A Career In Security

I'm not introduce him who does not know those are not your friends so I'm going to introduce I'm not going to this Gabriel he's going to come and take over the session I'm generalizing a bit but the two general ways you can get security right as part of an internal organization say for example you're a bad part of our bank's internal security team or you develop security products just for urbanization or you can be an external resource doing work for an organization say you are a consultant who does fantastic incident response I'm generalizing a bit but that's how the two general forms are I've done a bit of both now I'm trying to get up on gospel Consultants it can be exhausting but both of them have advantages both and have disadvantages I personally prefer at the moment this moment in my career I want to do internal security okay now getting started the most common question I get asked most people don't know how to start especially if you see those weird career maps and stuff like that and the advice I give them unsure you can reach sites to use and start with the stuff that is going to be helpful regardless of the career you get into there are some things that are just basic whether you're doing blue teaming right teaming or the application security whether you're doing forensics there's some Basics that you should do some of the most common ones is just getting familiar with working operating systems like Windows and Linux especially using the command a lot of tools that don't have uh uis and stuff like that so you might want to learn how to use the command not you sure that battery is a command line the coding and scripting okay I should mention you can be successful in security without coding and scripting but uh a lot of jobs this requires some level of automation so I'd recommend at least learning one popular speaking language I can't relate to recording when I was living in there actually I got it to security because I was avoiding recording not because passionate about security I was avoiding coding and eventually I did Passion came along the way but um now I actually wish I'd started earlier because it's actually it's added so much value to my life because quality allows you to be created it allows you to you know put your ideas that you might have in your hand on into something that other people can do here so I'd recommend that you start with a simple ones python go those ones can be used for pretty much anything I always recommend python because it's very easy to start and a lot of jobs these days you see some level of scripting language required especially the technical room whether it's Bluetooth I can't explain how valuable this is when you're starting out Homeland and everything can be allowed to actually and we'll even talk about it later in the series section uh and then also things like you know this ID security things and Frameworks you know the CIA try those things will happen at the beginning they're kind of boring but I promise you they make a better security professional later on down the line um yeah the reason I'm recommending those skills is because the add value regardless of the failure so even if you don't know why you're doing yet don't want to provide a good foundation where to start I wish this is the one Center which existed about starting security anyone here is extra hack me bunch of people yeah please Mr hack me like I can't explain how valuable it is at first I thought it was just for fantastic and stuff but they have so much content and even if you go to the site with zero knowledge like you have no clue how to use Linux you have no clue what security is that somebody is popular learning Parts like I said the slide solution so the links will get some later so start with this try hack I mean there's a lot of free content but if you can afford the 10 per month just put it a lot cheaper than paying for this professional search I think Pennsylvania is like about 1500 yeah fifteen hundred dollars it's not cheap and paying for such things so track me is why some people to say had a lot but the reason I don't recommend ask the box is active box is great when you're learning ctfs but if you're coming from a point where you don't know anything they don't have that beginner level content like if you want to do suggest like boss is definitely the best but if you're just coming from a point where you don't know anything starts to try again um then how to focus on a specific field as you bounce around these different things trying out different things you might find that thing that you like doing a bit better than the other things that's actually how I started to execute because I like a lot of people who are here like I said at the beginning try to track things like someone do a bit of everything then you'll find one or two things that you actually enjoy a bit more than the others uh try diving deeper into those topics you know find content like one thing I'd like to search for is on this GitHub on GitHub there's this awesome favorite team engage is awesome I really haven't seen those things and I got some specific topic you can now start looking for specific content around that subject area you're interested in and that's how you might end up now specializing and beating a specific so that's actually ended up specializing for offensive security um if you don't find anything you're passionate about or it will come over time or you can just do the thing you hit uh you don't think it's doing as much as your other stuff like that person engage mobile off I really hate it so I I did other things to avoid the mobile and eventually I landed in stock but I do enjoy like Windows environments um and other things like that this is another common argument we have in security or just a popular debate you know do you prefer doing the thing while you're a bit of a generalist and competent in multiple topics or do you prefer the Deep dive into a single topic code but who are something that they prefer so write this like deep dimensions of specific topic becoming an expert in something blue is more like where you balance what do you think is the right answer here like the people who can become experts at one who can become successful because they only know one thing and that people who can become really successful because they juggle a bunch of things so it really depends on who you are what kind of building my girlfriends will become very successful by just knowing one thing really really well not to one or two things really really well but also a lot of people who've gone very far right German so it also depends on your job on the generating me it's very hard to focus on one thing because the scope is always changing you know now cloud is a big thing so if you're competent writing me you might want to touch your Cloud uh you might almost start team I need to know at least something about Windows Active Directory I need to know a bit about web application security so it depends on her job also for me like I actually prefer doing a bit of both right you're competent you know a bunch of things but then there's some specific topics that you're pretty good at or at least above average and in European and awesome team like I've worked with somebody foreign unfortunately a lot of jobs still require a degree as a minimum but don't let that smoke you don't don't let that you're not doomed if you don't have a degree they're not the people who still become really really good at security we have a friend in Africa who has the other degree but it's an architecture that's like such as a business degree or something yeah so you can still make it pretty far in security with with or without a degree whether it's relevant or not such questions I would say they are their help when you're drunk hunting but of course 90 percent of the time mostly starts up usually hard to reach or someone who just start again if you're just pressure 20 years you know and now you're paying 150k for a single set but that doesn't mean you can't get such so um one popularity to get certifications and especially in your starting office making use of these offers and stuff there's this thing called Microsoft training days I just learned about the juicy juicy if you attend a Microsoft training there the calendar is that but when you open the link you can actually get a free certification attempt for the AZ 900. so that all these big big sites tends to have offers tend to have this kind of promotions these are the kind of things you can you can use and also when you're beginning um try Hackney and udemy and some of these other people they have of course completion certificates when you're beginning you can use those things as certificates yeah because if you don't have the cash for the recipes or whatever societies you're interested in you can use sites like this to get offers on these things and then you foreign one really important thing I should have mentioned is please start learning how to take notes as early as possible in your career it's one of the most important it's actually my biggest regret executive has started taking note a bit late proper notes later on in my career pick an app right now and start documenting everything um I'm sure you liked from everyone here that security around us feels when you're constantly learning now all the time when I lose you have to go back to the idea of organoids now imagine security what used to keep happening is I have to keep going back to topics and already touched on which because I didn't have the notes so now every time you learn something they can do that I'm not going to try and convince you which no talk is better but these are the most popular ones for pretty much everyone obsidian notion I know a lot of people like Kenosha just speak and you don't character and use but start taking notes as early as possible because you really don't have to be going through a process where you're relearning stuff you already touched on another moment to personal branding a lot of these topics to feed on into each other um yeah it's a personal value so this is also a really really important one I can't explain just how much your personal brand helps when you're hunting for jobs what I mean by personal brand personal brand is everything how you appear to the world like not be like a dressing but not not silly stuff like that like I mean how your presence on them you know where if someone Googles you what do they find do you have a Blog do you have a data do you have a Twitter things like that so that's really really important again it's another regret I health because I joined some I started doing things very late I started my program not to be late I wasn't on Twitter for a while my friends who convinced me to join Twitter that's what infosec people turkeys hang out I was ignoring most of those things but I wish I started earlier and it's not about getting you know all the followers you know 100 000 it's not about that it's more about connecting with people in your field because uh as I'm sure people here mentioned that Network matters and especially when job hunting yeah you know if you job at it but the easiest way to get look for work is if you have a good network if you have a bus Network someone knows your name somewhere that's how you get your recommendations that's how you get jobs um so let's start on which sites you can use so of course there's a lot of social media sites these days but primarily for infosec people hang out on Twitter actually if you think it's from multitasking it's even cold as primaries they hang out on Twitter yeah so Twitter is available are the Tech players you know people have to argue there and be depressed and everything but that's also uh that's why also around the majority of turkeys are not so if you want to start connecting people in the field both locally internationally you want to join Twitter um if you're happy without social media I'm not going to try and convince you to join social media but honestly it's very hard to connect with people if you're not on say you have a really good blog you want to share Twitter is the easiest way to get it outside actually look get used to sharing your progress and achievements even if it seems the name I'll talk about your imposter syndrome a bit later on but you've heard about little a lot about it even if it's lost to small small achievements you know you finished a city I've got used to sharing that stuff um now this side is it's not my favorite site I truly truly do not enjoy it and I'm sure you've all heard the stories but some stories inspirational stories but I'm married to an interview I find a stray dog I was late for the interview and I walked into interview guess who was the interviewer yeah and that is 90 percent probability and honestly that is 90 percent but I'm not a fan of the site I'm not a fan of the search but unfortunately the my policy for LinkedIn is it's one of those things you'd better have and not need and need another time yeah because remember other example if tech is equals Twitter for HRS and recruiters why do they are not LinkedIn yeah so you can't avoid it unfortunately if you see my little bunny you think I love it you think you think I'm a professional religion user but I hate I really do his research but I think it's here what I actually do with LinkedIn is take it seriously at the beginning you know invest in building a serious profile then from that just updates it's updated you know you get as new set go and update go and share you know 2013 there's lots of people sharing the job that you wish you but you see that a lot go congratulate your friends celebrate your friends means your colleagues and stuff I personally don't enjoy it LinkedIn implants as always my existence but uh just let us know it's really you know to be very happy for me to tell people who are just starting off to not create Community programs honestly create them create them as soon as you can start connecting with your you know fellow students your fellow professionals and then their Prof their profile will grow over time and but they recruiters if you have a pretty impressive profile recruiters actually end up reaching is that you can reach a point where you're the one talking about jobs you could just can actually start reaching out to you quite a bit that's happened to me it happened to a bunch of friends so get a serious profile and uh even if you hate it it works now this is one of the most important things in security and muscular Fields you have to create some form of contact but it's the one way to really stand out from the card content comes in many forms it can be blogging it can be YouTube it can be Zoom webinars it can be a podcast like when I was talking this is one of the ways to stand out from the crowd um one I've seen people get held purely based on a Blog they have or that on code projects they've shared on GitHub people love business people without anything even now personally people reach out to me just because of things like micro and stuff like that and that's why you also help build your network and create your strengths if you don't like writing you can you know record the videos if you don't like recording videos you can maybe learn to code and start trying stuff on GitHub um but it's the easiest of making presentations a lot of platforms these days she hacks is awesome because they have the weekly sessions both for campus and for professionals so you can do sessions that they don't discriminate a type of content you have you can take it but start putting start creating content in your eye as possible to another thing I wish I started a lot earlier and then sharing it to the community and this and it's any form right here um I hear people using this saying they can give a nice suffer through this like when you're beginning especially you really feel like you don't have anything to share with the university you don't feel like you have anything to share with professionals you're happy you've done basic ctrs but it doesn't matter honestly someone wants to see your perspective just DM me into like someone wants to see what you've done someone wants to see your perspective how you approached it yeah for that much of the 200 write-ups or 200 blocks about the same topic just put it all down and you'll never be ready that's what's actually to keep telling myself like I'm not ready yet I'm not ready yet I promise you there's no day you wake up in like you know today is the day just do the thing yeah fine you might suck at the start but you'll get better at some point and another thing is people say is my contact is basic for beginners do you know what's the most popular type of content the most valuable type of content is content for beginners now that is a little even when I look at my blog traffic the blocks the posts that are the most popular to this they are the ones that were written for like you know for beginners or I was learning about your topic and I just wrote about the topic in case I also wanted to learn about it that's what makes more of an impact than the Deep technical topics than networking so I've mentioned this networking is really really important this I learned from my friend twinsky said people want to work with our friends it's just exactly people want to work with people they know so if someone if someone had a job someone has a network they'd rather work with people they know that you know put on CVS and get a thousand applications from people they don't know Network goes a long long way it's just a way of the world sometimes a lot of people who don't a lot of people who deserve jobs the market looked over because they know the right people just successful in the world there's nothing it's not changing so you have to work on building a network it's not some even I struggle with networking especially that part where I can build relationship I apart from maintaining it as well as travel but it's one of those things that everyone just has to do to some to some level and in case you're wondering how to network again Twitter there's some people hang out uh all over here already doing the right thing you're at our conference and actually missed conferences you know I haven't been one to one since called red Youth and all that so interact with people yeah you might not see them again but make sure you at least get some Twitter followers or get to connect to someone get on it someone you get it someone's there talk to someone who's in the field you never know because they might not even be hired but they might know someone who is hand and they'll meet you and they say like you have maybe you're very passionate feel you put out some content or whatever so that's how that's how I cut again when you're doing course and such channels there's some use courses and stuff will do while you're doing it together as someone else especially like you're doing a try hacking thing you'll meet other people in the community connect with people that um again people also can come to you if you put out the content if you put out a presentation if you put out a Blog some people will sometimes reach out to you so that's another value of creating content Discord is really popular as well if you have a lot of Discord channels if anyone wants them I can share them there's a lot of people channels so it's just infosight professionals I think there's even one for the local hack the Box Kenya hdb Kenya there's one just for the hack the Box ke so that's another great place to meet people to do the same thing so and yeah unfortunately also LinkedIn LinkedIn is also related for networking essentially it's that I've met people on YouTube I've been offered just so just to really attain so I get greater profit now job hunting um fun fact I'm actually job hunting actively so it's something I can talk about quite passiona