I did a thing!

January 04, 2019 by Timothy De Block

I bought a C922 Pro Stream Webcam at Best Buy last week (thanks for the price match!). I’ve always been intrigued by streaming, but was never able to pull the trigger. That changed last week. I figured why not! Plus, I can try using it for the podcast.

If I can get affiliated (need followers and interaction in chat), I can start making money. With that money I intend to donate it to a monthly charity. I’m guessing this could take a while as I build an audience, however, it’s something I consider a goal in 2019. If Twitch is your thing, I’d greatly appreciate that support!

Check out the Twitch channel.

2018-12-26 23_10_38-We are OSINTCurio.us – Helping the OSINT community stay curious.png

Curious about OSINT?

December 27, 2018 by Timothy De Block in Media

Check out https://osintcurio.us/. It’s a new site authored by several pretty well known names in the industry. How it got started is a mystery (how I got invited is even more of a mystery).

I’m really excited for the site. There are already 11 posts on the site (including my origin post), including one about Python and how to use it for OSINT purposes. As with other communities I’ve contributed to, there’s a lot of excitement to start. Then it dies off. I don’t think this is the case here. There’s a lot of people involved that are really into OSINT. Most of them are regular contributors. I hope I can match their energy for this site.

BSides Nashville 2014. One of the first pictures I took for the security community.

How to increase your chances of breaking into infosec

December 19, 2018 by Timothy De Block in Experiences

Get involved with the infosec community. That’s it. I’ll elaborate.

The best way to get hired for a security role is to know someone. The key part of that sentence is the, “know someone” part. That requires getting out there and doing things within the community. That can be a variety of things:

Contributing to open source projects.
Become an active member of a niche community in the field (OMG the slack channels out there). Writing a blog post.
Producing a podcast.
Attend a conference.
Shooting pictures at a conference.
Volunteer at a conference.
Speak at a conference.

These are all the things I’ve done. I also see people doing things like:

Twitch streaming.
Writing a book.
YouTube channels.
Singing.

Find something you’re really passionate about (not infosec) and bring it to the field. For me it started with photography. I’ve always liked taking photography. I have a media arts degree and took some photography courses (so I kind of not what I’m doing). I reached out to a BSides organizer to see if they’d be okay with me coming and shooting some pictures at the conference. That one contribution, eventually led me to my current place of employment (and I absolutely love what I’m doing).

It was BSides Nashville. One of the organizers works at the place I’m currently employed. They were looking for an AppSec guy, so told her AppSec guys. I luckily knew one of those AppSec guys and as a matter of fact had just started an OWASP Chapter with that AppSec guy. You never freaking know when things will connect for an opportunity*.

* I met my wife, because we saw someone we knew on the highway at 80 MPH. A story for another time.

Prior to that I would look for a job via online postings. At one point it took me 15 months to find a new job. I got into security via a job posting, so there is a path that way. It’s just not the most efficient. I got my next security role, because I had helped start a monthly local user group meetup. The CISO was looking for a few good security people. That local user group has gotten several other opportunities. Mostly because of who you know; partly because it looks really good on a resume. It looks like you’re engaged.

Everyone has a different path. What increases the chances is getting out there. Contributing without expecting anything in return. Showing that you can provide value to someone else. What are your strengths and passions? Now bring that to the infosec field.

Application Security resources for beginners

October 29, 2018 by Timothy De Block in Technology

This is a continuation of my resource series of posts. Application security is the field I found a lot of interest in. This despite coming from the operations side of IT not development. Using the resources below I was able to get a job in application security.

Websites:

I first realized I had an interest in appsec after reading a Troy Hunt post. Not only were things explained well, but I was also paying attention to every word in his blog posts. He has since branched out to more breach related content as the creator and maintainer of Have I Been Pwned. Still he has a lot of good appsec content. He has several courses on Pluralsight for beginners plus. He also does a weekly podcast that’s worth checking out.

The Open Web Application Security Project (OWASP) is the go to resource for AppSec. It’s a massive non-profit organization that has tons of projects, knowledge bases, cheat sheets, and more. There might even be a local OWASP chapter. There’s annual conferences to attend (I’ve never been). It’s the resource I recommend for people starting out.

Podcasts:

DevelopSec
Application Security Podcast

James Jardine puts on the DevelopSec podcast. The podcast is targeted at developers. It’s also consumable by security people. This podcast doesn’t release on a regular schedule. The Application Security podcast is also targeted at developers. It releases in seasons.

Training:

The first bit of AppSec training I got was the SANS SEC542 Web Application Penetration Testing and Ethical Hacking. It’s a lot of AppSec information, concluding with a Capture The Flag (CTF) exercise. I’d try to get your organization to pay for this as it’s several thousand dollars.

The Practical Web Application Penetration Testing course is a Tim Tomes course. He’s a former SANS instructor who puts on this training several times throughout the year in public and for organizations. It’s a great affordable course that Tim tries to keep up to date with relevant information.

Finding my place, again

October 22, 2018 by Timothy De Block in Experiences

I started writing another Finding my place post. Two paragraphs in I decided to check my website. Yup, I already wrote the post (how embarrassing would that have been?). That post was written in early August, almost two and half months ago. I think I’m still trying to find my place. The Mike Shinoda song at the top of the post is something I play on a daily basis (maybe every day or two). It’s a really good song and something that expresses how I’m feeling.

I’m still trying to find my place. I am taking more time for myself. I’m spending more time with the family. I’m not sure that’s been the best option for me. I have a five and nine year-old and boy can they wear an adult out (much love to the wife). I spent last week on PTO playing video games and watching baseball. I hopped on the computer after putting the kids down and I don’t really feel like playing video games right now. I’m taking a step back.

I have a strong urge to write. A strong urge, apparently, to write something I already wrote (and here we are).

I’m not really sure what I’m expecting out of this post. I think, I’d like to highlight that not everyone has it figured out. I have a kick ass job. A podcast that’s growing. I drink a little more than I should (On number three and feeling good). I probably don’t spend enough time with the wife and kids. I don’t know where I want to go from here. I’m just kind of making it up as I go.

Writing feels good and maybe that’s part of it. I have a need to be productive. If I’m not, I’m not satisfied. That comes at a cost though. It comes at a cost to my personal time. It comes at a cost to my family time. It’s a catch 22!

I’m trying to take a step back right now. I feel like I have those goals in video games. In Overwatch it’s weekly quests and getting my 10 placement matches in. In WoW it’s unlocking allied races that I can then also get to max level (120). I like doing that stuff, but it’s personal goals. It doesn’t benefit anyone else but me. I like benefiting others. It’s why I volunteer at conferences. It’s why I’ll be on my feet for 12 hours a day at DEF CON for the SE Village. I came back more refreshed from DEF CON more than I did any other conference.

That wears on me too though. The constant serving others. I’m trying to find that happy medium. Maybe that happy medium is a fantasy. Maybe life is meant to be these struggles. I feel ashamed that my struggle is being in such a good place. I guess that’s life.