Offensive Security: Everything You Need to Know in 5 minutes

“Everybody has a plan, until they get punched in the face”. - Mike Tyson

Globally many organizations do not know how strong their security posture is until a real cyberattack happens. Most of the time what is written in a plan can sometimes be thrown out of the window due to panic and stress thus resulting in chaotic moments. I can understand this having been a victim of one and maybe two major cyberattacks. To reference the quote, if you think you are secure, having all of the security controls in place might not necessarily save you from a knockout if you do not have a sparring partner (offensive security) to test it.

Offensive security, also known as ethical hacking, deals more with the attacking aspect of cybersecurity but with a twist. Instead of attacking organizations for malicious intent, offensive security finds vulnerabilities by using methods that involve simulating tactics and performing realistic attacks that real hackers would do. In short organizations hire ethical hackers or penetration testers to help them find vulnerabilities within their organization.

There are a lot of articles from Medium, Linkedin and from vendors/enterprises that explain why offensive security is important. From these sources, what can be concluded is that offensive security would greatly reduce their cybersecurity risk, improve incident response, disaster recovery, increased security awareness, business continuity planning and most importantly if you are a business, cost savings.

So how do you get started in offensive security? Fundamental knowledge of networking, Linux and programming would be the prerequisites as you would be dealing with a lot of infrastructure to attack. You do not need to be an expert on all three! All you need is the basic understanding of it. Next comes the most important skills to have that are not technical, which are curiosity and persistence.

Curiosity is a soft skill that is often overlooked when it comes to learning and eventually getting into the offensive side of cybersecurity. If you are someone who loves solving puzzles, finding out why things work and how they operate then offensive cybersecurity could be the right career or hobby for you.

Lets create a scenario, imagine a hacker trying to get into the system of an organization. Usually the hacker would not be successful during the 1st attempt. Sure weak security configurations and practices can lead to the attacker breaking the system for the first time, but let's be realistic in this example. If an organization has a strong security posture, it will take the attacker multiple attempts to finally access their system. They don’t give up, if one way does not work, move on to the next. That is the reason why curiosity and persistence are key soft skills that will help you get into offensive security.

Since were in the topic of getting started in cybersecurity, any of you readers interested if I write about how I got a career in cybersecurity? Let me know by the contact form and I will talk about how I got rejected by 8 companies but a year later would audit/consult on how to improve their security posture 😂😂😂

Again persistence is key, never give up!