
Early last year (2014), I started getting into information security. I have always had a passion for figuring out how things work and everything had been building up to my transition into the hacking profession. I was from a non-IT educational background but I had been working in IT for slightly over two years. The job was in a big firm with good pay and I was getting promoted yearly. I however wanted to get into hacking on a full time basis and I decided I’d quit after 6 months which would coincide with the end of the financial year. I would also avoid having to do the yearly performance review :-). During the next 6 months, I studied the books I could find on information security, watched hacker conference talks and practiced on virtual environments. As scheduled I tendered in my resignation in June last year, maneuvered through having to go through counter-offer talks as I wasn’t leaving for greener pastures, wrote a colourful farewell and became unemployed from the start of July. Thus started my freelance infosec life.
It’s slightly over one year from then and I’ve gotten to interact with the information security community in the country.
This is where the rant begins.
We really have a long way to go. I look back at the last two years and it is very clear that all that I have managed to do is mostly script kiddie nonsense interspersed with a hack here and there. I am not alone, this is the story of almost the entire information security community in the country. We are reduced to reproducing exploits/hacks that are recently discovered or have been out there for a while. The problem is that most of us seem content with it. If this is not arrested we risk falling into mediocrity, a bunch of elite reproducers.
The issue is that we are not outliving our script kiddie phase. We are getting comfortable being the best of a poor pool. We are stagnating and slowing down to a crawl in our development. Remember when you were getting started? The verve and joy of discovery of a new world? Why are we letting that fire flicker away leaving behind ashes of passion extinguished.
It saddens me that the next generation is looking up to us wowing and aaahhhing to our reproductions. They are the ones supposed to be in their script kiddie phase but we’re lagging behind with them as one merry content family. Let’s stop being content with going through the motions waiting for our next pay once we convince our bosses/clients that we are the >content omitted<.
This is what we need:
Hackers, as the post suggests. Let’s be the ones that discover bugs and exploits. Let’s be the ones that influence the opinion of decision makers. Let’s have at least ten hackers within a year who can see what others cannot. I would love to have a situation where skilled hackers have to dumb down their conversations for a regular IT person to understand. We have so many unexplored areas just because there aren’t exploits out there we can reproduce. Look at all this technology that gets introduced into our market, smart meters, digital TV and so on. We can’t be lying around waiting for someone out there to come and explore the possibilities. Let’s push the limits and not just ride into the sunset accepting “good enough” as our defining accomplishments.
Script kiddies. We need lots of them. I am not talking about the kind that seem devoid of imagination and require regular doses of spoon feeding. I am talking about the newbies and enthusiasts who have an understanding of the field. We need a pool that feeds off from the hackers. People that will become masters and outshine the teachers. We need people who will get bored of just regurgitating stuff. We need them hungry and with a point to prove. Most importantly we need them to keep hackers on their toes and prevent them from settling.
Businessmen. The hacking profession needs financial backing, to go mainstream. We need successful businessmen in the profession. People who’ll make bootloads of cash and excel. People who’ll garner influence in elite circles. These will be a select few who with their credibility gain the necessary clout to open up the field. We need shrewd businessmen who’ll keep touch with the community, eventually leading to opportunities for the high school kid that likes tinkering with systems, five years into the future. We need the Steve Jobs to the Wozniaks.
Hacking groups. For us to fully push the boundary of the impossible we need thriving hacker ecosystems. Hacker groups provide great environments to incubate and provide an outlet both for skilled and budding hackers. Look at groups like L0pht and what came out of the them. Look at SRLabs from Germany. Look at how much has changed since AfricaHackon came onto the scene.
Rebels and non-conformists. These can fall in all of the previous groups. We need independent thinkers trying to disrupt the hacker scene. We need them for checks and balances and to arrest complacency and entitlement along the way. We need constructive critics questioning the status quo. I want someone to call this post a whole pile of >content omitted< and write a rebuttal, hehe.
When it’s all said and done, it boils down to individual decisions and commitment. There are people happy just being good enough in stable employment…Contribute to the hacking society and rock on. There are people a lot more concerned about how high their pay cheque is than the thrill of the hack…Make that money and rock on. There are those that die for the art so that they can give back…Rock on but don’t get lost along the way. This is how Jay-Z put it in “Moment of Clarity”:
I dumbed down for my audience to double my dollars
They criticized me for it, yet they all yell “holla”
If skills sold, truth be told, I’d probably be
Lyrically Talib Kweli
Truthfully I wanna rhyme like Common Sense
But I did 5 mill’ - I ain’t been rhyming like Common since
We as rappers must decide what’s most important
And I can’t help the poor if I’m one of them
So I got rich and gave back, to me that’s the win/win
So next time you see the homey and his rims spin
Just know my mind is working just like them
And more recently J. Cole in “Let Nas down”:
I always believed in the bigger picture
If I could get them niggas to listen outside my core then I can open a door
Reintroduce ‘em to honesty, show ‘em that they need more
The difference between the pretenders and the Kendrick Lamars
And so, I took the fall like the son of the Lord
On the cross, dyin’ for that fake shit you niggas bought
For the past decade, if I should pass please let this be my last essay
Therefore I write from the heart
Apologies to OG’s for sacrificin’ my art
But I’m here for a greater purpose, I knew right from the start
I’m just a man of the people, not above but equal
And for the greater good I walk amongst the evil
All is not doom and gloom. I know a few people who aren’t comfortable just being good enough. People who in a year or so will probably be doing extra-ordinary things. We have AfricaHackon changing the landscape with bootcamps in institutions where the new crop is being properly introduced into the field. I am also sure we have people out there doing their thing away from the limelight. One case is a guy I met at iHub during the second AfricaHackon conference. A hobbyist hardware hacker who has done some awesome hardware reverse engineering stuff. Unfortunately I didn’t get his number so if whoever it is reads this post, get in touch. I end with one of my favourite quotes:
The difficult we do immediately; the impossible takes a little longer