We’ve taken a long break from bringing on new rookies because we were working so hard to create an environment that would allow us work with all of the rookies more effectively.

THE PROBLEM

People generally became r00kies because they wanted to gain some experience in the IT Security field. When the r00kie groups were small – this worked perfectly. I’d meet with the rookies on Skype or on IRC a few times a week, give them tasks to do, and they’d put their work in dropbox.

As the word spread about the r00kie group we had grown to well over 70 r00kies and we were still trying to communicate with all of them via email and skype and still share files with Dropbox. This just didn’t work. Sharepoint and similar solution ideas were kicked around, and we even tried a few of them before eventually giving up on that direction as well.

The second thing that a project management system like Sharepoint didn’t address was helping r00kies actually document their experience as a r00kie so they could show potential employers.

So for the last few months we’ve been working on the new website IT Security Professionals (it-security-professionals.com). There were several goals that this site needed to accomplish:

1. r00kie group goals:
   1. Provide us with a project management solution so we could task r00kies with projects and track the status of those projects.
   2. Provide us with the ability for r00kies to collaborate on documents
   3. Provide us with a mechanism to allow r00kies to show what their contributions to the r00kie program have been
   4. IT Security Community Goals
      1. Provide us with a mechanism to give back to the IT Security Community
      2. Provide the IT Security Community with a vehicle to learn and keep up with the industry

The Website Concept

So for the last few months we’ve been working on the new website IT Security Professionals (it-security-professionals.com). It’s like a combination of LinkedIn, Facebook, Monster.com for IT Security Professionals only. It will allow you to learn the technical areas of IT Security for FREE, keep up with the industry, post/apply for jobs, and contribute to the industry as well.

There is a lot more to come so please check out the website, and give us feedback so we can make it better. If you’re looking to become a rookie – just join the website and then join the r00kie group there. Next week we’ll start organizing all of the r00kies and giving them tasks to complete.

Joe McCray

So far the rookie program seems to be going pretty well. It’s been 2 weeks now and we’ve got just under 30 rookies. They cranked out a lot of simple work over the past 2 weeks and already asked for some harder stuff. I gave some updated tasks to the senior rookies for them to hand out at tonight’s Skype call.

Looks like we have about 14 or 15 new potential rookies and I’ll be contacting them tonight.

Here is a sample of what rookies have been doing over the last 2 weeks:

http://network-pentest.com/2011/09/12/metasploit-fake-update/

http://network-pentest.com/2011/09/12/meterpreter-for-basic-post-exploitation/

http://network-pentest.com/2011/09/12/automatic-process-migration-with-meterpreter/

http://webapp-pentest.com/2011/09/12/metasploit-jsp-shells/

You can call it an internship, you can call it slave labor, or you can call it a bunch of hackers hanging out. The Security Rookies – aka – “the rookies” are a group of people that are interested in learning hands-on security concepts from Joe McCray. They are tasked with doing security research, writing documentation, proof-reading/editing IT Security courseware, and assisting on penetration tests and incident response engagements.

What is required:

• Regular meetings shall be held on Tuesdays and Thursdays via Skype. Best effort shall be made to attend. If one cant attend, prior notice shall be given to team lead asap.
• Special meetings may be held at any time when called for by the team lead. Best effort must be made to attend or otherwise obtain the information from the meeting.
• Agendas will include discussing assignments, penetration tests, etc …
• If more than two consecutive weeks are missed with no contact, team member shall be dismissed.
• Best effort to complete assignments by due date shall be made. Notify team lead of any expected delays.

What are the Benefits/Perks:

• Free access to IT security courses from Strategic Security (access granted based on work output)
• Joe McCray will pay for your certifications exams based on work output
• You may assist Strategic Security consultants on pentests,  and other security engagements

After 1 year of being a rookie with satisfactory work output – Joe will take you to conference (ex: Black Hat, Def Con) and pay the basic travel expenses such as Airfare, Hotel, and Meals.

If you are interested in joining – you can contact Joe McCray via email at: joe [ -at- ] strategicsec.com