Monthly Archives: February 2012

The Path to Infosec

The Path to Infosec

By: Edward Valenzuela

Information technology has always been an area of study that I have enjoyed. I have jumped around a bit with my college coursework from network administration for my Associates degree, programming for my Bachelors degree and I finally settled with information security and assurance for my Master’s degree.

Right before I decided to continue my education with my Masters degree I started to get into Infosec pretty heavy, reading and watching a lot of videos, understanding the concepts but not really knowing much. Most of the videos that I watched were of DEFCON talks, Jeff “The Dark Tangent” Moss’ CiscoGate talk (Defcon 15. 2007), Renderman’s “How Can I Pwn Thee? Let Me Count the Ways“ (Defcon 16. 2008), Iftach Ian Amit’s “Down the Rabbit Hole: Uncovering a Criminal Server“ (Defcon 17. 2009) and Joseph McCray’s “You Spent All That Money And You Still Got Owned…“ (Defcon 19. 2010)  really stood out, mostly because of the entertainment value in their talks.  (By no means is this some kind of plug for J0e, I firmly believe that that this talk was one of the more entertaining ones)

This is about the time that I hooked up with Joe McCray on LinkedIn and saw that he was putting on an online course called “Hackers Boot camp.” I had messaged Joe about it, gotten a response and was just waiting for the class to come up so I could enroll. Then I noticed that he was accepting interns to work for him. Initially I thought, the guys in Maryland and I’m in California, there is no way this is going to work. So I had the first phone call and was really surprised that the internship would actually work out, there was no real need to meet at a physical location to participate which was awesome.

The next step that I took was to hit up J0e and get some information, let him know that I was in fact interested in joining as an intern, and a few days go by. I get my first e-mail from J0e, outlining the responsibilities of an intern, expectations, communication methods and so on. Our first task is outlined, pretty easy Linux stuff followed up with reading infosec blog posts and writing about a page on what we read as a demonstration of competency on our part. By no means did this prepare me for what I was getting myself into and the insane schedules that would be to follow.

After all of that we have our first scheduled Skype call which was run by a few of the more senior guys on J0e’s team. This is where we find out just how big this internship is and how difficult it is to manage. After J0e accepted the initial interns we had somewhere around 75 individuals. Now I don’t know if you have ever tried to have a Skype call with that many people but there are two problems with this: first you cannot have that many people on Skype (think the limit is 50), and for some reason people do not know how to mute their microphones which makes for a very problematic conversation. In short, disorganized chaos was in full effect.

About three weeks from receiving the initial e-mail from J0e we get tasked on our first assignment. We are tasked out with compiling an open source intelligence (OSINT) report for a client. The true madness really begins here. This was tasked out to all 75+ interns via e-mail and was told to be completed as soon as possible. I tend to have this innate ability to of picking the absolutely most difficult tasks that exists and this was no different. Not having much knowledge about doing an OSINT report I went for something I felt I could contribute to the group. I volunteered for compiling the report based on the information from all of the interns. This turned into a giant time-sink/nightmare for me. By the end of the second day I had to dig through over 150 emails to compile the report and when it was completed it sat right about 45 pages. This seems to be the norm for interning, getting an insanely large document done in a time-frame that, in normal circumstances, just would not happen. If you are looking forward to interning with J0e I would caution you, be prepared to get an e-mail at three in the morning telling you to get something done by tomorrow.

Some of my favorite videos from :Sources
Moss. J. (2007) CiscoGate. via Jeff “The Dark Tangent”  Moss – CiscoGate
Renderman. (2008) How Can I Pwn Thee? Let Me Count the Ways. via Renderman – How Can I Pwn Thee? Let Me Count the Ways
Amit. I. (2009) Down the Rabbit Hole: Uncovering a Criminal Server. via Iftach Ian Amit – Down the Rabbit Hole: Uncovering a Criminal Server

Joseph McCray – You Spent All That Money And You Still Got Owned…