When I started it was not even called cybersecurity back then. Nobody really called it anything. It was just one of those weird IT things that were kind of buried amongst all the other things that IT and computer people did. There wasn’t really a CyberSecurity, and there wasn’t really a security associated with computers when I got started, but the way I got started; I was this very curious really early on, so I was actually doing hacking activities and doing things like exploiting systems before I even figured out that’s what I was doing.
It all started as I was growing up in Mississippi, grew up in a very large family. My dad didn’t make a lot of money so we couldn’t afford things. I was able to give myself internet access by taking the little net zero free 30 days CDs that they use to send out and I would get those things and give myself free thirty days on like a library computer. I figured out how to very early on to get into the net-zero servers, get a list of all the accounts of everyone in the world that used net zero. I was able just to hop around picking an account and use it to give myself access until I was able to afford it or come up with other ways to get it and of course back then there weren’t any laws against it. Like they couldn’t; nobody could come after you or anything like that. They would just say hey we noticed that you were doing this, stop it. I was actually very early on hacking as a kid; then I just didn’t know what it was called.
There are definitely still people like that, but some big changes that have happened are if you look at the last twenty years we’ve evolved as to how much information we put on computers and how much information we send across the computers. The whole concept of cyber-crime has evolved with that. The criminals are doing the things that they did before we even had computers, it’s just that now the information and the data that they want are on computers. So computers now become victims and tools of crimes.
When I started in the industry being a security person it was rarely even heard of. Now it’s turned into this big industry because as more data ended up connected and as more data ended up on the internet there were more breaches. People need to protect that data more that turned out to be a huge need for people with technical security skills. As a result of that the industry kind of started to take off. I was lucky enough to be one of the people that were in the industry very early on and that allowed me to get a lot of headway and became a little bit of being in the right place at the right time. So that was a big part of it.
The other half is the demand. All of a sudden there was money involved in CyberSecurity, and if you have these skills, you can go and make lots of money. The word got around, so now everybody that knew anything about computers are trying to get into CyberSecurity now. Just to give you a point of reference when I taught my first ethical hacking class all the way back in 2003 the class would be made up of people that had at least 10 years of IT experience. The people that were in IT for a while and they were coming in to learn this security and this hacking thing.
Now, my average class, there is usually maybe one or two people out of twenty that have even more than two years’ experience in IT, and most of them have zero experience in security. A lot of the fundamentals of the networking, fundamentals of how memory works and all of these things, I have to teach that in classes now. Whereas back then that stuff was just common knowledge.
This just shows you how the industry has evolved and it is in very high demand things, and so now you have an influx of people coming in. Some of them without any technical background trying to elevate themselves really quickly into it. That led to a lot of demands for not just a consulting, but training as well.