Expanding Our Horizons

- time speed so even if it's to at a slow portion you're actively engaging the entire time trying to keep up with it the other thing is if you come to a section that you don't understand just rewind it play it back at one times and honestly just make sure that you're getting every single portion of that content of your time absorb and then finally make sure that you're reading and listening whenever possible I know that in the morning it's a really good idea to wake up with a book or some kind of content ooh get your brain flowing that's how that you can carry it anywhere say you got an airport you have time to kill you could read a book we're

saying an hour instead of watching the kids aren't on the airport and online you can learn speed reading and they forms articles like I said books it's also a really good deep dresser for making sure that you're keeping your stress levels down so you can function an opportunity state as kuna being on top of that you can pair audio books and physical books so you're getting your content through a visual video but you're also hearing it back in your ears there's a better chance of retaining what you're reading and learning in addition everyone here has a job to work right that's kind of what we do you can listen while you're writing to work you can listen during chores and

workouts you're using time that would otherwise be wasted and using it to gain something even if staying with this model say listening there's only five percent retention five percent over say you spend an hour a day in your commute five hours a week however you know you're just growing over time even five percent is more than zero so even if it's not very beneficial you're still getting retention and even specially like new topics even just hearing the words over and over again it sort of it would create connections what you think they mean what they actually mean we beneficial to you just over time and also with us you want to make sure they're playing a podcast out

there and lots of lectures like for example we even let YouTube know - they'll put lectures up on there you can just play that in the background whatever you doing anything else and also make sure you diversify what you're doing like don't just strictly do things bill should we read something else because our brains contain information and they was orbit in multiple different mediums and you can maximize your absorption you have the best chance of learning as quickly as possible so you can become an expert in as many things as you want with as much Sweden efficiency and also make sure taking care of yourself because your mind rests inside of your body and that means you

want to make sure you're getting eight hours of sleep or how much less you function well where's your drinking water working out eating well because you can take care of yourself you don't have to worry about nagging pains or issues within your own body and you can focus on more important things like figuring out how does your cancer now many of you guys involved or fast just we can have some fun with this I'm gonna put some pictures up on stream and I want you guys to figure out in 30 seconds some different captions between us we can try to practice making connections between different topics you guys ready [Music]

got any ideas airplanes ever got anything else anyone else so with this one the thing that I was getting at in like a real world situation is that Loretta Vichy actually created a wingsuit that was mimic directly after birds and if you look at like all different types of stealth aircraft they're modeled directly after birds because their ability to just cut right through the air for another one

[Music]

they don't got anything else the Cold War the CIA actually magicians to teach their operatives how to do tradecraft in the field an audience being Russian operatives trying to figure out what was going on in information exchanges pretty interesting so now I'm gonna cover the different accelerated learning techniques to leverage the fact you want to be efficient with your time if you try to become an expert and say mathematics so we're trying to come after it's a chemistry or these different like larger so domains you have a lot of content to cover and the faster you can do it the better it will be for you and less painful hopefully in the end so first of all you want to make

sure you can find community go out to conferences like this one finally local organizations in the area like Oh wasp or InfraGard or for those that specifically just make sure that you're finding people you communicate with because they can only motivate you but they'll give you some type of they're gonna make sure that you're actually doing the work for you save it you do it they can make sure that you're going out and learning the things that you want to they're gonna keep you accountable for your actions in order to keep you accountable for your path you want to take you can get a like-minded group of people everyone can work together towards this goal and make sure

you're setting goals for your knowledge your performance depending on the skill because if you're just going in blindly you're just going to wander a path that may or may not be effective but if you know you want to go from point to point B to C to D and eventually all the way over there be able to do any number of things you want and that subdomain you want to make sure you're setting goals to not only motivate you but it also keep you accountable ago saying the last one it'll just make sure that you're pushing yourself is and with goals you want to make sure that they're specific and if they have a timeframe

dealt with them if you say that you want to learn Python but you don't give it a timeframe you can do that by just for now you couldn't do next week like there's no real urgency but with it your work all other ideas yours if they can jump between different ideas rapidly you'll be able to access the information that you have arrived your mind extremely quickly and the whole point of having this insecurity is that you'll be able to look at a problem that's going on and no umpteen different ways you can attack that problem and solve it and protect infrastructure or whatever your end goal is with it whether your attacker or defender now I'm against

those two specific methods and start off going to talk about the disk method by Tim fairs so what this is is a rapid method to pretty much get the main idea of a content area before you're diving in and really getting the nitty-gritty of it the specifics so these dance would deconstruct so you want to determine the smallest possible unit allurement by like say if you're using some kind of like online learning content you have modules you have a different chapters you want to break it down so you're learning a chap at a time or a module at a time for example deltek we use test out so say you'd want to go at a time and make sure you're putting

all these concepts and that's you want to interview talk to experts to see what they find as most important information in that content area ultimately they're the ones who know what's going on today they're the experts that you want to select what 20% should focus on because the general idea is that 20% of the content will give you 80% of the results you won't be all the way there but you will be the majority of the way there you can fill in that other 20% or however much it ends up beating your content area on your own time but in a much more concentrated and confined matter sort of be more rapid you also want to sequence it so figure

out what order to cover these blocks in for example going to learn networking you don't want to be learning about internet routing before you can understand how IP addresses work it's going to be putting the horse in the horse before the cart and then steaks you want to give yourself some type of cost or failure figure out what happens if you don't get this goal done if you don't figure out what this new content area or process or whatever the information you're trying to gather is this will give you motivation it also gave you some type of urgency to say I need to get this done now I need to work on this I didn't make time every week

because the whole point of being going towards a polymath is that this is lifelong learning you're not just gonna sit here learn two topics and be done with it like the whole point is to go out into the world and continuously be growing and learning you should be learning as much if not more now then you should be in 10 20 30 years because the whole point is to be lifelong learning and always growing as a person it's not just some type of static Bowl next the Fineman technique by richard fineman so this is really useful for determining if you actually fully understand a subject or not so what you get a piece of paper you picked your

topic and then you write that on top so say use your network again say I want to make sure I understand I write the top my paper and I explain that topic as simply as possible if I were trying to teach it to a child you want to turn your weakness isn't that so what that makes you do is say I can explain this much of it but this part still kind of fuzzy and this course I can't even get it all you can go back and refine in step 3 what those areas actually mean what they unlike your understanding of them and you're gonna repeat that back and forth until you can fully explain this topic

on such a simple level at any one kind of standard now after that you want to go back in circa 20 analogies without going out creating connections say you reference an orange in your explanation of subnetting if you can connect many things over multiples similar subjects or objects you'll be able to rapidly pull out Gia's out of your brain just like that next you also wanna make it fun for yourself so game based learning is new and on the rise and up and coming for example this is a screenshot of a game called screams what you do is you control this little leg robots that's spawn out of a little dot on the screen but the entire control the game

is through JavaScript everything you do is control through a terminal or new scripting so this can be really useful say in a programming setting of teaching students how to learn JavaScript instead of having to say ok make this calculator Oh make this database query or any different number of subjects or topics or projects you could be doing you tell them you want them to be the best on your personal server because the cool thing you buy the game it's like 15 bucks on Steam and then you can host your own server and it's run on a MongoDB and your students do can just connect in and it just it's always running around the clock because their

programming scripts which means there's no real user interaction needed to be done with it so you can also use it say in a larger scale setting to catch the different you have AI learning it's compatible that too and just the whole way to you if you can find fun ideas and fun concepts to make your learning more interesting you enjoy yourself more now that topic is specifically in our domain make sure you doing cts and competitions things like National Cyber League or tweet cyber defense competition or even look at these conferences how the public pros goes to joes or networks from sans make sure you're competing in different events that are actually testing your information security skills because the

whole point of this is to make sure you are extremely rapid and extremely effective at determining what knowledge you want out of an environment and right there from my teacher Jared baby was talking about how he can either push him to the fore you can do it yourself in terms of learning from CTS and it's your best bet to get in there as soon as possible like for me I'm a freshman I did a u.s. cyber camp over summer and these CTF so like National Cyber League have just been the biggest help to me excited emotional Wireshark is their kind of use it beforehand and thanks to these competitions and having to learn what the tools do I can send the effectively

use Wireshark to analyze web traffic which I never would have known before so it puts you in different situations that are more real-world than saying hey write this paper hey do this small quiz from a textbook that you may or not be right about now for really stubborn topics I would suggest Aki flashcards what they are is they're flashcards on line set up with audio visual and text so that means you get absorbed multiple mediums at once and I know a lot of people use these for say like languages or things like German Japanese Russian kind of like comp complicated language they're going to use this because it lets you really just absorb the content unless you

different areas now on the top of the working I'm gonna pull up a couple of different Japanese methods that are really effective example Kanban so what you do is in the topic of learning you can figure out all the different skills you want to learn and that's subdomain like using the disk method you figure out the different blocks you want to learn you put them on sticky notes over here to do column then you have your do today column that's what you're gonna focus on in this specific time and you can set it for any time when you wanna do this week do this month just something where you're organizing it down by these are my next goals how

those over here when you effectively start working on them I'm gonna move them over to an in-progress area and you limit this to say four to six items at one time because the more you divide your attention you're wasting brainpower by providing to multiple topics I think it's five or ten percent you move every time concentrating you're switching between topics so if you really focus it do we time efficient but you're also going to be able to make really close connections between these different areas and finally coming back to that do you want to be always motivating yourself to keep going to say lifelong thing this is a marathon not a sprint you have a done

category that shows you what you've already accomplished and what you can go forward and say I've done all these things which means I know no matter how long will take me I will get to this point eventually now Kaizen is this idea that every day if you improve in very miniscule ways you'll be exponentially better in a year or even in a longer scale this idea says you could prove one percent every day so for example if you want to say how the goal of working out the morning the first day you just wake up for when your time without you start the second day put your shoes out the third day for your clothes out and over time

because you're slowly in reigning small mining details over time is gonna just become a habit it's kind of like you're playing music and you keep playing one section over and over and over and you slowly build up a song throughout and just measure my measure you're going to know that first measure really well and the last one might be a little shady or flaky but you're gonna understand the majority of that extremely quickly and if you're only improving 1% every day that's three hundred sixty five percent in a year you take me literally which is a lot better than not even starting or being able to start but then stopping some point soon because you just don't

know where to go from there now this is a really good technique you can pair with Kanban which is the Pomodoro Technique which says you study for 25 minutes take a five-minute break and you repeat that Pomodoro that 30 minute cycle 1 2 3 more times then take a 15 minute break what that does is it keeps you moving quickly but also lets you intensely focused on 25 minutes because you know you get a 5 minute rest in that rest you can do it everyone say you want to go text a friend or go play solitaire or go for a walk and get some food or something you always have a little five-minute break to look for you so you

know even if you're intensely focused you get frustrated on something if you have a break in the future and then every couple Pomodoro's you can just take a long break and just get away from the subject and then reconvene in it later the other useful thing for this is if you're tracking your progress and trying to build yourself up over time he's not Kaizen technique you can just add another Pomodoro so say for one month ago just take one Pomodoro a day and learn about say chemistry and then the second month you take 2 Pomodoro's and then so on so forth until you have the amount of time that is reasonable for your schedule in your life that

still maximizes the amount of time you're spending every day or every week or every month learning about the subject you really learn about now specifically in the security fields now with all that behind us and some people talk about physical that's what I really enjoy I know that this is overall a cyber conference but security as a whole goes outside of just the virtual environment there are physical servers and physical machines that are being interfaced with and if someone could access to those machines your own honestly because they can do whatever they want to them whether they be reset the server or gain physical access to them and then escalate privileges so digital skills for security

professionals would be anything that you want to focus on as InfoSec related specifically so these might be good areas to start if you want to hone in on your InfoSec skills first or find these really interesting like for example forensics is massive and just constantly growing they have things like cloud security now with the advent of top technology was growing and growing and growing or it's going in and of course your red team your blue team's or your offense or defense yeah things like risk mitigation also you have computers on that's where all this came from we're honestly just a small little niche portion of gear science because we're all either breaking things and figuring

out how we broke them to take advantage of it or fixing things with duct tape and super glue that's all we're really doing here and just preventing it so that way people can't get access to data or information that they're not supposed to have access to that's all our entire job is we're banking on the fact that people are going to be rude and that other people need protection now there's also physical skills with security professionals as a whole for example you look at the military as security professionals they're providing physical security to a nation or you could look at cops or you could look at security guards any number of things that can go

out and actually provide physical protection for your systems or physical protection for your assets you have things like access control systems and locks so actually a human interface with it the imaging equipment so that you can observe and you can really hone in on what's going on in that specific sector should that be a threat or not you have things like vehicles if you say interested in that because of course there's always people trying to use vehicles to cause harm to other people all the terror attacks in Europe now are starting to beat with vehicles and just driving through crowds how can you effectively stop that so that we can protect the public that's of course an

issue for us too because we're part of the public you know you say you want to learn personal defence and you take that to a more personnel security Rock you have weapons your martial arts you have Fitness because we can't run a hundred yards you can only protect the president if things like operation security and recon escape and evasion and all these different skills that build up to more important and more intrinsic things you also have say for example social engineering how cool would it be to just walk into any random building and be able get to the CEOs office just with your mouth just like hi guys you just somehow get up there you're the

coolest thing ever you have things like say for example public speaking that's being able to share your information with other people and benefiting the security community by sharing what you learn and what you know you'll be able to grow the community because if we can band together and share what we all know it's like trying to take say password crack and you put it out to a hundred different computers all of them are contributing and all they were holding back so we could all do that and make sure that we're all contributing back to each other we can grow the community as a whole in rapidly and also one I really enjoy doing in my

free time making like learning how to interact with physical objects and take some random raw material I come out with a useful finished product and I can just really be it might be the most satisfying thing in the world and then time back in once more to that as control so RFID an SDR upstairs right now they actually have SDR going on in the wire village and they also have a lockpick builder set up right now so you got want to check that out I don't know how much longer would be open after this but maybe just give it an idea give it a shooter something like I was saying I absolutely love so specifically for

security maybe you want to look at soldering electronics because computers are developed on solder electronics those massive like full room computers back in the eighties or just giant capacitors and tubes that were doing all the transistor but now it's simple easy for a home user yeah things like Arduino you have raspberry pods you have BeagleBone only different like $35 component you can just buy all internet and go learn about machine code or learn about binary or figure out how to stay with a Raspberry Pi the code type hole so that way you have your own personal VPN because the better you converge in these topics at a lower level the more research and how to exploit them and

then you have things like say 3d printing that would be useful in conjunction with the solder electronics because you can create cases for your devices or you can put them together and see how you can fit together and use CAD and all those different designs of software's we have already an SDR because ultimately we share an absurd amount of information over radio waves these days like our phones we have NFC we have all kinds of so communications we have Bluetooth Wi-Fi coming out of them I mean going to them and all these different things that interact with them but who for example knows how we use a crack WEP there's over the radio waves like you literally just point something

at it and boom it's gone and you're in like there's so much information being shared over a you lives and even outside of that you have like for example research at radio band so to say you want to eat your ham license so you could interact with more things or say you wanted to go out and toy around with little access and this one's kind of a revered one but music and photography so if you find these hobbies interesting learning to use them can be really useful in social engagements learning any kind of a physical skill that can get you in a door or in a back room so say for example you're doing a pen test at an

area where they have news equipment set up you can pose as a newsroom as a film crew minute and go in there and if you know what you can talk about and you know it's subject matter they're not gonna be able to just shoot you a labral class because you're gonna try to turn the camera on and end up turning it off and the other thing is you can hide electronics in other devices or you can hide stuff in any kind of equipment for example in guitars you can hide any kind of like small electronic in the neck of the guitar you can put them in acoustics in the big large drum and just close it

up or even with like say for example brass instruments you can hide small metal objects inside of say the bell of a trumpet or the bell of a trombone and it will be more obfuscated in terms of scanning of that object and ultimately just using more covers for say social engineer again that could go to other topics too and other skills that you may want to learn but these are just two that I thought of off top ahead and then there's some other things you may want to look into for example these are things that aren't specifically security oriented but they allow you more areas to pull from in your search of trying to grab more ideas from different areas so

for example material science or physics you could be able to say look at a server room and know that that wall that's drywall right you can just go right through it early just punch a hole in it you can get to the other side of it so say from a destructive physical security side you would know that putting the server room it's something not made of gypsum because one can just drop right through from the other side of a wall and compromise for systems say if you have a really high data storage that would be useful in that situation or say for example halibel math pulling back to that computer science example if you were a

better understand what's going on on a smaller scale if I understand in the fact that all computer science was which is really advanced math back in the day they're just looking at different comparisons in different contrasting statements and then specifically for cybersecurity be really useful to know your laws and know what's going on your standards in that sector because the best thing to do to cover your ass and make sure that you're not able to go to engagement and then have a book thrown at you because you did something outside of your room some engagement that isn't covered if you know that you can do X Y & Z and you know for sure that's fine and someone

tries to throw the book at you and you have your cover you're golden you'll be safe you won't be spending three to five years plus in jail for something you need to really know what's gonna happen and also just pull back to some other things like say for example you want to learn more about chemistry you're going to architecture these are things that also have like real-world implications you could have backup plans for your job same folks that doesn't pan out for you don't try cooking to be a chef I mean we're all even here you only make money it's useful to have more than just one idea like the whole part about was talking about being a polymath and being

able to pull from all the way areas you want to have backup plans you want to have it done let's see because that's what keeps you safe that's the same thing in security how you want to make sure that you can pull them as many topics as possible so that way you can attack every problem with as much ferocity as your attackers can if you're blue teaming and you're only coming at it from us one specific point of view say like the majority of education is coming at all problems from this you still have an aggressive a circle to deal with you still have people over and say Russia but completely different philosophical ideas and like their

societies are structured differently so maybe they would come out from a different angle you would wear their different skills that would make them attack a problem a certain way that you haven't thought again or that hasn't really occurred to you something that could be useful the whole idea is that systems are just built and there's nothing you can do about that there's always some way to get around something but the thing is if we can figure out how other people are going to be getting around those systems before they can do it we can get there before they can and we can stop them from compromising our systems before it actually happens now do one more thing audience involvement

this one's kind of weird and I'm interested to see what you guys have to say

they're both easy to penetrate with the right tool so why fight eggshells since they both country tropics right they both deal with the same kind of idea which is the angle of impact and your penetration factor through that object for example have 90 degrees perpendicular to a surface 4 inches of say a wall or armor is 4 inches if you're getting it at 90 degrees that's everything at 10 degrees at 4 inches in Wi-Fi and in the same area with tank shells becomes close to 2 feet the shallower angle impact of any kind of surface the greater the path through that object would be to the other side and that's why to be careful say when

placing Wi-Fi routers like directly at a wall and you're trying to say host Wi-Fi up through this wall and into a floor right above it you could be coming into interference issues I think it would take shows say there's a tank right in front of me if I slap my armor to the side there's a better chance it'll try to penetrate armor but it'll be ricocheted or stopped by my armor instead because it's not being able to go all the way through it now I had this working through the talk I hope I hope I've convinced you guys and I'm learning more than just your little niche sector of it's races to be useful to you in the long run because if you

can be a subject matter expert and say your own little made-up world your little made-up role can get you a $20,000 raise it may be worth it if you can figure out how to make yourself a better employee so you can stay employed so you can go to companies you want to work for and you can just throughout your entire career advance like you want to do you make yourself more profitable for your employer and make yourself better as a whole you're gonna ultimately reap the rewards for it in the end and honestly our field is constantly changing so why not try to stay ahead of things you're gonna be learning about the new and up-and-coming

things in your specific niche why don't worry about more areas so you can also say with your boss you would go to them and say like hey I have this happening in a completely unrelated field but we should do this because of it and you'll stand out to them for now top of that you can also just go to a conference and say hey guys guess what I can do just put a giant list of everything you're in a night of course so you guys have any questions I'm gonna post up some different like resources I would suggest you guys look into like I was saying make sure you guys are going to conferences make sure

you're competing there's also different TV outreach organizations looking for daughter or wasp books are really big help humblebundle comm will sell out different ebooks for like $15 you'll get twenty thirty books in that little thing and use pot money e-reader and you have hundreds of major information websites so you can practice different things like for a web app fantastic for Wireless yeah pack this site or how about hackers and also sans have the website called cyber aces org for anyone that hasn't fully jumped in to secure dia they have a basic course on Windows Linux and networking so you can get that start in it or anyone else who you want to get introduced to security cyber a

sonorities oh really they helped me a lot I know and then for things like physical security which I really enjoy speakers like deviant Ola and Samy Kamkar are really really helpful DV alum has a lot of talks on for example doors and box and some and Samy Kamkar is a security researcher that action does different hardware hacking things like for example garage door openers using kids toys Sammy is my friend and of course makes you guys were tenant conferences coming up we have shmoocon in January besides of charms we'll be out of a bit besides Nova next year you guys catch besides DC that was really good and of course you know do you guys have any questions for me if

you guys want to follow me on Twitter its

[Music]