For several months we have been profiling experienced security practitioners as well as those still getting started. Our reasoning is simple - there is no one surefire way to gain the experience and knowledge necessary to thrive in the world of cybersecurity. Nearly everyone has a different path - some are PhDs while others barely made it out of high school. Some had deeply technical backgrounds while others stumbled into security out of pure curiosity. Even with the lack of a defined path, we’re hoping that these profiles help individuals figure out the best path for them.
Luckily, as we profile more people we start to see more trends emerging. Online resources like our Cyber Range and Hack The Box have been discussed as great places to learn. Attending events that have introductory courses and Capture the Flag (CTF) competitions helps to build skill sets. But one point that is common to almost everyone is becoming part of a community. Whether it’s a local OWASP chapter, DEF CON group, or virtual CTF teams, everyone we work with has found that being part of a community has been an invaluable experience.
Our team was lucky enough to see the early stages of an OWASP group resurrection when we hosted a CMD+CTRL Cyber Range session for OWASP Nashville. After months of effort, Mark Geeslin, Joel Tomassini and Casey Rosini have rebuilt a solid group fueled by the red hot tech community in Nashville. Among the participants in the group is Kevin Bailey (aka Frostedmonotony) who despite a lack of security experience finished in the top 5 of all participants at our event. We asked Kevin to provide some background and recommendations for others that may be interested in building up their security skill set.
SI: How did you get interested in hacking?
Frostedmonotony: I started by breaking into my parents' Windows 98 machine to play games after they had gone to bed, and it evolved into a hobby after watching the movie 'Hackers' in high school. I became a Student Webmaster for my high school's website and would leave notes on the IT team's computers telling them how I got in again. It is now quickly becoming a passion of mine.
SI: How long have you been coding? What interested you in learning to become a developer?
SI: Can you tell us a little bit about Vanderbilt’s Coding Bootcamp?
Frostedmonotony: Vanderbilt's Bootcamp Program has shown me how to understand a lot of new material quickly and use that material to build an ever-growing skill set. When the dust settles and it is finished, I will be a certified Full-stack Software Developer. This will enable me to build front end websites and applications as well as the backend database and server operations required to run the sites. After I am finished with this class, I will be pursuing my OSCP certification and then continue to expand my certification library. It is impossible to know how to do too much!
SI: How did you learn about the Cyber Range event at OWASP Nashville?
Frostedmonotony: Through my instructor at my Bootcamp, Brandon. His coworker is the OWASP chapter president and my class was invited to join.
SI: Did you feel nervous or concerned about participating in OWASP events like the Cyber Range? What would you recommend to others who might feel nervous about a new experience like this?
Frostedmonotony: I was very nervous about the competition in the beginning since many classmates, Security Mavens, Senior Engineers, and Team Leads were my competitors. Initially I chose to team-up with a classmate and hit the ground running, but halfway through I was on my own. By the end of the competition I achieved 4th out of 30 competitors. The competition was very intense but very exciting!
SI: What would you recommend to others who are interested in learning how to think like an attacker but don’t know where to start?
Frostedmonotony: To start thinking like a hacker, consider that everything might be a hidden doorway. Somewhere there is a backdoor in, you just have to find it! You need to know what you are getting into before you try and break it. ALWAYS DO YOUR RECONNAISSANCE!
SI: What else would you like the world to know about learning through hacking?
Frostedmonotony: In a world where everything is becoming computerized, everything is also becoming more vulnerable. The more information someone can find, the more dangerous they can become. Hacking is beneficial in showing where holes are so you can go in and patch the holes up to prevent future data loss.
Many thanks to Frostedmonotony for his insight into the world of new hackers, and to the OWASP Nashville chapter for including our team in their events.
And if you're in the Tampa area, be sure to join us for a CMD+CTRL Cyber Range session in partnership with OWASP Tampa on June 27th. Space is limited so register now!