From a Black Hat to a
           Black Suit
How to climb the corporate security
   ladder without losing your soul.
      ...
Disclaimer:

I am employed, but do not speak
  for my employer as my
  employer seems to like to
  speak for me and wouldn...
I am a suit.
I know – you can hardly tell.
I wasn’t always a suit.
I wasn’t always a suit.

I used to be an artist.
I wasn’t always a suit.

I used to be an artist.
I had dreams.
I wasn’t always a suit.

I used to be an artist.
I had dreams.
I was counter-culture.
Now I commute.
Now I commute.

I read the business section.
Now I commute.

I read the business section.
I’m at my desk by 8.
Now I commute.

I read the business section.
I’m at my desk by 8.
You can be just like me.
Seriously.
Seriously.

You’d be surprised how
 interesting it can be.
How easily you can keep yourself
 out of an executive position
 forever.
And how much easier it can be
 to get into that elusive
 exclusive club.
And how much easier it can be
 to get into that elusive
 exclusive club.

             The CISO.
What do you want out of life?
What do you want out of life?

Do you want 40 hour weeks?
What do you want out of life?

Do you want 40 hour weeks?
What about 60 hour weeks?
What do you want out of life?

Do you want 40 hour weeks?
What about 60 hour weeks?
How does 80 hours feel?
Do you want to never be…
Do you want to never be…

On call?
Do you want to never be…

On call?
Where the buck stops?
Do you want to never be…

On call?
Where the buck stops?
Sleepless?
Your answers basically define
 your ability to get (or keep) a
 job in the corporate infosec
 world.
You will be trapped between:

¤ Boredom
¤ Terror
You’ll have weeks when:

¤ Finding 30 hours of work is
  work
¤ 80 hours isn’t nearly enough
You’ll be:

¤ Updating documentation
¤ Hunting for lost tapes
¤ Cleaning up after other people
¤ Underappreciated
Do you have what it takes to
 scramble all the way to the
 top?
Are you willing to stand up for
 your ethics?
Are you willing to stand up for
 your ethics?

Do you have ethics?
STEP ONE:
Getting the first real security job.
Probably as hard – or harder -
  than getting the last job.
Get your cred together.

¤ Resume
¤ Blog
¤ Google results
¤ Actual skill
Don’t forget about keyword
 filtering.
Don’t forget about keyword
 filtering.



And never lie on your resume.
Pay your dues.
Pay your dues.

Long hours.
Pay your dues.

Long hours.
Boring work.
Pay your dues.

Long hours.
Boring work.
Log review and metrics.
Pay your dues.

Long hours.
Boring work.
Log review and metrics.
Doing it the SANS way.
You’re here to survive.
You’re here to survive.

Build the resume.
You’re here to survive.

Build the resume.
Get involved.
You’re here to survive.

Build the resume.
Get involved.
Be a generalist.
Don’t be afraid of job hopping.
Don’t be afraid of job hopping.

Stay at least 1 year.
Don’t be afraid of job hopping.

Stay at least 1 year.
Big company.
Don’t be afraid of job hopping.

Stay at least 1 year.
Big company.
Small company.
Don’t be afraid of job hopping.

Stay at least 1 year.
Big company.
Small company.
Public sector.
Work on your non-technical
 skills.
Work on your non-technical
 skills.

Persuasion.
Work on your non-technical
 skills.

Persuasion.
Likeability.
Work on your non-technical
 skills.

Persuasion.
Likeability.
Cooperation.
STEP TWO:
Getting the first real
  management job.
Hey, hey!

You’re a team leader now!
Can you lead the team?
Can you lead the team?

Run interference.
Can you lead the team?

Run interference.
Maintain your skills.
Can you lead the team?

Run interference.
Maintain your skills.
File your personnel reports.
Infosec has very little to do with
  technology…
Infosec has very little to do with
  technology…

         … and everything to do
             with people.
Are you ready to give up hacking
 the machines?
Are you ready to give up hacking
 the machines?

Are you ready to start hacking
 the people?
How do you feel about
 organizational politics?
How do you feel about
 organizational politics?

Work with the HR people.
How do you feel about
 organizational politics?

Work with the HR people.
Manage the budget.
How do you feel about
 organizational politics?

Work with the HR people.
Manage the budget.
Get along with the machine.
Welcome to the 6th level of hell.
Welcome to the 6th level of hell.

It’s ok though.
Welcome to the 6th level of hell.

It’s ok though.

                   Really.
You’re building a reputation.
You’re building a reputation.

You get things done.
You’re building a reputation.

You get things done.
You know your material cold.
You’re building a reputation.

You get things done.
You know your material cold.
You’re a people person.
You’re building a reputation.

You get things done.
You know your material cold.
You’re a people person.
You know people w...
STEP THREE:
Getting the first real executive
         interaction job.
Clean up your language.
Clean up your language.

You’re on parade now.
I know you hate these soul-less
  bastards.
I know you hate these soul-less
  bastards.

They don’t like you very much
 either.
Resist the urge to go over to the
 dark side…

    … go on Luke, I know you
 can resist…
Speak their language.
Speak their language.

Articulate risks.
Speak their language.

Articulate risks.
Understand tolerance of risk.
Speak their language.

Articulate risks.
Understand tolerance of risk.
Bridge your experience with
  theirs.
Consider taking some business
 courses.
Consider taking some business
 courses.

Deal with the fact that you spend
 your time with guys named
 “Chet”.
Dress their way.
Dress their way.

Jokes on t-shirts are out.
Dress their way.

Jokes on t-shirts are out.
Business casual is a little too
  casual.
Dress their way.

Jokes on t-shirts are out.
Business casual is a little too
  casual.
Put the damn suit on already.
Reality smack time.
Reality smack time.

People will only listen to those
  who appear to be
  knowledgeable.
Reality smack time.

People will only listen to those
  who appear to be
  knowledgeable.

You’re wearing your knowledge.
You are under cover.
You are under cover.

They cannot know they’ve been
 infiltrated.
You are under cover.

They cannot know they’ve been
 infiltrated.
They do not understand you.
You are under cover.

They cannot know they’ve been
 infiltrated.
They do not understand you.
They do not want to understa...
STEP FOUR:
Maintain your soul.
Feed your inner hacker.
Feed your inner hacker.

The $50 RFID kit looks pretty
 cheap from $100 an hour.
Feed your inner hacker.

The $50 RFID kit looks pretty
 cheap from $100 an hour.
Adopt early.
Get the company to pick up your
 conference tab.
Get the company to pick up your
 conference tab.

Go early. Go often.
Play.
Play.
        Hack.
Play.
        Hack.
                Live.
STEP FIVE:
Avoid the traps.
They will try to get to you.
They will try to get to you.

Passive aggression.
They will try to get to you.

Passive aggression.
The dork treatment.
They will try to get to you.

Passive aggression.
The dork treatment.
Matrix management.
You may find yourself wanting to
 be like them.
You may find yourself wanting to
 be like them.

And you’re ok with that.
You may find yourself wanting to
 be like them.

And you’re ok with that.

I can’t help you. Please go enjoy
  the pool an...
Maintain your contacts.
Maintain your contacts.

Don’t be forgettable.
Maintain your contacts.

Don’t be forgettable.
Don’t be a jerk either.
Maintain your contacts.

Don’t be forgettable.
Don’t be a jerk either.
Get on the facespace.
Choose your ‘professional
 association’ carefully.
Choose your ‘professional
 association’ carefully.

I’ve found too many…
Choose your ‘professional
 association’ carefully.

I’ve found too many…

             … issues.
Mentor the new people – those
 who are back at STEP ONE.
Mentor the new people – those
 who are back at STEP ONE.

Even if you are busy.
Mentor the new people – those
 who are back at STEP ONE.

Even if you are busy.

Take the time.
STEP SIX:
 Arrival.
You’re probably ready for the
 C-Suite at this point.
You’ve built a reputation.
You’ve built a reputation.

You’ve created an opening.
You’ve built a reputation.

You’ve created an opening.

Write yourself a ticket.
The CISO job is not well
 articulated in most
 organizations.
The CISO job is not well
 articulated in most
 organizations.

Change an organization.
Then do it again.
Take over the world.
Send me a nice post card.
Questions and Answers.

         Email:
myrcurial@liquidmatrix.org
Upcoming SlideShare
Loading in …5
×

The Last HOPE - Black Hat To A Black Suit

1,213 views

Published on

You want it all. You can see the brass ring and you want to jump for it. But you're scared. You don't want to put on a suit and watch your soul shrivel like the spot price on RAM. There is another way. In this session, you will learn: why you want to do this to yourself, how to get the first job (which will suck), how to turn the first job into the next job (while still having fun), how to get the top job (sooner than you thought you could), and how to do it all without feeling like a corporate whore. You want to hack the planet? You've got to start somewhere.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,213
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Last HOPE - Black Hat To A Black Suit

  1. 1. From a Black Hat to a Black Suit How to climb the corporate security ladder without losing your soul. ~Myrcurial
  2. 2. Disclaimer: I am employed, but do not speak for my employer as my employer seems to like to speak for me and wouldn’t appreciate any opinion which I held which was not given to me by them.
  3. 3. I am a suit.
  4. 4. I know – you can hardly tell.
  5. 5. I wasn’t always a suit.
  6. 6. I wasn’t always a suit. I used to be an artist.
  7. 7. I wasn’t always a suit. I used to be an artist. I had dreams.
  8. 8. I wasn’t always a suit. I used to be an artist. I had dreams. I was counter-culture.
  9. 9. Now I commute.
  10. 10. Now I commute. I read the business section.
  11. 11. Now I commute. I read the business section. I’m at my desk by 8.
  12. 12. Now I commute. I read the business section. I’m at my desk by 8. You can be just like me.
  13. 13. Seriously.
  14. 14. Seriously. You’d be surprised how interesting it can be.
  15. 15. How easily you can keep yourself out of an executive position forever.
  16. 16. And how much easier it can be to get into that elusive exclusive club.
  17. 17. And how much easier it can be to get into that elusive exclusive club. The CISO.
  18. 18. What do you want out of life?
  19. 19. What do you want out of life? Do you want 40 hour weeks?
  20. 20. What do you want out of life? Do you want 40 hour weeks? What about 60 hour weeks?
  21. 21. What do you want out of life? Do you want 40 hour weeks? What about 60 hour weeks? How does 80 hours feel?
  22. 22. Do you want to never be…
  23. 23. Do you want to never be… On call?
  24. 24. Do you want to never be… On call? Where the buck stops?
  25. 25. Do you want to never be… On call? Where the buck stops? Sleepless?
  26. 26. Your answers basically define your ability to get (or keep) a job in the corporate infosec world.
  27. 27. You will be trapped between: ¤ Boredom ¤ Terror
  28. 28. You’ll have weeks when: ¤ Finding 30 hours of work is work ¤ 80 hours isn’t nearly enough
  29. 29. You’ll be: ¤ Updating documentation ¤ Hunting for lost tapes ¤ Cleaning up after other people ¤ Underappreciated
  30. 30. Do you have what it takes to scramble all the way to the top?
  31. 31. Are you willing to stand up for your ethics?
  32. 32. Are you willing to stand up for your ethics? Do you have ethics?
  33. 33. STEP ONE: Getting the first real security job.
  34. 34. Probably as hard – or harder - than getting the last job.
  35. 35. Get your cred together. ¤ Resume ¤ Blog ¤ Google results ¤ Actual skill
  36. 36. Don’t forget about keyword filtering.
  37. 37. Don’t forget about keyword filtering. And never lie on your resume.
  38. 38. Pay your dues.
  39. 39. Pay your dues. Long hours.
  40. 40. Pay your dues. Long hours. Boring work.
  41. 41. Pay your dues. Long hours. Boring work. Log review and metrics.
  42. 42. Pay your dues. Long hours. Boring work. Log review and metrics. Doing it the SANS way.
  43. 43. You’re here to survive.
  44. 44. You’re here to survive. Build the resume.
  45. 45. You’re here to survive. Build the resume. Get involved.
  46. 46. You’re here to survive. Build the resume. Get involved. Be a generalist.
  47. 47. Don’t be afraid of job hopping.
  48. 48. Don’t be afraid of job hopping. Stay at least 1 year.
  49. 49. Don’t be afraid of job hopping. Stay at least 1 year. Big company.
  50. 50. Don’t be afraid of job hopping. Stay at least 1 year. Big company. Small company.
  51. 51. Don’t be afraid of job hopping. Stay at least 1 year. Big company. Small company. Public sector.
  52. 52. Work on your non-technical skills.
  53. 53. Work on your non-technical skills. Persuasion.
  54. 54. Work on your non-technical skills. Persuasion. Likeability.
  55. 55. Work on your non-technical skills. Persuasion. Likeability. Cooperation.
  56. 56. STEP TWO: Getting the first real management job.
  57. 57. Hey, hey! You’re a team leader now!
  58. 58. Can you lead the team?
  59. 59. Can you lead the team? Run interference.
  60. 60. Can you lead the team? Run interference. Maintain your skills.
  61. 61. Can you lead the team? Run interference. Maintain your skills. File your personnel reports.
  62. 62. Infosec has very little to do with technology…
  63. 63. Infosec has very little to do with technology… … and everything to do with people.
  64. 64. Are you ready to give up hacking the machines?
  65. 65. Are you ready to give up hacking the machines? Are you ready to start hacking the people?
  66. 66. How do you feel about organizational politics?
  67. 67. How do you feel about organizational politics? Work with the HR people.
  68. 68. How do you feel about organizational politics? Work with the HR people. Manage the budget.
  69. 69. How do you feel about organizational politics? Work with the HR people. Manage the budget. Get along with the machine.
  70. 70. Welcome to the 6th level of hell.
  71. 71. Welcome to the 6th level of hell. It’s ok though.
  72. 72. Welcome to the 6th level of hell. It’s ok though. Really.
  73. 73. You’re building a reputation.
  74. 74. You’re building a reputation. You get things done.
  75. 75. You’re building a reputation. You get things done. You know your material cold.
  76. 76. You’re building a reputation. You get things done. You know your material cold. You’re a people person.
  77. 77. You’re building a reputation. You get things done. You know your material cold. You’re a people person. You know people who know people.
  78. 78. STEP THREE: Getting the first real executive interaction job.
  79. 79. Clean up your language.
  80. 80. Clean up your language. You’re on parade now.
  81. 81. I know you hate these soul-less bastards.
  82. 82. I know you hate these soul-less bastards. They don’t like you very much either.
  83. 83. Resist the urge to go over to the dark side… … go on Luke, I know you can resist…
  84. 84. Speak their language.
  85. 85. Speak their language. Articulate risks.
  86. 86. Speak their language. Articulate risks. Understand tolerance of risk.
  87. 87. Speak their language. Articulate risks. Understand tolerance of risk. Bridge your experience with theirs.
  88. 88. Consider taking some business courses.
  89. 89. Consider taking some business courses. Deal with the fact that you spend your time with guys named “Chet”.
  90. 90. Dress their way.
  91. 91. Dress their way. Jokes on t-shirts are out.
  92. 92. Dress their way. Jokes on t-shirts are out. Business casual is a little too casual.
  93. 93. Dress their way. Jokes on t-shirts are out. Business casual is a little too casual. Put the damn suit on already.
  94. 94. Reality smack time.
  95. 95. Reality smack time. People will only listen to those who appear to be knowledgeable.
  96. 96. Reality smack time. People will only listen to those who appear to be knowledgeable. You’re wearing your knowledge.
  97. 97. You are under cover.
  98. 98. You are under cover. They cannot know they’ve been infiltrated.
  99. 99. You are under cover. They cannot know they’ve been infiltrated. They do not understand you.
  100. 100. You are under cover. They cannot know they’ve been infiltrated. They do not understand you. They do not want to understand you.
  101. 101. STEP FOUR: Maintain your soul.
  102. 102. Feed your inner hacker.
  103. 103. Feed your inner hacker. The $50 RFID kit looks pretty cheap from $100 an hour.
  104. 104. Feed your inner hacker. The $50 RFID kit looks pretty cheap from $100 an hour. Adopt early.
  105. 105. Get the company to pick up your conference tab.
  106. 106. Get the company to pick up your conference tab. Go early. Go often.
  107. 107. Play.
  108. 108. Play. Hack.
  109. 109. Play. Hack. Live.
  110. 110. STEP FIVE: Avoid the traps.
  111. 111. They will try to get to you.
  112. 112. They will try to get to you. Passive aggression.
  113. 113. They will try to get to you. Passive aggression. The dork treatment.
  114. 114. They will try to get to you. Passive aggression. The dork treatment. Matrix management.
  115. 115. You may find yourself wanting to be like them.
  116. 116. You may find yourself wanting to be like them. And you’re ok with that.
  117. 117. You may find yourself wanting to be like them. And you’re ok with that. I can’t help you. Please go enjoy the pool and a refreshment.
  118. 118. Maintain your contacts.
  119. 119. Maintain your contacts. Don’t be forgettable.
  120. 120. Maintain your contacts. Don’t be forgettable. Don’t be a jerk either.
  121. 121. Maintain your contacts. Don’t be forgettable. Don’t be a jerk either. Get on the facespace.
  122. 122. Choose your ‘professional association’ carefully.
  123. 123. Choose your ‘professional association’ carefully. I’ve found too many…
  124. 124. Choose your ‘professional association’ carefully. I’ve found too many… … issues.
  125. 125. Mentor the new people – those who are back at STEP ONE.
  126. 126. Mentor the new people – those who are back at STEP ONE. Even if you are busy.
  127. 127. Mentor the new people – those who are back at STEP ONE. Even if you are busy. Take the time.
  128. 128. STEP SIX: Arrival.
  129. 129. You’re probably ready for the C-Suite at this point.
  130. 130. You’ve built a reputation.
  131. 131. You’ve built a reputation. You’ve created an opening.
  132. 132. You’ve built a reputation. You’ve created an opening. Write yourself a ticket.
  133. 133. The CISO job is not well articulated in most organizations.
  134. 134. The CISO job is not well articulated in most organizations. Change an organization.
  135. 135. Then do it again.
  136. 136. Take over the world.
  137. 137. Send me a nice post card.
  138. 138. Questions and Answers. Email: myrcurial@liquidmatrix.org

×