relatively new to stack exchange and I was about 1 year in my career as a Network Security Engineer before I am needed now by the same company as a Special Projects Engineer to help a department set-up a software they procured which rely on SQL database architecture to work. The project basically give me multidisciplinary exposure to many aspects of IT and Computer Science, but it is fun. I am the kind who just cannot be bored or be deterred by pretty much any aspect of tech except electronics and circuitry because my Physics dept. high school just simply couldn’t teach well.
I graduated with Computer Sciecnce Degree with Computer Graphics specialization, was (and still am) an avid gamer, taught Video Games Development as a Teaching Assistant before I decided to give up going into the industry right before graduation (except if I will be going Autodesk or Nvidia, you know, non-end-user product kinda industry like games) because … well if you know about the state of the industry and the business model many AAA publishers are using. I just got disappointed to go in.
Anyways, I raised this question because especially after having been reading and hearing many stories about young teenage hackers (I think one of them included the founder of Symantec who was a black hat before turning white and started Symantec) likely having more skills at that age than where I am now, perhaps selling video game cheats, hacks, or even now, dabble in dark web stuffs far longer than I ever do, and that I am now taking up such a career, I sometimes worry how much, how hard and how long I should catch up before I can match against those who already built up talent since young in cybersecurity … or even cyber-criminal activities.
I also worry if I only get certified as a ethical hacker, I might lose out knowing the skills those black hats are capable of.
Lastly, in one conference in my country, I have a prominent CISO who, when I asked the same question, he told me not to worry too much because “those who are used to attacking are actually poor at defending.” I could not believe what I hear because, I think like in military, surely you should be under wraps while you are out there stealing data or something.
These sometimes makes me wonder, as I strengthen my organisation’s infrastructure, whether I have totally missed out something I have never known that could have been an attack vector for the hackers.
But hey, I still try to spare my free time watching BlackHat conferences online, taking courses, talking to big players in the industry, etc.
Hope somebody can share some insights on this one. Thanks.