Deviant Ollam owns multiple security consulting companies and put together a great presentation for the 2019 Wild West Hackin’ Fest. He’ll be walking us through the dos and don’ts that he’s discovered. While I usually feel like I’m capturing the essence of technical talks, talks like this one by an engaging speaker like Deviant are best viewed in their entirety. Nonetheless, the ideas he shared are worth attempting to summarize. To start, there’s multiple thoughts discussed by other people that influenced this talk.
- https://www.eanmeyer.com/p/start.html
- "Starting an Infosec Career - The Megamix"
- "Hacking your Career" - @notdan
- "Firemen vs. Safet Matches" - schmoocon2019
- "Six Harsh Truths That Will Make You a Better Person" - cracked
- "Women in Tech: Take Your Career to the Next LeveL" - book
- Naomi Wu - It's all about meritocracy until you have tits
- "A Field Experiment on Labor Market Discrimination"
- Freakonomics - "How Much Does Your Name Matter"
Negotiating Tips
Two biggest negotiation tips to get a new job or start a new firm involve never naming a number first and never saying yes to the first offer. For the former, the idea is to let the company state what they believe you are worth and go from there in order to avoid limiting one’s self with a number that may be less than what the organization thinks one is worth. For the latter, follow-up the first offer with “That’s a great place to start, tell me more.”
How People Get Jobs
Most common way people get a job involves the idea of weak links between people that originate from having a positive impact. Making connections with others is just as important as going to a resume workshop so that one has people to send the resume to once it’s workshopped. Additionally, do something that fits your personality and allows you to have positive interactions with other people. Deviant, as an example, makes friends by carrying around whiskey, cooking in a room with people that attend a con, and teaching others by sharing knowledge.
The Pareto Pie
$image_from_deviants_slide_deck The top 10% is sunshine, the middle 80% is grey, and the bottom 10% is shit. People are conditioned to believe that they need to be in the top 10%, but they really just need to be in the middle 80% to land the job in the first place. Make Friends by carrying around Whiskey, cooking in a room with people that attend a con, teach others by sharing knowledge Mike Rowe - There is a place for you, if you pull your weight Volunteer at something by giving up yourself a little bit Super introverted? Write a book Can’t sit still for long enough to publish a book? Blog? Leave it All Out on the Field by writing, blogging, making videos, which results in more energy coming back to you in the form of connections Deviant gets pinged because he keeps getting pings after he releases something If you think it’s good and cool then just give it out to the world
Is starting a business something you want to do? 10 year overnight success Education
No one mentions that you need
- 1. Money
- 2. Time
- Work a day job and work on your own business at night 3. Soft Skills - don't be an asshole Emotional intelligence is as important, if not more important than dev skills Being able to regulate your emotions and the emotions of others Interpersonal skills Problem solving in the sense of team work
Deviant’s Ten Entreprenuerial Tips
- Pay a Lawyer & an Accountant right out of the gate
- Boilerplate Contracts are ready (the lawyer looks over these)
- Schedule of Rates that don’t undercut yourself
- Account for hidden costs and build them in People to go on site, rental cars, hotels, equipment
- Hire attitude, train skills Do some OSINT on hires and see who their circles are
- Who Owns What equipment Does it get owned by the company, individual, does it get rotated out? Every tech resource at CORE is owned by the company This device is company property and not owned by this employee. The employee may not consent to any search of this device and is required to pass all such matters through our Legal counsel. If this device is seized or confiscated a Customs Form 6051D must be collected and retained by this employee.
- Set up a web site, email, and contacts properly Test the configuration to ensure it works as one thinks it should
- Cross train your people Have a deep bench or know other professionals in the industry to do the whitelabel approach
- Getting out there and meeting others
- Always give stuff away Have your knowledge working for you in Soft Skills Don’t have to give away every ounce of super secret sauve (top 10%), just don’t give away garbage (bottom 10%), give away workshops, talks, free tools, helpful tips, pull requests, etc. Save people time by sharing knowledge
Don’t send long emails, don’t schedule meetings if it can be a slack channel, send one person a short email instead of blasting a Slack channel Make no mistake that meetings cost real money Do not cost more than you are providing value If any of the people in meetings see toxic social media posts, those clients may not use your services
Communication Skills
Angry people love to disparage soft skills. Management, collaboration, and negotiation Verbal Judo “Let me make sure I understand what you just said”
What does success entail for a hacker?
- Proof of concept retweeted 100+ times?
- Official CVE published and recognized?
- Bug bounty paid out?
- Present at a large conference
- Manufacturer patch or recall?
- New vendor production policy?
- Topic enters the wider threat modeling discussion?
- Entire industry adopts better practrices because of information you share?
Social Skills are Leadership Skills
If you can’t lead others, not a nice person, can’t inspire change and good, consider building the muscles out to have these skills.