Welcome!

Machine Learning Authors: Elizabeth White, Yeshim Deniz, Zakia Bouachraoui, Pat Romanski, Liz McMillan

Blog Feed Post

So You Wanna Be a (Security) Superstar?

Written by Rick Deacon

Recently I've been faced with a very difficult type of question... and it isn't even technical. No, it's not the typical 'How do you find a buffer overflow?' or 'Can you write me code entirely in assembly... in 20 minutes?'... it's much more difficult to answer. It's answer, to many people, may be the 'key' they are looking for in this industry. The question is very often phrased as "So what did it take for you to get where you are?" or "How do I get into the security industry?" and even sometimes "How do I become a hacker?"

There are many different approaches to this subject, and I firmly believe there only a few ways to truly succeed in security or IT in general. A lot of people assume four years of school is going to land you your dream job, where you're a hacker in your own peaceful office behind a wall of 6 monitors watching packet captures fly by on one screen while simultaneously watching The Matrix on the other and texting your girlfriend(s) about which restaurant you're renting out tonight. That may work for some but that doesn't always happen. In fact, most of the time it doesn't. That same sort of mentality is what I see currently when people are picking their majors/careers, which mind you, is a decision which usually affects you the rest of your life. Many people tell me about how they know "a little" about computers but they're going to learn the rest of what they need no problem... that's what school is for, right? Wrong. From my experience, it takes a lot more than just four years of school to get ahead, especially in security. It takes a mindset that pushes and drives you to understand what's going on an intricate level. Taking a test and naming pieces of hardware off of a computer isn't going to get you very far. Certification courses and advanced networking courses are always going to help you learn and ARE necessary, but they're not going to teach you about the mental anguish you're going to endure when you to try apply the concepts, and for some reason unbeknownst to man, the darn thing just won't work. On that note... if you somehow think this won't ever happen to you, think again :). This applies even more so to information security because the knowledge that penetration testers, hackers, system administrators and developers have is far more than just what you learn in a book or from taking a quiz. It's a conglomeration of experimentation and research on your OWN time mixed with the drive to understand the inner workings of things that no normal human being should want to know. Falling into this sort of field very rarely happens and the security mindset and mentality isn't something that can always be taught.

The whole concept and topic of teaching and learning on this subject is a whole blog in and of itself... but essentially you can never stop learning in this field. If you're not "with it" on what's going around in your industry or community, you might as well forget it. You won't ever get anywhere having a mundane view of what's going on. The security industry is dynamic. Visit any Full Disclosure mailing list or website and see how much is updated on a daily basis... it's somewhat ridiculous.

In the defense of all certification and course instructors out there, there is always something to learn. Sometimes the best way to learn is behind a desk listening to someone, whether it be a teacher or just someone who knows something you don't.

So back on direct topic here... what should someone do when they want to be part of this industry? Always be learning, always be listening and always be aware. Be learning about what's new and out there and by that I don't mean just read an article. if it's a new application... setup a personal 'testing' network and try it out. If it's a new vulnerability, setup a virtual machine and go hack yourself. Be listening to what people of intelligence have to say when it comes to the manner. If they know more than you, don't try to act like a know it all. It won't get you anywhere. Be aware, most importantly. Be aware of what's going on in the industry. A great place to do this is Twitter. You'd be surprised what can be learned by following some influential and smart people on Twitter. (Like @hurricanelabs and @rickdeaconx for example. ;))

Obviously there is not going to be a magic silver bullet. It's always going to take work and no one is going to give you the answer to solve all questions. Do what you love, and if you don't love to do it... don't bother. Especially in IT.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

CloudEXPO Stories
ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of computational needs for many industries. Their solutions provide benefits across many environments, such as datacenter deployment, HPC, workstations, storage networks and standalone server installations. ICC has been in business for over 23 years and their phenomenal range of clients include multinational corporations, universities, and small businesses.
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to advisory roles at startups. He has worked extensively on monetization, SAAS, IoT, ecosystems, partnerships and accelerating growth in new business initiatives.
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments that frequently get lost in the hype. The panel will discuss their perspective on what they see as they key challenges and/or impediments to adoption, and how they see those issues could be resolved or mitigated.