From the earliest days of software technology, the term hacker has been used to describe someone who was particularly proficient with technology. While the term “hacker” has come to mean something malicious to those with only a cursory understanding of geek culture, it is still held as a term of high regard among those who know otherwise. Lately I have gotten the question from students in my IT/IS classes concerning how best to become a “hacker”. While the question they are asking is not precisely the information they want to know, I have decided to answer the question correctly.
While this may seem like a silly exercise, it actually has a long and storied tradition inside of hacker communities. There are a number of well known “guides” that have circulated the halls of old Usenet and dusty Jargon files from many years back with contributions from such luminaries as Bruce Parens, Eric S. Raymond, and Larry Wall. Basically I am going to offer a stupidly basic outline of what I would like to have learned, in the order I would like to have learned it in, to have developed my skill-set (or lack thereof) in the quickest fashion possible.
*One caveat is that I have changed this list 8 times in the last 3 weeks (which is why it has taken so long to post) and added another step just minutes before posting again. My point is that I will probably continue making updates for a while and I would encourage anyone comments or suggestions on how it can be improved.
- Step 1: Start by visiting/read these websites, netcasts, mailing lists, IRC forums, & newsgroups.. everyday! ArsTechnica, Phrack, SecList, Schneier on Security, OWASP, ITSecurity, cDc, Toms Hardware, HackerNew, and the LiquidMatrix Blog. Listen to every episode of Security Now! For extra credit read everything you can handle from the SANS Reading Room. If you don’t understand what you are reading, Google it!
- Step 2: The best resources you can possibly have as an IT Professional are OTHER IT Professionals. This means you need to be part of your local community by networking with other professionals. Nationally there is ACM, AITP, and IEEE. MORE importantly are your local groups & chapters. In the Oklahoma City area we have OKC JavaScript Developers Group, OKC LugNuts, Okcruby, DC405, Oklahoma Game Developers, OK InfraGuard, ISSAOKC, and OKCJug, just to name a few. Join a couple groups and start attending monthly meetings.
- Step 3: Build your own computer. Check out the ArsTechnica System Guide to make sure you have compatible hardware that will actually be cost effective and then purchase the parts at PriceWatch (be sure to check the vendor ratings before you buy.) Yes, you could actually buy a system “kit” from someplace like NewEgg but the value of this exercise is in learning the hows and whys of each component.
- Step 4: Install a Unix style OS on your newly built system… and/or every other system you can get your hands on. I recommend either Fedora or Ubuntu to start with as they are the easiest to begin using but in reality any *nix style will work (i.e. FreeBSD, Linux mint, OpenSuse, OpenSolaris, etc.) No hacker I know lives in Windows (well… unless they are gaming.) Linux OSes provide access to a system on a level you simply will NEVER get on Windows. This is partly because of the power of the Unix system model and partly because hackers develop for hackers on Linux/Unix. After you install your new OS, use it, everyday, as your primary OS.
- Step 5: Make your own website… from scratch. Go get a $6.00/month HostMonster account, decide on a domain name, learn FTP, setup an email account, and start making a website! It is a cheep way to get some direct experience doing many of the most common web task. Finally, got get a copy of the Lama, Pythonista, or Rails Tutorial and go through the ENTIRE tutorial thus creating your first dynamic website content.
- Step 6: Continue building your library. Nobody can know everything there is to know about technology. Having quick access to information that you have (at the very least) read before is a HUGE help. Additionally, going through the programming and hacking literature will give you the best hands-on experience necessary to take the next steps. You should own/have read as many of these as possible:
-
-
- Programming: CC2, SICP, the Camel, Design Patterns, Refactoring, K&R, the Dragon Book, The Little Schemer, F&FSE, and if your are really brave the “Art of Computer Programming.”
- Management & Startups: Peopleware Zero to One, The Lean Startup, The Innovators Dilemma, Rework, and MMM.
- Networking: Computer Networking, Computer Networks, Unix Network Programming, and Hacking.
- Hacking: The Basics of Hacking and Penetration Testing, The Art of Intrusion, and Hacking (again.)
- Hacker Culture: The Hacker Crackdown, The Hacker Handbook, the updated Jargon File, Open Sources, Underground, Revolution in the Valley, Dealers of Lightning, Cathedral and the Bazaar, and Stealing the Network.
- Design: The Design of Everyday things,
- Others: If you have any specific technology interests (say Cisco switches or MS SQL Server) find the appropriate user forums for those groups and ask their users which books are MUST reads. One good technology book is better than 10 mediocre books.
-
-
- Step 7: Pick a transformative technology and learn how to use it. “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” — Abraham Lincoln. In many ways this is the basic activity that all IS/IT employees do on a daily basis. Technology solutions have a tendency to be very darwinian. Therefore, you should start by picking tools that have stood the test of time. Very few technology resources have lasted longer than 4 or 5 years. Tools like
- Step 8: Find an Open Source project that interests you, pick a problem, and fix it. Meaningful contributions to Open Source projects now rank as more valuable than experience with a fortune 500 company and by volunteering yourself to something used by hundreds or thousands of people, you increase your credibility as a contributor to the community. Often contributors get their names listed in the software itself (imagine being able to show a prospective employer you name in the Firefox contributors tab.) It doesn’t have to be software development either, many projects need volunteers to answer forum questions, update documentation, translate it to other languages, or simply test and report bugs.
- Step 9: …and then teach. No amount of experience will develop your skills, help you network, or let you enjoy technology more than passing on the things you have learned. Write articles or blog posts, offer to teach a computer class at your local library, or do mentoring to grade school kids. Sometimes this step can even turn itself into a decent part-time job.
- Step 10: Download the Linux From Scratch book and build your very own custom operating system from source code. You will learn more about how operating systems work than 99.9% of IT professionals do. Doing your own OS build will change the way you see systems and how to protect them. The results of a LFS build is not the system itself (you will probably go back to using Fedora shortly after finishing) but that you will NEVER go back to be just a technology user…