Gain and maintain passion for infosec
I’ve had this post in the back of my mind for a while, but have held back as it is a quite a personal topic. When talking to anyone working in infosec one aspect remains constant from the rockstars at the top of the media game, the guys in the trenches or the newbies looking for a break; that constant is passion. Ultimately passion is what makes the difference between a job and a career, and in a world with the extra curricular requirements, continued professional development and somewhat crazy work hours that are related to the infosec world passion can be easy to lose and the daily grind results in the infamous burn-out. This makes it really important to have a few ways to remind you why you do what you do.
Looking back it’s easy to identify moments of my life that resulted in an interest for information security, even if the consequences weren’t obvious at the time.
Hackers (yes, the film)
Okay, I’ll come out of the closet on this one. When I rented the film this was my first introduction to the ideas of information security and the world of hacking. No, the film isn’t completely accurate, but what do you expect from Hollywood? What the film did do was start a burning desire to learn more, and as a kid geek who didn’t like the idea of being able to pull Miss Jolie with a laptop and elite skillz? As a result I spent the next few years Googling (OK, searching, Google wasn’t around at the time) hacking and reading any number of ‘how to start hacking’ files. Every now and then I still take the DVD from the box and re-watch the film that, for me, started it all. Hack-the-planet…
While this game was causing controversy at the time it was responsible for my learning computer basics and, in hindsight, the first time I circumvented access controls. The story is thus:
One Christmas (I was 8 ) my family got our first Windows PC (BBC Micro B with tape drive prior to this), after playing around and gaining my MCSE (Minesweeper Champion and Solitaire Expert) I found the icon for this thing called DooM on the desktop, and it was good. When parents spotted me playing it and reacted to the media controversy and removed the game (well the shortcut), a while later I’d found my way around an MS-DOS shell and was executing doom.exe from commandline. This lasted a couple of weeks before I was spotted again; after I was ‘persuaded’ to explain how I was still playing I had to teach my parents how to actually delete programs. Which did nothing but provide the opportunity for me to pick my first lock to get the install floppies from the disk box, but that’s another story.
One of many hacking related books I ended up reading in my initial search for information was Where Wizards Stay Up Late. If you’ve not read it the book documents the history of the internet, from the early days of DARPA onwards. For me this book provided the belief that computers could be a valid career path and contrary to my teacher’s belief at the time, not just something that kids play with. All self-respecting geeks should know the history of their craft and the people that made it possible, so if the names Licklider, Larry Roberts, Frank Heart, Honeywell or BBN mean nothing to you I strongly recommend that you pick a copy of the book up.
EH-Net was my first introduction to actually communicating with others doing infosec in the real world. The forums are an excellent source of information, discussion and support, and unlike many ‘hacker’ forums newbies and outsiders will be welcomed and supported as they find their feet rather than being ridiculed and ignored for asking ‘stupid’ questions. The support and discussions I received when I first became an active member of the forums gave me the belief and confidence that I could make an information security career a possibility, and I’ve made some great friends and contacts as a result. My biggest regret at the moment is that I don’t have enough time to be anywhere near as active in the forums as I once was, although I do intend to change this.
The best individual resource on EH-Net that I found for gaining and maintaining my passion for an infosec career is Don’s presentation DIY Career in Ethical Hacking. The slides and audio are here, I strongly suggest you take an hour to listen to the advice Don shares. In my case when I first heard the talk I took Don’s advice and had a serious look at my career and where I wanted to be in a few years; as a result I registered infosanity.co.uk a week later. I still listen to the audio every 6-12 months to ensure I can stay on track. Thanks Don 😀
Possibly on of the best known piece of ‘hacker’ literature was released in Phrack back in 1986. Written by ‘The Mentor’ aka Loyd Blankenship it provides a unique and hard-hitting explanation of why some hackers are hackers, and for the typically introverted geek can help explain some very deep feelings to those that don’t understand. For a number of years I have owned a copy of the DVD recording of Blankenship’s presentation at 2600’s H2K2 conference and always find it inspirational, the story of a kid that showed his parent’s the article and stated ‘this is how I feel at school’ really highlights the power the article can have. Whether you’re already familiar with the article or haven’t encountered it before I’d suggest both reading the original and listening to Blankenship’s recitation and discussion of the article here[.mp3].
That’s my list; whenever the daily grind starts getting on top I can always count on one of the above resources to remind me why I want a career in infosec, or more importantly why I want to turn my hobby and passion into a career.
If you’ve got similar stories, or additional inspirational resources to share I’d love hear them.
— Andrew Waite