Getting Ahead in Information Security

Leave a comment

getting ahead

(Originally Posted on the VIA Resources Blog here.)

Advancing your career in information security, let alone getting a job in it in the first place is challenging and sometimes overwhelming at best. It can often feel like an exclusive club that is hard to break into, and the “elder statesmen” of the community distant and aloof. With these kind of barriers where do you even start to try and network and make contact with people who could not only progress your career but also start it?
The real answer at first appears flippant; if you want to be a part of a community you need to engage with it and join in. Obviously, that is harder than it seems, so here are three ways you can help yourself to getting ahead in Information Security:

1. Start attending the many free events that are held every week.
There are plenty of these around, you just have to look for them, such as (ISC)2 and ISACA events, plenty of sponsor driven events and community driven events. Europe’s largest information security event, Infosecurity Europe is a free three day event which not only gives you access to all of the vendors out there, but also an excellent education programme. Traditionally on the same week there is also BSides London, a free one days event, although this one is ticketed. Not in London? Then consider BSides ManchesterSteelCon and SecuriTay. Seek them out and you will find them. Not in the UK, then Google is your friend.

2. Attend some of the bigger, paid for conferences.
Obviously this is not always easy, especially given the price of the tickets and the whole reason you are reading this is that you need a job! All of these conferences require a huge amount of effort and willpower to get them to run smoothly on the day, and many of them require… volunteers. 44CON has one of the best volunteer crew programmes I have come across, with plenty of perks available. By volunteering for these events you are not only showing yourself to be a stand-up member of the community, willing to help out and contribute, but you will also get unprecedented access to the attendees, speakers and organisers. They are yours for the networking!

3. Contribute to the community.
This could be anything from volunteering (above), blogging, tweeting, offering to speak, writing articles for the various community news outlets, in fact anything that gets your name out there. Submit in the variety of Call for Papers (CfP) and you normally get a free ticket, and sometimes travel expenses paid too. Depending upon your grammatical and public speaking skills, this could be very tough but who said progressing your career was easy? Being able to articulate your personal opinions on the often very contentious issues in the industry is an excellent way of improving your ability to assimilate, process and form your own opinions and views for the benefit of the community. What better way of getting known in the industry?

All of the above require time dedication and effort, but since this is your career we are talking about, are these too much to ask?

That was the week that was; InfoSec Europe, BSides and the Security Bloggers Network

2 Comments

?????????????????????????????????????????A lot of good stuff has already been written about this last week with regards to BSides London, InfoSecurity Europe and the Security Blogger awards, so this post is a personal recollection after the haze of too many late nights, early mornings and good times.

Tuesday 29th bought BSides London, and once again the volunteers surpassed themselves; it retained two tracks but definitely felt expanded with the workshops and a new location for the rookie track. The organizers should feel rightly proud of what they have done, and those of you who didn’t turn up on the day (and therefore denied others of a ticket) should take good long look at themselves in the mirror.

photo 5

The Danger Zone Dream Team

I had to spend the afternoon over at Infosecurity Europe as I was on a panel titled “One big threat to cyber security: IT Geeks can’t talk to management” alongside Dwayne Melancon and Stephen Bonner. It was only 25 minutes long but I felt we managed to push a lot of good advice and takeaways into it, and the conversations continued afterwards in the hallway. I even managed to get a reference to Kenny Loggins into one answer, something I feel rightfully proud of.

BmZdYWHIIAAf1Lq.jpg-large

Joseph & Ian rocking the BSides Rookie Track

photo 1

Trying to look young again…

Then back to BSides to see Joseph Gwynne-Jones speak on the rookie track. I was mentoring Joseph this year, and to be honest I found it very challenging as Joseph is profoundly deaf; we couldn’t speak in the run up to BSides and could only communicate over email and Twitter. I advised as best I could, reviewed slides etc, but what was crucial was the ability of his interpreter being able to effectively communicate the jargon etc on the day. Given Joseph wouldn’t meet him until the morning of the conference this would be quite a challenge. As it turned out Ian Hodgetts  did a marvelous job, and was also on hand to interpret into British Sign Language (BSL) of all of the talks Joseph went to. We believe this is a first for an info security conference. Joseph obviously did an absolutely cracking job and I was able to spend some time with him and Ian afterwards talking about what else we could do in the future to improve further. It was an eye opener for me, and an absolute education in how important it is to communicate clearly and effectively in these kinds of conferences to absolutely everyone who attends. At the after party I was able to wear the hoody that was generously given to me by the Abertay Ethical Hacking Society, and feel like a student again (if not look like one).

photo 4

Best Personal Security Blog

Wednesday bought Infosec Europe again after a few early morning meetings, (including some scheming and rubbing of hands with invisible soap with the good folks of 44CON at the 44Cafe – I can’t wait for September!) but the highlight was of course the Security Bloggers Awards. Between me and Host Unknown I was up for eight awards in total, and came away with the award for Best Personal Security Blog, again! I was both surprised and touched that I was able to get this award again. Host Unknown didn’t fare as well unfortunately, but I can guarantee that the next twelve months will put us in a very strong position for next year, both at the European awards as well as the USA awards at RSA. Unfortunately Andrew was indisposed to help us collect a Host Unknown prize (that we didn’t win).

BmobKKsIgAAdZfj.jpg-large

Confirming what everyone already knew

(I have said this before but will say it again, everyone who is not only involved but also nominated for the blogger awards represents the very best of our industry in that they are all contributing their time and expertise to the community; I can’t recommend enough that if you are reading this that you also read their blogs too. Also, none of this would have happened without Brian Honan, Jack Daniel, Tenable, Tripwire and Firemon; thank you all.

Thursday bought another panel, this time in the Keynote Theatre with a panel on “Risk and control: Effective risk assessment methodologies to drive security strategy and investment” (alongside Vicki Gavin, Paul Haywood and moderated very well by Dave Clemente. It was a good, vibrant session and with plenty of questions both during and after the session.

photo 2

Inspired by the success of the CI Double SP film, we create a band called “CISS (P)”

A selfie, with a very famous CISO of Restricted Intelligence

A selfie, with a very famous CISO of Restricted Intelligence

Finally for the afternoon I got involved in only what can be termed a “flash mob” for Twist & Shout (as soon as that is released I will show it here!) and then got engrossed in the hallway track with the likes of Shan Lee, Quentyn Taylor, Peter Stephens, Jim Shields, Dave Lewis, Wim Remes, of course my conference partner in crime Javvad, and the lovely folks of Eskenzi and Acumin.

If there is one thing that is apparent form the above it is that any conference week is only valuable from the people you meet there. This list must be barely 10% of the people I shook hands with, shared a drink or said hello to, all of whom influence me to one degree or another. Whatever your thoughts on the infosec conference scene, this aspect alone is what makes it worthwhile. Apologies to anyone and everyone I have missed out.

InfoSecurity Europe is a show that has gone from strength to strength over the last few years, with the education programme improving; combine this with an excellent BSides London Conference, this week in Europe is one to look out for (although next year Infosec Europe and BSides will be from 2nd to 4th June at Olympia).

A late start back to 2014

Leave a comment

YEAR+IN+REVIEW1This time last year I posted a WordPress summary of my blog and stated I was going to focus on “growth” for 2013. Fortunately WordPress sent the same summary as last year and so I am very pleased to say that I have achieved that, certainly in regards to posts, content and followers.

It was a hugely busy year as regards me and this growth, with just some of the highlights including;

* Establishing Host Unknown alongside Andrew Agnes and Javvad Malik, and making a start in showing that security education really doesn’t have to be dull.
* The opportunity to be a mentor to Gavin Holt for the Rookie track at BSides. Gavin is an extremely talented and intelligent InfoSec professional and I was thrilled to have been able to help him present.
* The inaugral RANT conference and being able to play a part in the day for the lovely people at Acumin.
* Presenting at RSA Europe again.
* Getting involved with The Analogies Project, curated by the very talented Bruce Hallas,  in addition to being asked to be a regular contributor to the Iron Mountain Information Advantage blog.
* Winning Best Personal Security Blog at the inaugral European Security Bloggers Awards.

Combine the above (just the tip of the iceberg) with a dramatic increase in followers of the blog and of Twitter and an increase in the number of requests to present I am extremely pleased with 2013.

The word for 2014 therefore is “maintain”. Much as I would like to grow last years levels of activity it did cut into my day job quite considerably so I need to be a little more selective in my activities. That said, I have already presented at Securi-Tay3 in Dundee and have another one for the 451 Group in a few weeks. I will post something about Securi-Tay3 in a few days time when the videos have been published.

There are so many people to thank for the success of 2013, some of whom are mentioned above, but there are many others out there to whom I thank; I have very much been fortunate enough to stand on the shoulders of giants, allowing me to grow as a professional in the infosec field.

(View the full WordPress blog report here)

Moving forwards I have plenty of thoughts for content for this blog over the coming months so stay tuned for more details, and thank you for following me in 2013!

One Award, Two Conferences and a Surprise in the Works

5 Comments

IMG_2138IMG_2153I am just returning from a very full three days in west London for the annual infosec conference season. I will do my best to name as many of the wonderful people I met throughout all three days, both new and old, but if I miss a namecheck or two, forgive me, let me know, and I will rectify immediately!

Tuesday bought the kick off of InfoSec Europe. After a quick run round to get some schwag  and chat with a few key vendors I had lunch with Cindy (@cindyv), Dwayne (@thatdwayne), Jitender (@jitenderarora), Javvad (@j4vv4d) and Brian (@brianhonan) to chat about RSA Europe and our proposed submissions. This was quickly followed by a couple of panels in the Keynote theatre (one moderated by Javvad) and then some good gossiping with Brian and Neira (@neirajones) before heading off to one the two award ceremonies of the night.

Well goodness, gosh and golly!

Well goodness, gosh and golly!

It was at this point the evening took a somewhat surreal turn. Having been nominated for Best Personal Security Blog at the inaugural European Security Bloggers Awards, I was both deeply honoured and supremely surprised to win!  I was also very proud to see Javvad pick up two awards as well. To say that the evening started to blur somewhat from that point on would be an understatement, but I am glad to say that the award itself did make it home safely. I did spend quite some time talking with Dwayne and Jack (@jackdaniel), predominantly about the mysogeny that still manages to find its way into infosec trade shows through booth babes that were supposedly banned form this years infosec show (looking at you ForeScout…) and then about possibly spinning up a BSides in India. Jack proved what a class act he was by offering to advise anyone who would be willing to take on this mantle in India, something I am hoping to encourage. I will be posting more on the awards in the next few days but suffice to say a huge thank you to Brian and Jack for making these awards happen.

Wednesday bought BSidesLondon. Whilst I was very disappointed not to have been able to speak it did take the pressure off considerably and I was able to enjoy a few good talks

Javvad and his heroes

Javvad and his heroes

(javvad and Stephen Bonner, @stephenbonner) and some great conversations with friends and colleagues. Max (@hoolers) if you are reading this, I apologise unreservedly for not getting around to having the chat I promised! I also managed to meet my “rookie” for the Rookie Track, Gavin (@gavinholt), as well as a great chat with Leron (@le_rond). Halfway through the afternoon I had to head back to InfoSec for my a panel I was a part of on BYOD and Consumerisation. This went very well, was entertaining and informative in my opinion, and despite two attempts at distracting me by Geordie Stewart and Andrew (@sirjester) completed without incident!

View from the panel

View from the panel

A quick visit to the RANT forum (@rantforum) was followed by a couple of drinks at the BSidesLondon after party and then an early night.

Thursday bought a couple of early meetings including Bruce to discuss the Analogies Project (@analogies) which is always a pleasure. I then formally went on vacation…

The rest of the day was taken up with filming for a project I am involved in with Javvad, Andrew and the very talented Jim (@jimshields) of Twist & Shout. More of that to follow in the coming few weeks but I am incredibly excited at what this project may bring not just to me personally but also to the infosec community as a whole (for instance, a sense of humour…).

After dinner with @secwonk, @gattaca, @turbodog, @anthonymfreed, Cindy, Javvad and Andrew, a weary but very satisfied Mr Langford returned home.

Highlights

  • Winning the Best Personal Security Blog Award
  • Thursday afternoon (see above)
  • ForeScout’s apparent admittance that they needed booth babes to help sell their product

Lowlights

  • Missing Gavin’s presentation because of a scheduling conflict
  • Not finding myself spoilt for choice for presentations to attend at BSides – I thought the choice was predominantly technical and not as broad as last year. Still a great conference, well run and with a huge amount of talent; just less applicable to me this year.

More Thoughts on BSides London 2012

Leave a comment

A very quick post to spotlight the excellent talking heads reel posted recently by Javvad. Given I will very shortly be posting the video of my presentation from there I won’t waste space going over the excellent event again, suffice to say the devilishly handsome chap at 0:35 and 2:37 sums it up nicely!