2018-009- Retooling for new infosec jobs, sno0ose, Jay Beale, and mentorship

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-009-internships-mentorships-retooling-finding-that-unicorn-pentester.mp3 Topics discussed: How Jay Beale (@jaybeale @inguardians) and Brad A. (@sno0ose) do mentorship and apprenticeship in their respective orgs. Best methods to retool yourself if you are trying to move to a new industry Why 'hitting the ground running' isn't the sign of an immature organization... Matt Miller's #Assembly and #Reverse #Engineering class $150USD for each class, 250USD for both classes Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd To sign up for both classes: https://paypal.me/BDSPodcast/250usd Tickets are already on sale for "Hack in the Box" in Amsterdam from 9-13 April 2018, and using the checkout code 'brakeingsecurity' discount code gets you a 10% discount". Register at https://conference.hitb.org/hitbsecconf2018ams/register/ Sign up for Jay Beale's class at Black Hat 2018: https://www.blackhat.com/us-18/training/aikido-on-the-command-line-linux-lockdown-and-proactive-security.html #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite   Join our #Slack Channel! Email us at [email protected] or DM us on Twitter @brakesec #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: [email protected] Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec SHOW NOTES:   Guests: Mr. Jay Beale Guest: Mr. Brad Ammerman @?????????   Announcements: RE/ASM class (Matt Miller) SeaSec East Meetup at Black Lodge Jay's class at Black Hat https://www.blackhat.com/us-18/training/aikido-on-the-command-line-linux-lockdown-and-proactive-security.html Slack channel "M3atshield"   What jobs are good segues into either blue or red teams/pentesting? SOC Analyst (network security, pcap, IR) SysAdmin (obviously) Cod devs (audits, binary analysis, they know the code internals) System architects (they know the nuts and bolts) Security architects (segue to red team, they know how to defend, threat analysis) Project management /management (client/customer facing, can understand the business side)   Journeyman pipelines vs. intern pipelines Different than interns = Already highly skilled in 'something' Code devs Physical security audit/compliance project/program management System admin Management "generalist"   Retooling can be difficult May be a paycut Fear of failure How do we alleviate that? (mentorship model?)   Companies looking for skilled people can't look for what they want Think in the bigger picture   Is not being able to see the value in a non-infosec person coming to the team a sign of immaturity in a company? The phrase "must be able to hit the ground running" Turn off for those wanting to make that change Feel they must already know the job   People should be considered as like a block of clay, not an immutable stone. People can change if they want to… 2 party comfort zone. Both the person changing role/title, and the company understanding where the person sits in the position.   mentorship/menteeship in an org