"Sitting alone in a dark office wearing a hoodie" - The 5 biggest myths of cyber security
by Tina Siering
Myth 1: Cyber security means hacking
The common image of a cyber security expert is full of stereotypes. There is the lonely hacker who sits in his dark room - around the clock and always in a hoodie - and as a designated lone fighter is on the move in foreign systems to eliminate the evil of this world with programming code. Through numerous films, Hollywood has managed to create a fairly accurate image of the "typical" hacker in people's minds. If you ask school graduates why they absolutely want to go into cyber security, the most common answer is: "We want to learn to hack!" However, the reality is completely different. It is true that (authorized) hacking in the areas of pentesting or red teaming is definitely the order of the day - but the activities of offensive hacking are only small sub-areas of the job description. In reality, cyber security is an exceedingly broad job description, ranging from advisory activities in security & risk management to technical services. Cyber security in movies has pretty little to do with real-life work, so this myth can easily be relegated to the realm of stories.
Myth 2: Cyber security is a job for lone wolves
Cyber security experts prefer to lock themselves up in a quiet room all day, are complete anti-social nerds and are married to their computers. At best, interpersonal contact takes place via Messenger - or not at all. At least that's the cliché, which also has nothing to do with reality. On the contrary, the cyber security community is extremely active, highly networked and thrives on lively communication. Because only with an active exchange of knowledge, whether in direct contact or globally via forums or communities, can the security experts keep up with the cyber criminals. Because there is also an active exchange of knowledge, strategies and methodologies on the "dark side". So cyber security is everything - but not a profession for designated lone warriors!
Myth 3: There are no viruses on the Mac
It is common knowledge that Windows systems are plagued by all kinds of malware. Android, too, is considered an open operating system in the mobile world, but one that is also threatened by cyberattacks. Apple, on the other hand, is spared from viruses, Trojans, worms and ransomware - according to a persistent myth. Really? What is clear is that Windows is the most widespread operating system in the world - and is correspondingly often used by companies, government agencies, NGOs and, of course, private individuals. In the shadowy world of cybercriminals, which is dominated by economic considerations, this means a reliable return on investment, considering that the development and distribution of malware also costs quite a bit of money. Many victims bring a lot of money - so the range of malware specifically targeting Windows systems is correspondingly large. However, even a Mac is not protected against cyber attacks: The sheer number of malware programs optimized for Apple systems may be smaller in total, but attacks of all kinds are nevertheless the order of the day here, too. The fact that there is no malware on a Mac can be dismissed as a pure myth.
Myth 4: IT and cyber are the same thing
IT experts and cyber security professionals both work on and with computers. So they can do the same thing. A widespread prejudice is that working with IT systems requires the same skills. However, in reality, there are enormous differences between the daily work of an IT professional and cyber security experts. IT professionals are there to keep systems available and improve performance. Cyber security experts, on the other hand, develop and optimize strategies to protect running systems from outages caused by attacks. There may be some overlap - for example, on technical issues - but comparing IT and cyber is a bit like comparing apples and oranges: unfortunately wrong.
Myth 5: Cyber security experts must know how to program
Another myth is that work in cyber security is characterized by countless lines of programming code that must be typed into the keyboard from morning to night. Sure, it certainly helps on the job if programming languages are mastered. However, programming skills are not a requirement to work in the security industry. Many cyber security tasks require completely different skills - mathematical understanding, analytical competence, verbal expertise or distinct creativity. Dealing with code is only a small part of working in cyber security. In other words, just because you want to drive a car doesn't mean you have to be a car mechanic. Depending on the task, programming skills may be dispensable, even though it never hurts to understand a line or two of code. This myth is not wrong - but it's not entirely true either.
Conclusion on biggest myths of cyber security
Cyber security is much more than Hollywood would have you believe. The image of the lone wolf saving the world through program code in a darkened room may work pretty well in the movies. But the reality is pretty far removed from the stereotypes. Modern cyber security thrives on diversity, active exchange, varied areas of responsibility and exciting assignments where no two days are the same. Cyber does not mean the same as IT, even if people from outside the industry often think so. While IT professionals make computer systems available and keep them running, cyber security professionals protect systems from attacks. The two areas of responsibility may have one or two overlaps, but that's about it. And then there is the myth that Apple products are spared from malware. Anyone who uses a Mac and does without security devices in good faith will soon be disabused of this notion. Because even if there are not as many malware as on Windows systems: Malware is also wreaking havoc on the Mac.