4. My idea, inspiration, and why I’m
here
Evil hackers at Derbycon
Around the world in 80 cons
Jayson Street at BsidesCMH
(Columbus, Ohio) 2014
drwhom and support from
friends/community
11. Talk to people
• Talk to friends not in IT
• ….wait, not sure I have any
FEEDBACK!
12. Positive Feedback
“Amanda, our community is honored to have you in it.
Being part of the InfoSec community means sharing and
improving each other and those we care about, work with,
and work for.” @WolfFlight
“Interesting perspective..keep blogging!”
“insert more positive feedback here”
13. Negative Feedback
“This post was put together by a script kiddie.”
“As a former hacker, I read the first image, thought it was
retarded, didn't look at anything else, and downvoted.”
14. Questions & Stuff
“…Question: how does the average computer user know
which security software to use so they Don’t get hacked?”
“What are the different kinds of hats?”
“How do I know if software comes with spyware?”
“I thought all hackers were bad…”
“You mean people get paid to do that?!?!”
16. The White Hat
• “A white hat hacker breaks security for
non-malicious reasons”
• CEH, CISSP, OSCP, OSCE, CPTE, etc
• Blue, Red, Purple
17. The Black Hat
• A "black hat" hacker is a hacker who
"violates computer security for little reason
beyond maliciousness or for personal
gain“
• A.K.A
18. The Grey Hat
• “A grey hat hacker may surf the internet
and hack into a computer system for the
sole purpose of notifying the administrator
that their system has a security defect”
20. The Good
• DerbyCon 2011 raised over $13,000 for
the Hackers for Charity foundation, over
double that of other conferences. In both
2012 and 2013 they raised over $30,000!!
• BloodKode at Defcon continues to grow
and take blood donations.
• EFF
21. The Good cont.
• Anonymous catches pedophiles/cartels
• Takes down terrorist and hate group sites
22. The Good cont.
• Mubix runs #ProjectMentor for free infosec
hands on learning
• http://www.projectmentor.net/
23. The Good cont.
• Someone is sending me to training
• THANK YOU
• THANK YOU
• THANK YOU
• Support/guidance from the community
25. The Good cont.
Substance Abuse Help
http://www.room362.com/blog/2014/05/26/go-home-
infosec-youre-drunk/
“ShmooCon runs an AA meeting at the con”
http://nathanheafner.com/home/2014/05/29/infosec-i-
didnt-fly-accross-the-sea-to-see-you-mumble-and-
stumble-on-stage/
http://theocddiaries.com/well-being/drinking-at-security-
cons/
30. Step 1: Proactive Media
Organizing a con?
“A conference is just an admission that you
want somebody to join you in your troubles.”
- Will Rogers
31. Step 2: Don’t Be a Dbag
At a con or online
.
.
.
.
‘nuff said
32. Step 3: The big time
Local papers & TV
National news. Just mention it!
33. Step 4: Teh Webz
Social Media - Twitter, FB, imgur, reddit,
youtube, etc...
34. Step 5: Preach the word!
• Start talking about
– What we do
– What we protect
– Cool stuff in the community
35. Step 6: Get them involved
Start differentiating white/black hats
Secure their own data
Get other organizations to look into
security (http://solidmonster.com/)
36. Step 7: Distribute the information
• Canned responses
• Password guides
• Common sense security
38. Step 8: Show your passion
• Break out of your shell, hard to do but
worth it
• Eve Adams (@HackerHuntress): Attack
Paths: Breaking Into Infosec From IT Or
Other Totally Different Fields
• Cue awkwardness (@rattis & @secureholio)
40. Step 10: Man up
Don’t be an ass to normal users
“Your customer doesn’t care how much you
know until they know how much you care. ~
Damon Richards”
41. Sum it up
1. Include local media
2. No douchbags allowed
3. Mention it everywhere
4. Teh Webz
5. Social Media
6. Involve & Teach users
7. Canned responses
8. Talk to people irl
9. Pay it forward
10. Be nice to your users/customers