Welcome!

@DXWorldExpo Authors: Zakia Bouachraoui, Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski

Blog Feed Post

So You Wanna Be a (Security) Superstar?

Written by Rick Deacon

Recently I've been faced with a very difficult type of question... and it isn't even technical. No, it's not the typical 'How do you find a buffer overflow?' or 'Can you write me code entirely in assembly... in 20 minutes?'... it's much more difficult to answer. It's answer, to many people, may be the 'key' they are looking for in this industry. The question is very often phrased as "So what did it take for you to get where you are?" or "How do I get into the security industry?" and even sometimes "How do I become a hacker?"

There are many different approaches to this subject, and I firmly believe there only a few ways to truly succeed in security or IT in general. A lot of people assume four years of school is going to land you your dream job, where you're a hacker in your own peaceful office behind a wall of 6 monitors watching packet captures fly by on one screen while simultaneously watching The Matrix on the other and texting your girlfriend(s) about which restaurant you're renting out tonight. That may work for some but that doesn't always happen. In fact, most of the time it doesn't. That same sort of mentality is what I see currently when people are picking their majors/careers, which mind you, is a decision which usually affects you the rest of your life. Many people tell me about how they know "a little" about computers but they're going to learn the rest of what they need no problem... that's what school is for, right? Wrong. From my experience, it takes a lot more than just four years of school to get ahead, especially in security. It takes a mindset that pushes and drives you to understand what's going on an intricate level. Taking a test and naming pieces of hardware off of a computer isn't going to get you very far. Certification courses and advanced networking courses are always going to help you learn and ARE necessary, but they're not going to teach you about the mental anguish you're going to endure when you to try apply the concepts, and for some reason unbeknownst to man, the darn thing just won't work. On that note... if you somehow think this won't ever happen to you, think again :). This applies even more so to information security because the knowledge that penetration testers, hackers, system administrators and developers have is far more than just what you learn in a book or from taking a quiz. It's a conglomeration of experimentation and research on your OWN time mixed with the drive to understand the inner workings of things that no normal human being should want to know. Falling into this sort of field very rarely happens and the security mindset and mentality isn't something that can always be taught.

The whole concept and topic of teaching and learning on this subject is a whole blog in and of itself... but essentially you can never stop learning in this field. If you're not "with it" on what's going around in your industry or community, you might as well forget it. You won't ever get anywhere having a mundane view of what's going on. The security industry is dynamic. Visit any Full Disclosure mailing list or website and see how much is updated on a daily basis... it's somewhat ridiculous.

In the defense of all certification and course instructors out there, there is always something to learn. Sometimes the best way to learn is behind a desk listening to someone, whether it be a teacher or just someone who knows something you don't.

So back on direct topic here... what should someone do when they want to be part of this industry? Always be learning, always be listening and always be aware. Be learning about what's new and out there and by that I don't mean just read an article. if it's a new application... setup a personal 'testing' network and try it out. If it's a new vulnerability, setup a virtual machine and go hack yourself. Be listening to what people of intelligence have to say when it comes to the manner. If they know more than you, don't try to act like a know it all. It won't get you anywhere. Be aware, most importantly. Be aware of what's going on in the industry. A great place to do this is Twitter. You'd be surprised what can be learned by following some influential and smart people on Twitter. (Like @hurricanelabs and @rickdeaconx for example. ;))

Obviously there is not going to be a magic silver bullet. It's always going to take work and no one is going to give you the answer to solve all questions. Do what you love, and if you don't love to do it... don't bother. Especially in IT.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

DXWorldEXPO Digital Transformation Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Enterprises are striving to become digital businesses for differentiated innovation and customer-centricity. Traditionally, they focused on digitizing processes and paper workflow. To be a disruptor and compete against new players, they need to gain insight into business data and innovate at scale. Cloud and cognitive technologies can help them leverage hidden data in SAP/ERP systems to fuel their businesses to accelerate digital transformation success.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...