I enjoy origin stories. Abraham Lincoln comes to mind. So does Wade Wilson.
Among Zetier’s growing cadre of cybersecurity engineers, the paths taken to work here are numerous and diverse. This blog post offers a not-very random review of some of their origin stories, illustrating a few of the many different avenues they took to entering the field of offensive cybersecurity.
The Stories
Andrew began his journey with an infatuation with game cheating, spending much of his childhood writing cheat engine scripts and trying to learn about and grasp obfuscation and defensive measures. Knowing he had a penchant for understanding how games worked—as well as a lust for the supreme joy of bending them to his will—Andrew elected to pursue his master’s degree in cybersecurity. It was in graduate school when he decided to try his hand at hacking and hunting for bugs (and their bounties). Andrew found this work addictive and wanted to get into offensive cybersecurity on a more full-time basis. At the time he thought all the jobs in this field were in the military and at NSA; he didn’t know that working in private industry was an option available to him. So Andrew joined the Air Force to obtain more hands-on experience in the world of cyber. At the end of his four-year stint with the military, Andrew eased into the private sector through the DoD’s SkillBridge program—and soon after he came to Zetier, where, as fate would have it, he was encouraged (and paid!) to leverage the tools and skills acquired from game hacking to pursue that joy of conquest on real-world targets. If Andrew were able to talk to his younger self, he’d tell himself to spend more time on the kernel side of game hacking and learning to thwart kernel defenses.
The notion of wanting to work in the field of offensive cybersecurity first came to Anna as a freshman in college. She was part of her school’s cybersecurity club, which focused mostly on red/blue competitions. It wasn’t long before she realized it was waaay more fun to be on the attacking side and hack into networks. Thus began Anna’s path to employment in offensive VR—and at Zetier. Many of her courses and all her internships were geared towards getting better at VR. What Anna didn’t learn until later is that a diverse education is also important, because a lot of VR is interdisciplinary and having a broader set of experiences comes in handy. Anna also wishes she realized earlier to accept opportunities she was offered. She was sometimes concerned she was offered opportunities because she was a “token woman” in tech. In fact, she was getting these chances to join interesting projects because she worked well on teams and had developed a solid professional reputation. Finally, Anna wants to let those just starting out—in a professional career, but also in college—know you need to advocate for yourself if you want change. If you want to move to a new project or change your team leader or change companies, you have to be the one to decide that and then take the steps necessary to make the change happen.
When he was 13 years old, Charlie enjoyed playing video games and thinking about how they work internally. That led to questions such as “what happens if you do things in an order the programmers didn’t plan for?” and “what if I provide unexpected inputs?” Later he would realize examining corner cases is really important when you’re conducting security research. Charlie started investigating how games worked internally, staring at assembly code for long periods of time. Although he learned things, he now knows it’s important to also read books, take a course, or pick the brains of people who know more about a topic than you do. Something else he didn’t know when he was younger is there is much more to cybersecurity than pentesting. Charlie paradoxically didn’t know about the VR and RE and CNO development aspects of cyber’s “big tent” because he hadn’t been exposed to them. He has since learned the questions he asked as a 13-year old became the foundation of the research he conducts today at Zetier.
When Mat was much younger, he played video games such as Counter Strike and kept losing to players who had hacked the game. This motivated Mat to learn how he, too, could shoot video opponents in the head. It wasn’t long before he downloaded cheats, inadvertently put viruses on his father’s computer, irritated his father, and had his father tell him, “If you’re going to use cheats, you need to make them yourself”. This got Mat interested in the way hacks—and, by extension, coding—work. A few years later he joined the Army, where supportive leadership pushed him to take the Tool Developer Qualification Course. The programming skills he learned there led to his ultimately working in offensive cybersecurity at Zetier in the private sector. There is much advice Today’s Mat wishes he could give Young Mat. Learn the fundamentals of low-level programming and how stacks, heaps, and operating systems work. Educate yourself on theory and techniques in this field by reading books. Learn about hardware so you can know, for example, what the different components on a board do and how they interact with each other. Don’t take shortcuts such as copying and pasting code if you don’t understand what the code really does—you’ll pay for it in the long run. Reverse engineering is not something you can immediately jump into—you need patience. Don’t be afraid to ask others for assistance when you get stuck.
Graceful Shutdown
In speaking with my colleagues, I saw the different paths people can take to get into the field of offensive cybersecurity—the military, graduate school, no college at all. But there were common themes, too—curiosity, the usefulness of a broad and systematic education, the value in asking for help when you are stuck, and initially not knowing the range of opportunities that exist in this field. I was also amused to remember how video games are a gateway experience to this field.
If you are a high school or college student, what sparked your interest in the field of offensive cyber security? If you are already an offensive cyber engineer, did you have a path to working in this field that differs from those examined here? Please share your thoughts at info@zetier.com.
Interested in an internship? Check out Zetier’s intern job description page.
Illustrations by Inkinetic Studios.
