# Why I'm Passionate for Cyber Security ### Learning Self-Defense I practiced Taekwondo from when I was 8 years old until I was 22, nearly 14 years! When I was training in Taekwondo (just hold on, I promise _does_ tie into cybersecurity), my friends and I would regularly spar. Sparring is fun: we’d put on pads and kick each other, and you'd score points depending on whether or not you could get past your opponents defenses. One of the most dangerous moves to watch out for during sparring was the **hook kick**. It’s a counterattack: your opponent spins around and slams their heel into your head from a blind spot. When you're a beginner, a white belt, you've never even heard of a move like this, but when you start sparring, you learn *very* quickly how important it is to get your hands up and guard yourself against getting kicked in the head (it's not fun!). Cybersecurity is a lot like sparring. You’re constantly on guard, defending and evading your opponents attacks. But here’s the thing: if you don’t even know what a hook kick _is_, or that it’s aimed at your blind spot, how can you possibly defend against it? Nope, you become a white belt again and get smacked in the head. Like my instructor would tell me, "Stop blocking with your head!" That’s what motivates me to learn more about concepts like penetration testing. Just like in sparring, understanding the attacks—_where_ they come from, _how_ they’re delivered—is key to defending against them. Getting kicked in the head sucks. So does getting blindsided by a breach. --- ### A Story About Sue Want to hear a sad story? Once, I helped an older woman, I’ll call her Sue, who came to me one evening, in tears. Sue was a missionary for the non-profit where I worked. She had just received a random call from someone. This person shocked Sue by saying that they were with the bank and were reporting that a scammer had attempted to access Sue's bank and make off with her money (the little that she has). This "bank representative" rattled off a few of Sue's personal details about her account. Then, they asked her to confirm her account information, to have Sue "confirm her identity". Sue was scared, shaken, and since the "representative" already seemed to know her info, she assumed they were legitimate, so she gave them all the information that they asked for. It wasn't until it was too late that she realized that actually the representative *themselves* were the scammer and that Sue had been lied to. So on a late evening, while I was working on some server, this little old missionary lady came to me, scared and with tears in her eyes, and said, **"Ken, I think I just gave someone my money."** People suck. Luckily, we were able to act fast. We reported the scam, called the national fraud hotline, spoke to a specialist, and moved her money to a different account, closing the compromised account. She was okay in the end, but it could have been much worse. What really makes my blood boil is that the hackers that tricked her *wouldn’t have cared one bit.* --- ### A Passion for Cybersecurity That experience, and many others like it, is why I care deeply about cybersecurity. It pisses me off that good people like Sue have to live in fear of being manipulated. In a perfect world, Sue wouldn’t need to worry about social engineering or stolen bank accounts. But that’s not the world we live in. So I’m doing everything I can to learn, grow, and make sure that hackers don't take advantage of people like Sue, because maybe next time, it's not Sue. Maybe it's my mom, or my grandfather, or a close friend. To me, I'm not learning cyber security just because it's fun (although it is), I'm learning how to take care of my people against attackers who won't care about what happens to them. *That* is why I'm passionate about cyber security. --- Thanks for reading! If you want to learn more about my story, click [[About Me|here]]! --- ## Let’s Connect - [LinkedIn](https://www.linkedin.com/in/kennethhcastillo/) – professional background and updates - Email: [email protected] – always happy to connect or chat security