I sat down with W3Schools, one of the largest websites in the world, to talk through the fundamentals of cybersecurity. The write-up of our conversation is on LinkedIn: Cybersecurity 101: A Hacker Explains What You Actually Need.
Here is the short version of what we covered.
Start with the CIA triad
Three foundational pillars underpin almost everything in security:
- Confidentiality: who can see the data
- Integrity: whether the data can be altered without detection
- Availability: whether the systems and data are there when you need them
When these fail, the consequences are concrete: identity theft, financial fraud, disrupted infrastructure, and eroded trust in an organization.
What hacking actually means
Hacking is not inherently criminal. At its core it is about exploring systems to understand how they work and where they break. The crime, when there is one, comes from how that knowledge is used. This is why responsible disclosure matters so much: report what you find promptly so it can be fixed, rather than exploiting it.
The attack surface is bigger than the code
Security is not just about application vulnerabilities. It spans four dimensions:
- People: social engineering, weak or reused passwords
- Processes: risky workflows, like routinely opening attachments
- Technology: the actual application and infrastructure vulnerabilities
- Supply chain: the third parties you depend on
Attackers do not care which box a weakness sits in. They take the easiest path across all four.
Where to start, safely
If this sparked your curiosity, practice in places built for it:
- Bug bounty platforms like HackerOne and Bugcrowd for authorized targets
- Learning environments like OverTheWire, Hack The Box, and TryHackMe
And for organizations: turn on multi-factor authentication everywhere, and run regular penetration testing with authorized professionals who look beyond the scope you hand them.