Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

// // //
08:05 AM
Chris Roberts
Chris Roberts
News Analysis-Security Now

Think You Know Hackers? Think Again

Hackers are more than the stereotypes. This list gets you started on understanding those who understand your IT systems.

So, there's the distinct possibility I might have gone on a recent rant about hackers and hoodies, masks, gloves and how the media stereotypes us. Yes, it's true. We’ve all seen and read the stereotypes.

However, at the same time, we've managed to do the same to ourselves thanks to some over-zealous marketing departments. Now is as good a time as any to set the record straight.

With all of that being said I thought I'd build off the involvement I had in a recent piece by Ellen Chang of TheStreet.com in which she highlighted a few of the key things people don't know about those of us in this industry.

Without further ado, here are ten things (plus one bonus) that you may not know about hackers:

  1. Most of us do own hoodies. They are warm, versatile and comfortable to wear when out and about on physical penetration tests. However, most of us don't sit at the keyboard with the hood up, gloves on and our faces covered. Let's adjust the stereotypes, please.
  2. Most of us prefer black or darker colors. We travel a lot. We are not always able to stay in the best of shapes and black works to hide the extra padding we've accumulated (temporarily in many cases…) Let's face it, you don't want a bunch of slightly chubby hackers breaking into your offices wearing fuchsia or orange do you?
  3. Some of us will wear kilts a lot of the time. We wear them to conferences, to work, to meetings etc. Our community has no problem with kilts just as we have no problem with people identifying with anything they want to wear or be. Whatever you want to wear, whatever or whomever you want to be is acceptable in our community; the rest of the world needs to learn that lesson. However, if you call my kilt a skirt, I will hollow out your head with a spork and replace it with the guts of a ZX80.
  4. Many of us are self-taught. We have a thirst for knowledge that goes beyond just technical/traditional "geek" things. You'd be surprised if you engage us in conversation that we are typically well read and articulate if we could just work out how to converse with people sometimes.
  5. We are not always the best at communication. We typically think in patterns that are different than most others. We too often ask people to move out of the way and just let us "fix it" as opposed to taking the time to help educate all around us… and unfortunately, we don't like explaining things multiple times. We have to do a better job of communication with others at the user, manager and executive level, and they in turn need to do a better job of listening. It's a symbiotic relationship that both parties have to do a better job of understanding… we know it.
  6. Unfortunately we are a male-heavy industry. We don't want to be. We have a lot of work to do to be better at inclusiveness and understanding barriers and pretty much everything necessary to address the balances. We know it, we are working on it, the rest of the world could also take some lessons just as we have learned from others.
  7. We typically like to disassemble things. This is not done to cause problems but to understand how they work, to test them, to see if we can improve them and then to work out how to reassemble... often in a better form than the original. It's in our blood and our brains, accept it please. I took the household vacuum cleaner apart when I was eight to both see how it worked and to make a hovercraft... these days I do the same thing with companies and their tech.
  8. Most of us are in this realm to do good. We don't always go about it the right way, but the ultimate aim is to help things improve, to help humanity not go over the precipice or be sunk under the tsunami of technology that is upon us. We're not perfect but we want to help. So let us.
  9. Many of us are former military, government or something that involved using things other than keyboards. We are not the weak nerds that Hollywood likes to insinuate (neither are we the chiseled man-stud known as Chris Hemsworth) but again, when talking with us please understand that not only can we lob an exploit into your enterprise from across the globe, we can probably also shoot out the escape key on your keyboard from 1,000 yards.
  10. Get out of the "English" mindset. Again, thanks to mainstream media the "hacker" is a white male in their 20s and nothing could be further from the truth. The top country by scale is China, followed by the US and then we have a heap of other countries, most of whom don't have the pale white skin associated with the typical "hacker".
  11. Hacker and hacking is not a negative thing. The primary driving force for change and new inventions in this field is hacking, it is the simple ability to understand the status quo and be able to change it.

Want to learn more about the technology and business opportunities and challenges for the cable industry in the commercial services market? Join Light Reading in New York on November 30 for the 11th annual Future of Cable Business Services event. All cable operators and other service providers get in free.

So, there you have just a few insights into the hacker world. As a community, we could probably write a book's worth more. We have our issues and our challenges. We are growing up and working on how to be part of the enterprises we are charged with securing, how to be part of society even though many of us prefer to avoid it, and trying to work out how to navigate a path forward in this fragile technologically challenged world we exist in.

I hope that has helped. Let the debates begin!

Related posts:

Regarded as one of the world's foremost experts on counter threat intelligence within the cyber security industry, Chris Roberts is the chief security architect for Acalvio Technologies.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file