From General IT Guy to Deep Technical IT Cybersecurity Expert | 4 Mentor Moments | 4 Tips


Hey! What’s up InfoSecAddicts! Joe
McCray here with another Mentor Moment Do you want to take your skills to the
next level? Do you want to be a deep technical IT security person? No, I don’t wanna be the “firewall guy”, no I don’t wanna be the guy creating VPN accounts, no I
don’t wanna be the guy doing alerts Tier 1 at the Security Operations Center, working at the SOC. No, you want to write malware or you want to analyze
Malware, you wanna write exploits, you wanna be a Pentester who’s really good at
bypassing you know EDR Solutions and web Application firewalls, and all that kind
of stuff, If that’s what you want to do you want to do deep technical IT
security? I think this video is gonna be the one that you need. Let’s get started!
I had a couple people who really kind of help me with getting over just being a
regular Security Analyst, working Tier 1 at the Security operations, doing network security stuff, being the Sys Admin who’s got some
security things in his job, but, you’re not a full-time security person, you know,
I was in those kind of job roles, and then, what did it take for me, to really,
kind of get there. The first thing: Going to hacking conferences and
participating in Capture the Flag events regularly, and then I actually started
hosting my own events I used to run a website called rootwars.org, and I learned so much, being involved in hacking competitions and hosting my own, quite frankly, I really wasn’t good enough to even play in my own I barely
could play, but, because I started hosting them I started getting so many people
playing, and each week, I would have to learn more just so I could even manage
the games, that really helped me, being around other people who are doing it at
security conferences, and then participating in these events, and then
starting to host my own, because I was hosting my own, I was the one who was
able to control the server’s, implement the login solutions in place, so that I
could get better at learning how people were doing stuff, why people
were doing stuff, and it helped me build a network of people I could ask. That
was the first thing, being involved in conferences and capture the flags and
then eventually hosting my own The second thing, I had a conversation with a guy, his name is Dino Dai Zovi Dino Dai Zovi, in our world, is like
Michael Jordan, this guy is like a beast when it comes to writing exploits,
and we were sitting at a bar at black hat and we were talking about, research &
development, he told me, he was like: Yeah Joe, I mean I always dedicate 20% of my week to R&D. 20% of your workweek? If you think if that’s a 40-hour
workweek he’s saying that he’s devoting at least one full day to research and
development so think about it if you’ve got a regular job right you’re a sys admin, network admin, Tier 1 security guy something like that, you want to move
into being a more deep Technical IT Security person, you’re talking about
dedicating outside of your job eight hours a week like a full man-day, every
week on those things I just talked about right? (the things from number one) that’s
a lot of time and for me, that was like this huge, huge, like, Oh my god! That
much? and over my career, I’d be lying if I told you I did that, I did do it, but, I wavered, you know? I had some years waisting a lot of time and had some years where I really kind of tapered off. I passed a lot of certifications and once I really kind of got a job and got better I kind of got
lazy I can’t lie and say I did it I really got lazy I had kind of one of those moments where it dawned on me like “you know Joe? Man you’re kind of being a hypocrite” like “You’re teaching all these classes but you’re not really willing to
get out and learn more yourself” The guy who really helped me with that was a guy
named the Vivek Ramachandran he’s the guy who runs
SecurityTube now called Pentester Academy, he’s spending hundreds of
dollars a month in books, so he can do all this research, and he can develop his
own content (at the time I don’t know if he does it anymore) it really kind of hit me like “God dog!” And I remember thinking of myself “you don’t feel like
doing that” buying 4, 5 hundred dollars a month in books, and doing my
own research, I want to do it, and then it kind of hit me, like, Man I’m
teaching and I expect people to put in the work to learn from me, damn! I really do have to do that right like what kind of hypocrite am I, right?
So, that was kind of one that really really kind of hit me. Another one was
from, guy’s name is Mario Ceballos, Mario Ceballos, MC in the Metasploit framework if you look through a lot of the Metasploit exploits especially the older
ones you’ll see MC and I would say in terms of someone who’s like really
instrumental and like helping me like figure out like this is what I wanted to
do. He really kind of helped me because at the time I had really never seen any
minorities doing this, I mean, you know you’re talking to early 2000s you’re
talking like 2003, 2004, I had never seen, somebody black, somebody
Hispanic, I never seen anybody doing this stuff, so, I didn’t know how to, I didn’t
know how to pursue it, I didn’t know how to be around it, I would, I would go to
conferences and I feel kinda out of place cause I’m the only black guy there
it’s all techno music and not that I don’t like techno, I do, but I like hip-hop, I li R&B, and, you know black people, we like to barbecue, like,
Yeah! These people don’t do the same things that I like to do, now with the
love of hacking it was the first place I had ever been where it was cool because
people didn’t care that I was black, that was the first thing that really attracted me to the hacking community, but, I would say that
the “not feeling” you know, like you with your people that that really was kind of
weird for me at first, and then he really kind of called me out, because I was like
big Dan Kaminsky “groupie”, I’ll follow all these speakers at Def Con and blackhat all over the place and ask them 50 million questions and take all these notes, you know, you will make fun of me, quite frankly, and Mario was like “Man you need to quit being a bitch”. What? he’s like “Yo man you need to quit being a bitch” Sit down, and do the work like if you want to be good at this there’s no
book that you can read, there’s no there’s no just asking somebody a
question, what do you need to do, is you need to sit down and do this, no one
comes out of the womb, knowing how to write exploits, no one comes out of the
womb knowing how to break into web apps you’re not born with it, it comes from
work you have to sit down and do it it’s not like I can ask a couple people, I can
mess around a little bit here and there if you won’t be good at this
you really need to sit down and do it and it is not gonna be fast, it is not
gonna be easy, it’s gonna be a ton of work, but, if you want to be good at
something that other people in the world not only are not good at, but, even have
trouble comprehending you’re gonna have to do things that they don’t do, and that
is really hard work on hard problems Man! I can’t thank him enough for not only
how much it chin check my pride but it was the catalyst for my career and it
really was. There was another guy from a hacking group called ghetto hackers his
hacker name was crocodile his first name was Tyler, Tyler was one who just kept
telling me, you need to make sure that you’re always working on technologies that automated tools aren’t solving the problem, so, whatever is the
security problem that, right now, we don’t have a tool for, that’s what you need to
be working on. Those were the key things that I felt like, really kind of
pushed me over the edge, and again I’m not saying like I’m some world-renowned
expert and I’m the best in the world, but, when I think back on my career, those
moments those you know four or five moments where the key things that really
kind of change my trajectory and change the way I look at security, and I hope that advice helps you. So, this is Joe McCray from InfoSecAddicts for
another Mentor Moment. You guys take care!

2 Replies to “From General IT Guy to Deep Technical IT Cybersecurity Expert | 4 Mentor Moments | 4 Tips”

  1. Time-Codes
    Do you want to take your skills to the next level?

    00:00

    Hands-on Approach. Interact with others in the Cybersecurity Field

    00:51

    R&D Research and Development. My conversation with Dino Dai Zovi and Vivek Ramachandran approach to R&D

    02:26

    Mario Ceballos [email protected]metasploit.com "Wake Up Call": "Sit Down and Do the Work!"

    05:10

    ghettohackers.net No Automated Penetration testing Tools Available? That's what you need to be working on!

    08:12
    Joe McCray's Python 3 Learning Challenge:
    ⬛ Do the whole Video Series from the Tutorial by @thenewboston

    🔗@thenewboston Channel:

    Python 3.4 Programming Tutorials

    http://bit.ly/2pSJsAL

    ⬛3 Nights per week

    ⬛3 or 4 Videos each Night

    ⬛State your Progress and feedback in the comments here: https://youtu.be/JZQLl2Plafw

  2. I'm glad I found your channel. I finally found a job in tech, help desk. Now I can focus on my cyber security skills and learn in depth. Now I need to learn how to do CTF

Leave a Reply

Your email address will not be published. Required fields are marked *