What I am up to these days:
I recently made my transition into working in IT Security after nearly 20 years of working in many IT Operations roles. Over the last few years I’ve been building up my skills in Security doing anything from working on code, tackling VMs on Vulnhub, or a CTF or two spending a considerable portion of my time building up my skills with a focus on Offensive Security, Incident Response, and Reverse Engineering/Malware Analysis.
With such a broad field, I decided early to narrow my goals down to what I am most interested in. Basically someone that will take a more proactive approach to protecting a network or in the context of football, the offensive lineman that “trucks” i.e. steamrolls over the defensive linemen trying to sack the quarterback rather than just attempting to prevent an attack.
If I were to translate this into the context of a security framework, my research and working towards certifications such as the Offensive Security series, and GIAC and studies focus on the following CISSP domains:
- Security Assessment and Testing
- Security Engineering
- Security Operations
After a brief stint in college, I started off my IT career in the United States Navy onboard the USS John C Stennis. During that time I took an interest in things like writing batch files and scheduling tasks to send messages to people on other computers, and other fun things with a similar vein. I also had a good mentor and friend show me a lot of fun and interesting ways to do my job more efficiently who also introduced me to DEFCON, with my first attendance being DEFCON 8. While this was exciting, it was close to the beginning of my career.
Bear in mind, my time in college was the first time I had used the Internet (as we know it) and in between my limited experience at the time and the fact I had concerns about getting in trouble from the Navy for going to such a conference I hadn’t mentioned it to many people for the rest of my time in. After serving, I had begun working my way up in IT Operations but didn’t think of going back to DEFCON naively thinking it was a one time thing rather than a yearly conference.
Years later I returned to DEFCON, now in it’s 19th year. A lot had changed for not only the conference but also the world as a whole. My experience had grown quite a bit and at that time I had gone from doing technical support in the Navy, working my way up in various roles eventually beginning to specialize in a role as a Systems Engineer responsible for supporting multiple Microsoft based platforms.
With a rekindled interest and a desire for more challenging work I started getting reacquainted with the community and immersing myself to gain as much knowledge as possible in addition to becoming an active participant in the community by attending and volunteering for conferences, contending in CTFs, and mentoring those willing to learn, and continuing to work on various topics of interest and sharing my experiences here.
"This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike"
-The Mentor, Hacker Manifesto