7 months ago I saw the world differently.

When it came to technology, I was worried about all the wrong things. For example, is my phone listening to me? Yes. Absolutely it is. But in so many more ways other than just listening to your voice. To appropriately quote the Police, it measures “every step you take and every move you make.” Listening isn’t the issue.

Whether or not my phone is listening to me isn’t even on my top 10 list of sci-fi-future fucked-up shit I worry about now. We live in a world with an electric heartbeat. Digital pulses and near-psychic interfaces link us instantly to each other. We are caught as much in the technological net as a fly is trapped by a web. But we are also as much on the web like the spider as caught like the fly. Complete and full immersion. Hunter and hunted. Most of us think the internet is an amusement park when it’s actually a hunting ground. IoT (Internet of Things) isn’t a luxury, it’s a hunter’s blind. And is it me or does anybody have a problem with the use of the word “Things”? “Things” sounds like the sequel to John Carpenters alien horror film (probably my favorite horror movie, ever).

Technology has made each of us more powerful and more vulnerable simultaneously. Any one of us with just a little training could create chaos with a few clicks of the keyboard. For instance, I spent last weekend on the Department of Homeland Security’s website taking classes on Infrastructure Control Systems and cyber security. ICS monitor and control systems that often require real-time info and are extremely sensitive to delay, systems in which shutdowns can be catastrophic. Think dams. Think power plants. Think runaway trains. Think nuclear centrifuges. Big stuff that needs to work really well or all the lights go off, shit explodes, glows and fragile ecosystems are destroyed.

After 6-hrs of videos and tests about the Vulnerabilities, the Risks, the Threats, the Methodologies, IT Mapping, and the Consequences of cyber security issues with ICS, I was not optimistic. Nope, I was more like, “Sweet Mother of Burning Circuits, we are in trouble!” Don’t trust my hyperbole, check out the links below.

Water Plant Hack in Florida-Oh, Florida...

Hackers in Electric Grid-Yep, this is no joke.

Easy Access Tools-It’s way too easy for the bad guys.

Or go read Sandworm.

But don’t worry, I got a plan to save the world.

Next up: Cyber-Sorcerer-Ninja-Detective

Under the flickering lights of our Christmas tree, I wrap presents and think about a system file check of my prefrontal cortex. It’s the part of the brain that modulates social behavior. I want to confirm the hashes on all my psychic attributes because my mind is a swarm of acronyms and random strings of numbers. Once they get in there, it’s not easy to get them out. The numbers I mean. Cryptography has scrambled my axons with my dendrites.

I refocus and fInd some tape and scissors and while finishing the gifts I think about Santa coming down the chimney as a penetration test. Perimeter check. Santa is the perfect pretense to test our physical security. Going to need a new policy. Nothing like mitigating Christmas.

Certification is now the focus of Bootcamp. No more technical training. Now it’s review and career prep. I am a walking-talking flashcard. I’m in constant dialogue with myself. Me in my head explaining security threats to a panel of enthusiastic me. I’m describing my plan to defend employees against Social Engineering. I look back at me very impressed

Hanging ornaments, I think of all the holiday cards we got this year, and next thing I know a phishing email begins to type itself out on the screen behind my eyes. A voice whispers in my ear, “Rapport building and framing psychologies create tribal bonds, these are our goals.” I stop myself, take a deep breath, and look around at my family.

Freeze frame for the postcard moment: Christmas tree, everyone wearing wonderfully hideous Xmas sweaters; my wife has a tiger ornament in her hand; son, headphones on, reaches high above his mother to hang basketball ornament; daughter laughing with her head back and eyes closed, whatever it is it’s so hilarious it hurts. Cats attacking ribbons and bows, rolling in liberally scattered catnip. My tribe. My love. My treasures.

The Muppet Holiday album is playing, I’ve got hot cocoa, and I sink into a deep sense of gratitude. What a crazy ride. I pray everyone is as safe and warm and loved as I am. Happy Holidays. Let’s talk about Joseph Menn’s Cult of the Dead Cow (CDC).

Before we jump in, here’s a little background. Academically, there are 5 basic threats in CS: APTs (Advanced Persistent Threats-national interests), criminals (it’s about $), hacktivists (philosophically motivated), pranksters (fun-power), and mistakes (distracted minds). While Sandworm focused on the history of APTs, CDC focuses on the history of the hacker activist trying to save the internet from itself.

My instructor is fond of saying, “In the beginning, there was no security.” Simply put, the internet’s infrastructure has vulnerabilities. What kind? Well very it’s technical, so let’s try this. If the internet was a boat, it would a paper boat headed for the street’s rain run-off drain where the clown from IT is waiting. And if the internet has vulnerabilities, then so do we. Take notice, in that story with the paper boat, we are the little kid chasing the paper boat into the street drain and we are about to reach down into the dark to find sharp teeth.

Similar to It, CDC is the story of a bunch of kids who discover that beneath the normal world there is an underground system stalked by an otherworldly predator. Ok, maybe I’m pushing the comparison. I’ll stop there but if you’re a Stephen King fan at all, you can see how ugly this could get. Let’s try a different tac.

At the dawn of the digital age, the prehistoric version of the internet was built for nerds by nerds to share information. They weren’t worried about anyone listening, cause the idea was to be able to listen or at least hear. The main point was sharing.

Quick note: Kopimism is an official religion whose faith it is to copy and share information. They believe that information is holy and to share it is to take part in that sacred process. I mention this because sharing on bulletin boards is how CDC was born. It all begins with people sharing ideas through text files and trying to make phone calls on the cheap. But that small (dare say meager or mild) attempt at fan fiction and manifestos might just have saved us all. For now.

CDC is a history lesson of the internet and the people who grew up with it, love it and are afraid of what could happen if our grand experiment goes wrong. Put simply the Internet of things, IoT, the Web, our phones, every application, and service they provide has not been planned well.

Well, it wasn’t planned at all. It was co-opted. Repurposed. You might even say, hacked. Because now the Internet is actually an ATM. The biggest wealth maker ever seen in the history of humanity. So much wealth we could feed, clothe, shelter, educate, and provide medical care to the entire world. But we don’t. So the CDC has been trying to hack the hack and give us the Internet back.

I keep using the word hack. Before the Bootcamp what did I know about hackers?

Hackers. The movie War Games introduced me to my first hacker. Remember the 1980’s: VCRs, Miami Vice, John Hughes. Then maybe you recall a young Mathew Broderick almost starting a nuclear war by hacking into a government war simulator. “Would you like to play a game?”

Cult of the Dead Cow is kinda like what would happen if Mathew’s character was actually represented by a dozen or so hackers who grew up with the internet, made it their habitat, learned to forage and hunt, found treasures, discovered pitfalls, and then rushed back to the outside world to warn us of what lurked in the digital forest. There are highwaymen, rickety rope bridges, hidden passages, boobytraps, spies, pirates, swindlers, and more. Oh so much more.

Think IT meets Mr. Robot and the show runs for 50 years.

You don’t know it yet, but we owe them big. Because while we were sleeping, they held the great glowing neon firewall. They snuck behind the GUI and took a look at the code holding the data-world together. What they learned scared them. They could have said nothing. They could have robbed us blind. Instead, they played David vs Goliath and set about hacking the world.

They went up against Microsoft, mass media, and terrorists. Along the way, they crafted code, political philosophies, mayhem, and modern-day security analysis. Not all of them are heroes. The truth is complicated. They hacked for good, for fun, for country, and sometimes merely for chaos. They are at times activists, inventors, mercenaries, vigilantes, pranksters, soldiers, spies, and even Presidential hopefuls. Ugly warts and all CDC doesn't try to hide the flaws of the community. Instead, it gives enough space to let things be as they are and the reader to make their own judgments.

My takeaway: The future is coming and we are going to need a bigger boat.

What do I mean by that? It’s the line from Jaws. That moment when they are chumming the water and Scheider’s character sees the shark for the first time. That’s me after 6 months of CS training. We are going to need a much bigger boat than the paper one we are in now.

That translates into: we need a much broader understanding of what we are dealing with.

Next: Matthew Holland talks about Cyber Security