hackers are people too
TRANSCRIPT
Hackers Are People Too
http://bit.ly/SvWVb0
Part I: Intro
Amanda Berlin@InfoSystir
Stuff I do
My idea, inspiration, and why I’m here
Evil hackers at Derbycon
Around the world in 80 consJayson Street at BsidesCMH (Columbus, Ohio) 2014
drwhom and support from friends/community
Part II: The Prep
Getting it started
Article written
Article made pretty
• http://imgur.com/gallery/n81cq
Freak Out
Get the article out there
It was harder than I thought
Talk to people
• Talk to friends not in IT • ….wait, not sure I have any
FEEDBACK!
Positive Feedback
“Amanda, our community is honored to have you in it. Being part of the InfoSec community means sharing and improving each other and those we care about, work with, and work for.” @WolfFlight
“Interesting perspective..keep blogging!”
“insert more positive feedback here”
Negative Feedback
“This post was put together by a script kiddie.”
“As a former hacker, I read the first image, thought it was retarded, didn't look at anything else, and downvoted.”
Questions & Stuff
“…Question: how does the average computer user know which security software to use so they Don’t get hacked?”
“What are the different kinds of hats?”
“How do I know if software comes with spyware?”
“I thought all hackers were bad…”
“You mean people get paid to do that?!?!”
The Hacker
All the hats
The White Hat
• “A white hat hacker breaks security for non-malicious reasons”
• CEH, CISSP, OSCP, OSCE, CPTE, etc• Blue, Red, Purple
The Black Hat
• A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain“
• A.K.A
The Grey Hat
• “A grey hat hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect”
Part III: What’s Out There
The Good
• DerbyCon 2011 raised over $13,000 for the Hackers for Charity foundation, over double that of other conferences. In both 2012 and 2013 they raised over $30,000!!
• BloodKode at Defcon continues to grow and take blood donations.
• EFF
The Good cont.
• Anonymous catches pedophiles/cartels• Takes down terrorist and hate group sites
The Good cont.
• Mubix runs #ProjectMentor for free infosec hands on learning
• http://www.projectmentor.net/
The Good cont.
• Someone is sending me to training• THANK YOU• THANK YOU• THANK YOU• Support/guidance from the community
The Good cont.
Thought Leaders
The Good cont.
Substance Abuse Help
http://www.room362.com/blog/2014/05/26/go-home-infosec-youre-drunk/
“ShmooCon runs an AA meeting at the con”
http://nathanheafner.com/home/2014/05/29/infosec-i-didnt-fly-accross-the-sea-to-see-you-mumble-and-stumble-on-stage/
http://theocddiaries.com/well-being/drinking-at-security-cons/
The Good cont.
The Bad
The Ugly
Part IV: What you can do
A.K.A. The 10 step program
Step 1: Proactive Media
Organizing a con?
“A conference is just an admission that you want somebody to join you in your troubles.”
- Will Rogers
Step 2: Don’t Be a Dbag
At a con or online
.
.
.
.
‘nuff said
Step 3: The big time
Local papers & TV
National news. Just mention it!
Step 4: Teh Webz
Social Media - Twitter, FB, imgur, reddit, youtube, etc...
Step 5: Preach the word!
• Start talking about – What we do– What we protect– Cool stuff in the community
Step 6: Get them involved
Start differentiating white/black hats
Secure their own data
Get other organizations to look into
security (http://solidmonster.com/)
Step 7: Distribute the information
• Canned responses• Password guides• Common sense security
Step 7: Do it for the children!!!
• @Hak4kidz
Step 8: Show your passion
• Break out of your shell, hard to do but worth it
• Eve Adams (@HackerHuntress): Attack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields
• Cue awkwardness (@rattis & @secureholio)
Step 9: Surprise!!
Random acts of infosec
Step 10: Man up
Don’t be an ass to normal users
“Your customer doesn’t care how much you know until they know how much you care. ~ Damon Richards”
Sum it up
1. Include local media
2. No douchbags allowed
3. Mention it everywhere
4. Teh Webz
5. Social Media
6. Involve & Teach users
7. Canned responses
8. Talk to people irl
9. Pay it forward
10. Be nice to your users/customers
Part V: Closing
YAY!
• If you enjoyed my first talk buy me a drink (after talks of course)
BOO!
• If you didn’t you still can buy me a drink
Contact info
• @infosystir• Infosystir.blogspot.com
Questions?
• Click to add text