This document summarizes Amanda Berlin's talk on hackers and the information security community in 5 parts. It discusses that while there are "black hat" and "grey hat" hackers, there are also positive aspects like "white hat" hackers who work to improve security, conferences that raise money for charity, and communities that help with substance abuse and mentoring. It provides 10 steps anyone can take to help improve public perception of hackers and information security, such as using social media to spread awareness, being respectful to others, and educating the public on basic computer security practices. The document encourages involvement in local media and computer user groups to differentiate ethical from unethical hacking activities and help more users protect themselves.

1. Hackers Are People Too
http://bit.ly/SvWVb0

2. Part I: Intro
Amanda Berlin
@InfoSystir

3. Stuff I do

4. My idea, inspiration, and why I’m
here
Evil hackers at Derbycon
Around the world in 80 cons
Jayson Street at BsidesCMH
(Columbus, Ohio) 2014
drwhom and support from
friends/community

5. Part II: The Prep

6. Getting it started

7. Article written

8. Article made pretty
• http://imgur.com/gallery/n81cq

9. Freak Out

10. Get the article out there
It was harder than I thought

11. Talk to people
• Talk to friends not in IT
• ….wait, not sure I have any
FEEDBACK!

12. Positive Feedback
“Amanda, our community is honored to have you in it.
Being part of the InfoSec community means sharing and
improving each other and those we care about, work with,
and work for.” @WolfFlight
“Interesting perspective..keep blogging!”
“insert more positive feedback here”

13. Negative Feedback
“This post was put together by a script kiddie.”
“As a former hacker, I read the first image, thought it was
retarded, didn't look at anything else, and downvoted.”

14. Questions & Stuff
“…Question: how does the average computer user know
which security software to use so they Don’t get hacked?”
“What are the different kinds of hats?”
“How do I know if software comes with spyware?”
“I thought all hackers were bad…”
“You mean people get paid to do that?!?!”

15. The Hacker
 All the hats

16. The White Hat
• “A white hat hacker breaks security for
non-malicious reasons”
• CEH, CISSP, OSCP, OSCE, CPTE, etc
• Blue, Red, Purple

17. The Black Hat
• A "black hat" hacker is a hacker who
"violates computer security for little reason
beyond maliciousness or for personal
gain“
• A.K.A

18. The Grey Hat
• “A grey hat hacker may surf the internet
and hack into a computer system for the
sole purpose of notifying the administrator
that their system has a security defect”

19. Part III: What’s Out There

20. The Good
• DerbyCon 2011 raised over $13,000 for
the Hackers for Charity foundation, over
double that of other conferences. In both
2012 and 2013 they raised over $30,000!!
• BloodKode at Defcon continues to grow
and take blood donations.
• EFF

21. The Good cont.
• Anonymous catches pedophiles/cartels
• Takes down terrorist and hate group sites

22. The Good cont.
• Mubix runs #ProjectMentor for free infosec
hands on learning
• http://www.projectmentor.net/

23. The Good cont.
• Someone is sending me to training
• THANK YOU
• THANK YOU
• THANK YOU
• Support/guidance from the community

24. The Good cont.
Thought Leaders

25. The Good cont.
Substance Abuse Help
http://www.room362.com/blog/2014/05/26/go-home-
infosec-youre-drunk/
“ShmooCon runs an AA meeting at the con”
http://nathanheafner.com/home/2014/05/29/infosec-i-
didnt-fly-accross-the-sea-to-see-you-mumble-and-
stumble-on-stage/
http://theocddiaries.com/well-being/drinking-at-security-
cons/

26. The Good cont.

27. The Bad

28. The Ugly

29. Part IV: What you can do
A.K.A. The 10 step program

30. Step 1: Proactive Media
Organizing a con?
“A conference is just an admission that you
want somebody to join you in your troubles.”
- Will Rogers

31. Step 2: Don’t Be a Dbag
At a con or online
.
.
.
.
‘nuff said

32. Step 3: The big time
Local papers & TV
National news. Just mention it!

33. Step 4: Teh Webz
Social Media - Twitter, FB, imgur, reddit,
youtube, etc...

34. Step 5: Preach the word!
• Start talking about
– What we do
– What we protect
– Cool stuff in the community

35. Step 6: Get them involved
Start differentiating white/black hats
Secure their own data
Get other organizations to look into
security (http://solidmonster.com/)

36. Step 7: Distribute the information
• Canned responses
• Password guides
• Common sense security

37. Step 7: Do it for the children!!!
• @Hak4kidz

38. Step 8: Show your passion
• Break out of your shell, hard to do but
worth it
• Eve Adams (@HackerHuntress): Attack
Paths: Breaking Into Infosec From IT Or
Other Totally Different Fields
• Cue awkwardness (@rattis & @secureholio)

39. Step 9: Surprise!!
Random acts of infosec

40. Step 10: Man up
Don’t be an ass to normal users
“Your customer doesn’t care how much you
know until they know how much you care. ~
Damon Richards”

41. Sum it up
1. Include local media
2. No douchbags allowed
3. Mention it everywhere
4. Teh Webz
5. Social Media
6. Involve & Teach users
7. Canned responses
8. Talk to people irl
9. Pay it forward
10. Be nice to your users/customers

42. Part V: Closing

43. YAY!
• If you enjoyed my first talk buy me a drink
(after talks of course)

44. BOO!
• If you didn’t you still can buy me a drink

45. Contact info
• @infosystir
• Infosystir.blogspot.com

46. Questions?
• Click to add text