Inside Cybersecurity with Harness Projects mentor Hossien Dakkak
Thinking Like an Attacker: What Harness Projects mentor Hossien Dakkak Wants Every Junior Cybersecurity Analyst to Understand
When Hossien Dakkak speaks about cybersecurity, there’s a noticeable shift in tone. It’s not abstract, and it’s not theoretical. It’s immediate, practical—and often surprisingly business-focused.
“You need to understand what you’re protecting, why you’re protecting it, and what’s important to the business.”
Hossien is one of the lead mentors in our Cybersecurity Career Launcher Course, and what he teaches isn’t just how to configure firewalls or spot phishing emails. It’s how to think like an attacker, and more importantly, defend like someone who understands the real-world impact of failure.
Why Threat Modeling Is More Than a Buzzword
One of the core concepts Hossien drives home is threat modeling—a structured way to evaluate what a system does, what can go wrong, and how to defend it.
He introduces students to multiple industry frameworks, from STRIDE to PASTA to OCTAVE, each with their own focus:
- STRIDE looks at Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
- PASTA simulates real-world attack scenarios based on business objectives.
- OCTAVE maps threats and vulnerabilities back to the organization’s actual operations.
But the lesson goes deeper than memorization.
“It’s not just knowing the model,” Hossien explains. “It’s knowing when and why to use it. What is this website? What’s on it? What are you actually trying to protect?”
This focus on risk-based thinking is at the heart of what sets strong analysts apart. Hossien encourages students to assess everything through the lens of what matters to the client—whether that’s payment data, user credentials, or operational uptime.
You Can’t Secure What You Don’t Understand
Throughout the course, Hossien often pulls real examples to illustrate his points. He describes how something as simple as a login page can expose an organization to multiple vulnerabilities—from SQL injection to cross-site scripting to credential stuffing.
“What’s the framework of this website? What data does it hold? Is it behind a firewall? Does it even need to be?”
These aren’t just theoretical questions—they’re the kinds of questions junior analysts will be expected to ask on the job. And answering them requires not just technical knowledge, but an understanding of the systems, users, and incentives involved.
Why It’s Hard to Learn This from a Textbook
The complexity Hossien describes—blending architecture, attacker behavior, business priorities, and defensive strategy—can be hard to grasp through static content alone. That’s why he teaches through active, client-facing projects that reflect the kind of thinking required in the real world.
Students in the Career Launcher Program work on projects where these ideas are applied under real constraints, with feedback from mentors like Hossien along the way.
It’s not about rehearsing for a certification exam. It’s about preparing to respond when a client turns to you and says:“We’ve got customer credit card data in this system. What do we need to do to secure it?” That’s the level Hossien pushes for. And for students entering a field where risk is dynamic, high-stakes, and constantly evolving, it’s the kind of training that sticks.
Want to Learn Cybersecurity the Way It’s Actually Practiced?
The Cybersecurity Career Launcher Program is built around this mindset: learning by doing, with industry professionals guiding you through real scenarios.
Interested in joining us? Book a call with our team to see if it’s the right fit for your cybersecurity journey.
