Did you know that “hacking” can be a good thing? Typically, when we hear that term, it’s associated with news stories about costly, disruptive security breaches committed by cyber criminals. Not all hackers, however, are black hat rogues out to discover your password or steal valuable data. Some are actually good actors—ethical hackers working to protect our sensitive digital assets.
In his ancient work, The Art of War, Chinese general Sun Tzu famously wrote, “To know your enemy, you must become your enemy.” In other words, the successful defense of anything, be it national borders, valuable property, or IT systems, begins with putting oneself in the attacker’s place, so one can anticipate his actions.
Understanding the intentions of hackers and the methods they employ is crucial to securing cybersecurity infrastructure. To that end, it is important to know the hacker’s mindset and become familiar with their tactics. Indeed, one must learn to become a hacker.
For instance, anticipating that a criminal hacker might scan an organization’s system and target its weaknesses, the ethical hacker must do the same. Systems and software that are not updated regularly can be vulnerable to compromise, such as when hackers broke into the Baltimore City government’s network. In that incident, hackers used ransomware to encrypt the city’s critical data, and then demanded that the city pay a ransom in exchange for the decryption key. If ethical hackers had discovered that vulnerability first, steps could have been taken to shore up the weakness, and a substantial amount of money and countless hours rebuilding systems could have been saved.
A person who does legal and authorized hacking for a living is called a penetration tester, or “pentester.” Pentesters can help companies execute a strategy to secure their systems by identifying security flaws within the system. Some pentesters, known as “red teamers,” play the role of malicious actors, working to attack a system and access sensitive information. Their counterparts, known as “blue teamers,” work to assess the risk and secure systems against threats.
One of the important components of the hacker mindset is the ability to think “outside the box.” A great example of this is when systems were being tested at a casino in the Baltimore-Washington area. The systems were found to be up to date and secure. (Network security is typically a high priority for a casino.)
However, someone found an entry point through the casino's fish aquarium, which was connected to a Wi-Fi network, and was able to hack into the system.1 This shows how a hacker needs to think creatively and explains why those in charge of securing the network always need to be on their toes.
A cybersecurity degree from University of Maryland Global Campus (UMGC), like the BS in cybersecurity technology, the MS in cyber operations, or the MS in digital forensics, can train you in both red- and blue-team methodologies so you can better prepare to defend networks.
At UMGC, you can choose from three different bachelor’s programs or seven master’s programs in cybersecurity. All are designed to help you gain the latest industry knowledge, cutting-edge technical skills, and real-world expertise that you need to specialize in the cybersecurity field of your choice. Many of the courses in these programs, as well as in our undergraduate and graduate certificate programs, are designed to provide you with the knowledge you need to take valuable industry certification exams.
This year, UMGC debuted our MARS cyber learning platform, which gives students the hands-on experience with the offensive and defensive tools they need to gain the prerequisite knowledge for a career in cybersecurity. In addition, the globally ranked UMGC Cyber Competition Team gives cyber students hands-on experience in penetration testing as well as digital forensics and computer network defense.
UMGC has been designated as a National Center of Academic Excellence in Cyber Defense Education by the National Security Agency and the Department of Homeland Security and as a Center of Digital Forensics Academic Excellence by the DC3 Academic Cyber Curriculum Alliance.
If you are interested in a career as a pentester, or in another cybersecurity field, visit our Help Center to contact an advisor.