• Save
Black Hat To A Notacon 6 - Black Suit: Econopocalypse Now
Upcoming SlideShare
Loading in...5
×
 

Black Hat To A Notacon 6 - Black Suit: Econopocalypse Now

on

  • 439 views

You want it all. But you're scared. You don't want to put on a suit and watch your soul shrivel. There is another way....

You want it all. But you're scared. You don't want to put on a suit and watch your soul shrivel. There is another way.

In this session, you will learn: - why you want to do this to yourself - how to get the first job (which will suck) - how to turn the first job into the next job (while still having fun) - how to get the top job (sooner than you thought you could) - and how to do it all without feeling like a corporate whore.

You want to hack the planet? You've got to start somewhere.

Now with new information on why the suffering economy is good news for you!!!

Statistics

Views

Total Views
439
Views on SlideShare
439
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Black Hat To A Notacon 6 - Black Suit: Econopocalypse Now Black Hat To A Notacon 6 - Black Suit: Econopocalypse Now Presentation Transcript

  • From a Black Hat to a Black Suit How to climb the corporate security ladder without losing your soul. Notacon 2009 James “Myrcurial” Arlen 1
  • Econopocalypse NOW! 2 2
  • Hi. 3 3
  • Great title huh? 4 4
  • Disclaimer: I am employed in the Infosec industry, but not authorized to speak on behalf of my employer. 5 5
  • Disclaimer: I am employed working in the Infosec industry, but not authorized to speak on behalf of my employer clients. 6 6
  • I am a suit. 7 7
  • I know – you can hardly tell. 8 8
  • I wasn’t always a suit. 9 9
  • I wasn’t always a suit. I used to be an artist. 10 10
  • I wasn’t always a suit. I used to be an artist. I had dreams. 11 11
  • I wasn’t always a suit. I used to be an artist. I had dreams. I was counter-culture. 12 12
  • Now I commute. 13 13
  • Now I commute. I read the business section. 14 14
  • Now I commute. I read the business section. I’m at my desk by 8. 15 15
  • Now I commute. I read the business section. I’m at my desk by 8. You can be just like me. 16 16
  • Seriously. 17 17
  • Seriously. You’d be surprised how interesting it can be. 18 18
  • How easily you can keep yourself out of an executive position forever. 19 19
  • And how much easier it can be to get into that elusive exclusive club. 20 20
  • And how much easier it can be to get into that elusive exclusive club. The CISO. 21 21
  • What do you want out of life? 22 22
  • What do you want out of life? Do you want 40 hour weeks? 23 23
  • What do you want out of life? Do you want 40 hour weeks? What about 60 hour weeks? 24 24
  • What do you want out of life? Do you want 40 hour weeks? What about 60 hour weeks? How does 80 hours feel? 25 25
  • Do you want to never be… 26 26
  • Do you want to never be… On call? 27 27
  • Do you want to never be… On call? Where the buck stops? 28 28
  • Do you want to never be… On call? Where the buck stops? Sleepless? 29 29
  • Your answers basically define your ability to get (or keep) a job in the corporate infosec world. 30 30
  • You will be trapped between: • Boredom • Terror 31 31
  • You’ll have weeks when: • Finding 30 hours of work is work • 80 hours isn’t nearly enough 32 32
  • You’ll be: • Updating documentation • Hunting for lost tapes • Cleaning up after other people • Underappreciated 33 33
  • Do you have what it takes to scramble all the way to the top? 34 34
  • Are you willing to stand up for your ethics? 35 35
  • Are you willing to stand up for your ethics? Do you have ethics? 36 36
  • STEP ONE: Getting the first real security job. 37 37
  • Probably as hard – or harder - than getting the last job. 38 38
  • Get your cred together. • Resume • Blog • Google results • Actual skill 39 39
  • Don’t forget about keyword filtering. 40 40
  • Don’t forget about keyword filtering. And never lie on your resume. 41 41
  • Pay your dues. 42 42
  • Pay your dues. Long hours. 43 43
  • Pay your dues. Long hours. Boring work. 44 44
  • Pay your dues. Long hours. Boring work. Log review and metrics. 45 45
  • Pay your dues. Long hours. Boring work. Log review and metrics. Doing it the SANS way. 46 46
  • You’re here to survive. 47 47
  • You’re here to survive. Build the resume. 48 48
  • You’re here to survive. Build the resume. Get involved. 49 49
  • You’re here to survive. Build the resume. Get involved. Be a generalist. 50 50
  • Don’t be afraid of job hopping. 51 51
  • Don’t be afraid of job hopping. Stay at least 1 year. 52 52
  • Don’t be afraid of job hopping. Stay at least 1 year. Big company. 53 53
  • Don’t be afraid of job hopping. Stay at least 1 year. Big company. Small company. 54 54
  • Don’t be afraid of job hopping. Stay at least 1 year. Big company. Small company. Public sector. 55 55
  • Work on your non-technical skills. 56 56
  • Work on your non-technical skills. Persuasion. 57 57
  • Work on your non-technical skills. Persuasion. Likeability. 58 58
  • Work on your non-technical skills. Persuasion. Likeability. Cooperation. 59 59
  • STEP TWO: Getting the first real management job. 60 60
  • Hey, hey! You’re a team leader now! 61 61
  • Can you lead the team? 62 62
  • Can you lead the team? Run interference. 63 63
  • Can you lead the team? Run interference. Maintain your skills. 64 64
  • Can you lead the team? Run interference. Maintain your skills. File your personnel reports. 65 65
  • Infosec has very little to do with technology… 66 66
  • Infosec has very little to do with technology… … and everything to do with people. 67 67
  • Are you ready to give up hacking the machines? 68 68
  • Are you ready to give up hacking the machines? Are you ready to start hacking the people? 69 69
  • How do you feel about organizational politics? 70 70
  • How do you feel about organizational politics? Work with the HR people. 71 71
  • How do you feel about organizational politics? Work with the HR people. Manage the budget. 72 72
  • How do you feel about organizational politics? Work with the HR people. Manage the budget. Get along with the machine. 73 73
  • Welcome to the 6th level of hell. 74 74
  • Welcome to the 6th level of hell. It’s ok though. 75 75
  • Welcome to the 6th level of hell. It’s ok though. Really. 76 76
  • You’re building a reputation. 77 77
  • You’re building a reputation. You get things done. 78 78
  • You’re building a reputation. You get things done. You know your material cold. 79 79
  • You’re building a reputation. You get things done. You know your material cold. You’re a people person. 80 80
  • You’re building a reputation. You get things done. You know your material cold. You’re a people person. You know people who know people. 81 81
  • STEP THREE: Getting the first real executive interaction job. 82 82
  • Clean up your language. 83 83
  • Clean up your language. You’re on parade now. 84 84
  • I know you hate these soul-less bastards. 85 85
  • I know you hate these soul-less bastards. They don’t like you very much either. 86 86
  • Resist the urge to go over to the dark side… … go on Luke, I know you can resist… 87 87
  • Speak their language. 88 88
  • Speak their language. Articulate risks. 89 89
  • Speak their language. Articulate risks. Understand tolerance of risk. 90 90
  • Speak their language. Articulate risks. Understand tolerance of risk. Bridge your experience with theirs. 91 91
  • Consider taking some business courses. 92 92
  • Consider taking some business courses. Deal with the fact that you spend your time with guys named “Chet”. 93 93
  • Dress their way. 94 94
  • Dress their way. Jokes on t-shirts are out. 95 95
  • Dress their way. Jokes on t-shirts are out. Business casual is a little too casual. 96 96
  • Dress their way. Jokes on t-shirts are out. Business casual is a little too casual. Put the damn suit on already. 97 97
  • Reality smack time. 98 98
  • Reality smack time. People will only listen to those who appear to be knowledgeable. 99 99
  • Reality smack time. People will only listen to those who appear to be knowledgeable. You’re wearing your knowledge. 100 100
  • You are under cover. 101 101
  • You are under cover. They cannot know they’ve been infiltrated. 102 102
  • You are under cover. They cannot know they’ve been infiltrated. They do not understand you. 103 103
  • You are under cover. They cannot know they’ve been infiltrated. They do not understand you. They do not want to understand you. 104 104
  • STEP FOUR: Maintain your soul. 105 105
  • Feed your inner hacker. 106 106
  • Feed your inner hacker. The $50 RFID kit looks pretty cheap from $100 an hour. 107 107
  • Feed your inner hacker. The $50 RFID kit looks pretty cheap from $100 an hour. Adopt early. 108 108
  • Get the company to pick up your conference tab. 109 109
  • Get the company to pick up your conference tab. Go early. Go often. 110 110
  • Play. 111 111
  • Play. Hack. 112 112
  • Play. Hack. Live. 113 113
  • STEP FIVE: Avoid the traps. 114 114
  • They will try to get to you. 115 115
  • They will try to get to you. Passive aggression. 116 116
  • They will try to get to you. Passive aggression. The dork treatment. 117 117
  • They will try to get to you. Passive aggression. The dork treatment. Matrix management. 118 118
  • You may find yourself wanting to be like them. 119 119
  • You may find yourself wanting to be like them. And you’re ok with that. 120 120
  • You may find yourself wanting to be like them. And you’re ok with that. I can’t help you. Please go enjoy the pool and a refreshment. 121 121
  • Maintain your contacts. 122 122
  • Maintain your contacts. Don’t be forgettable. 123 123
  • Maintain your contacts. Don’t be forgettable. Don’t be a jerk either. 124 124
  • Maintain your contacts. Don’t be forgettable. Don’t be a jerk either. Get on the facespace. 125 125
  • Choose your ‘professional association’ carefully. 126 126
  • Choose your ‘professional association’ carefully. I’ve found too many… 127 127
  • Choose your ‘professional association’ carefully. I’ve found too many… … issues. 128 128
  • Mentor the new people – those who are back at STEP ONE. 129 129
  • Mentor the new people – those who are back at STEP ONE. Even if you are busy. 130 130
  • Mentor the new people – those who are back at STEP ONE. Even if you are busy. Take the time. 131 131
  • STEP SIX: Arrival. 132 132
  • You’re probably ready for the C-Suite at this point. 133 133
  • You’ve built a reputation. 134 134
  • You’ve built a reputation. You’ve created an opening. 135 135
  • You’ve built a reputation. You’ve created an opening. Write yourself a ticket. 136 136
  • The CISO job is not well articulated in most organizations. 137 137
  • The CISO job is not well articulated in most organizations. Change an organization. 138 138
  • Then do it again. 139 139
  • Take over the world. 140 140
  • Send me a nice post card. 141 141
  • Economic Update -- Stimulus Package 142 142
  • 143 143
  • Of course you’re scared.You should be. 144 144
  • 145 145
  • Take a risk. 146 146
  • But I’m only in Step One… 147 147
  • But I’m only in Step One… … I want to get into Infosec, but I also would really like to keep my job please. 148 148
  • Take a terrifying risk. 149 149
  • Apply for a job. 150 150
  • What’s the worst that could happen… 151 151
  • You’re working for “Me, Inc.” 152 152
  • Ok smartass, what about the rest of us… 153 153
  • It’s time to invest in “Me, Inc.” 154 154
  • It’s time to invest in “Me, Inc.” Increase your education 155 155
  • It’s time to invest in “Me, Inc.” Increase your education -Especially adjacently to infosec 156 156
  • It’s time to invest in “Me, Inc.” Increase your education -Especially adjacently to infosec Spend time networking 157 157
  • It’s time to invest in “Me, Inc.” Increase your education -Especially adjacently to infosec Spend time networking -Remember that you may end up working for just about anyone – keep relationships strong. 158 158
  • Don’t forget the most interesting part of Information Security. It’s all about control. 159 159
  • And when (money|credit) gets tight, 160 160
  • And when (money|credit) gets tight, organizations are looking for ways to increase control over (money|credit). 161 161
  • And since Infosec is about control. 162 162
  • And since Infosec is about control. And also managing reputation risks. 163 163
  • And credit is all about reputation. 164 164
  • While there may be a reduction in the number of people working FOR the security industry, there will not be a reduction in the number of security practitioners working IN other industries 165 165
  • Don’t get me going about “the security industry.” 166 166
  • That’s a different talk altogether. 167 167
  • Q &A followup: myrcurial@100percentgeek.net 168 168
  • Credits, Links and Notices. Me: http://myrcurial.com and http://www.linkedin.com/in/jamesarlen and sometimes ttp://liquidmatrix.org/blog h Thanks: My Family, Friends, and the Notacon Awesome Bastards Inspiration: coffee, my lovely wife and hackerish children, Strattera, Club Mate, Information Society, NIN, altruism. http://creativecommons.org/licenses/by-nc-sa/2.5/ca/ 169 169