Kevin David Mitnick (born August 6, 1963) is an American computer security consultant. He now runs the security firm Mitnick Security Consulting, LLC that helps test companies’ security strengths, weaknesses, and potential loopholes. He is also the Chief Hacking Officer of the security awareness training company KnowBe4, as well as an active advisory board member at Zimperium, a firm that develops a mobile intrusion prevention system.
Mr. Mitnick doesn’t have a Bachelor’s in Computer Science or Cyber Security. Nor does he have a degree at all. He did attend Los Angeles Pierce College and the University of Southern California. However, he used social engineering and dumpster diving to bypass the punch card system used by the LA bus system. He advanced to gaining access to a computer network in 1979, at the age of 16.
Later in his hacking life, Mitnick was charged and convicted in 1988. He served 12 months in prison followed by three years of supervised release. In his 2002 book, The Art of Deception, Mitnick states that he compromised computers solely by using passwords and codes that he gained by social engineering. In the context of information security, social engineering refers to the psychological manipulation of people into performing actions or divulging confidential information.
It appears that Mr. Mitnick excelled in this area since he contends that he used no hacking software or hardware. He relied on his social skills to obtain the information he needed. Recruiters in this field agree that soft skills are vital to the profession. Therefore, cybersecurity professionals must demonstrate effective communication skills, both verbally and written. These are as important as technical expertise. In addition, they should be able to communicate in the most appropriate language for their audience. Communication skills have been critical in both incident responses and improving a companies’ cybersecurity infrastructure.
Renee Walrath, founder of Walrath Recruiting stated: “To work in cybersecurity, curiosity is an absolutely essential trait.” Because of the changing nature of cybersecurity, you must be curious as to what could happen. The job requires asking questions, probing, even questioning yourself. Your curiosity will likely generate different perspectives and opinions. From these questions, you will need to propose solutions.
The investigative process provides many opportunities for open-ended questions, such as “What is responsible for the network traffic?” or “Why would this internal host talk to that external host?” When presented with an open-ended question, curiosity is responsible for motivating the internal evaluation of hypothetical situations. The curious person will excel in hypothesis generation and will provide valuable input to other departments and security personnel.
Analytical skill is the ability to use critical thinking and problem-solving skills in order to find a solution or complete an exercise. In addition, it is the ability to visualize, articulate, conceptualize, or solve both complex and uncomplicated problems by making decisions that are sensible given the available information. They are problem-solving skills. They are a collection of traits and abilities that emphasize a logical, rational approach to tackling new ideas, sorting information, and discovering creative solutions. Problem-solving isn’t just about finding a solution. It’s about being able to identify that there’s a problem in the first place. Once a problem has been identified, critical analysis and rational deduction will help you solve it. This also entails creative thinking.
You must have strong analytical skills. In this job, you have to be able to study computer systems, assess any potential risks, and consider possible solutions.
Your employer could mandate some of the education. IBM, for example, requires all employees to complete digital training each year, which covers matters from secure handling of client data to appropriate sharing on social media sites. Employees can easily learn how to spot and avoid the most frequent types of threats, such as phishing attacks in emails.
After your degree, you can elevate your credentials with certification. The Certified Information Systems Security Professional (CISSP) is one example. This cybersecurity certification is an elite way to demonstrate your knowledge, advance your career, and become a member of a community of cybersecurity leaders. It shows you have all it takes to design, engineer, implement, and run an information security program. To maintain the CISSP certification, you must earn 40 continuing professional education (CPE) credits annually and 120 credits over a three-year period.
Udemy is a recognized provider of online classes in a host of subjects. This is an excellent way to self-educate at a nominal price. Samples of courses related to this topic are:
- The Complete Cyber Security Course: Hackers Exposed- Volume 1: An advanced practical skill set in defeating all online threats – advanced hackers, trackers, malware and all Internet nastiness including mitigating government spying and mass surveillance.
- Certified Cyber Threat Intelligence Analyst: This Certification course (69 lectures/9.5 hours) will help you acquire the skills needed to find out who is behind an attack, what the specific threat group is, the nation that launched the attack, as well as techniques used to launch this attack.
Udemy has courses from beginner to expert level and most are $14.99.