Black Lives Matter
Transcript Hey everyone… So, as if this time was not hard enough as it was with Covid, the American Black community has been affected yet again. It's difficult to post motivating content while so many are feeling a sense of outrage and so much going on. So I'm going to pause, slow down, or at least take into consideration the posting of new content during this period. Of course, people still need to work, so I can't stop completely, and I do have episodes coming down the pipe. There's a personal story I want to share related to this. A friend and I were driving once, but he realized he left his wallet at home, which had his driver's license. I said, "Not a big deal. They can just look you up if you get pulled over." He then looked at me, and I then figured it out: he's black. It hit me then how privileged of a life I had. It then hit me how scary driving while back really is. I may not be white, Christian, and from the suburbs, but I'm not black and male. I may not have the best things to say at this moment, but I realize staying silent isn't an option. I don't have a TV, and I'm not on Twitter often, but the little I did see made me realize silence or status quo is almost as bad. Diversity and inclusion are an integral part of this podcast. I've never called it out as I just wanted my lineup to speak for itself. Many of my guests are black. For the longest time, it was rare to see a brown or black person at a security conference. It was quite lonely. For listeners outside of the US, please try to empathize with whatever social divide you have in your country. It could be the religious minority in your country, the darker-skinned, those of a "lower" social caste, the poor, or whomever it may be. There are always those that are marginally suppressed or oppressed. So…. I stand with the Black community against racism, violence, and hate. Now, more than ever, we must support one another as allies and speak up for justice and equality. #BlackLivesMatter ****************************************** Website: https://gettingintoinfosec.com/ Twitter: https://twitter.com/coffeewithayman See omnystudio.com/listener for privacy information.
1 Jun 2020
Christina Hanson - From HOA Manager to Headfirst Into InfoSec!
Christina Hanson is a security analyst working for Truvantis Cyber Security Consulting and one of my former boot camp students. She has extensive technical experience and a deep understanding of the collaborative nature of InfoSec, not to mention how women and other underrepresented groups in the community have a more difficult time navigating this industry due to institutional barriers. In our discussion, Christina touches on the wide variety of resources and events that helped her enter information security, why teamwork is just as important as technical work, and why InfoSec's responsibilities will continue to grow in the near future. Episode Highlights How Christina's aptitude for IT led her down the path to InfoSec The "elective" course Christina took that turned out to be career-changing Why cooperation and group work are so important in InfoSec The "soft skills" needed to work in security Infosec was not her 1st or 2nd career! An overview of Christina's day at Truvantis and how she works with clients Christina's experience at a SANS women's academy and the Day of Shecurity conference Why the InfoSec industry needs contributions from people from all backgrounds and how it benefits from diversity in general The increasing accessibility of conferences and other tech events for those who can't attend InfoSec's important role as companies have more and more access to users' data Quotes "I found that just the general atmosphere of security and the overall focus of what you're trying to accomplish was really helpful." "Anything you're gonna do in security, you're gonna do as a team." "Being open to learning new things is really important with this particular field." "Even if I don't understand everything they're talking about, it gives me at least a start and a basic understanding that I can then research later." "Being a professional in this field, it's so important that we are able to make other people safe." Links: Christina's LinkedIn: https://www.linkedin.com/in/christinahanson461/ Day of Shecurity: https://www.dayofshecurity.com/ SANS Women's Academy: https://www.sans.org/cyb Merritt College: http://www.merritt.edu/ Dr. Johannes Ullrich: https://twitter.com/johullrich SANS Daily Podcast: https://isc.sans.edu/podcast.html The Cyberwire Podcasts: https://isc.sans.edu/podcast.html OWASP: https://www.owasp.org Amanda Rousseau (@malwareunicorn): https://twitter.com/malwareunicorn Dead Drop SF: https://www.meetup.com/Dead-Drop-SF/ See omnystudio.com/listener for privacy information.
22 Oct 2018
Matt Toth - From Slinky Network Support Engineer to Security Sales Engineer
Matt Toth is a Senior Security and Veteran Sales Engineer. Having collaborated with the Department of Defense on War Games and advised senior leaders on possible cyber threats, Matt has two decades of IT experience with a focus on cybersecurity. With a passion for security, Matt is deeply engaged with the community to educate and prepare the next generation of cyber professionals. On top of that, he’s a good friend of mine in the industry with solid advice for those looking for a career in Information Security. In our chat, Matt breaks down a Sales Engineer’s role, explains his love of conference badges, and gets philosophical on issues related to those trying to make it in the field. Episode Highlights: The jack-of-all-trades nature of Sales Engineer work Matt describes one company’s dishonest approach to “AI” How a luxury car and stylish threads can make the wrong impression on your client Con culture and breaking through the shyness barrier Matt delves into #BadgeLife The surprising accuracy of Hackers and Mr. Robot How Matt’s art school’s aspirations shifted to IT InfoSec wargames and the “Russian nesting doll” scenario Matt encountered working with a client Why some companies prefer to live with a security problem rather than attempt to fix it Lastly: Have you been keeping an ear out for my Easter eggs? Listen closely Quotes: “I’m here, the customer trusts me to be here, and I’m gonna make sure that when they’re done, they’re happy with the situation so that they never come back and say, ‘Hey dude, you screwed me over.’” “You have to understand that you’re responsible for your own success. You can’t hide because you do have a quota.” “If you really don’t like the technology you’re dealing with, you’re not going to sell it well.” “It’s awesome... [and iconic,] that soundtrack is still incredible! On the way out to BlackHat this year, I watched Hackers on the airplane, and it was freaking me out… all of the attacks… are real world attacks we’re dealing with today still!” “When you’re meeting with your audience, understand who they are and understand what they expect.” “‘Hi, I’m Matt, and I’m an InfoSec addict!’ ‘Hi Matt!’” “If you’re just getting into the industry, recognize that all of us have our skill gaps. There is no one who knows everything.” “My thoughts on certs are, 'do you like to get paid?'” “Most insider threats aren't malicious: they're just people trying to do their job and oftentimes working around the system to try to be more efficient.” Links: Matt’s LinkedIn Matt’s Twitter - @willhackforfood Matt’s blog Splunk William Gibson and Neuromancer Grifter and #trevorforget Derbycon See omnystudio.com/listener for privacy information.
30 Oct 2018
BONUS - CliffsNotes To The First 20 Episodes!
Having completed 20 episodes, I decided to take a moment to go over each episode briefly. Thanks to call my guests! Ep01 - Dan Borges: https://twitter.com/1njection Ep02 - 0daySimpson: https://twitter.com/0daySimpson Ep03 - Christina Hanson Ep04 - Matt Toth: https://twitter.com/willhackforfood Ep05 - Rob Carson: https://twitter.com/robcarson05 Ep06 - Robin Stuart: https://twitter.com/rcstuart Ep07 - Clay Wells: https://twitter.com/ttheveii0x Ep08 - Elvis Chan: https://twitter.com/FBISanFrancisco Ep09 - Virtual Kyle Kennedy: https://twitter.com/Kyle_F_Kennedy Ep10 - InfoSteph: https://twitter.com/StephandSec Ep11 - Yaron Levi: https://twitter.com/0xL3v1 Ep12 - Jack Rhysider: https://twitter.com/JackRhysider Ep13 - Marcus Carey: https://twitter.com/marcusjcarey Ep14 - Nipun Gupta: https://twitter.com/nipungupta Ep15 - Adrian Kaylor: https://twitter.com/AdrianKaylor Ep16 - InfosecSherpa: https://twitter.com/InfoSecSherpa Ep17 - InfosecJon: https://twitter.com/InfoSecJon Ep18 - Masha Sedova: https://twitter.com/modMasha Ep19 - Jared Folkins: https://twitter.com/JF0LKINS Ep20 - Leron Gray: https://twitter.com/mcohmi Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.
27 Apr 2019
Most Popular Podcasts
Syntax - Arrested Teenager to Motorcycle Racer To Pentester
Syntax, an internal pentester for a large organization, had an interesting ride into infosec, filled with pitstops, detours, and countersteering along the way. At an early age, he was influenced by his father, got started hacking, and was wrongfully arrested for reporting a vulnerability in his High School. Hear his exciting journey into infosec, filled with life lessons. Shownotes Was arrested in High School for disclosing a vulnerability in the school IT system Went to college for computer science, but dropped out Inspired by the movie hackers His first computer had a 1MB hard drive (yes, not a typo!) Still went to Defcon even when he was not in IT or working in security Was a professional motorcycle racer Kept all his rejection letters as a way of motivation to keep going Had some business and entrepreneurial experience in the past, which helped him get back into the field Got back into security through… IT! Quotes "A lot of our time is spent arguing with the other departments and justifying our findings." [2:58] "Is this cross-site scripting really a problem?" "I get stuck a lot… it's kind of the nature of the beast." [5:17] "I'm not going to work in tech again." [12:21] "You're a motorcycle mechanic… why should we hire you?"[19:07] "It's my hacker family. These are my people. Everyone in security, they make sense to me, cause they're all kinda like me." [19:41] "I kept getting [these] projects coming my way and I constantly said, 'YES.'" [22:07] "Have you done this before? … no, but I'll learn!" [25:06]" "Because I had that mindset… I was seeing [from a] different [perspective] than other analysts." [26:00] Links Syntax on Twitter: https://twitter.com/syntax976 DCZIA: http://dczia.net/ Queercon: https://www.queercon.org/ Outro Music: "Pure Decking" by Patient Zero from the album "Screen Saviour" her link is http://patientzero.bandcamp.com and she is @DoctorKraft on the Twitter Getting Into Infosec Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.
10 Mar 2020
BONUS - MCOHMI New Song, Trap Music, and Domain Song Background
MC OHM-I (Leron Gray) talks about his next project about tabs in the browser, trap music, and some background on his awesome song, "Domain." Getting Into Infosec Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.
17 Apr 2019
BONUS - Announcing Getting Into Infosec BITES
Hello! Wanted to let you know I'm creating daily (almost) videos on YouTube called Getting Into Infosec BITES: https://www.youtube.com/c/gettingintoinfosec Please like, subscribe, and spread the word. The best thing you can do to support this media is to spread the word and let others know. Thanks! Links: Site: http://gettingintoinfosec.com/ Book: http://breakingintoinfosec.com/ Twitter: https://twitter.com/coffeewithayman See omnystudio.com/listener for privacy information.
14 May 2020
InfoSteph - From Journalism to IT Support to Security Analyst
Steph is brand new to the infosec field! We go over her interesting and eventful path into Information Security, reflections on her role today, and some fascinating war stories! BIO: Steph is a Security Analyst for a retail company makes up the team of one. She has a background in journalism and web hosting. She is the creator and editor of StephAndSec.com, a blog focused on technology, inclusion, and lifetime learning. Stephanie's life work is to encourage and fight for more diversity and inclusion in tech spaces for more innovative and original collaboration. She spends her time mentoring high school students, hosting virtual labs via Women In Tech-a-thons, and learning as much as she can about anything and everything. Stephanie believes that giving back to the community at every stage is very important. In addition to technology, Stephanie has a secondary passion for Psychology, so don't be frightened if you hear her discuss cognitive distortions or attachment styles. She hopes to develop research that explores the dichotomy between human beings and technology. She is currently on a mission to speak at three events in 2019 and has already been booked for one event. Notes: Dreams of Creative Writing, but chose Journalism for practicality Encouraged to Computer Science by her mom Had her eye on Security, through IT or Web Hosting... eventually. A story of being so close, yet so far Was very close to giving up on the whole industry due to the difficulty and lack of encouragement... but was NOT comfortable with quitting. Quotes: "You have to talk to strangers about their story... you want me to walk up to a complete stranger as an introvert? Uh.. what?" "The type of person I am, I can't fully commit to something without getting my hands dirty." "The way that I learn is situational." "We had a vulnerability scan tool and so I just tried to work with that." "It's kind of like what doctors have to do before they [can] become a doctor." "So many people are trying to get into the industry and facing the same issue. I've done all these things people have told me to and it hasn't gotten me anywhere." "Just do a bunch of stuff until it sticks!" "Twitter was one of the best... decision I made." "Get a champion that is more senior than you." "Don't count yourself out, before someone else has counted you out." "The lessons that are best learned are the ones that resulted in catastrophic failure." "When you want to be a lawyer, you go to law school, you sit for the bar. There ya go! There's a plan." Links: Steph's Website: https://stephandsec.com/ Speaking engagement next year: https://2019.tabgeeks.com/speakers#steph Steph's Tech a Thon's: https://mailchi.mp/70c8010c3320/tech-a-thon-comeback WISP - Women in Security and Privacy: https://www.wisporg.com/ Intro - Cascadia by Trash 80: https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro - That Night In Your Car - Spazz Cardigan: https://www.youtube.com/watch?v=1yzuoAOd238 Resources: HackEDU: https://hackedu.io/ Open Bug Bounty.org: https://www.openbugbounty.org/ Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.
18 Dec 2018
Kavya Pearlman - From Hairstylist to CISO to XR Superhero
Kavya Pearlman is an award-winning cybersecurity professional with a deep interest in immersive and emerging technologies. Kavya is the founder of the non-profit XR Safety Initiative (XRSI). XRSI is the first global effort to promote privacy, security, ethics, and develop standards and guidelines for Virtual Reality, Augmented Reality, and Mixed Reality (VR/AR/MR), collectively known as XR. Kavya is constantly exploring new technologies to solve current cybersecurity challenges. Quotes: "Money, money, money. How much money [are] you going to make? I was so put off. No, it's not about money. I really just want to learn." "What would you become when you grow up? I would be a D.I.G. (Deputy Inspector General)." "This country needs me. This world needs me." "You owe it to yourself to explore this little itch, and figure out whether this is your passion or not." "You will inevitably make (sometimes) bad decisions." "Technical support IS security." "I don't think anyone read that [report], but then it gave me some satisfaction that this is awesome. I can actually take what I'm learning and apply it to the job." "Believe in yourself. Not just for information security." Links: Kavya Pearlman - https://twitter.com/KavyaPearlman XRSI - https://www.xrsi.org/ Caroline Wong - https://twitter.com/carolinewmwong Steve Hunt [22:17] - https://twitter.com/Steve_Hunt Getting Into Infosec: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Stay in touch and sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.
18 Apr 2020
BONUS: Robin Stuart - Road to Becoming a Cyber Crime Author
Robin Stuart is a debut author in cybercrime fiction with a short story called "SegFault" in the Sisters in Crime NorCal anthology Fault Lines, which is due in early 2019!!! Notes Wrote her first full-length mystery in the mid-'90s! Pitching is basically a job interview Honing your pitch You only get one shot at that first impression She has a backlog of stories to tell... Stay Tuned!!! (So Excited!) Links The New York Pitch Fest: http://newyorkpitchconference.com/ Mystery Writers: https://mysterywriters.org/ Sister in Crime Northern California Chapter: http://www.sincnorcal.org/ Paula Munier, Robin's Literary Agent: http://talcottnotch.net/index.php/agents/paula-munier Robin Stuart Full Interview: https://gettingintoinfosec/robin-stuart-from-paralegal-to-malware-researcher-and-cyber-crime-author See omnystudio.com/listener for privacy information.
18 Nov 2018
Bonus - Cyber Security Job Search Frustrations (Zoe)
These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020.Getting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribeSee omnystudio.com/listener for privacy information.
6 Mar 2020
Bonus - Cyber Security Job Search Frustrations (Jayesh)
These are quick hallway conversations with recent graduates discussing the difficulties they've faced in their job search. I did not know any of these people before interviewing, and it's the first time I'm asking them these questions. This was recorded at RSA Conference 2020. Getting Into Infosec: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.
5 Mar 2020
Nick Vissari - Engineering Dropout to Math Tutor to Security Architect/Engineer
Nick Vissari went from being an engineering dropout (he didn't like creative writing) to a tech consultant to a math tutor. His penchant for fixing things homed him back into tech, where he is now responsible for security in a large school district. He recently went back to school and received his cybersecurity degree as well. Notes At 10-years-old, his Dad had problems putting the computer together, so he helped his dad Family never stifled any inquisitiveness he had Started as a math tutor at the school system How he initially had the wrong attitude in security Quotes: "Once you get into a position somewhere, do whatever you can to make yourself invaluable. Find the things people don't want to do and do them. The hard problems are the ones most rewarding." "If you're not automating right now, it's probably because you have more resources than you know what to do with." "There are a lot of people that are security professionals, but they really don’t know about how a system works." "Just got to have that passion for wanting to learn and you can definitely jump into security." "My grandmother always said: 'Those who don't make mistakes, don't do much.' So get out there a make a bunch of mistakes." "Don't be that guy that says 'No' to everything." Links Nick on Twitter: https://twitter.com/nickadam sslstrip by Moxie: https://github.com/moxie0/sslstrip Firesheep plugin: https://en.wikipedia.org/wiki/Firesheep Getting Into Infosec Checkout My Book: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.
4 Feb 2020
Tanya Janca - From Insecure Developer to Appsec, Diversity/Inclusion Advocate, and Mentor
BIO Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security.’ She is also the founder of We Hack Purple, an online learning academy, community, and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats: startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. Founder: We Hack Purple (Academy, Community, and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday Notes Part of security is teaching security Started in software development, then starting meeting hackers, and decided to switch to security. Tanya is extremely scholastically inclined She comes from a family full of women computer scientists, technologists, and mathematicians! Her aunt was the FIRST to graduate in CS from Ontario. Her mother was a mathematician. She had four uncles in computer science. Tanya's Quick List For Getting Into Infosec Responsibility of a mentee: [30:29] Have energy and time Respect your mentor's time Need to have already looked for the answer online before you ever ask them for something They are not a free consultant; you shouldn't ask them to do your work You shouldn't stand them up for meetings Recognize and have gratitude for the fact that this person has a crap-ton of knowledge in their brain that they're sharing with you for free. They're taking the time out. You're not their daughter or son. You're not their friend. You're a person in their industry, and they're trying to pay it forward. You want to actually do the exercises that your mentor gives you Choose your mentor wisely Do not expect your mentor to find you a job Quotes "We're graduating people who don't know how to make secure software, but they do know how to make software! So that ends up being insecure software." [4:57] "So if I [were] going to teach a software security course at a university, they would pay me as an adjunct professor, and they would pay me almost nothing. It would almost be equivalent to volunteer work." [5:35] "I thought I really wanted to be a penetration tester until I discovered that there is this weird spot… in between red team and blue team." [10:17] "A lot of penetration testers get a little depressed."[11:07] "People just don't know how many super awesome cool things there are out there!" [15:11] "The people I liked the best are the people in my computer science class." [22:24] "Honestly, I just smoked a lot of weed and just showed up and would ace things." [22:12] "You don't have to spend money at the beginning necessarily." [31:58] "Which certification should I get so that I can be a good pentester?" [31:34] "I don't know enough to be a mentor." [31:50] Links Tanya Online Personal Site: https://dev.to/shehackspurple Twitter: https://twitter.com/shehackspurple Pushing Left Series: https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95 NICE Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-center OWASP: https://owasp.org/ WoSec: https://wearetechwomen.com/wosec-women-of-security/ Franziska Bühler https://twitter.com/bufrasch Getting Into Infosec Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.
23 Feb 2020
BONUS - Pandemic and The Coming Recession / Depression
We are in the middle of a worldwide pandemic (COVID-19), a recession is here, a depression might be coming, and everyone is remote! Everything has changed. What can you do? How can you find a job in these crazy times? What are the challenges? How can you make yourself valuable? What's going through the company or hiring manager's mind?Please share or leave an awesome review if you found this helpful.See omnystudio.com/listener for privacy information.
2 Apr 2020
Bonus - David Zeichick - Cybersecurity College Professor
So as I was at RSAC, I was trying to keep an eye out for those looking to get into the field. RSA is not usually the place for that, but I saw the NetWars tournament and figured that might be a good place to start. On my way there, I met David Zeichick, who had "College Day" on his badge. Intrigued, I asked about "College Day," and he told me all about it. I sat down with him for an impromptu interview on the topic. Links David on Twitter: https://twitter.com/dzeichick Getting Into Infosec: Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe See omnystudio.com/listener for privacy information.
4 Mar 2020
Clay Wells - From SysAdmin to Security Architect to Con Organizer!
Clay Wells has been living in kernel/userland since Red Hat 4.0 Colgate. Worklife has primarily been in academia and has included programming, system administration, and information security. He's a point of contact for the DC215 group and one of the Blue Team Village coordinators at DEF CON. He also created unofficial CTF challenges for local hacker cons and organizers for the first annual WOPR Summit this March 2019 in Atlantic City. Clay, a security architect, musician, Defcon Blue Team Village Co-Organizer, and organizer of the first annual WOPR Summit, shares some really insightful tips on making it Information Security, as well as a fascinating recent war story. WOPR Summit is March 1st, 2019, in Atlantic City! Quotes: "My heart was racing... that was a huge rush, and that's when I was like yea... blue side F*** rocks!!" "Take a holistic approach to InfoSec, dive into the culture, different cons, music, people...volunteer, get out, get involved." "Learn a little about everything, then find what really interests you... and go for it!" "It's great to apt-get stuff... but try compiling a custom Linux kernel." "I'm a strong believer in embracing that creative side." "[Blue Team] certainly hasn't been the sexiest infosec job to have... yes, defense is what people want... there's a lot of defense work out there." Links: Clay Wells on Twitter: https://twitter.com/ttheveii0x Clay Wells on LinkedIn: https://www.linkedin.com/in/clayball/ Clay Wells Blog: http://www.cwells.org/ WOPR Summit 2019: https://www.woprsummit.org/ WOPR Summit Sponsorhip Prospectus: https://static1.squarespace.com/static/5b81b8f745776e48dcfb884d/t/5ba666dbf4e1fc68321a7a27/1537631964367/wopr-summit-2019-sponsor-prospectus.pdf DEF CON Blue Team Village: https://blueteamvillage.org/ Opensoc by Recon Infosec: https://opensoc.io/ Recon Infosec: https://reconinfosec.com/ BsidesDC: http://bsidesdc.org/ Graylog: https://www.graylog.org/ Kibana: https://www.elastic.co/products/kibana H.O.P.E Conference: https://hope.net/ No Starch Press: https://nostarch.com/ Outro Music by Clay: https://soundcloud.com/clayball/0x41-2-version-b See omnystudio.com/listener for privacy information.
27 Nov 2018
Rob Carson - From USMC Infantry Officer to Information Security Officer
Speaker Bio Rob Carson, the founder of Semper Sec, knows how to simplify the problem and deliver solutions. His clients base includes: Fortune 200 Companies US Government Contractors State and Local Governments Fuel Retailers Software and hardware manufacturers His distinguished career includes service as a Marine Corps Infantry Officer, as well as leading roles in IT and Security. Before devoting his work full-time to facilitating his client's success, he built highly successful information security programs for ISO 27001:2005/2013, PCI, HIPAA, NIST 800-171, GDPR. He also volunteers his time as the Chief Security Officer for BSIDES Las Vegas, a non-profit educational organization designed to advance the body of Information Security. Episode Highlights Matt reveals how much he made when he got out of the Marines Matt hilariously talks about the nuances he had to deal with when going to the private sector: Not saying "Sir" and "Madame" Figuring out what to wear How being early is too early Quotes "I wasn't getting shot at... I was working in climate control, you know, so people be all stressed out, and I was like, 'Well, no one's going to die.'" "I like to call myself a 'lessons learned enthusiast.'" "The hardest job you'll ever get in infosec is that first step in." "A first sergeant told me your hobbies should reflect part of your career." "You can be outside the box, but you need to stay inside the room." Links Sempersec: https://sempersec.com/ Rob Carson's LinkedIN Profile: https://www.linkedin.com/in/robcarson1/ See omnystudio.com/listener for privacy information.
6 Nov 2018
Leron Gray - From Navy E6 to Pentester, SANS Mentor and Nerdcore Rapper!
Leron Gray is a man of many talents. Although he didn't really get into infosec until much later in life, he always had a creative side. He now finds himself as a pentester working from home and a nerdcore rapper producing amazing beats! BIO Leron is a penetration tester and a ten-year Navy veteran with four years of experience as a Cryptologic Technician (Networks), focusing primarily on offensive cyber operations. He holds a Bachelor's degree from Dakota State University in Cyber Operations. With a passion for Python, he loves automating tedious daily routine tasks for efficiency and considers himself to always be in a position to learn more and pass on knowledge. He always enjoys competing in as many Capture-the-Flag events as possible and also often performs as a nerdcore rapper. Leron currently holds eCPPT, eWPT, GPYC, GPEN, GAWN, GCFE, and GICSP certifications. He also maintains a blog and maintains an active Twitter discussing music, information security, and wrestling. Notes Went to a high school that made you choose majors Grew up poor, was not allowed to go out much Technological learning came from school Didn't really get into computers until he was 25 Has been in music since Jr. High School (Marching band, jazz band, and concert band... all the bands) Networking is the biggest thing that Leron says would help Leron offers his passionate opinion on "aptitude" (it's a pet peeve of his) Quotes "I learned a lot... I made sure not to waste any opportunity for learning." "Job searching, in general, is a pain." "I don't think I would be where I am right now if I hadn't gone out and made that effort." "One of the big deals that people had were degrees. I wasn't really sure why; I have 10 years of IT/Cyber experience." "It turned out the company no longer owned that server. Their DNS was still pointing to it though." "I took Java in high school and was really bad at it and I found out everyone is bad at Java, so it doesn't really matter." "It's so much easier to learn when you have a problem to fix." "It's not even just information security that learning Python could help... it could be anything you do... often enough to warrant not to do it [manually]." "Nobody does a CTF and expects not to learn something by the time they leave." "Job searches shouldn't be like that: they should be based on your merit." "Maybe the person can't get OSCP, but maybe they have the skills or knowledge." "The idea of aptitude... raises too many borders." Links Leron on Twitter: https://twitter.com/mcohmi Leron's Blog: https://daddycocoaman.dev/ Leron's GitHub: https://github.com/daddycocoaman Class that Leron Is Mentoring: https://www.sans.org/mentor/class/sec573-seattle-19mar2019-leron-gray Visual Studio Code: https://code.visualstudio.com/ PyCharm: https://www.jetbrains.com/pycharm/ IPython Notebook: https://ipython.org/notebook.html San Antonio's Hackers Association: https://satxhackers.org/wp/ MC OHM-I: https://www.mcohmi.com Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons) Outro Music: https://soundcloud.com/mc-ohm-i/domain Getting Into Infosec Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.
12 Apr 2019
Elvis Chan - From Making Computer Chips to FBI Supervisory Special Agent!
Elvis Chan is a Supervisory Special Agent Elvis Chan, who works cybersecurity matters for the FBI San Francisco Division. We discuss how we got into the FBI, Life in the FBI Cybersecurity Division, and how to get involved. The FBI is always looking for qualified applications for Special Agent and professional staff positions. Please see https://www.fbijobs.gov/ for more details. Notes: There are three main roles in CyberSecurity at the FBI: Special Agent (Gun Carrying Badge) Intelligence Analyst Computer Scientist It may be quiet on the outside, but you can bet the FBI is hard at work on the inside. Protection of the recent elections was discussed. The sheer number of people involved in protecting the elections from foreign actors couldn't be enumerated. Both the public sector and private sector are involved. In an incident response, there is often coordination with FBI headquarters and sometimes other 3 letter agencies. FBI San Francisco was the squad of record for investigating the 2014 Yahoo hack. Elvis goes into detail explaining more about Russian Hacking and how the FSB culture works. Placement in the FBI is based on a ranking system. Quotes: "There are a LOT of things behind the scenes I can't talk about." "If you see in the news that there is a hack, you can be sure that there is at least one, maybe two, maybe several, office mobilized to figure out what the heck happened." "On a regular day, I would love to just go through my email and have the scheduled meetings I'm gonna have." "Why are the Russians coming after us..." "Whatever happens to you... 'The Need of the Bureau'" "My current job, despite all the paperwork and meeting I don't want to go to is a 10 out of 10!" "People would not believe some of the stuff that we've seen or that we've gone through. They would make the worst movie plot because they would be so unbelievable!" Links: FBI Jobs: https://www.fbijobs.gov 2014 Yahoo Hack: https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions FSB: https://en.wikipedia.org/wiki/Federal_Security_Service InfraGard: https://www.infragard.org/ FBI Field Offices: https://www.fbi.gov/contact-us/field-offices See omnystudio.com/listener for privacy information.
4 Dec 2018