Your Infosec Career
Your InfoSec Career, as presented at BSides ATL 2019 @ KSU
These are the notes and links. The slides are available in pdf on the dfirfiles.net site.
intro
- We need your help.
- You need to help us.
- You need a plan to succeed.
- Let’s build one together.
- Whitelist: Things that should probably be on your list
- Greylist: Things you might not want to do.
- Blacklist: Please please don’t.
- Greylist: Things you might not want to do.
Your Career Plan
Your Opportunities
- No entry level roles
- we start at intermediate … especially at large organizations.
- Our field is mostly young and really well documented
- so read up and learn from history.
- Skills and knowledge are highly valued …
- and You can get them if you want them enough.
- You will have to learn outside work.
- read, practice, study
- We deal with active adversaries who learn and improve what they do
- So, we must always be learning and improving.
Your Qualifications
- Do you want to help?
- Do you have what it takes?
- Curiosity and willingness to learn
- Ethics and professionalism
- Communication skills
- What makes you special ?
- That should be the focus of your career plan!
Your Core Skills
- Communication, in different media
- to different audiences
- Excel / basic (spreadsheet) data wrangling
- some descriptive statistics
- Learn how to use computers and applications
- become a Power User of whatever you use
- Communication to different kinds of people
- with different backgrounds
Your KSA Skills
- Knowledges
- Technology
- Business (yours, others)
- Processes and data models
- Skills
- Analysis, Reporting, Engineering, Development, Design
- Abilities
- Empathy, Translation, Insight, Experience
You Online
Good Ideas
- Community involvement
- Volunteer!
- Compete if you can
- Online portfolio of work and writing
- Professional network
Less Good
- Details of your current role, their technology stack
- Your home address
Just Please No
- Evidence of unethical behaviour
Your Job Hunt: Process
- Prepare, Identify, Remediate (Contain, Eradicate, Recover), Learn
- Reconnaissance, Weaponize, Exploit, Deliver, Control, Execute, Maintain
- Scanning (job listings), Targeting (orgs and roles of interest), (letter and resume) payload design, (HR) social engineering …
- Josh More’s Job Reconn book
About Resumes
- The HR Filter problem …
- a bit like event management and SIEM design
- whitelists and blacklists, DWLs,
- regular expressions and yes scoring algorithms and worse things
- a bit like event management and SIEM design
- How computers read resumes [image]
- VS
- How hiring managers read the resumes that make it to them
Your Resume
Good Ideas
- Highlight your successes and impact
- Focus on your skills and qualifications for the position applied for
- How you are awesome and special
Less Good
- a full work history / C.V.
- multiple pages …
- Unfamiliar Jargon and Acronyms
Out of the Question
- Lying.
- Things you didn’t do.
Your Next Interview
- Be prepared!
- Things we’ll probably ask about
- On the table
- Demonstrating your skills and knowledge
- Showing your value
- Questions for your interviewer
- Often a good idea
Your Support Network
- Community and meetings
- Online and offline Forums and Agora
- Job hunting and career help
- Resume reviews and practice interviews
- Professional Orgs
- ISSA, OWASP, CSA
- Hacker Clubs
- 2600, dc404, dc770 ++
- Check out the Atlanta Cybersecurity Engineers Discord: https://discordapp.com/invite/9cBHYV9
- Mentors and teachers
- Get one!
Links
Inspirational Links, References, me
- Leslie Carhart (@hacks4pancakes)
-
Brian Krebs interview series (four interviews with different perspectives)
-
Daniel Miessler on Starting InfoSec Careers
- John Strand / BHIS, particularly “Your Five Year Plan into InfoSec” v1 and v2
- https://www.blackhillsinfosec.com/webcast-5-year-plan-infosec/
- https://www.blackhillsinfosec.com/webcast-john-strands-5-year-plan-into-infosec-part-2/
- Heather Mahalik in the OUCH Newsletter on careers
- Josh More’s Job Reconn book
- Stephen King, On Writing
about me
- Ben S. Knowles
- BBSTi, CISSP, GIAC^8, GSE, ITIL, LPIC-1
- @dfirnotes
- http://www.dfirnotes.net
Written on May 4, 2019