Dan has been involved in hacking and cybersecurity since junior school. He started his career in help desk support and worked his way up, eventually specializing in networking. He once drew a working QR code at work that ended up costing him his job. The document discusses various topics related to getting started in cybersecurity as a novice, including messing around with friends, using online resources to learn, dealing with HR requirements, the importance of networking, and bypassing barriers to get into the field.
Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Infosec Sucks - and its not because of he people.
1. AND ITS NOT BECAUSE OF THE PEOPLE
INFOSEC SUCKS!
2. • Dan (aka @ha3ks on pretty much everything)
• Started ‘hacking’ in junior school.
• Ranked top 0.2% of users on TryHackMe.
• Started answering phones on help desk and
worked up to SME (self taught other depts).
• Got my ‘start’ in security with Networking (the thing
not the meeting people one).
• Once I hand drew a working QR code (and it cost
me my job).
WHAT’S YOUR NAME
AND WHAT’S YOUR DADDY DO?
3. • life as a n00b
• Learning curve
• Finding your groove
• HR Gatekeeping
• Fixing the Recruitment Problem.
• Bypass HR???
• The Importance of Networking
WHAT WE WILL DISCUSS:
4. IMA SKID, AMA!
LIFE AS A N00B
• Messing with friends.
• Ask yourself where to start, Then ask Google.
• Blogging.
• Should I make a LinkedIn? it’s basically professional Facebook…
• Debating Mentoring? Aka “halp”
• Watching YouTube ‘how to’ videos
5. HOLY SHIT THAT’S EVEREST!
LEARNING CURVE
“Getting into Cyber is like shooting a bullet with a smaller bullet whilst blindfolded and riding a
horse.“ – Maybe Montgomery Scott, Star Trek 2009
Resources are available and they are free!
- Books
- Blogs
- Talks
- YouTube
Find what works for you --->
6. WHAT MAKES YOU TICK?
FINDING YOUR GROOVE
• Expanding on finding what works for you there are tons of options in cybersecurity.
• I looked to red team, But there’s way more to it then that.
• Gamification works well if you have a ‘gamer mindset’
- Capture the Flag on Blood Gulch anyone?
- Me, circa 2002
• Develop your skills in ‘real world’ scenarios.
7. WHAT MADE ME TICK AND STILL DOES *MANLY GROWL*
FINDING MY GROOVE
CTFs.
Holding myself accountable.
Helping others.
Learning to be a better note taker.
Furthering my skills.
8. HOARDERS, HOARDERS EVERYWHERE!
HR GATEKEEPING
• This isn’t something new.
• Cybersecurity Certification and Training… is kind of a money pit!
• Why has this happened? Testing – Renewals – Role Specific Certs = money pit.
• Misunderstanding certifications on entry level?
• Some people then snub certain certifications.
• Check out the following slides about job hunting, its totes amazing.
9.
10.
11. Yep, that was actual job listings on LinkedIn.
Yep, that’s really the numbers.
12. Interesting side notes:
• The CEH only still kicks around because of ‘The Military’ needing that ISO certification factor
- Did you know it states on the CEH site that you need 2 years experience in a Cyber Job to take
the exam and self study, if not you have to attend formal training which is really good if you have a
training budget that you want to BURN but what am I saying, you need this to get into an interview
in the first place!
• SANS testing had questions about using ‘Donald Dick’ on it initially.
• A company ‘made the papers’ for a CREST certifications scandal, so it cheapens it for everyone
else.
Read the news, learn about what is going on in the certification market.
13. WANTIN’ A CISSP? THAT'S A PADDLIN’… 5 YEARS EXPERIENCE? OH, YOU BETTER BELIEVE THAT'S A PADDLIN'.
FIXING RECRUITING!
• Speak to a 3rd party consultancy for what ‘entry level’ looks like and what to look for.
• Understand, the candidate may not fit in, they are not less qualified.
• Be understanding of a candidates drive and knowledge.
• Realize the obvious, 0-2 years experience is the spot for ‘entry level’ NOT 5 years.
• Have certs under the ‘would be real cool if you had’ heading, not the 100% set requirements.
• The people want the work, let them have it!
14. YEH ITS JUST PRESSING ‘Q’, ‘R’, ‘G ‘,THE LETTER ‘7’ AND DOWN, DOWN ON THE REMOTE.
BYPASSING HR?
• Try to Social Engineer FRIEND the Recruitment Team.
• The Blog you maybe built. Use it!
• Fully commented GitHub history (even when you F up).
• Show any badges or awards, you worked for them.
• Build a community or join a Discord and make it count!
• Youtube?
• Contribute and Share. Sharing is caring after all.
• Try to Social Engineer the Recruitment Team.
15. IT REALLY IS KEY!
NETWORKING
• I’ve “Met” some lovely people our chosen cyber
field.
• Everyone starts somewhere so take that first step
and keep going.
• My first step with Scott McGready was this:
Don’t worry it bit me in the ass 4 days later:
• Look at me now, I’m on the internet!
16. MOAR NETWORKING
NETWORKING
• Networking and connecting with others helps to get your name out there so people and
recruiters will remember you.
• Social Media can work for you (and not just as an OSINT tool).
“Growing is when you do something you’re not entirely comfortable with and working it out!”
– Ghandi probably.
• Throwing yourself at a popular Cyber Security conference as a speaker (if your confident
enough) may also help. Let’s find out together ;)
17. PART 2 SLIDE 3 : JUDGEMENT DAY!
NETWORKING
• Difficulty in finding ‘who to follow’.
• Try before you buy?
• Disinformation and what it can do to us n00bs.
• Phone a friend and sanity check.
• Trust @SwiftOnSecurity
Disclaimer: I had to add this slide as an extra with everything that has been going off this ‘grandé
#cyberawarenessmonth 2021’ with all the F12 Hacking and iOS 0-days/RCEs up the anus.
18. AND REFERENCES FOR YOUR HOST… ME!
LINKS
Slides and a Copy of this Video will be available via The Beer Farmers – I’m informed the
internet is on computers now!
- https://www.github.com/ha3ks
- https://www.linkedin.com/in/danielmurraysec
- https://tryhackme.com/p/ha3ks
- https://app.hackthebox.com/profile/50433
- https://ha3ks.github.io/
- Actual website is coming – Honest!
19. AND REFERENCES FOR THINGS IN THIS TALK.
LINKS
‘The Fiasco’ - EC-Council.
- https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/#
CEH, SANS and the money pit that is Cyber Training – H4unt3d Hacker #45 Chris Roberts
- https://youtu.be/hcrmwC9EfRk
CREST Exam Scandal
- https://www.databreachtoday.co.uk/exam-cheating-scandal-crest-finds-ncc-group-broke-rules-a-17394
- https://www.theregister.com/2021/08/27/ncc_group_crest_exam_cheating_scandal_statement/
F12 Hacking Charges
- https://tcrn.ch/3p6lizd
iOS 0-day
- https://appleinsider.com/articles/21/10/13/apple-quietly-fixes-zero-day-flaw-in-ios-1502-but-didnt-credit-its-finder
20. THANK YOU!
This page is to say thank you for this opportunity to try something new.
Networking and connecting with new people is what got me here, don’t be shy.
– as well as being attacked by the leaf blower gods.