Cybersecurity Ethics

Know what you are doing.  Good intentions are necessary, but not sufficient.

Plan to practice your skills safely:

  • Stick to systems, locks, and data that you own or have permission to do potentially destructive testing to.
  • Watch out for what you are connected to!  An innocent pentest can easily break things on the same network if you don't know the limits of the software and techniques you are using.
  • Beware of brittle systems: it is easier to break things and hurt people than you think.
  • Everything is legal in your own security lab!

If you don't know what you are doing, at least make absolutely sure the experiment can't escape the lab.

Beware of side effects.  If you anger a botnet controller, chances are your whole house, if not your whole block, is getting DDoSed.

Never assume that someone more mature, better trained, and better paid than you did anything right.  If you assume this long enough, someone will die, or at least lose their life savings.


When you find out exactly how true this is, do a responsible disclosure.  If you are afraid of your own exposure, use a safe proxy person/group to help you do a responsible disclosure.


Never trust skiddies.




This presentation is based on a talk by Susan Sons at the

2020 Wonderlab / CACR Cyber Camp. o    r


That talk is available in your cybercamp materials folder.

Ethics For Infosec Beginners

By Susan Sons

Ethics For Infosec Beginners

Slides from my ethics presentation at the CACR Security Matters Cybersecurity Camp for jr highschoolers 2020

  • 710