How to Join the Infosec Community

hi hey welcome everybody besides DC oh I mean Delaware yay thank you for spending your morning with me at least the next hour my name is Micah Hoffman and I am here to entertain and amaze you or to talk about the information security community or do a little bit of both mom first off I want to talk about this it's 2016 we have really cool things in 2016 right we've got hoverboards yeah they don't actually hover but we have them we have self-driving cars cool kind of change the future and you know what if you're ever making dinner or something like that and you hurt a grape we have robots that will fix grapes and suture them

back up because it's 2016 we have all these cool things in the information security industry at least in my area we have a negative unemployment rate that means there's more jobs than there are qualified people that's great position to be in if you possess the skills that people are looking for so if there are more info SEC jobs than people what are the qualities that people are looking for on that that recruiters are looking for to get John and get you in the door what what do you think recruiters are looking for just shout it out experience excellent what else our recruiters looking for went to get that new info SEC job what somebody said it yes

learn fast I like the way you think and so one of the things is I've been in the infosec industry for a long time for well over a decade we'll leave it at that and as a more senior person to my job many times I get people that are just breaking into security coming and talking to me say hey listen I'm in this field now I want to break into security and so I find myself being a mentor to these students to these junior people and telling them things and invariably one of the questions that they'll ask me is well my gut how do you infosec what do you do with in information security that I could also do so that I can get

to some of the places that you've been and my suggestion of thumb is is really not to get to the same place as I've been in infosec it really is a choose your own adventure and there's no right path it's ever it's whatever makes you happy but I will tell you this that there's a distinct difference between the infosec industry and the infosec community the community is what we have here this is you know people spending their fridays getting their learning on breaking stuff building stuff communicating industry i would i would venture to say is a lot more a lot more industrial it's a lot more sterile in many places um so if you've been in the

industry for a while you'll understand that as far as the amount of information that there is an information security it's a mile wide and it really is not an inch deep as some tests will tell you it's an amazing amount of information and it can be truly overwhelming to those just getting started well do I start as a forensics person or a policy person or or programmer I don't know so within this talk I'm going to give you 13 different state I tried to make it 14 or 12 but I just I had to have 13 for some reason um different tips to join the information security community because I'll tell you this since I did

this many years ago my work has been better my connections to the community have been better and ultimately I've gotten a whole bunch of new friends so here's my tips number one somebody said it get experience thank you sir it's almost like I asked you to say that get experience and this is one of those double-edged swords right hey I'm a newbie I'm going to break in what do I need to break in you need experience hey I'm a newbie I want to break no so there are places that you can go to get experience right in infosec we have kind of a pyramidal pyramidal appointed type of approach here in my opinion we have a

whole bunch of computer experience whether it's hey I'm really good with modding my phone or I'll of hacking websites or I love just learning of Krypto there's a lot of this base experience that if you have or you get it will help you when you reach that hey now I want to break into infosec that's kind of where I came from the trick is that once you do get into infosec you realize there's a whole new pyramid way above you with forensics and policy in all these other areas so as long as you're still always learning you're gonna realize that there's a lot a lot more to learn myself I started out learning on these

things yeah I see some of you in the audience not in your head and smiling I remember that tari 2600 blue got me some pitfall um and an apple and then you know what I started playing some computer games I did and I learned got my mcse anybody mcse out there yes sir you and I got something going on so NT forced mcse I felt powerful I not only could use the computers but I'd understood it a little bit how they worked how they talk to each other that's that base level experience just understanding how things work and that was pretty powerful to me then one day my boss said hey Micah I know that

you're an administrator for our windows systems and that's cool and I'll we have about 30 unix systems you know what unix is like uh huh they said okay that's cool you can learn you're a fast learner we want you to be assisted admin there cuz there's sysadmin just quit so I go up there like all right well I got my yahoo want cuz back then we used yahoo instead of google so i got my guy who armed like all right how do i add min al in a unix box like I saw these people suggesting RM minus minus RF star for as admin that's rude so I learned how to rebuild servers also started getting online a little bit

anybody get online yeah see some nods yeah these are not just coasters for those of you that are too young to remember them I was like how the higher the version you got the more minutes you got our spring yes but yeah talking to other people this was an amazing part of of our experience you could connect to the internet and get stuff for free which was great expanding horizons the next thing I want to talk to you about is taking control of yourself learning okay and I say self learning because a lot of people if you're coming from an academic environment you'll expect that learning comes to you right oh my boss will sign me up for that oh

my curriculum will allow me to learn these things or will teach me how to program or how to infosec just some degree that may be the case but I'll tell you this that class that your boss wants you to go to may not be what you want to do in infosec there's a lot of resources out there on in the in the world now there's this thing called a YouTube anybody you yeah okay CTFs how many people are doing CTF downstairs how many people have heard that there is the CTF down stick okay some hands go up good good but you're choosing not to do it and that's your option and that brings up a great point is that the

things I've talked about here you don't have to do all of them to feel better connected to the environment better connected to the community but choose one choose to participate your your experience will be a lot richer um the other thing that you can do is read wiki's and blogs and forums the neat things about what is being published to the Internet is that there's so many niche areas hey I I have this one vulnerability or oh I want to research this one thing or I wonder if that if you think it and it's already on the end on the internet and there's probably a video about it which is maybe not safe at work

so as far as self learning take control over your education take control over what you're learning some of you already do this you go to work you work nine to five or your work nine to nine or whatever it is and then you go home and you continue your learning let me go ahead and code up that thing for for myself to understand what's going on do that you'll feel much more connected I myself chose to go the route of sands I took a sans class a sans institute class outside this is cool this is a company that will that will give me learning they will force-feed me literally it's like drinking from anybody taking a sans

class yeah it's like drinking from a fire hose right i mean they just pour information into you and the people are so nice and afterwards your brain is kind of overflowing and i was like i could do some of these things back on my home network so i was assist admin and i went to one of these sands classes and i learned how to do stuff I learned how to use certain tools and went back to my environment I'm like hey boss I bet I could hack into our super secret system that we've got going on here he's like no you're not gonna do it in production it's like I i will make because i had

that foundation like I would make a replica of our system will call it dev test exploit whatever and I'll hack on that and within I took the skills that I had that I learned in this class and I applied it and within like 20 minutes I had domain admin I had creds it was awesome and my boss was jaw dropped he's like well we need to start doing this security thing I said yes you do and I know the man for it with this with this experience and with this information that I just gained and my ability to apply it which many times is something that it can be challenging right we may all know somebody that's a

tremendous bookworm they know and read so many different things but when it comes to typing on a keyboard or applying that knowledge there's a disconnect but since I was able to apply this I started looking for pen test jobs because you know what I had skills like awesome cool I became an information security professional it was now no really it doesn't say cyber up there sir it's okay um well yeah I became an information security professional and as an information security professional I could see this was the this was the first google image for information security professional like I don't know what that is but it looks cyber ish right locks floating in mid-air keyboard

that was me it's see the locks and of course there's an information security professional what do you have to do you got to get your CSS beer at least I did and I got that and I was so happy is like yeah got my cissp how the heck do i apply this stuff I wasn't around any 10 foot tall fat chain-link fences to protect any top secret information I didn't have to bail the podge Allah anything but I knew of this information I knew it was out there so my boss he said hey Myka you're getting pretty info sucky there I hear there's this black hat thing out in Las Vegas you ever been to Vegas no like

would you like to go to black I'm like yeah free trip to Vegas sure so so that's me in 2006 and caesars palace was awesome and I've got some learning on you know I found that I had skills I found out I had mad skills cuz you thought what happens you go to one of these conferences there's vendors there and the vendors give you stuff I had a skill for getting things for free was awesome it was great um I actually got so much stuff that I had to buy another suitcase so if you're in the in the industry plan ahead bring two suitcases to all security events so I'm out there at black hat and I'm

learning stuff black hats more of a corporate conference I think we'd agree um and my boss said hey are you up for staying there a little bit longer but yeah I can stay at Vegas longer that's cool so well there's this thing called DEFCON would would you want to go to that what sure them out of here why not it's only like a hundred one hundred bucks I can do that cool so I went online and I'm looking uncle like a DEFCON where is it what's up and I saw that there were hackers are I saw that their hackers now I'm an information security professional I got a cissp I can't be around hackers these are people

not if you remember my picture I know hair how am I gonna fit in I'm not a hacker I got a ski mask they got no gloves what am I supposed to do so I panicked a little boy I was like all right deep breaths I can do this a little sad a little sad but I got through it I went there to that def con and I was overwhelmed anybody been to DEFCON yeah it's an information security circus right i mean it's it's amazing the talented people that are there it's amazing the things that they're doing and how you have to buy a new phone when you leave there but it's um it's really

a cool place and in 2006 when I was just getting in it totally overwhelmed me um and it made me question my work like well these guys are hacking gsm things and and doing all this stuff with long-range bluetooth snarfing I don't even know any of that stuff but it's okay and that's one of the tips I give people when I meant for them it's okay to realize that you know a small amount of stuff and there's other people that know more than you you will get to a place where people think that you know more than they do you will get to a place where you know a sufficient amount of information and you're still looking up at the people

that are doing even more elite stuff that you forget about where you came from you forget about all those junior people that are still don't even know what tcp/ip stands for so it's okay to feel inadequate and so I was playing volleyball I play volleyball in a league and I'm just playing volleyball with with a young man and he said to me no Micah you're an information security professional now you're cissp you've been to DEFCON why don't you come to this group I belong to it's called Nova hackers I was like whoa Bob hackers I don't know if I can do that I've got the cissp it says I have to be ethical we know what hackers do but he was

relentless and I I thank you for that Bob um he's right over here in the audience I'm going to call him out um so bob was relentless he was like you got to come you got to just got to just meet these people they're nice people they're not all strange so my community tip number three join a group now in my area Nova hackers was what Bob got me into and I found it really neat we would go to these meetings and there would be people have a wide variety of skill level in there and they were presenting on anything from like current and kernel level rootkits 22 how to do like really simple simple stuff but they were participating

and it was neat to meet them and talk with them and grow my network of people because you know what this is one of the things that people don't realize is that even though you might not know what I know you still know stuff that I don't know and I can learn from you and you can teach me and I can teach you this is what our community is truly about it's about learning from each other yeah I might have this uber blog post with a with a pretty picture in there but you could do the same thing and you could teach people as well so in these meetings what we do is we sit down now

if you don't have a nova hackers where you are this is for Northern Virginia DC Maryland area there's Issa chapters there's a wasp chapters there's a lot of other a hacker organizations like Colorado the 303 s right there's a lot of other groups out there that can help you make connections to other people in the industry and in the community so some of the talks that we we've actually done you know there's people that are exploiting like Colonel levels stuff I don't get there's people that we're talking about programming and how to how to start out program you know even how to programming languages that I don't even think exists Google's there are also people that help you do

whatever this guys doing to that computer it just does not look right I love the images on it come anybody seen that soldering iron picture where the ladies like grabbing the the hot end of the soldering iron she's like man so there's a lot of people out there and so as you start to make these connections set some goals for yourself you know where do you want to be do you want to learn a language okay do you want to just got 10 more conferences okay do you want to speak somewhere there's lots of opportunities to speak or just to learn and share your information set some goals for yourself because as Yogi Berra said if you don't know where you're

going you don't know when you get there yeah um you don't know when you get there and that's very true you know some of you probably do five year plans ten-year plants career plans I want to be sigh so I want to be the tech lead of this I want to write a book cool well do that also in infosec do that in your cur in your community life as well I want to participate in the group I want to do two of the things that micro talks about on this live are these slides one of the other things you can do to feel that connection to other people to get that mentorship this contribute to

open source project now I know it seems simple right I bet over half of you have used an open source project at one time of your life whether it's metasploit or or some other tool yeah these things are easy I myself I learned Python and I started coding very very poorly but I started coding in in a recon ng framework I started writing these modules because it was about scraping information off of websites and then writing a module to do that more efficiently and put it within this framework it was pretty cool and it mixed my work life with what my information security community life was becoming so I had motivation I had knowledge and I could do these things

and learn a new skill which was good for me so this was fun and it was neither the the owner of the project Tim tomes Landmaster 53 great guy down south carolina he I remember my first module submission like hey I just get something did to you I think I get pushed it to you or get pulled this to you and he's like yeah you did that right Mike I'm like all right cool you know put it in the framework buddy I did it it works he said yeah this kind of sucks let's see if we can make this a little better and I give Tim a lot of credit because what he did is instead of fixing my code he

taught me how to fix the code he taught me how to make it better and you'll find over and over and over again people are willing to help you learn and grow if you try i find this is this to be that that that response from many of the people that i mentor hey I don't program I don't script I'm not to that place in my university experience I just I haven't been required to what do I do oh okay if you want to contribute to an open source project there are many projects out there that if you can notepad or notepad plus plus or sublime or text pad or something like that you can contribute

their these things right here whether it's my offensive the interview sorry that it's so wide but if my offensive interview project up there that project is about open sourcing questions that people can use to find out your little level of technical ability that a candidate has when they come to interview so there there's some knowledge based questions there's some technical questions and you ask the candidate this now oh if it's out there people will just read that and then they'll they'll figure out the answers and then those questions won't be good anymore yeah absolutely but you'll also have somebody that you know does their homework does research on their own and as a quality wants to

learn so that's okay if somebody goes and does it but I'm always looking for people to contribute send your questions in contribute fuzz DB this is just a list of words a list of places and directories for websites this is not hard to add stuff to here um Justin nordine does something with the O's Oh sent framework if you go to Oh sent framework com there's an amazing open source project that what it does is it organizes and categorized open-source intelligence-gathering tools okay we call them stalking tools but in information security there are open-source intelligence-gathering tools but all it is is you go out and you find a site that you can look up somebody's

phone number on you go to the project you download it you say I could get somebody's phone number here and you put the information in and you've contributed you've made it so somebody else can do things faster better and more if and that's contributing that's giving back next thing is participating conferences now when i was in information security professional i went to DEFCON i went to black hat and aside from scraping all of the swag from all the different vendors and sticking in my luggage I didn't participate at all i went to the talks I didn't do anything that was I went to the talks I I didn't do the lock-picking because lock-picking isn't that illegal

isn't that you know against the law it isn't but back then I was thinking these things like these are bad things I didn't CTF cuz oh my god putting my laptop on that hostile network won't they attack me sometimes yes sometimes no but you know what here I don't know if tools down here who's doing all create it's not too light it's somebody else so the opener Association and the open organization of lock Pickers tool tool us some firewalls will block this if you're in a corporate environment they call this a hacking site and you'll get put on a watch list but tool that US has a PowerPoint presentation on how to lock pick if

you've ever been to one of the infosec conferences and they have that power point with all the animated locks going in and keys and how to pick that's where they you can get it you can download it you teach yourself out a lockpick with a paper clip and a pair of scissors no seriously I I did at one time at work we were doing wireless assessments and we're looking for robe wireless access points and one time we were walking through a building like wow it's up in the ceiling and there was a box in the ceiling with a lock on it and there were two antennas coming down from him ago that's probably one of the corporate

ones that's okay and we called the corporate people say hey this one's misconfigured they said well we don't have anything in that room like yeah you do it's right there it's in the common box it's you know he's like no we don't have that really okay so now I was up there that's like I know how to lockpick I went to a conference once and I did this but I have none of my tools on me I'm like thinking about MacGyver like get me a paper clip a pair of scissors and a penknife for some reason and I've they're picking the lock in the season in the ceiling my voice like you'll never get and just then it opened and

there was a cisco access for him like that is absolutely our corporate access point and the guys like no we don't have in our database in like oh well mine now so you can win fabulous prizes with this but one of the other things that I decide is one year i've gone to juvie con anybody der beek on over in louisville yeah great conference that's a really nice kind of family feeling conference nice group of people and one year I kept going there and I just walk into the CTF room if you walk into a capture the flag room not the one down here but like at a conference if it's a dedicated room do it on day one cuz on

day two you're not going to want to go into that room it will smell kind of hacker ish so I walked in the room like wow all these people and I'm looking at people's screens I'm like I could probably do that I could probably do that I don't want to put my laptop on that network that's too scary for me and I wasn't at a place where I could do that that's okay that was where I was at at that time but you know what the next year I made a goal and my goal was to sit down and just do it for a little bit until I stopped getting bored you know I was like I'll plug in I wiped my box you

know flash the bios because you got to be careful about that black key to everything clean kali linux install and I hopped on the network and I SAT there from friday at noon until sunday at noon and I just hacked all the things we can't my team came in third that year was awesome and I learned so much because I worked with a bunch of other people and those people became my friends and those friends knew more about Windows exploitation than I could ever know but you know what I knew a little bit more about web so when they got to a hard website or something like that like a mica can you help me out and

like yeah but you got to help me with this because I don't and we work together towards a common goal and we learned so Mike my challenge to you is is if you want to go down to the CTF downstairs try one of them try to lock pick which you don't have to plug in the computer to do I get that but try something downstairs that you haven't done in the past to broaden your horizons you might find that you've got some skills that you didn't know about so we did the CTF and that was cool Mike tip number seven is to publish your information you know blogging nowadays is super super simple wordpress com

whatever you can go there and set up a site in minutes and it's easy now people say to me well hey I don't have anything to say or or well the other people have probably already said this um carnal ownage chris gates he said one time you know when I blog blogging is not necessarily for you to read what I've done I don't care if you find that helpful or not it's for me to take public notes so that when I go and I have this exact same problem in a week a month two years I'd be like damn I did that once right and he goes back to his blogging is out that's how i exploited

it that's what the response should be and he can move forward yeah it's great that it helps other people it's great that it moves the the field of info SEC forward but it doesn't have to be for other people it can just be saying you have a voice I actually started a blog right after my Derby con thing I was like I got something to talk about I was a CTF virgin and i went in there my team got 3rd place and I talked about I talked about the feelings of the inadequacy when I started out on the network and and I didn't know what the heck to do and I talked about how not sharing

information really hurt us and it wasn't necessarily technical but it was things that could help other people and it was things that made me feel better about my experiences their next thing is volunteer when I say volunteer I mean volunteer at places like this um there are lots of these besides conferences and other conferences that need help whether you're helping out at HACC now hackers for charity booth or you're helping out run in the conference on this is a conference that's coming up besides DC later on in this month down in the DC area and there's constantly these pleas for help us out contribute come we'll give you a free access to the to the

conference just we need you to to help out register people at the front door or we need you help with security or whatever they're not hard jobs but you make a difference and you help other people kind of have a good experience as well so consider participating pitching in now this is something that's really hard for people asking for and taking feedback if you want to participate any information security community you can be one of those people that's really closed off one of those people that won't take input isn't open to other ideas we have those in the industry we have those on reddit but if you want to be successful being open to other

people's ideas other people's techniques for for doing whatever that's going to be helpful and you will learn and grow by that conversation if you allow yourself to be and I say that because I actually gave a talk up at bsides Boston loved a great place great town I went up there and I gave this talk it's a stalking talk that I give called running away from security it's on the youtubes and it's about finding people on the internet and showing you know where they live and other things it's kind of fun and afterward this lady can raise their hand outside get there any questions she raised her hands she said yeah so why were all of your examples about women

you had three examples and all of them were about women what why don't you like women Micah like my I love my wife I have a daughter I love my mom I like women and but it got me thinking I mean her point was was more that she had an agenda she she had a feminist blog and she was you know talking about all the indignities if I had three men up there as examples the same question would have come out of her mouth but I took the eye i took the essence of what she said that my examples even though they were easy and they fit were skewed and I opened up myself I said well could I make one of

them about a man and you know what I went back home and my daughter helped me out with that talk and she and I went scouring the internet for places where men were disclosing too much information which is a lot of places and we we actually found a better example for my talk then that that woman example so it was good so so taking that feedback and being open to it allowed me to actually make a better presentation that was pretty cool and actually then blogged about that thanking her for doing that I think she wrote a blog criticizing my blog about her blog so it's one of these inception thing the next thing is share your knowledge

now when I talked to junior people about this people were just breaking into security and say share your knowledge they're like whoa no no I I'm not here I I'm just getting in there I say you know what there's things that you know that I don't know because I haven't looked into DNS SEC or I haven't tried to figure out how to use ipv6 but you have to do this in class or or you have to do something else with object-oriented programming I don't know so you even though you're junior you have other skills that you can bring to bear to further the conversation and share your knowledge now for me I set a goal of becoming a

sans instructor I teach for sands now but it took me years to actually work up to that but that was a goal that's how I share information you might not want to do this standing in front of groups like this might terrify you and that's okay we have other ways that you can contribute whether it's at work in a brown bag or or doing an after our talk at a college class or after a college class or something you can mentor other people help them bring them along into your journey hey you know this is what I'm choosing to do I went to this talk there were 13 tips not 14 not 12 13 tips

and I'm choosing these three which are you going to do and you kind of learn from each other this is another one that I find as it is one that sounds simple but it eludes us because we don't think about our journey we think about the destination you set a goal you like I want to you know have my master's degree in two years or I want to get that job all right cool track your progress back in the early 1990s um these things were how we like kept track of our calendars there was no Google's there was no no nothing to keep track of it on the computer so we used these books and you know what these are

ones that are in my basement I've stored in a way and I started flipping through them looking at hey this is my first tcp/ip class that that's pretty cool and it shows you where you've been and it allows you to see that growth because what we don't recognize as people is we we don't recognize those those small gradual steps that we make towards our goal we recognize a goal I got married I got promoted I got this but you don't recognize all the steps that you had to do to get to that event and by doing that sometimes when you're feeling down you're feeling inadequate you're feeling like an imposter you can go back oh you

know what I do know a lot and here's where i learned that and here's where i participated so keep traffic you don't have to use one of these things you can use the internet now that's fine here's another thing here's one of Micah's tips to track your progress a lot of you have these badges on right yeah so my wife is a runner and one year for her birthday I got her one of these running things it says success isn't how far you got but the distance you traveled from where you started and I started thinking like I have been collecting all the badges from all of the trainings I've gone to from all the conferences I've gone to and

they're just hanging in my closet well heck that's a lot of money and a lot of time and a lot of effort that normally people don't see that I've put in to get where I am and so what I did was I bought one of these things off of the running on the wall or Amazon wherever and I hung on my stuff and I put it on my wall at work and when junior people come in they're like well how do I I'm like you see that you try you attend you participate and it helps further the conversation also I can I can look at this and go yeah you know what I've done a bunch of things and

that makes me feel good on days when you know maybe I'm feeling like things aren't going really well here's another thing and I'll tell you that social media is bad all right but social media is also helpful in my opinion we as people make risk-based decisions at a personal level all the time do I post this to facebook do I geolocate myself do I apply for this job or that job do I attend this talk or not you you make these decisions and then we move on with our lives just like we do at work making risk-based decisions joining Twitter's a risk-based decision but I would tell you that joining twitter is one of those things that has

a much bigger reward than a risk there are people on Twitter and you know who you are that don't tweet a bit they just lurk they read other things that other people are tweeting they might retweet things and that's okay twitter is a great way to reach out directly to people to again further that conversation hey you know what besides the Delaware you guys are having a great time there i'm wondering if you could do this or or just keeping track of what events are happening here or hashtag infosec or hashtag Pokemon go no don't do that um but you can reach out to people if you if I told you that you could get and in

contact with anybody that you wanted and spark up a conversation just by finding their handle would that make you feel powerful hey I'm working on this social engineered in your toolkit god I wish I could get in touch with trusted sec or Dave Kennedy he's got Twitter hey Dave in this thing and he'll respond or Raphael Mudge or some of these other big names in the industry and they want to help people so get involved in the conversation even if it's just listening you don't have to do anything also on Twitter this is where we find a lot of things before they hit mainstream media I don't know if you've seen it recently I'm watching like the

TV and I'm looking and they've got somebody's Twitter feed up there goin hashtag you know storm in Miami or whatever I'm like you guys are using Twitter as a primary source for that's crazy but if you're on Twitter you've already seen that maybe six hours 12 hours ago and that happens very frequently in infosec twitter is like a phone book for us reaching out having the conversations and and really making a lot of connections for also for all the info SEC conferences you go to a lot of things are discussed on Twitter new events parties other other things hey you left your phone in the lobby type of things on Twitter and then here's my last tip and this is kind

of an obvious one but it's one that many people don't think about if you're always the smartest person in the room you're probably not growing and learning as much as possible right and many of you probably are the smartest people in your room at your company's at your organization's at your school's at home how many at home are the smartest people and sorry dear um yeah so you're the smartest ones in the room that's great but you ever find yourself wanting a mentor wanting somebody that knows more about this than you that's cool and that happens to a lot of us what you can do is you can reach out to Twitter use your blog go ahead and and

talk to the people that you volunteered with talk about all these different things that we've done participating at conferences you grow those networks so that when you get here you get to that mid level or senior position or you're the only person in your organization that does infosec you have friends that you can reach out to that's one of the best things about the Nova hackers group or if you're in sans one of the the sands advisory boards their mailing list and these are mailing list that you could say hey I don't know what the heck I'm doing here my boss just asked me to do this can anybody help me and people will help you because you are part of

the community so this is the recap all of these different things now again for those you came late you don't have to do all of these to be connected to the infra cekam unity but the more of these things you do you'll find that you know when you come to these conferences it won't be about yeah i'm going to go lockpick it'll be about man i can't wait to see my buddies i can't wait to see my friends I can't wait to meet new friends I was just out of Der Beek on it was great conference I went to a couple of talks did a couple of other things but what I found most was it was more of

like a reunion I went there I saw my old friends and then each one of my old friends they brought a new friend with them they're like hey have you met ba Baba this is his first input say oh hey Bob growing my network and growing his two and reaching out to him so that is my talk are there any questions for me yes sir okay

I don't yeah ok so the question is or the comment is is that this gentleman runs a blue team podcast and the question is is where do blue team is hang out we're two newbies hang on okay so I will turn this to you all because I'm guessing that this might be out of your comfort zone and that's okay and this is a safe environment and then that's right president that's right we're on the French um so anybody that response here I'll give you a hug outside it'll be ok but so for you people that are just breaking into security where do you go for information is it reddit or Facebook group or a Twitter or or if your local

university website where do you go what you lurk on Twitter all right all right cool some Twitter's sir nets at reddit netsec / r / net set right okay in /r CTF okay yes sir youtube so you're watching videos on how to do things so if you change your podcast and maybe or two on those podcast vlogs maybe you read some people yeah what is the podcast sis administrivia that's pretty cool and that's one of the neat things that you find is you know there are people that love blue teaming or defense there's people that love offensive penetration testing vulnerability stuff and there's people that love every other part of the community some thank you for it so

there's places out there talk to this room what's your name sir Brent talk to Brent if you want to give him some more places to find you which sounds odd when I say it out loud but you know what i meant NAT Jerry we get see my other talk what other questions yeah all right cool well thank you very much for starting up besides Delaware with me you