Gen Con 2015 – A Big “Thank You!” from Us to You!

Wow! I can’t believe Gen Con is already over. We had an amazing time at the con and giving our Hacking in Fiction panel for 43 lovely people on Thursday night. I want to extend a big thanks to my co-speakers, Johnny and Beltface. We ended up going over our allotted 90 minutes again – mostly because we had so much fun answering fantastic audience questions. Also, thanks to our many Twitter friends who came out to roast us, like Joe, 0DDJ0BB, Lslybot, and Justin!

1507786_10101499320032651_8905633191381467502_n

11026186_10101499319658401_5972790770425278560_n

Just some awesome costumes I snapped pictures of!

11822515_10101499320292131_8557055176193733910_n11825926_10101499320317081_430971884735938165_n

Our most frequently asked question that I want to restate here for the world was, “I don’t have much experience; how do I get into infosec/hacking?”

If you’re asking us that question, you’re on the right track. I firmly believe have the best community out there in a professional field. There are tremendous resources for anyone out there who has the will and motivation to be good at infosec. They usually don’t come with any dependency on expensive degree programs or certifications. My recommendations are:

  • Go to independent security conferences, Def Con, DerbyCon, Shmoocon, GrrCon, and various local BSides are great options to learn about security and network with other people who share your interests. You can get into most of these conferences for 100-200 dollars and a hotel room. There is no experience requirement, and there are usually talks at technical levels from management skills to sophisticated reverse engineering. Yes, these conferences can be intimidating, but follow basic best practices like not using a credit/ATM card, turning off WIFI on your phone, and not bringing a production computer, and you’ll find them an intriguing and welcoming environment with lots of fun!
  • Use your internet resources. Blogs, Twitter, and Podcasts are a great way to learn more about current events in InfoSec. Don’t rely on bulletins from vendors or government agencies. Some of my favorite general security news sources are:

    Paul’s Security Weekly

    Naked Security – Sophos

    Krebs on Security

    Dark Reading | Security

    Steve Ragan | CSO Online

    We Live Security

  • Find your local hacker meetups and attend. As well as 2600, DC(area code) groups, and BSides, many metro areas have independent security meetups. These are a great way to network and find a mentor.
  • Do publicly shared CTF exercises to learn more about hacking. Beyond “Hack this Site“, many agencies post online ‘Capture the Flag’ exercises in blue team and red team areas of security that allow you to take your best shot at a hacking simulation and then see the results when it ends. I recommend all of the SANS exercise, especially their holiday challenges.
  • Build your own lab, and experiment! It’s really not that expensive to build a hacking lab at home. Virtualization has made it relatively affordable to construct a VM lab environment with an attacker and defender machine(s) in which you can simulate the area of security of your choice. It looks fantastic in interviews if you can describe your home lab an d
  • Don’t get intimidated! While I highly recommend you always be certain you have permission to hack the computer network(s) you are experimenting with, there are plenty of legal and affordable ways to learn more about information security. Everyone who legitimately claims to work in ‘infosec’ or ‘cyber’ should have a solid understanding of how bad guys think. Avail yourself of available resources, and test your skills!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s