What It Means to Be a Hacker
A story from Steve Sims:
The term “hacker” has evolved significantly over the years. While many associate it with cybercriminals, the original definition was rooted in curiosity and creativity finding ways to make technology do things it wasn’t necessarily designed to do. Hackers exist in multiple domains, from hardware tinkerers modifying firmware and chips to software experts discovering vulnerabilities in operating systems and applications.
For over 15 years, I’ve specialized in identifying zero day vulnerabilities, security flaws unknown to vendors and the general public. These vulnerabilities, when weaponized, can be used to take over systems, extract credentials and execute code remotely. The field has advanced tremendously, with browser security and operating system protections improving dramatically, making exploits more difficult to develop and significantly increasing their market value.
How I Got Into Hacking
My journey into cybersecurity started early. Growing up with computers and internet access, I quickly became fascinated with technology. At 14, while working at McDonald’s, I met a classmate who introduced me to advanced programming concepts. From there, I explored game hacking, using hex editors to modify in-game resources. My social circles also played a role, as many within the goth industrial scene in Washington, D.C., and Baltimore had an interest in cybersecurity.
Formal education wasn’t initially part of my plan. I graduated high school but didn’t immediately pursue a college degree. Instead, I took community college courses in criminal justice before diving headfirst into a career in cybersecurity. Eventually, I earned a bachelor’s and master’s degree as a personal achievement rather than a necessity for my career progression.
The Business of Cybersecurity
Cybersecurity has been an incredibly lucrative career path. I entered the field just as demand was surging, much like AI and machine learning today. With security knowledge now a requirement across IT disciplines, professionals can transition into full-time cybersecurity roles or consulting. Ethical hacking, penetration testing and vulnerability research offer high earning potential, with six-figure salaries attainable early in one’s career.
In the early 2010s, I focused heavily on writing zero day exploits, particularly for web browsers like Internet Explorer, Edge, Chrome, and Safari. At that time, exploits could sell for tens of thousands of dollars. However, as security has improved, vendors have introduced exploit mitigations—layered defenses making successful exploitation much harder. This has driven up the value of working exploits, with some now commanding millions of dollars on the market.
The Dark Side of Hacking
The ethical considerations in cybersecurity are significant. Some exploit acquisition companies, based in regions with lenient hacking laws, pay large sums for vulnerabilities, but selling to them can be risky and even illegal. There have been documented cases where exploits have been used against journalists and dissidents.
Tools like Pegasus spyware exploit iOS vulnerabilities to grant attackers access to devices remotely. These sophisticated attacks often involve chaining multiple zero day exploits together, making them highly valuable. Zero-click exploits, which require no user interaction, are particularly dangerous, as they can compromise a device simply by sending a malicious message.
Modern Threats and Everyday Risks
As security has improved, attackers have shifted focus to the weakest link—the end user. Social engineering attacks, rogue access points, and malicious USB devices are now common threats. One such device, the OMG cable, looks like a regular charging cable but contains a built-in wireless access point capable of injecting malicious code. Similar tools, such as USB keystroke injectors and flipper devices, are widely available and easy to use, making cyberattacks more accessible to less skilled individuals.
To protect against these threats, individuals should:
- Avoid using public charging stations.
- Use only trusted cables and accessories.
- Be cautious of free USB drives or devices left unattended.
- Stay informed about emerging cybersecurity risks.
The Future of Cybersecurity
The cybersecurity landscape continues to evolve. While improved security measures have made hacking more challenging, they have also driven innovation among attackers. AI and machine learning are now being leveraged on both sides, by security professionals to detect threats and by attackers to develop more sophisticated techniques. The ongoing battle between security professionals and cybercriminals ensures that cybersecurity will remain a high-stakes and ever-changing field.
For those looking to enter the industry, now is an excellent time. With the right skills, mindset, and ethical approach, cybersecurity offers a rewarding and impactful career.
