So there was some minor drama at this year’s hacker summer camp (Defcon, BSidesLV, Blackhat). It appears to have been around a possible con from the group @InfosecN00bs (#n00bsec). You can read the full blog post on what went down here.
Essentially this started out as a group of “n00bs” trying to break into InfoSec. If you dig around they are not the first group of this type but what is interesting is they tried to start a crowd funding campaign to pay for certain members to attend the big cons. Well it was a big scam apparently, but we won’t go into that. This whole thing got me thinking and it is one of those topics that grinds my gears!
What is it to be a n00b in InfoSec? Well in truth, there really shouldn’t be too many. Infosec is not an entry level career. Many of us in the industry did not start here. We stumbled, fell, or accidentally opened the wrong door. But before all that we worked the help desks, built servers, created web sites, and told users to “turn it off and on again!” We started our journey learning how to do all these things. Some of us did them well enough to realize that these systems had flaws. At that point we decided to switch those gears into a security focused career. I still laugh at the fact that someone is paying me double to tell them the same things I told them years ago as a Sys Admin.
So what I am trying to get at is, that although we may have been new to the InfoSec industry, we were hardly inexperienced. We had a good deal of base knowledge to work off of. That is what is important when it comes to experience. Now for those entering the scene today, there is a wealth of information available. Many of the pros are willing to help new folks along, but they will not be there to hold your hand. You will need to work a bit. Do your own research, study the topics, and make your way out to the local community events. You don’t need to head right to Defcon, but maybe try a local Security BSides event or a meetup activity. This is not a career for those looking for a handout or in it just for the money. It is for those who will throw up a learning lab at home or a virtual lab on AWS just to try things out.
And some final thoughts… You are ultimately on your own when it comes to building your skills. But when you get stuck and google has failed you, reach out and someone will point you in the right direction. You can also reference my previous post to get a list of places to start. If a pro offers you guidance, accept it and thank them, maybe buy them a beer if you see them at a Con. But don’t get pissed if you try to pump them for more than they are willing to provide. They don’t have lots of free time to devote to mentoring. Rather why not follow them on social media or subscribe to their podcast or blog.
Go out there and learn n00bs! 😀