Carey Marcus J. - Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World

MARCUS J. CAREY & JENNIFER JIN

Copyright 2019 Marcus J. Carey and Jennifer Jin

Published by John Wiley & Sons, Inc. Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-64337-1

ISBN: 978-1-119-64340-1 (ebk.)

ISBN: 978-1-119-64338-8 (ebk.)

Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2019945161

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Tribe of Hackers would not exist without the awesome cybersecurity community and the contributors in it. I owe them tremendously for allowing me to share their perspective on our industry.

I'd like to give a special shout-out to my wife, Mandy, for allowing me to do whatever the heck I want as far as building a business and being crazy enough to do this stuff. To Erran, Kaley, Chris, Chaya, Justin, Annie, Davian, Kai: I love you all more than the whole world!

I also want to thank Jennifer Jin for helping build the Tribe of Hackers book series and summit. She would like to thank her parents for not thinking that she's crazy for quitting pre-med.

Thanks also goes to Jennifer Aldoretta for helping me build a company that is true to our values. Shout-out to every one of the people I've worked with over the past few years.

Thanks to Dan Mandel, Jim Minatel, and the Wiley team for believing in the whole vision.

Marcus J. Carey

My mind is in a peaceful and reflective mood. I'm nearing the end of my first time away from work in at least three years, most of which has been a blur as I founded my own cybersecurity firm.

I've learned a lot about venture capital, investors, and mentorsas well as what it takes to build a company from just an idea. It's been an amazing journey. My reputation as a white-hat hacker gave me the credibility to get this far, and we're just getting started.

I believe in giving as I go. In other words, instead of waiting until I make it to give back to others, I have been trying to mentor everyone I come across along the way. I have always been the type to want to help others, so I mean it when I say you're welcome to email or meet me for guidance about anything. I will always try my best to help.

Over the last year, I've listened to hundreds of hours of audiobooks while going to and from work and while walking my dogs. One of the books that really impressed me was Tribe of Mentors by Timothy Ferriss, and it stands as the inspiration for this book's concept. I highly recommend this thought-provoking read on life and business, especially if you're a fan of self-help books or entrepreneurship.

For his book, Ferriss asked famous people from his impressive network 11 questions, and then the magic just happened. For me, this immediately sparked the idea that there should be a cybersecurity version of the book. So, I compiled the most common questions people ask me about cybersecurity and then narrowed it down to the list you are about to see.

In total, I ended up with 14 questions. The questions start with views of cybersecurity at large and then become more personal. I have noticed that when I have conversations at conferences, this is the normal flow. We call these types of conversations hallway-con, because some of the best learning happens between the scheduled talks and events.

After compiling the questions, I started reaching out to my network of friends and colleagues in the industry and asked them to be part of this book. I was humbled by the response. In total, we ended up with 70 inspiring and thought-provoking interviews with notable hackersincluding such luminaries as Lesley Carhart, David Kennedy, and Bruce Potter.

But before we launch into the interviews, let's take a quick look at the questions:

1. If there is one myth that you could debunk in cybersecurity, what would it be?
2. What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?
3. How is it that cybersecurity spending is increasing but breaches are still happening?
4. Do you need a college degree or certification to be a cybersecurity professional?
5. How did you get started in the cybersecurity field, and what advice would you give to a beginner pursuing a career in cybersecurity?
6. What is your specialty in cybersecurity, and how can others gain expertise in your specialty?