Why contributing to the infosec community is important

In this giving back edition of the Exploring Information Security podcast, why contributing to the infosec community is important.

I'm taking a different approach to solo episodes and the podcast. I am going to blog about the solo episode before recording it. This will allow me to collect my thoughts. As a result of this, I hope, that it'll make the solo episode much more smoother. Usually, I write down some points and then just riff off that. Because I'd like to write more I figured this would be one way to improve quality of the podcast, while also providing some more elaborate show notes. With that, let's get to the topic at hand.

My origins as a contributor

When I started my IT career, I wasn't much of a contributor. I came in did my work and went home. In the evenings I played a lot of video games. Mostly, World of Warcraft and Counter-Strike mods like Day of Defeat. I raided. I played in competitive leagues. I had a lot of fun. I started college about a year after I got out of the Navy. I was doing it because I had the GI Bill and figured I might as well use it.

A few semesters in the government changed how the GI Bill worked. If I went back to school for six or more credit hours, I would not only get the courses covered, but also get basic housing allowance. College quickly became a part-time job. I bumped up from one class a semester to three. The wife and I started a family with our first child. Somehow I managed to balance work, school, a child, and my gaming habit.

In 2010, (for whatever reason) I started blogging about the Astros. A year later I started up a podcast for the site. I enjoyed the blogging and podcasting. At some point I explored the possibility of making a career out of my media arts degree. Things were fine at work, I just didn't really care for being a network administrator.

In 2012, I got my first opportunity to work in security. By this time I had realized that going into the media arts field would be a struggle for myself and my family. I still did the blog and podcast because I enjoyed it and was starting to make a little money from it ($100 a month). I would continue to do it until May 2015.

In November 2013 I went to my first BSides in Charleston.  I went with a buddy. He and I had such a great time going to the conference that nine months later we started our own local security user group in Columbia, SC called ColaSec. That was my first contribution to the infosec community.

Check that my second contribution was ColaSec. My first was this podcast. I produced seven episodes of EIS during the summer of 2014. I didn't release them to any podcast directory, because I wasn't sure I wanted to do it or not. I was still doing the Astros blogger/podcaster thing.

Check that again my third contribution was ColaSec, my second was the podcast, and my first was shooting pictures at BSides Nashville 2014. I've since shot several security conferences. You can check out my photography page for the conferences (plus some non-security events) I've shot.

In May 2015, I graduated from the University of South Carolina with a bachelors in Media Arts. I decided it was time to take the effort I was putting into the Astros and put it into the infosec field. By this time I realized infosec was where I wanted to be career wise. I was reading and listening to everything I could. ColaSec was becoming more and more popular. Another thing I realized was that blogging and podcast for the Astros opened up opportunities for me.

It allowed us to get interviews with players and front office personnel. Through these interviews we found out that people in the organization were reading our stuff. I even got to meet some of these people along with several of the writers on staff. I got to travel to Spring Training and ball parks. I got to know members of the media. I've been interviewed on TV, other podcasts, and been quoted in the Houston Chronicle. If I took that effort and applied it to my career similar opportunities were bound to happen. And that's what happened.

Why it's beneficial

Networking is one of the biggest benefits. Through shooting pictures, I've been able to get to know several conference organizers. Through the podcast I've gotten to know several infosec practitioners with something interesting to say. Through ColaSec I've gotten to know fellow peers and those looking to get into the industry. All these have led to getting to know other people in the industry.

I am in a dream job right now. That is a combination of knowing someone who I started the OWASP Columbia SC chapter with and knowing someone who helps organize BSides Nashville. The job I got previous to this one was because I meet the South Carolina state CISO at ColaSec. Networking with others in the industry is one of the best ways to land a new opportunity.

New skills is a result of networking with people. I have a large network of people I can go to if I have a question about something. Even when I don't have a question about something I'm learning new things by engaging with people. I'm learning about new techniques and tools. Speaking and teaching is a great way to solidify a learned topic. It can also help in day-to-day meetings where you have to present something.

Career advancement is the result of the benefits above. New opportunities led to new challenges. New challenges led to gaining new skills that help your progression as an infosec professional. I was hired into my current role, because of my contributions to the community. The development director I work with told me that what impressed him the most was my contribution section of the resume. I was volunteering at conferences. I was speaking. I was doing podcasts. Those impressed him more than anything else on my resume.

Contributing makes the community better. I've heard from several people about how the podcast helped them with a topic. I've heard that the con specials help humanize some of the high profile pros you see on Twitter or speaker circuit. How they seem more approachable now. I've been told my pictures help conferences get sponsors. ColaSec (my greatest contribution) has helped people get Security+ certified. It's helped people land jobs in our field. It's helped people get in front of others and teach something. It's helped people learn.

When we started ColaSec we expected to network with our peers in the field, around town. It turns out a lot of people showed up because they wanted to get into security. We also had people show up who didn't necessarily want to get in, but had an interest in security. We've had a couple developers show up because they believe security is important.

Contributing opens up a lot of opportunity. It also creates opportunities for others around us to get better.

How to get started contributing

Find something you're interested in that can add value to the infosec community. Shooting pictures and podcasting is something I enjoy doing. It makes contributing easier. I've also just simply volunteered at events. It's a great opportunity to feel special because you get a different color shirt and badge and get to walk in "restricted areas."

Speaking is a great way to contributor. Most conferences really really like first time speakers. I believe one of the reasons why I got to speak at DerbyCon in 2015 was because I was a "first time" speaker (BSides Augusta was actually my first time) and because I had EMET in my talk (Dave Kennedy loves EMET). I'm still learning as a speaker, because it's a tough skill to master. There are a lot of resources and people available to help someone get started.

I've seen people make a quilt that was auctioned off. The proceeds went to charity. Some people create music. Others put on capture the flag (CTF) events. Blogging is a great way to improve your writing skill and help research a topic. I find it strangely therapeutic and extremely satisfying when I finish. Speaking of, I've run out of ideas off the top of my head and I think you get the point.

Takeaway

Contribute to the infosec community. It can open up a lot of great opportunities for you and your career.

How to submit a presentation to a conference - Part 2

In this presented edition of the Exploring Information Security podcast, Dr. Jessica Barker joins me to discuss how to submit a presentation to a conference.

Jess (@drjessicabarker) runs the @cyberdotuk account on twitter and website. She's also the co-founder of Redacted Firm (@redactedfirm). She wrote an article last year that covered recommendations and tips for submitting to a conference Call for Papers (CFP). It all started with a tweet asking what's holding people back from submitting to a conference. Over 6,000 responses later there were a variety reasons, including "I don't know enough.' The article goes on to ask several organizers for their suggestions on submitting. In this podcast episode we dive into the article and much more.

In this episode we discuss:

  • How is someone supposed to navigate advice

  • How to submit a presentation to a conference

  • What resources are available

  • What should someone do if the don't get accepted to speak?

How to submit a presentation to a conference - Part 1

In this presented edition of the Exploring Information Security podcast, Dr. Jessica Barker joins me to discuss how to submit a presentation to a conference.

Jess (@drjessicabarker) runs the @cyberdotuk account on twitter and website. She's also the co-founder of Redacted Firm (@redactedfirm). She wrote an article last year that covered recommendations and tips for submitting to a conference Call for Papers (CFP). It all started with a tweet asking what's holding people back from submitting to a conference. Over 6,000 responses later there were a variety reasons, including "I don't know enough.' The article goes on to ask several organizers for their suggestions on submitting. In this podcast episode we dive into the article and much more.

In this episode we discuss:

  • How to get started submitting a CFP

  • Why submit a presentation to a conference

  • The different types of CFP review

  • What preparation is necessary

What is Social Engineering for the Blue Team?

In this building better relationships edition of the Exploring Information Security podcast, I discuss my new presentation and workshop content for this year, Social Engineering for the Blue Team.

I've already written a couple blog posts on the topic:

I've also created a GitHub page to track all my resources I intend to use in the presentation and training. The idea of the content is that we can use social engineering (like the red team) in our day-to-day interactions at work. We can use the same techniques to build better relationships and build better security mindsets in our organization. If you prefer soft skills.

In this episode I discuss:

  • What is social engineering for the blue team

  • How I came up with the idea

  • How can this be applied

  • What techniques we can use to build better relationships