Backdoor: Bypassing the Gatekeepers in Cybersecurity

BACKDOOR

Bypassing the Gatekeepers in Cybersecurity

Femi Reis

Copyright 2021 by Oluwafemi Reis

All rights reserved in all media. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the author, except in the case of brief quotations embodied in critical articles and reviews.

Paperback Edition

ISBN 978-978-998-132-8

Cover Design by Mark Kolo

To the Norm Shakers: Zack Hill, Josh Mason, Naomi Buckwalter, Gerald Auger et al.

If ever theres a stampede at the gates, you know the people to look out for.

One of the greatest things I love about cybersecurity is the community of well-meaning people within the industry who form a robust support system to help others get in. However, on the other end of this spectrum, is another community of people who, for one reason or the other, form an almost impervious restraining system to keep others from coming in and ensure that only a handful ever make it through. They are called the gatekeepers.

Over the years there has been lots of advice from the well-meaning community on how to negotiate with the gatekeepers, how to present yourself in a way that makes them let you in, how to prepare your rsum and answer hard interview questions. Now, while much of this advice is good and helpful, they are largely inside-the-box counsel and still leave many good folks at the mercy of ferocious gatekeepers. I myself have received and given a lot of counsel too, but after its all been said and done, I have come to realize that the fastest way to get into cybersecurity is to develop a plan that bypasses the gatekeepers altogether. That plan will be peculiar to you and owned by you, and wont be a one-size-fits-all plan. However, the plan will be reproducible in every context if the general principles are followed. Theres no point negotiating with the gatekeepers. Theres a backdoor and theres a plan, and this book is a framework for developing and implementing that plan for yourself.

Finally, before we delve in, I must mention that while I passionately share the Backdoor strategy in this bookfor I sure have seen it workby no means am I the Messiah, and so my word is not final; hence this book is not a call to abandon all youve known and done before, but rather it is a helpful and practical guide that promises to deliver commendable results whenever it is acted upon.

I hope it leads you to where youve always dreamed of being in this amazing industry.

The first time I ever got the incline to pursue a career in cybersecurity was in 2015. I was sitting in a room with professionals from diverse industries attending a training on leadership. The man who was leading the session veered off a bit from his subject and began to talk about the future of IT. He explained that, with the fast rise in global internet penetration and the rapid move of everything from real to virtual, security will be a huge concern in the future, and IT experts who are not yet in cybersecurity might want to consider exploring opportunities in that domain. Then, like a driver going off the road who suddenly realizes hes facing a tree, he veered back on course and continued with the theme of his subject, dropping the cybersecurity talk almost as quickly as he picked it.

Fast forward a few years and I knew I had to get into cybersecurity. Prominent in my pre-entry discovery was the fact that there was a great need for cybersecurity professionals. The demand was crazily high and the supply ridiculously low. The projections were equally staggeringby 2021 there would be 3.5 million unfilled cybersecurity jobs. Why would there be such a great need of hands and minds in any industry with few people rising to the occasion? I thought to myself.

I decided to take up the challenge and do the pivot. I researched what it would take to get started from entry level, and how best to proceed. I started pursuing the certifications that were necessary to guarantee my entry or at least help get my foot in the door. So, just like you, I took off with a cocktail of courses and certifications and made them as prominent as I could on my profile and rsum. It wasnt until I had gotten the entry-level skills and certifications as recommended that I made the shocking discovery Im sure youve also made.

There were more people trying to get in than I had imagined. It wasnt as they said! Could they have lied? Who are they in the first place? Whose word was I taking when I read that the demand for practitioners and professionals in the industry stupendously outweighed the supply? Had I been thoroughly misled by overzealous tech bloggers? As I asked these questions and studied the situation, I progressively realized that it was the exact shocking discovery of almost every person who took off at the start line with me. What could be the problem here? I suspended all my efforts at getting in and began to investigate the situation. I wasnt going to continue in the race of adding certifications and revamping my rsum and adding certifications and revamping my rsum till I finally squeezed my way in and came out like scrambled eggs on the other side of the gate, rather I devoted my time to quietly investigate the situation in order to find out what exactly the problem was.

I started walking around the building in search of the clog, and I didnt have to look for long before I found it. He was right there at the gates.

Boy! Was he big or was he BIG! He was so huge there was no point fighting him, and besides, even if we pushed him down, there were so many others like him around. What hope could the Lilliputians have had if there were hundreds of Gullivers on their island? It dawned on me that there was no way we could fight these guys by throwing more certs at them. I had to come up with another plan.

I left the folks at the front gates and started taking a slow walk around the building. I remembered that while studying for Security+ I had learnt about a backdoor through which hackers could gain privileged access into an operating system and do whatever they intended. What if there was a backdoor somewhere around here? I kept walking around the massive building, diverting the time I could have spent on cert preps into my careful exploration instead. I appeared to have disappeared from the scene. I knew I had travelled far from the gates when I stopped hearing the loud rumblings and grumblings of the crowd that was gathered there. Many times I felt I should just give up my search and go back to join my folks at the gates, especially when I heard the occasional cheerings that erupted whenever someone successfully made it in through the gates. My search was not yielding any results and I was going to go back to the gates. A question kept ringing in my head: Why am I doing this, when I know I could end up circling the entire perimeter of the building only to find myself back where I started at the gates again? The more I thought about that frightening possibility, the more I felt it was wise to abort my search and return to the gates. But then one beautiful day, just as though from out of the blues, I found something precious standing there.