Negative Unemployment and Great Job Satisfaction?

Why Infosec is AWESOME

Jeff McJunkin (GSEC, GPEN, GCED, GCIH, GCFA, GMOB, CCNA, CISSP)Senior Technical StaffCounter Hack Challengesjeffmcjunkin.com

Obligatory About Me slide

Graduated SOU in 2011Computer Security / Information Assurance, emphasis in digital forensics

City of Central Point from 2008-2013Systems / Network Administrator

AppSec Consulting from April 2013 January 2014

About to start working for Counter Hack ChallengesI start the 27th!

I'm telecommuting, again

Wait, what?

Yes, I've changed employers since my last talk in April.

Read more at https://www.counterhackchallenges.com/

In short, I'll be designing hands-on challenges for teaching infosec (NetWars, US Cyber Challenge, Cyber Aces Online)

My new boss

Ed Skoudis Author of Counter Hack and Counter Hack Reloaded

Speaker

Expert witness

SANS Fellow-level InstructorAuthor of SEC 560: Network Penetration Testing and Ethical Hacking

Author of SEC 504: Hacker Techniques, Exploits, and Incident Handling

Outline of last talk

Gain skills

Use those skills

Talk to people

Goals of today's talk

See what infosec specializations exist

How to find which interest you

Next steps to becoming employable

How to enter and advance into infosec

Find what's interesting to you by tasting multiple specializations

Pick one, develop the skills further (resources and challenges exist online)

Have an online presence

If it's still interesting, find paid employment

Over time, specialize further and consider consulting

An aside on infosec...

I'm not saying infosec is for everyone

I'm biased, though, so if you...Enjoy daily and weekly challenges

Spend spare time playing with new software

Communicate well, both verbally and in writing

...then infosec could be for you!

An aside on SOU...

SOU is a liberal arts collegeNOT a job-specific technical school

Job-specific skills are for you to obtain...which is what this talk is about!

If you float through college, your employability in infosec approaches 0%

D&D analogies, anyone?

NPC classes (student, help desk, junior X)Nobody wants to hire a 12th-level Aristocrat

Starting classes (sysadmin, web developer)Fighter, Rogue, Mage, etc.

Prestige classes (exploit developer, malware analyst, SCADA forensics expert)Heavy prerequisites, equally strong returns

World of Warcraft works, too

Having a public presence

GitHub mattersLearn enough Python to solve real problems, post those scripts online

Your own website (often a blog)Share your learning experiences

Since you're in infosec, have a GPG key and share it publicly

Look at my previous presentation for more

Seeing what skills people want

Troll job advertisementsNot nearly all jobs are advertised, but if you see the same emphasis enough times, consider it

Monster.com, CareerBuilder, etc. are common

www.reddit.com/r/netsec Hiring Thread of the quarter is my favorite

Cold emails to people in the fieldRemarkably effective. People like free coffee!

Employee vs Consultant

Employees have more stability

Consultants have more flexibilityOften more income, though less consistent

My suggestion Get your training as an employee

Build ~6 months emergency fund

If you're confident, consider jumping ship (the grass is greener, by the way)

Employee vs Consultant

General rule the more specialized, the larger an organization it takes to have that role internally

Specializations

Penetration Testing (usually consulting)Web (Web Security Analyst)Programmers can do white box code review and pentesting

Else black box testing, web app pen tests

Network (Penetration Tester)Network Penetration Tester (consulting)

Next steps for penetration testing

Look at my previous presentation (email me at jeff.mcjunkin@gmail.com or look on my website)

An aside on web app pentesting

If you: Have web application development experience

Are able to move to a metropolitan area

Have great communication skills

You're 3-6 months away from being ludicrously hire-able

Seriously, there's a huge need right now.

Specializations

Forensics (usually consulting)Civil (Computer Forensics Analyst)Big shops have internal teams, otherwise consultants

Criminal (Computer Crime Investigator)Usually requires law enforcement background

Further specializations:Network forensics

Specialized software (e.g., SCADA) forensics

Mobile forensics

Next steps for forensics

Systems administration helpsGet to know what features exist, and what artifacts they leave behind

Start developing the forensic mindset

If criminal forensics is interesting, see if you can talk with the Southern Oregon High Tech Crimes Task Force

Run through some challengeshttps://www.dc3.mil/challenge/

http://www.honeynet.org/challenges

http://pen-testing.sans.org Search for Holiday Challenges - created by Counter Hack!

Specializations

Incident ResponseOverall (Intrusion Analyst)Even mix

Malware Specialization (Malware Analyst)Usually consulting

Next steps for incident response

IR is a mix between sysadmin and forensicsKnowing the attacker mindset is useful as well

Develop an ability to quickly understand how a new network worksChatting with many sys/network administrators helps here

The additional challenge of doing forensics on an entirely new network is considerable

Specializations

Systems Administration (usually internal, Systems / Network Administrator)IT Security

I'm totally biased, but this is a great place to start for just about any specialization

Audit (usually consulting, Security Auditor)Many specializations

PCI is huge!

Next steps for systems administration

Build a home lab (sound familiar?)Www.reddit.com/r/homelab

MSDN:AAWindows 7, Server 2003/2008/2012, build a domain, multiple users

Internships are fairly plentifulJunior sysadmin is a great position to learn in

Next steps for audit

Mix of sysadmin and project management, with lots of communication

Specializations

Management

Legal

These specializations are full of deep magic. Tread carefully.

(Or at the very least, I don't pretend to understand them)

Questions?

Email me at jeff.mcjunkin@gmail.com Want more info on a specific specialization?

Want specific learning plans?

I'm happy to help!