Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (10)
Similar a Breaking into IT and Building Your Cyber Career
Similar a Breaking into IT and Building Your Cyber Career (20)
Último
Último (20)
Breaking into IT and Building Your Cyber Career
- 3. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 4. The Goatee… • In the InfoSec/Cyber industry for too many years... • Broke Nigeria, ISS, Mars Rover, airplanes, trains, etc. – Researched a whole lot more… • Now working at Lares and consulQng to AWvo – Why? Because we need to change this industry – Why? Because we are going to lead from the FRONT • Currently researching humans, AI, ML and consciousness compuQng… – Because there’s beEer ways than passwords! – Because the future’s not already scary enough J – Because we’re heading off the cliff…and we need to wake up • Might also have a whisky collecQon that borders on the obsessive… – Occasionally travels with the whisky football (thanks Inbar!)
- 6. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 8. Wrong!
- 10. WTF Happened?
- 11. Today?
- 14. WE NEED BALANCE!
- 16. Why Now?
- 17. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 18. Know Your Basics • Computer science – What IS a computer? – How does it bloody work? • Networking – What is it, how does it work ALL spectrums – Breaking packets down… • Core programming – Perl, Python, C++, Assembly, etc. • CompuQng in the REAL world… – From mainframes to embedded devices, learn the differences – What WILL you find in a corporaQon? (And the verQcal differences)
- 19. Know Your Basics • External • Internal • Physical • Signal • Human • PPC’s • ReporQng…
- 20. More Damm Basics • CommunicaQons, verbal, non-verbal, etc. • The wriEen language PLEASE! • Psychology, know your audience. • Sociology, know their surroundings… • Human behavioral sciences, know why! • Abstract thinking skills • Logical and transforming skills
- 21. Know Your IniQal LimitaQons… • I want to be a penetraQon tester… • I want to be RED • I want to leap from tall buildings… • I want to break all the cyber • I want to build a botnet and take over Africa… • Actually what you want is BLUE, learn tradecrak AND know HOW RED thinks… and then you can decide!
- 24. Certs vs. Experience • Experience counts • Certs get you in the door IF you go via HR • Experience will get you to the geeks who hire • Certs get you to the “Big4” and others… • Experience is valued by most of us… • Certs are valued by some leadership (and clients)
- 26. PracQce Breathing! • PaMence, if you are new it takes Qme to build up the personal brand, the Qme and effort spend on it WILL pay off. • Enthusiasm, don’t loose it, even when things seem like they’ve hit the brick wall… • Perseverance, see above, that brick wall can take Qme to clear…this industry is NOT easy! • Interest, show it, keep it, build it, focus it and conQnually evolve it.
- 27. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 28. TradiQonal OR Other? • TradiQonal route is simply applying Qme and Qme again to companies • Other…is what we’ll talk about here, how to leverage OUR world to help. • Other…is also using social media. • Other…is using brains over brawn, something we should be good at (someQmes) • Other…is going to take extra work, suck it up it’s worth it!
- 29. Job Roles… • Security analyst, blue team SOC • Security engineer, tamer of all the blinky shit • Forensic analyst, digger of all things digital • Malware analyst, collector of bugs • Incident response, bringer of Advil and Qssues • Audit and compliance, filler of forms… • Threat analyst, speaker in tongues… • IdenQty and access management, keeper of the keys • PenetraQon tester, tamer of the bits and bytes • Vulnerability researcher, digger of code
- 30. LinkedIn • USE IT! – Seriously, get a GOOD profile up and running – Start to talk with people, reach out – Start to interact on topics you care about – Start to do your OSINT and HUMINT on companies, on people and on areas you want to focus on! – Engage with people, with groups, LISTEN lots, talk when you have something to contribute. – Keep it short, concise and to the point…essays scare people. (LinkedIn posts are 1300 characters for a reason!)
- 31. YOUR Brand… • Tell me about yourself? – ARGH…Um…Ah… • Tell me about yourself? – I blog… (Peerlyst, LinkedIn, BrightTALK, Conference Forums) – I work within the community (HFC, Hak4kidz, ILF, EFF, Etc.) – I goto conferences (HERE!) – I take part in CTF’s or Hackathons or villages or (insert here) – I research in my own lab environment… – I work with “x” who’s a mentor… – I’m contribuQng to “x” where “x” is a book, paper, arQcle, etc.
- 33. Congrats! They Want To Talk… • OSINT the damm company, know WHO they are • Bring the damm resume and something to take notes with… • Be early, hide round the corner, steal a car, don’t be late! • LEAVE the electronics behind! • DON’T hack the damm company and explain how to help fix it! • Eye contact, pay aEenQon, be direct (but civilized) • Be honest, nobody knows everything, DON’T bullshit • If you are new, talk about your research, your hobbies, etc. • Talk about being here! Hell, I’ll back you up! • DON’T talk about hacking “x” and how you broke in… • DO talk about your work with BugCrowd, HackerOne, etc.
- 34. Sok Skills • CommunicaQon (lots of references here!) • WriQng (PLEASE!) • Listening (Seriously, we NEED to do this more!) • EmoQonal Intelligence (ourselves and in others!) • Public Speaking (Get up here!) • CriQcal Thinking (ObjecQve analysis) • Leadership (Step the F**k up!) • PosiQve AWtude (Yea…we DO have to have this!) • Teamwork (We have to work with others…someQmes)
- 37. Interviews: Keep It To Yourself… • Yes, China’s hacking us – And we’re hacking them… • Yes, North Korea’s got talent – We’ve got a few good folks too… • Yes, Russia is in our infrastructure – You think we’re not in theirs? • Yes, the NSA’s listening – Two can play at that game ;-) • Yes, AnQ-Virus sucks – But doing nothing is worse, build a beEer mousetrap in your spare Qme! • Yes, users can be exasperaQng… – SO CAN WE!
- 39. It Is NOT An Overnight Thing… • A LOT of jobs want 1-3 years of experience? – You NEED experience to GET the experience?!? • So, you don’t have it in the 9-5 world? – What’s stopping you from doing it at night? – What’s stopping you from doing bug bounQes? – What’s stopping you from volunteering? – What’s stopping you from building it yourself? – What’s stopping you from geWng involved? – Stop talking start coding! – Quit the “I want” and simply DO
- 40. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 41. 41
- 42. Current State Of The Union • We are adding more and more complex technology. • We are handing that technology to a populaQon that doesn’t understand, or care about security. • We are integraQng it into our homes, offices, bodies, cars, lives… • We don’t have enough qualified people to manage the current list of issues, let alone the future. • We don’t have good eyes on our own environments…
- 44. Our Industry Status • Currently we’re short 2-3-4-500,000 folks… • Future predicQons anywhere from 2-4 Million • We’re in negaQve unemployment, yea (not!) • Salaries are good (back to that experience thing) • Money is NOT everything… • We DO need more good people…
- 46. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 50. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 53. Get Involved!
- 54. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 55. CommunicaQon • How to communicate without the FUD – Actual defensible staQsQcs – Ignore the vendors, seek independent numbers! • How to communicate without geek speak – WE have to speak other peoples language – WE have to be able to explain our world to others • How to listen – We have TWO ears and ONE mouth for a reason – ACTUALLY listen, don’t smile and nod…
- 59. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 61. Adding To That…
- 62. The Future? • WHEN we can digiQze consciousness: – How much is enough? For us, for a terminal paQent? – Can we then determine our own future with technology? – Do we go digital, do we remain flesh/blood, or both? • We don’t need travel: – We ARE a series of electrical impulses. – We are capturing sequences and predicQng them. – We can transmit them…anywhere. • Societal changes? – Who goes digital and why? – Who stays? Who then has the power to determine the future?
- 64. An Abstract… • In 1949 George Orwell introduced us to the dystopian future of 1984 in which independent thinking and individualism were ground out of our society. • Ironically enough IN 1984 we were introduced to the means by which such individualism would eventually be our undoing…the machines. • In this instance, a 6’2” Austrian sent back from 2029 by a machine that gained consciousness in 1997. • We’ve apparently been persecuted by machine for about the last 30+ years and we are yet to realize it.
- 66. An Intelligence Wakes Up • Whose hands are on the keyboards, how influenQal is that in the overall design? • Whose countries are at the forefront of design and what implicaQon does that have? • Who is paying for all this and what are those implicaQons? • What IS privacy and do we need it, can we have privacy and ACTUAL arQficial intelligence? • How DO we account for all 7.4 billion of us on this planet when we are designing a system to think for us
- 68. Agenda: • Who’s the hairy thing in a kilt? • Industry history • How to break into “cyber” • How to break into the corporate world… • Why we really need you to break in • Why we need ALL of you in, not just the geeks… • The family, who we are, why we are here… • CommunicaQon, collaboraQon and understanding… • The bigger picture, WHY we need to do this… • Final thoughts
- 69. Mr. Kemp… • Mike is family, he’s been coming here for years… • He’s having a rough Qme of it at the moment… • There’s cards ALL over the place, – PLEASE sign one, leave a caring HUG and possibly a sarcasQc message and then pass them on… – Please also feel free to reach out to him on TwiEer (clappymonkey) • We try to take care of family, Mike we miss you!
- 75. With Thanks!! • As always, HUGE HUGS to everyone @GrrCON – Hug Chris and the family please – Hug everyone in a yellow, red and other color shirt! – Per Chris, say thanks TO the vendors for the beer etc. • Shout out to the following for their help on this deck: – Chris Nickerson – Leslie Carhart – Christopher Grayson – Michal Zalewski – Parisa Tabriz • And, go give Eddie a hug (and some $) for art…it all goes to charity!