[프롤로그]

[Korean Edition]

필자가 시스템 및 네트워크 보안을 전공할 때만 해도 대학에서 보안과 관련된 교육을 제공하는 프로그램이 많지도 않았을 뿐만 아니라 아예 보안을 전공하는 학과를 가진 대학 자체가 많지 않았다. 하지만, 지금은 민간은 물론 정부 차원의 화이트해커 양성 계획을 발표하고 다양한 프로그램을 마련하여 우수한 해커를 발굴하고 지원해 오고 있다. 보안 분야에 몸을 담고 있는 사람 중 한 명으로서 이러한 분위기는 매우 기쁜 소식이 아닐 수 없다. 그 덕분에 숙련된 해킹 기술을 보유한 우수한 보안 인력이 과거보다 많아진 것도 사실이다.

그러나, 역설적이게도 필자는 기술 외적인 것의 중요성을 말하고 싶어 이 책을 쓰게 되었다. 그렇다고 해서 기술이 중요하지 않다는 의미는 아니다. 해커라면 버퍼 오버플로우, 리버싱, 패킷 분석 및 조작, 웹 해킹, 퍼징, 포너블 등 해킹과 관련된 무수한 기술력을 보유하는 것은 당연하다. 이와 같은 보안 기술도 매우 중요하지만, 그것은 가장 기본적인 소양일 뿐 그것이 전부가 아니라는 점을 강조하고 싶다. 흔히들 이과생에게는 인문학적 소양을, 문과생에게는 과학적 소양을 갖춰야 한다고들 한다. 이과생이 아무리 과학적으로 뛰어나더라도 사람을 생각하는 정신이 부족하면 쓸모가 없고, 문과생이 아무리 표현력이 좋더라도 자신이 말하고 하고 싶은 메시지를 논리적으로 전달할 수 없다면 소용이 없어지기 때문이 아닐까? 또한 다양한 분야에 관심을 두고 두루두루 경험해야만 핵심을 꿰뚫는 통찰력을 가진 지도자가 될 수 있을 것이다. 필자는 해커에게도 같은 공식이 적용된다고 생각한다.

우리가 살아가는 시대는 절대 혼자서는 아무것도 할 수 없는 시대로 급격하게 전환되어 가고 있다. 보안 분야도 마찬가지다. 개개인의 뛰어난 해킹 기술을 바탕으로 서로 협력하고 함께 소통해야만 시너지 효과가 발휘되어 탁월한 성과를 창출할 수 있으므로 무엇보다 제대로 된 보안팀을 조직하고 최고의 효과를 낼 수 있는 보고 채널을 구축해야 한다. 그 위에 최적의 보안체계를 설계하여 구현하고, 보안팀만의 보안이 아닌 조직 구성원 모두가 함께하는 보안 문화를 조성할 수 있다면 큰 산을 넘은 것이다. 여기에 중요도가 낮은 것부터 높은 것까지를 모두 정의해 놓은 정보 분류 체계를 가지고 선택과 집중으로 한정된 자원을 효과적으로 사용하고, 외부뿐만 아니라 내부자에 의한 보안 위협까지도 관리할 수 있도록 함으로써 궁극의 보안 활동을 할 수 있게 되지 않을까? 이때 국가 차원의 사이버 첩보전까지 고려할 수 있다면 금상첨화라 할 수 있을 것이다.

끝으로 부디 이 책이 독자들에게 기술은 물론 전략까지도 함께 무장할 수 있는 밑거름을 제공하여 대한민국은 물론 전 세계 역사에 길이 남을 위대한 해커가 탄생하는데 미약하게나마 선한 영향력을 미칠 수 있기를 기도한다.

본인 몸 하나 추스르기에도 벅찬 몸으로 이 책이 나올 수 있도록 헌신해 준 사랑하는 아내, 삶으로 가르칠 수 있도록 동기 부여해 주고 나태해지려 할 때 자극제가 되어준 예쁜 딸, 나와 아내를 꽃 피우기 위해 거름이 되어버렸던 존경하는 양가 부모님, 드러내 놓고 표현하지는 않지만 항상 누구보다 많이 응원해 주는 동생과 처제, 영적인 가족으로서 늘 든든한 지원군이 되어주신 우리 오병이어 포도원 및 원천침례교회 가족, 지금의 보안인으로서 자리매김할 수 있도록 선한 영향력을 미쳐주신 고려대학교 정보보호대학원 교수님과 동문, 삼성의 모든 보안인 여러분께 고개 숙여 감사드리며, 이 모든 순간을 은혜로 베풀어 주신 우리 주 예수 그리스도께 영광 올립니다.

 

[English Edition]

When I majored in system and network security about 20 years ago, there weren't many universities that offered security-related education, and there weren't many colleges that had departments majoring in security at all. However, now, not only the private sector but also the government have announced plans to train white hackers and have prepared various programs to discover and support excellent hackers. As one of those involved in the security field, this atmosphere is very good news. Thanks to that, it is a fact that there are more excellent security experts with advanced hacking skills than in the past.

But, paradoxically, I wrote this book to address the importance of the non-technical. That doesn't mean that technical skills aren't important at all. Of course, it is natural for hackers to possess various technical skills related to hacking, such as buffer overflow, reversing, packet analysis and manipulation, web hacking, fuzzing, and pwnable. However, what I want to emphasize is that, although security technology skills are very important, they are only the most basic knowledge. In other words, security technology capabilities are not everything. It is often said that science students should have humanities, and liberal arts students should have scientific knowledge. I think this is because no matter how good a science student is, if they lack the mind to think about people, they will eventually become useless. Likewise, no matter how expressive a liberal arts student is, if he cannot logically and persuasively convey the message he wants to say, his value will decrease. Also, only those who are interested in various fields and have extensive experience will be able to become leaders with insight penetrating the core. I believe the same formula applies to hackers.

The present era we live in is rapidly changing to an era in which we can never do anything alone. The same is true in the field of information security. Only a team that cooperates and communicates with each other based on each individual's outstanding hacking skills can create synergy and create outstanding results. To do this, above all else, you need to organize the right information security team and build the reporting channels that work best. If you can design and implement an optimal information security system based on such a foundation, and create an information security culture in which all members of the organization, rather than just the information security team, participate, then you have crossed a big mountain. Here, if you create an information classification system that defines everything from least level of importance to highest level of importance, so that you can effectively use limited resources through selection and concentration, and manage security threats from insiders as well as outsiders, you will have the ability to take on the ultimate information security action. At this time, if you can even consider cyber espionage warfare at the national level, it's icing on the cake.

Lastly, I pray that this book will provide readers with a foundation to equip not only technology but also strategy, so that this book can have a good influence on the birth of great hackers who will go down in history not only in Korea but also in the whole world.

I bow my head with deep appreciation to the following people, and I give glory to our Lord Jesus Christ for making all these moments gracious.

Those are: My beloved wife who devoted herself to writing this book in a situation where it was difficult to even take care of herself, My pretty daughter who motivated me to set an example with my own life whenever I was about to be indolent, My parents and parents-in-law whom I respect who have become manure for me and my wife to bloom, My brother and sister-in-law who support me more than anyone even though they do not express it openly,  Five-Loaves-and-Two-fish gathering and Wonchon church family who have always been a strong supporter as a spiritual family, Professors and alumni of Korea University School of Cybersecurity, Samsung Information Security Team Members.

 

-대표 이미지 출처

Pixabay로부터 입수된 Greg Peatfield님의 이미지 입니다.