Breaking In, Giving Back: My Cyber Security Journey - Tom Coogans

Uh good afternoon all. I'm Tom control. Uh you can find in the corner of the room there running in the CTF Wi-Fi and stuff. It's pretty good. Seems to be running smoothly now. We're back. Um what I've g out the sort of floor plate out there is everyone's on a journey of some sort. Whether you're a deep uh reverse engineering binaries at the myth uh you're still looking the next area to become specialist in. So everyone's learning something at some point and never really an expert in everything. So what I'm going to focus on sort of is hopefully talk more for the the noobs in the room really. Uh it's about sort of my track of how I got to where I am. 20

years in in industry uh both with military and environments but then someone coming from I don't say disadvantaged background but someone with a massive ability to read and write to actually be successful. So uh you I will be giving you some resources at the end. I'll give you a QR code to scan if you want to if you want to take the risk. If not you can just Google uh my name and link click the top link. Cool. So within the resources unlike most resources you get which is a bunch of videos. This contains qualifications series docu documents the communities you can join as well. So while you're studied, you can also speak to people uh

the tools and uh my little heart here is the cyical skills course that I run. Um the videos that you can watch as well if you don't mind my does seem more intense. So the resources look something like that clearer on screen. Uh a little bit about me first. So uh I said 20 years in years in the industry is 23 now. um cyber senior cyber security engineer um team with my current role is in delivering cyber exercises not just cyber full warfare environments I'm currently serving in the royal navy 20 years done about to go for a commission good and I've worked in different areas of cyber security so I've worked in the defensive I worked in the OCO side but

now within the devops space I'm really generally a cyber so pretty cool uh if anyone's got any questions about how do I get involved in military Cyber pointing directions for all recruiting good skill sets in all right I'm not going to tell you anything that's not uh protecting market so personally who am I because I'm actually a real person I'm not just a label uh I am a dad and husband staff enthusiast author uh I've got one book published about the second I'm a trainer with the cyber course skills course creator as we all are nowadays if you've got a YouTube channel uh travel bit of traveler 386% of world 18% done didn't seem a lot but Matt

looks really impressive and definitely a Caucasian hunter uh ignoring [Music] my team a bit as well cool so I am coming from educated point of view hopefully um some of the projects I've got going on at the minute and this is really entailing to what you can invest in yourself and and bring things out so as I said cyber core skills course which She's got a GitHub page and on YouTube. Uh written a couple types script books running real life cyber CTFs. So in there you can hack Wi-Fi sniff traffic and then attack a car box if you want to and take it away. I can always rebuild it. So my my real B is running in live

ones. So the the online challenges are online challenges but in real life stuff is is far better. You can build some real skills. Um pushing networking events. So my CTS main at a lower level than what seems to be at basing sto. So uh I'm not saying the ports crowd a struggle but they struggle to get on normal commercial available Wi-Fi let alone it. Um then a real technical project at the minute is developing a single single solution training. So it's a train wrench using infrastructure with clock and a courseware. So if anyone's interested in it's free I'll give it just if you want the training in your own work I'll give you it's all open

source. So breaking in so obviously the title is breaking and giving back. So how did I break in? So starting off a bit of a noob try me and and now weathered sailor uh looking at 20 years down the line and slightly bitter I've got to say shaking my head at various things that come through but raw dog out the box constant uh started 2002 went to college ID ended up working at college in 2004 that's our rack disgusting uh and yeah it's all virt uh then 2003 work experience for the NHS so we did uh first support and then multi-sight hardware engineering sort of place and stuff. So you'll notice the constant theme of work experience. So

this is before I joined up doing work experience. It's the sort of steps of I'm guessing 90% of people have asked us at the start who's not in trying to get into it. Thank you. Okay. So you'll know we'll know it's a constant thing. uh 2005 joined Navy uh six month deployed but then did six months of trade training for IT coms joined the first ship aircraft carrier crew of thousand assist on that to maintain systems online multiple systemations all good stuff still physical servers nothing virtualized uh and then 2007 uh deployed on a different ship was the IT security man on that and dealt with uh that was 2007 2008 we might have had a

big virus called flicker We caused massive workloads. Uh lots of sleepless nights and reimaging of every single terminal for thousand people with one set. Good times. Uh cool 2012 become an IT technical trainer. That's why I try to talk to the back of the room. There's all sorts things that I like to do. Um one of the things is there is I got challenged based on I did this interview with Fujitsu when I wanted to jump ship. I was like I'm done. want to be an old person and then he said why aren't you certified in what you're doing so then jump ship and got me through CCNA uh and then dedicated himself and I was like

I'm going to run this training bit I want to start giving back it's free so the first version of me had a call skills course was called switched on training ironically for networking uh on YouTube but I've got a couple of people certified remotely in CCNA so anyone's interested look at the videos that old school but I've got the newer versions uh did yeah again third line support IT systems deployed and then more work experience at uh blue screen it as a soft analyst. Um key point there is if you want to get in ask the right questions. So before I went down to blue screen it I asked them what scene are you using they said alien it changed now

that's what I said so before I got down to blue screen Plymouth I drive from port where I'm from and I built a vault. So I built it as a scene, created the users, created the dashboard, got some SNMP tracks going in, setting track levels and really got amongst it and understood the sort of the environment that it set on. So when I got there, it was 2 weeks worth of work. So I was already in the second one. So then from the first day I got there, I already level one, level two, I was looking at triage, I was looking at SLAs, I was looking threat intelligence, generating threat reports. I'm like, I'm second

week top manager in in theory. I'm not not going to dispute anyone but apart from looking at the real life tracks coming and knowing what uh seeing suppose end maps of the world that's that's what we're getting through cool they had some very interesting customers as well so it was good good work experience cool uh bit more puny job 2020 range engineer and cloud engineer uh producing test ranges and training ranges uh I'm going to say where but using terraform and effectively survived my entire time there based on two universes and only because I asked the right question. I said, "What can I learn before I get there to so I can actually survive?" So

they learned everyone as I did and got on it took all my notes used GitHub repo and then there was no more training after that. So it was all self self learning self generated moving on to the next project kubernetes docker next skill what else then then customers want more and to then learn another bit of open source software it's crazy. So some of the things I worked on during that was DCM2 which is defensive side mile 2 that was my big sort of in with the creation of the their great space made um internet for that and then stag warrior which is a massive exercise. So if anyone's got any questions or wants to

get DevOps more to spend time talking through that uh now maybe take a little bit Um so now currently running uh cyber cyber elements of warfare exercises and I've got two sung responsibilities with that. My last one I have to move 100 people from UK an entire aircraft carrier making sure they have correct IT systems accounts allocations permissions to communicate but then deliver a cyber effect to make sure certified UK CSG in sum with a team of 100 people that was the mixture of task pri impressive I've done we had uh seam virtual exercise which was free using our own infrastructure and then to real world one of Norway Mediterrane uh any questions so far

cool I'll stop talking about in a minute and then really give back don't worry uh so I started looking at brands and personal branding that sort of seems to be what you need nowadays get anywhere so 2001 I launched myself as a personality control Tom and the s skills course regenerate that uh then become cyber security trainer and as part of the exercises speaking here today that you're on here congratulations you're a part of my story uh then going to be running all the cyber CTF at Bournemouth and next year or later this year launch of various different services uh if anyone wants any stuff give us a shout cool so from the time what I've learned

is first of all ask the right questions or at least ask a question so if you're going into a scenario don't go without any knowledge. So what technical skill you use that can learn that I can be adaptive and overcome the burst. That's going to be it. You're going to go into as an AWS engineer not necessarily every job description will tell you exactly what you're doing. Ask what tech they using. Not saying on the outside know what pass levels are, but you can enable yourself from day one understandably amongst that sort of the six month period where you put your head down. Grace, you've got to learn the job. um get connected. So a big thing

that I started doing and then realized is relationships may be gen uh genuine. So if you connect on LinkedIn, remain in contact with them. Speak to people that are human. All right? It's not just a oneway relationship. If you're here, what else can I do for you? Can I CTF for you? Can I speak? Can I give you some help setting up and stuff like that? Uh request work experience is big thing. So I've done blue team and red team and a bit hardware engineering at the Olympic uh and breaking ambition. So I didn't picture myself doing range engineering when first resetting passwords as well uh one support but effectively delivering saving the mod half million pounds on early delivery of

the product is pretty good. So don't see yourself there build up in small stages. All right. and always have as part of that New Year's ambition definitely next step. So supporting you are probably through this a little bit quickly. So paying it back um my single word advice is find out what you enjoy. I tried to be a soft analyst looking at CSV files breaking them down TCP dumps and running Python script to find out single IP addresses against that is not my I enjoy building. I like ripping something down, building it with open source software and then producing multiple layers, open source software to produce solutions and find a problem and then fix it. So I'm I'm definitely in

the yellow team, but also enjoy a little bit for training and talking. So find what you enjoy because that's what you can end up doing. All right? And that's what end up sticking with whether it's working in a kernel level bios buffer overflow type stuff. If that really excites you, do it more and find a job that does that because one and any area of cyber you put the word cy you're always going to get a little bit including project. Cool. So if you're not technical be a project manager technical um choose your area based on the obviously I haven't seen this I'm not claiming find what certificates suit you which will enable you. All

right, this good bit giving back resources. So, uh, singing again skills course free online. It's got a GitHub front page. I'll give you the link to that if you want to start looking at my videos and and hearing me again, but virtual. So, you reach out. Um, videos at minute and always expanding when I get really enthusiastic about something or when you hear two or three questions at the same issue. So, I do a video on it and give them so I don't have to explain that again. But then it takes a little bit of editing on top. Cool. Um the areas that I'm covering within the sort of uh repo which at the end network virtualization cloud Windows

domain and powershell because that's always needed Linux CLI Python within Linux it's also called B scripting as part of the links I've given you red team blue teaming but blue teaming from a building perspective. So giving you all the links to all the different scenes that you can build and put in trash yourself devops in my area automation bits need for auditing and I'm learning because that's effectively for building that's how I do it now doing it in gamble land uh and then a big thing is the soft skills area so as I said at the beginning right half I got here and I managed to write reports because I learned how to do that through speech to

text. It's amazing that using Google Docs has got speech function. I can write on my move across and I don't have to type single word gen text loads of things in it's got all the links. Microsoft Edge has got text speech test brilliant uh stuff skills. So it will effectively give you everything from how to generate CV to uh what podcasts to listen to try stay involved really especially checkpoint last week you can remain concurrent with what's going on in the world uh mental health something that's definitely close to my heart is burnout a massive cause and expectations of companies nowadays and I see a lot of people sort of looking around going as soon as I say is

burns out is a common thing whether it's you're self studying Whether it's work expectations versus family balance that that's hard. So it comes in a twoprong attack a little bit but effectively you've got recovery sustainability and then building resilience right so wherever you are on that spectrum I'm trying to now build resilience I'm now in in that area so I've got some tools you use in that area right it's a common things that is changing every minute and theation on top of that is horrible so just there's some good stuff in there and links that I've provided you uh go out go and have a little Let's go through straight to the bottom. Go straight. I've used all these tools

myself. All right? So, I'm not going to give you a bunch of autogenerated stuff. Uh, cool. So, there it is. That's the siesta build. Uh, if you don't want to scan a QR code, I think most of you have good. It's not going to take you to anything. Take some links my link page and the first link on that is the GitHub repo which is called B 2025 talk resources. It's massive. Uh or you can go on Google and type in control link tree. Awesome. Okay. Top link on there will give you every single resource in every area. Not just based on videos, communities, tools. All right. Here's your way to reach out to me if you need to. Uh yeah, that's

pretty much it. Going through that in few time. Cool. Uh yeah, thank you for listening. There's any questions? >> What time does the CTF open till today? >> Uh the online stuff will remain online until end stop the DNS access through so about another 6 months but the the Wi-Fi stuff close by.