So I don’t think I’ve ever done a rant blog post, and to be fair there is no real reason behind this I just started thinking about it on the way into work (which is about a 10 minute drive). Shall we begin??
DISCLAIMER: I apologise in advance for any bad language used during this rant or the excessive use of “”.
A couple of weeks ago I had reason to tell someone (over email) a little about myself in an attempt to “sell” myself. It’s not something I like doing but sometimes you just have to. It made me realise that during the last 18 months that I’ve been “trying to get into Security” that I’ve actually achieved a lot so I hope this rant will help people who are in the same situation as me.
Community is King???
This time 2 years ago I would spend most of my downtime playing computer games, call it a lack of motivation, laziness or whatever but that’s what I did, then with some gentle pushing from my nearest and dearest I decided to start using my time to learn and develop. When you start with the goal of “breaking into Security” many people point out that the key to success is “the community” and it’s true but that can be the hardest challenge. If you don’t work in Security then some people will tell you it’s just a hobby and maybe they are right or maybe that’s just bollocks, it’s for you to decide and ultimately turn it into anything you want.
I’ll let you into a secret, I started this blog for 2 reasons, the first was to keep a record of what I’ve done and allow me to pat myself on the back for the number of visitors I get, the second was because I wanted to get noticed, I hoped that over time people would read my blog, follow me on twitter and allow me into their circle of InfoSec friends and maybe if I was lucky I might end up with a job out of it. Then I realised something, and some people might disagree but its my blog not yours..
“You don’t have to work in Security, to be in Security”
Not really groundbreaking is it but it’s important because well it’s the point of this post. Over the last 18 months I’ve done a fair few bits and pieces for “the community” I’ve met some awesome people, done some awesome things and have even more awesome things on the horizon and 98% of that was from the community. If people tell me Security is just my hobby my first reaction is to tell them to “do one” because I have hobbies and they don’t consume the amount of time I put into projects, blogging, helping with events. Hobbies don’t consume your time like this does, they don’t push you to go further, learn more, make yourself better and give you that feeling that you can make a difference. This isn’t a hobby, it’s not my career either but doesn’t make it any less, its part of who I am and always will be.
So if you are just starting in Security and find yourself a little unmotivated because you can’t find that dream Security job or you are finding the community a bit “cliquey” here are my top tips:
1. Write it and they will come – Remember that awesome blog post (not this one) you read about the latest exploitation technique? Or that tool you used? Someone took the time to write that and then out of the goodness of their heart gave it away for free to YOU. Don’t you think it would be nice to repay the favour?? Seriously if you just start writing code, making videos or writing articles people will find them, share them and slowly over time you will find yourself more involved in the community than you ever expected.
2. Twitter isn’t just about your latest bowel movement – Follow people on twitter, it’s a good way to find people who post all that useful stuff you read. Interact with them by all means but remember this.
To start with they will probably ignore you, won’t follow you and generally see you as noise on their timelines, but give it time and slowly you will get there. I get more followers from Twitter from blog posts/code release than just by talking to people, and just accept that some people are very picky about following back or even replying back if you mention them in Tweets.
3. You’re never alone – In the UK there aren’t a lot of conferences, CTF events and only limited events, if there isn’t anything in your area then start something, you want to be part of the community then sometimes you have to make it happen. If you want to organise a monthly Security focused meeting in your area then do it, don’t let people tell you can’t, because well you can. Even if only 1 other person turns up that’s 1 person you didn’t know who shares the same interests as you (unless it’s your mum).
4. It’s up to you – If you want to make Security just a hobby, then that’s fine. If you want to make it a career that’s awesome but it’s up to you to decide and more importantly it’s up to you to make it happen. Don’t let other people label what your passions, dreams or ambitions are, they are yours and no one elses.
OK that’s the rant over with. Thanks for listening.