Lessons Learned After Hacking 25 Machines in 25 Days on Hack The Box: A Personal Journey in Cybersecurity
Introduction
Years ago, I ventured into the exciting world of cybersecurity. My journey into this field dates back to my teenage years when, at the age of 16, I decided to explore the realm of hacking. Back then, server security was far from what it is today. It was an era when systems were more vulnerable, and with a bit of technical knowledge, it was possible to explore and exploit servers. This adventurous start laid the foundation for what would become my career in the field of cybersecurity.
In the years that followed, my path led me to become a systems administrator, a role I held for a decade. This phase in my career provided me with a deep understanding of how to manage networks, files, and servers to ensure secure technological environments. However, as I progressed in my career, my path took an unexpected turn that led me to explore the world of project management in technology.
The Journey to Cybersecurity Project Management
Project management in the technology realm excites me, as it involves problem-solving and helping people achieve their goals. Working as a project manager has given me a broader perspective on international project management in the field of technology. In recent years, I’ve had the opportunity to work with various companies and countries, providing me with a global outlook on project management in technology.
In 2021, I obtained the Scrum Master and Scrum Product Owner certifications, providing me with a solid understanding of agile methodologies and project management in technology environments. These certifications enabled me to collaborate effectively with agile teams and apply Scrum principles to cybersecurity-related projects.
Recently, in 2023, I achieved a significant milestone by obtaining the PMI Project Management Professional (PMP) certification. This certification acknowledges my advanced skills in project management and has equipped me with additional tools and knowledge to lead cybersecurity projects effectively.
The Challenge on Hack The Box
My return to cybersecurity coincided with the discovery of Hack The Box, a platform that offers an exciting challenge for ethical hackers and cybersecurity enthusiasts. Hack The Box provides an opportunity to test your hacking skills in a controlled and legal environment. Through a variety of virtual machines designed to be vulnerable, users can learn to identify and exploit vulnerabilities, gaining practical experience in cybersecurity.
My goal on Hack The Box was clear: to hack 25 machines in 25 days. Each machine presented a unique set of challenges and vulnerabilities to overcome. As I progressed through the challenge, I realized the importance of understanding not only the theoretical concepts of cybersecurity but also the practical application of this knowledge. No matter how much theory you know, it’s of little use if you can’t leverage it to exploit a vulnerability or conduct a proof of concept.
Bridging the Gap Between Theory and Practice
This experience on Hack The Box led me to reflect on a significant gap often observed in the cybersecurity world. I know many project managers and Chief Information Security Officers (CISOs) who possess a deep theoretical knowledge of cybersecurity but have never experienced hacking a server or exploring a vulnerable environment. This gap between theory and practice can result in strategic decisions that underestimate risks or disregard potential threats.
It’s important to note that cybersecurity is a constantly evolving field, and attackers are always seeking new ways to exploit vulnerabilities. To stay ahead, it’s essential to understand the adversary’s mindset and how they operate. This can only be achieved through practical experience and active participation in security challenges and exercises.
Fostering a Cybersecurity Culture
Cybersecurity is not just about technology; it’s also about people. Today, employees are a crucial link in an organization’s security chain. Therefore, it’s essential to foster a cybersecurity culture within a company. Training and security awareness are vital in promoting this culture. Employees need to understand best practices for online security, from not clicking on suspicious links to maintaining secure passwords.
As a project manager, it’s important to ensure that employees receive adequate training and that security best practices are followed in all of the organization’s projects. A strong cybersecurity culture not only protects the company but also represents an investment in the education and well-being of employees.
Conclusion: Embracing Practical Cybersecurity
My experience of hacking 25 machines in 25 days on Hack The Box and my recent attainment of the PMI Project Management Professional (PMP) certification in 2023 have provided me with a deeper understanding of the importance of practical cybersecurity. Through this journey, I have reaffirmed my belief that cybersecurity is a field where practice is as crucial as theory.
It’s essential for those interested in cybersecurity to seek opportunities to gain both practical and theoretical experience. Cybersecurity is a rapidly evolving field, and attackers are always looking for new ways to exploit vulnerabilities. Preparation and practice are essential to keeping us safe online.
Furthermore, cybersecurity is a concern that spans society as a whole. Human Resources professionals and leaders must recognize the importance of assessing not only the theory but also practical experience when selecting candidates in the cybersecurity field. The CompTIA Security+ certification, my training in agile methodologies, and my PMP certification are valuable indicators of a candidate’s skills and passion in this field.
In a world where cybersecurity challenges are ever-evolving, preparation and practice are essential. My journey in cybersecurity continues, and I hope my experience inspires others to embrace the significance of practical and theoretical cybersecurity in defending our society and online data.
Follow me on HTB:
https://app.hackthebox.com/profile/1624850
