Cybersecurity Vocabulary: What Words Do You Need to Know?
If you want a meaningful career that will positively impact hundreds, if not thousands of lives, consider becoming an information security analyst, a cyber security expert. You can't pick up a newspaper, turn on the television, or visit a news website without finding out about the latest hacking scandal. Information security breaches can cost a company billions of dollars, cause widespread public disruption, or both.
The Vocabulary of Hacking
As with any industry, cybersecurity has it own lingo. Take hats. In the beginning, there were 'white hat hackers' and 'black hat hackers'. You are the white hat, the good guy, the one who hacks into a secure system for the sake of protecting it. Black hat hackers are the enemy. They access your company system to exploit it for their own gain.
The hats were fruitful and multiplied. Now, there are new hats: gray, red, green, and blue. The distinctions are:
- Gray Hat: Gray Hat hackers are like the dog that chases a car and then doesn't know what to do when he catches it. They hack into a system, identify a vulnerability, and then move on to something else. Contrast that with a black hat hacker, who will exploit the vulnerability, or a white hat hacker, who will flag it and try to develop a patch for it.
- Red Hat: These are the bunny boilers of the hacking community. They are similar to white hats in that they exist to thwart black hats. A white hat will be satisfied with blocking the black hat attack, but the red hat wants vengeance. Red won't be happy until they vanquish the intruder with viruses or, in extreme cases, blows up their computer from the inside to the point where it has to be replaced.
- Green Hat: In this context, 'green' does not refer to 'environmentally friendly', but fresh, or n00b. Passionate about their adopted craft, they ask many questions and soak up information eagerly.
- Blue Hat: Blue Hat Hacker has a legal definition. This is an external consultant who is invited into a company to apply white hat, or ethical hacking techniques, to identify weaknesses in a system before it is launched. Microsoft hired blue hats to find vulnerabilities in Windows software.
As you start to get your hands dirty in the hacking lab, you will find yourself having conversations involving port scanners, packet sniffers, and password crackers. You will learn that the initials CIA do not refer to Central Intelligence Agency, but to confidentiality, integrity, and availability. This is known as the CIA triad, it refers to the three core principles which should be adhered to in a secure information system.
You may learn how to use tools such as:
- Cookie Cadger, a graphical utility that is used to identify information leakage from applications that use insecure HTTP GET requests.
- DotDotPwn, an intelligent fuzzer.
- Fuzzing, an automated testing technique used to identify bugs in software, networks or operating systems.
- BlindElephant, an open source tool used to 'fingerprint', or identify, which web apps and plug-ins are running on a website before the black hats get their hands on them.
- DumpZilla, developed in Python, DumpZilla is a forensic tool for Mozilla browsers, i.e., FireFox.
- TrueCrack, along with RainbowCrack and others, is an example of a password-cracking tools.
Grown-Up Hacking Vocabulary
Vulnerability management (identifying vulnerabilities and assessing the level of risk they pose to the network) could be your focus if you become a professional hacker. The language is less colorful, but the principles are essential. This is a six-phase process involving:
- Discovering and taking inventory of assets
- Categorizing and prioritizing assets
- Vulnerability scanning
- Reporting, classifying, and ranking risks
- Remediation - the application of patches, fixes and workarounds
- Verification - Performing another scan to confirm fixes and verify security
Becoming a Cybersecurity Professional
If you like the sound of these words and want to do your part to protect the world from black hat catastrophe, then consider pursuing a Bachelor of Science in Computer and Information Science with a Major in Cyber and Network Security. At ECPI University, you can obtain your bachelor's degree in as little as 2.5 years as part of the university's accelerated degree program.
On this track, you could expect to learn how to protect data and how to train the people who interact with that data how to protect it. You will learn the techniques of vulnerability analysis and penetration testing, how to monitor and defend networks, and how to establish and communicate basic information security policies and procedures. To discuss your place in the information security field, connect with one of the friendly admissions counselors today, and learn how you can get in touch with your inner white hat.
It could be the Best Decision You Ever Make!
DISCLAIMER – ECPI University makes no claim, warranty, or guarantee as to actual employability or earning potential to current, past or future students or graduates of any educational program we offer. The ECPI University website is published for informational purposes only. Every effort is made to ensure the accuracy of information contained on the ECPI.edu domain; however, no warranty of accuracy is made. No contractual rights, either expressed or implied, are created by its content.