Loading...

Follow Getting Into Infosec on Feedspot

Continue with Google
Continue with Facebook
or

Valid

Keya was a public school teacher who stood out of the crowd. She loves problem solving and challenging environments. Keya was also a filmmaker and web designer. She's currently a detection security engineer who get knee deep in malware on a daily basis.

Notes:

  • New she didn't want to be a teacher her whole life

  • Was the only one in the rational thinking group at her school.

  • Enjoys rational thinking and the problem solving process.

  • Prototyped a mock medical device with a Raspberry Pi and won a national competition!

Quotes:

  • "Easy to get in to what you're comfortable with... and I didn't want to have a job like that."

  • "It was something that I enjoyed but I definitely feel more at home with the cohort that I work with currently and with what I do."

  • "... for me it was an amazing process because I hadn't ever SSH’d into a device and I had to figure out how to get like ports scan."

  • "I read so much documentation on all the little things that we connected to it. I watched a bunch of YouTube videos I looked at a lot of GitHub accounts trying to figure out like I've got to make this move." [14:24]

  • "It was incredibly challenging. A lot of times I was trying to figure out... where sometimes the information that you get from the client is essentially just a hint of what's going on in the network." [17:07]

  • " You just have to be creative and keep going at it until you can do what needs to be done." [18:08]

  • "Yeah. It's amazing, and especially coming from public school teaching where I had seen almost physical fights altercations happen over like reams of paper because there's just not that much allocated towards schools to where snacks are brought in. Like it's a very different environment…" [21:22]

  • "You did great on the test, but I want to watch you take the test." [23:06]

Links:

Getting Into Infosec:

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Getting Into Infosec by Ayman Elsawah (@coffeewithayman) - 2w ago

Listen to the retail audio sample of my book: Breaking IN - A Practical Guide to Starting a Career In Information Security

The book is narrated with a female voice, Kati Fredlund. She did an amazing job!

You can read a sample or purchase the whole book here: https://t.co/DDXxfVwpD7

Full Audiobook to be released soon!

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

A 19 year old "not a security researcher". Facing limitations because of his age and not having the right "prerequisites" Hossam has had to make his own path. He also dreams in code and is one of the youngest OSCE's in the world!

BIO:

Hossam Mohamed is one of the youngest OSCE in the world and currently working in cyber security domain for a financial company in Istanbul. His area of interest includes exploit development, offensive security, secure web development, malware analysis and he is a big python lover

Notes:

  • On the organizing team of BSides Istanbul

  • Best friend is a computer.

  • Just finished high school last year!

  • Was doing freelance web design and security projects for clients.

  • Taught himself assembly.

  • Developing offensive security labs.

  • Hacked his way to getting a job. :)

Quotes:

  • "Because I love code."

  • "I wanted to understand how these games work." [5:56]

  • "I developed a project for my school. They liked it, but no one cared actually."

  • "No one in infosec doesn't play a little bit (hacking)." [8:04]

  • "Technical interview was great... didn't work because of my age and my education. I was only 18." [10:22]

  • Do you ever dream in code? "Actually... how did you know that?" [12:35]

  • "People think when it's about assembly and reverse engineering, omg it's untouchable.... No I'm telling you there is much more lower level than that."

  • "I feel bad when I get sick because I don't go to work... I don't (get to) open my laptop and looking to code."

  • "When I'm far from my computer for two or three days... I'll be depressed."

  • "You can make it part of your day." [22:52]

  • "I wanted to send them the new domain controller password with the report. " [25:23]

Links:

Getting Into Infosec:

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Getting Into Infosec by Ayman Elsawah (@coffeewithayman) - 1M ago

My thoughts on consuming vs production and how it relates to Getting Into Infosec. Sometimes we get stuck learning, consuming security news, trends and etc... but we forget to produce something. Whether it be testing a new exploit we heard about, trying something new in our lab, or applying something we learned the day before. Finding the write balance is important. If we're stuck, take little steps - better than no steps.

Links:

Getting Into Infosec:

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Getting Into Infosec by Ayman Elsawah (@coffeewithayman) - 1M ago

Ismaelle Vixsama (aka Izzy) has a knack for finding strategic flaws and speaking up about them. Doing so helped her get her first full-time job as well as have repercussions for defensive egos. Her whole career is a war story.

BIO:

Izzy is an ISMS manager with 7 years of experience. She has worked in FinTech, Government, and Security R&D. Her work has allowed her to work on several mainstream products and services with some of the most well recognized brands.

Notes:

  • ISMS - Information Systems Security Manager

  • Creates a security program around a company's information systems.

  • Played the CISO role initially, very CISO like role

  • First role in security was in Risk

  • Izzy comes from a very traditional Haitian back

  • Izzy came up benefits at her job for an opportunity to learn something new and be in a non-toxic environment.

  • First heard/learned about hacking at 15 from an AOL chat with a "hacker".

  • At 23 decided to speak up in a meeting a provide feedback, which led to her being hired Full-Time.

Quotes:

  • "At the time I was 22 years old, the pay wasn't that great but for me it was amazing because I was doing something I hated, I had benefits at my previous job but this company was giving me an opportunity to learn something new. To me that was so exciting."

  • "He looked at my resume and he said 'I realize you have no cybersecurity experience.' By starting the conversation like that it took some pressure off of my shoulders."

  • "I was so nervous that he was going to drill into me about all these topics I had no clue about."

  • "I didn't even [know] I had sisters."

  • "Everyone just kinda wrote me off."

  • "Who is the audience, what do we want to say here?"

  • Worst comment ever... "We have to really train you on your critical thinking skills."

  • "A good idea is a good idea, regardless of who it came from."

Links:

Getting Into Infosec

Twitter: https://twitter.com/coffeewithayman

YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A

Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

From Zero to One, David is a lifelong builder. Wherever he goes he just builds things. From an electric car to adhoc android apps to ZAP HUD, an awesome heads up display for ZAP Proxy, a game changer imho. We discuss the lack of UX in the security tooling community, how contributing to Open Source got him his job, and even about imposter syndrome.

BIO:

David Scrobonia is part of the Security Engineering team at Segment working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and leads development for the OWASP ZAP Heads Up Display project.

Notes:

  • Mostly interested in architecture and mechanical engineering when younger.

  • Built his own electric car with his dad, out of a Porsche 914!!

  • David explains XSS and why certain languages are better than others, such as react.

  • David gets lost in El Segundo. Yes.

Quotes:

  • "It's just a program that listens on these silly protocols."

  • "Playing with my hands I wanted to do more hands on stuff, quickly fell in love with the coding side as a lot of people do."

  • "I was like... what's GET? what's POST? What do you mean?"

  • "Before you know it right it seems so daunting."

  • "Still plenty of opportunities out there. Will be a long time before the world is perfect and secure."

  • "With all those things, I've been working in the security industry, but I didn't really feel part of any security community."

  • "I have nothing but good things to say about the open source community."

  • "...they're (security tools) just not built with user experience first."

  • "I think people underestimate what they are able to contribute."

Links:

Intro: Cascadia by Trash80 (https://trash80.com) Licensed Under Creative Commons

Outro: Cancun by Topher Mohr and Alex Elena

Getting Into Infosec

Twitter: https://twitter.com/coffeewithayman

YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A

Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Getting Into Infosec by Ayman Elsawah (@coffeewithayman) - 2M ago

Having completed 20 episodes, I decided to take a moment to go over each episode briefly.

Thanks to call my guests!

Ep01 - Dan Borges: https://twitter.com/1njection

Ep02 - 0daySimpson: https://twitter.com/0daySimpson

Ep03 - Christina Hanson

Ep04 - Matt Toth: https://twitter.com/willhackforfood

Ep05 - Rob Carson: https://twitter.com/robcarson05

Ep06 - Robin Stuart: https://twitter.com/rcstuart

Ep07 - Clay Wells: https://twitter.com/ttheveii0x

Ep08 - Elvis Chan: https://twitter.com/FBISanFrancisco

Ep09 - Virtual Kyle Kennedy: https://twitter.com/Kyle_F_Kennedy

Ep10 - InfoSteph: https://twitter.com/StephandSec

Ep11 - Yaron Levi: https://twitter.com/0xL3v1

Ep12 - Jack Rhysider: https://twitter.com/JackRhysider

Ep13 - Marcus Carey: https://twitter.com/marcusjcarey

Ep14 - Nipun Gupta: https://twitter.com/nipungupta

Ep15 - Adrian Kaylor: https://twitter.com/AdrianKaylor

Ep16 - InfosecSherpa: https://twitter.com/InfoSecSherpa

Ep17 - InfosecJon: https://twitter.com/InfoSecJon

Ep18 - Masha Sedova: https://twitter.com/modMasha

Ep19 - Jared Folkins: https://twitter.com/JF0LKINS

Ep20 - Leron Gray: https://twitter.com/mcohmi

Getting Into Infosec

Twitter: https://twitter.com/coffeewithayman

YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A

Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

MC OHM-I (Leron Gray) talks about his next project about tabs in the browser, trap music, and some background on his awesome song Domain.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Leron Gray is a man of many talents. Not getting really into computers until much later in life, but always having a creative side, he now finds himself as a pentester working from home and nerdcore rapper producing amazing beats!

BIO

Leron is currently a penetration tester and a ten year Navy veteran with four years experience as a Cryptologic Technician (Networks), focusing primarily in offensive cyber operations. He holds a Bachelor's degree from Dakota State University in Cyber Operations. With a passion for Python, he loves automating tedious daily routine tasks for efficiency and considers himself to always be in a position to learn more and pass on knowledge. He always enjoys competing in as many Capture-the-Flag events as possible and also often performs as a nerdcore rapper.

Leron currently holds eCPPT, eWPT, GPYC, GPEN, GAWN, GCFE, and GICSP certifications. He also maintains a blog and maintains an active Twitter discussing music, information security and wrestling.

Notes

  • Went to a high school that made you choose majors.

  • Grew up poor, was not allowed to go out much.

  • Technological learning came from school.

  • Didn't really get into computers until he was 25.

  • Has been in music sister Jr. High School. Marching band, jazz band, and concert band... all the bands.

  • Networking is the biggest thing that Leron says would help.

  • Leron offers his passionate opinion on "aptitude". It's a pet peeve of his.

Quotes

  • "I learned a lot... I made sure not to waste any opportunity for learning..."

  • "Job searching in general is a pain."

  • "I don't think I would be where I am right now if I hadn't gone out and made that effort."

  • "One of the big deals that people had were degrees, I wasn't really sure why; I have 10 years of IT/Cyber experience."

  • "It turned out the company no longer owned that server. Their DNS was still pointing to it though."

  • "I took Java in high school and was really bad at it and I found out everyone is bad at Java so it doesn't really matter."

  • "It's so much easier to learn when you have a problem to fix."

  • "It's not even just information security that learning pyt hon could help... it could be anything you do.. .often enough to warrant not to do it manual."

  • "Nobody does a CTF and expects not to learn something by the time they leave ."

  • "Job searches shouldn't be like that. They should be based on you merit. But..."

  • "Maybe the person can't get OSCP, but maybe they have the skills or knowledge..."

  • "The idea of aptitude... raises too many borders."

Links

Leron on Twitter: https://twitter.com/mcohmi

Leron's Blog: https://daddycocoaman.dev/

Leron's GitHub: https://github.com/daddycocoaman

Class that Leron Is Mentoring: https://www.sans.org/mentor/class/sec573-seattle-19mar2019-leron-gray

Visual Studio Code: https://code.visualstudio.com/

PyCharm: https://www.jetbrains.com/pycharm/

IPython Notebook: https://ipython.org/notebook.html

San Antonio's Hackers Association: https://satxhackers.org/wp/

Intro Music: Cascadia by Trash80 - https://trash80.com/#/content/133/weeklybeats-2012-week5 (Released under Creative Commons)

Outro Music: https://soundcloud.com/mc-ohm-i/domain

Getting Into Infosec

I made it on a Top 5 list! https://blog.feedspot.com/data_security_podcasts/

Twitter: https://twitter.com/coffeewithayman

YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A

Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Jared Folkins understands people, technology, and the world around him. He can smell a toxic environment from a mile away and has used that EIQ spider sense for good. Jared shares with us some VERY personal stories (tear jerker warning!) in integrity and life decisions as well a bunch of on the job war stories including a famous one featured in the news! This is probably my most dramatic episode yet.

Notes:

  • At 18 got promoted to manage a team of 50, because he wasn't lazy.

  • In hindsight was able to see indicators of the dot com crash, but didn't realize that.

  • Had a fork in the road where he had a major decision to make.

  • Jared shares with us a VERY personal story and the life lesson from that which he applies in his professional life.

  • Having low tolerance for toxic relationships, Jared has been able sense toxicity and it's been a driving force for good for him.

Quotes:

  • "I believe in the power of admitting when you're wrong."

  • " I carry my guilt between my shoulder blades."

  • "When I make that mistake; When you have a team that you can trust or a team that honors you, you have the freedom to say stuff like that."

  • "You can only control you."

  • "Constraints can be healthy."

  • "Stepping outside of your comfort zone... super healthy too."

  • "If someone tells me this person... is not a good person, I'll actually go meet that person. I want to asses it for myself."

Links:

Jared's Blog: https://www.acloudtree.com

Jared's Twitter: https://twitter.com/jf0lkins

Jared's GitHub: https://github.com/jaredfolkins

Opsec Edu: https://www.opsecedu.com

KayPro Computer: http://oldcomputers.net/kayproii.html

Donkey Kong Clone: https://ostermiller.org/ladder/

Grand Mal Seizure: https://www.mayoclinic.org/diseases-conditions/grand-mal-seizure/symptoms-causes/syc-20363458

Project Dir Fu: https://www.dir-fu.com/

TorHound: https://github.com/jaredfolkins/torhound

Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview