Blog Holberton School > Uncategorized > Cybersecurity is the new common sense. And you might be ignoring it
By April 2, 2025

Cybersecurity is the new common sense. And you might be ignoring it

Imagine this: you’ve been working on your capstone project for weeks. It’s sleek, functional, maybe even a little beautiful. You push it to GitHub, share the link proudly with your peers, and… a few days later, your Heroku account is compromised. Your database is wiped. Your credentials were hardcoded in a public repo.

Too real? For many devs, this isn’t a what-if it’s a rite of passage.

The myth: “Cybersecurity is for security engineers”

Let’s clear this up right now:
You don’t need to be a cybersecurity engineer to care about cybersecurity.

If you’re writing code, deploying apps, or managing user data (yes, even as a student), you’re already in the ecosystem. You’re either contributing to a secure digital world, or creating vulnerabilities you don’t even know about yet.

In other words: cybersecurity isn’t a specialization anymore, it’s baseline hygiene.

What makes you a target?

Still thinking, “Why would anyone hack me?”

Let’s reframe that. Hackers don’t need you to be special, just unaware.

  • Reused passwords? They’re already on the dark web.
  • Public repos with exposed keys? A goldmine.
  • Clicking that “urgent” email from “GitHub support”? That’s how phishing starts.

You’re not too small to be targeted. You’re just more likely to be overlooked until you slip.

Smart security habits for developers (that you’re probably not doing yet)

You already write code. You probably know about 2FA. But here are some next-level habits that every developer should adopt, especially as you start working on real-world projects.

1. Never trust user input (even your own)

Always validate and sanitize everything. Whether it’s a form input or an API call, assume it’s trying to break your app.

Learn about SQL injection, XSS, and CSRF, even if you’re just working on side projects.

2. Make .env files your best friend

Configuration belongs in environment files, not hardcoded into your codebase. Better yet, use tools like dotenv and gitignore those files always.

Pro tip: Set up a pre-commit hook that warns you before pushing sensitive info.

3. Run dependency vulnerability scans

You trust npm install, but you shouldn’t blindly trust every package. Use tools like:

  • npm audit
  • snyk
  • dependabot

A single outdated package can expose your whole app.

4. Use role-based access in your apps

Even in small projects, start thinking in terms of roles and permissions. Not every user should have access to everything.

Building this in from the start builds the muscle for future scalable apps.

5. Think like a hacker, before one does

When you finish a feature, don’t just test if it works. Ask:

  • Can this be misused?
  • Can a user access something they shouldn’t?
  • Can this data be faked or corrupted?

That mindset shift alone makes you a better developer, not just a secure one.

Bonus: Take It to GitHub

Start implementing:

  • Signed commitseh
  • Branch protection rules
  • Security.md in your repos for reporting vulnerabilities
    These aren’t just best practices, they show you’re a dev who gets it.

You don’t need to be paranoid. You just need to be prepared.

Cybersecurity isn’t a checkbox. It’s a mindset and the earlier you adopt it, the fewer crises you’ll need to recover from.

So go ahead: update that password. Audit that repo. Be that friend who actually reads the permissions before clicking “Allow.”

Your future self (and your data) will thank you.