Mar 19, 2018
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-009-internships-mentorships-retooling-finding-that-unicorn-pentester.mp3
Topics discussed:
Matt Miller’s #Assembly and #Reverse #Engineering class
$150USD for each class, 250USD for both classes
Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing
Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd
To sign up for both classes: https://paypal.me/BDSPodcast/250usd
Sign up for Jay Beale's class at Black Hat 2018: https://www.blackhat.com/us-18/training/aikido-on-the-command-line-linux-lockdown-and-proactive-security.html
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
Join our #Slack Channel! Email us at bds.podcast@gmail.com
or DM us on Twitter @brakesec
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec
SHOW NOTES:
Guests: Mr. Jay Beale
Guest: Mr. Brad Ammerman @?????????
Announcements:
RE/ASM class (Matt Miller)
SeaSec East Meetup at Black Lodge
Jay’s class at Black Hat
Slack channel
“M3atshield”
What jobs are good segues into either blue or red teams/pentesting?
SOC Analyst (network security, pcap, IR)
SysAdmin (obviously)
Cod devs (audits, binary analysis, they know the code internals)
System architects (they know the nuts and bolts)
Security architects (segue to red team, they know how to defend, threat analysis)
Project management /management (client/customer facing, can understand the business side)
Journeyman pipelines vs. intern pipelines
Different than interns = Already highly skilled in ‘something’
Code devs
Physical security
audit/compliance
project/program management
System admin
Management
“generalist”
Retooling can be difficult
May be a paycut
Fear of failure
How do we alleviate that? (mentorship model?)
Companies looking for skilled people can’t look for what they want
Think in the bigger picture
Is not being able to see the value in a non-infosec person coming to the team a sign of immaturity in a company?
The phrase “must be able to hit the ground running”
Turn off for those wanting to make that change
Feel they must already know the job
People should be considered as like a block of clay, not an immutable stone.
People can change if they want to…
2 party comfort zone. Both the person changing role/title, and the company understanding where the person sits in the position.
mentorship/menteeship in an org