Finding your infosec tribe
Many people get into cyber security because they look at the dollar signs $ and think “yup this is the way to make some money”. And that’s cool. However, if you are reading this, I am hoping you are thinking “this sounds like a good time”. To me there are two types of people in this career: the 9 to 5ers and those who dive into cyber security (information security) as a lifestyle. If you are going to be spending at least 40 hours a week doing something you may as well enjoy it.
The two types of people have important distinctions and you can tell the difference between people who love what they do and those who do because it’s just a job they have. Those who truly enjoy the work talk about various subjects all the time, non-stop to the point of annoyance for everyone around them. Expect of course others in this same category. The 9 to 5ers just talk about it when they are working but often avoid those topics as much as possible at work preferring to speak about everything else in the world. Nothing is wrong about being in either of these categories but I’m just saying I like surrounding myself with passion. And if you want to grow quickly in the field, those are the types of people you should be hanging around as well.
If you are in Love with the ole cyber security, you don’t have to be alone in this endeavor. There are others out there ready to talk and collaborate such as myself. Twitter is a great place to find enthusiasts. Check out:
They often release great blogs, guides, resource collections and all things cyber. You could probably spend your time on Twitter reading tweets and link articles, and just grow tremendously as a practitioner.
Other places our ilk gather are conferences. No you don’t have to spend tons of money to go to Def Con although that is a good time. Check out this [link] for a list of infosec conferences in the U.S. If your not in the states check [here]. These conferences are great because practitioners are sharing research, ideas, collaborating, and who knows maybe meeting some future long-time friends. I have met loads of great people at these events. The after parties are also a great way to let your hair down and just have some nerd chat over a few beers and if you are new, I found that everyone is always willing to share.
Depending on what you find interesting there are some great groups out there and some Slack channels to join.
Bug Bounties – https://www.hackerone.com/hacker101 , https://medium.com/@ehsahil/getting-started-in-bug-bounty-7052da28445a
Forensics - https://blog.demisto.com/digital-forensics-and-incident-response-community-resources
Reverse Engineering - https://www.reddit.com/r/ReverseEngineering/
Find you tribe and have fun wherever it may be. I even encourage you to blog about your journey as you skill up in all things cyber.
One thing I really enjoyed was learning from people that had already travelled the path that I was on. Not only did they have knowledge that I did not currently possess but they could explain it in ways that I would understand; pretty much working from the same point of reference. The problem I would sometimes run into when I read articles by experts or people that had just been in the industry a while, is that they were so far advanced and didn’t really see things the way I did. Newbie blogs are awesome for this. You could be helping someone find that resource you spent hours and maybe even days looking for. The internet is so massive and there are so many resources, you are helping curate that list would be amazing. Not to mention the blog could be part of your resume or help you find some new friends. Employers like looking at your works and seeing how active in the community you are could be a huge bump.
Another great point about documenting your journey is that by actually writing and trying to explain a topic, you are further solidifying the knowledge in your brain. Making those neural connections much deeper. For me it even helps me organize my notes and thoughts. That is probably one of the toughest things in the space: maintaining all the things you will learn, a constant battle indeed.
And finally go to meetups in the local area. Depending on the size of the city you live in, there could be a couple of regular meetups or several. Even if you don’t see any InfoSec specific, check out developer-oriented groups or just any technology related groups. Every discipline has something to offer you. The better you understand the technology you are protecting, the better you can protect it. Make’s sense, right?
Hopefully this helps motivate you to get out and learn more. Be a part of my tribe and just have some fun. If you have any questions, feel free to comment and check out the YouTube channel. I am just starting to figure things out with that platform, so bear with me. Until next time…
Your comment will be posted after it is approved.
Leave a Reply.