hackers are people too
TRANSCRIPT
My idea, inspiration, and why I’m here
Evil hackers at Derbycon
Around the world in 80 consJayson Street at BsidesCMH (Columbus, Ohio) 2014
drwhom and support from friends/community
Article made pretty
• http://imgur.com/gallery/n81cq
Positive Feedback
“Amanda, our community is honored to have you in it. Being part of the InfoSec community means sharing and improving each other and those we care about, work with, and work for.” @WolfFlight
“Interesting perspective..keep blogging!”
“insert more positive feedback here”
Negative Feedback
“This post was put together by a script kiddie.”
“As a former hacker, I read the first image, thought it was retarded, didn't look at anything else, and downvoted.”
Questions & Stuff
“…Question: how does the average computer user know which security software to use so they Don’t get hacked?”
“What are the different kinds of hats?”
“How do I know if software comes with spyware?”
“I thought all hackers were bad…”
“You mean people get paid to do that?!?!”
The White Hat
• “A white hat hacker breaks security for non-malicious reasons”
• CEH, CISSP, OSCP, OSCE, CPTE, etc• Blue, Red, Purple
The Black Hat
• A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain“
• A.K.A
The Grey Hat
• “A grey hat hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect”
The Good
• DerbyCon 2011 raised over $13,000 for the Hackers for Charity foundation, over double that of other conferences. In both 2012 and 2013 they raised over $30,000!!
• BloodKode at Defcon continues to grow and take blood donations.
• EFF
The Good cont.
• Mubix runs #ProjectMentor for free infosec hands on learning
• http://www.projectmentor.net/
The Good cont.
• Someone is sending me to training• THANK YOU• THANK YOU• THANK YOU• Support/guidance from the community
The Good cont.
Substance Abuse Help
http://www.room362.com/blog/2014/05/26/go-home-infosec-youre-drunk/
“ShmooCon runs an AA meeting at the con”
http://nathanheafner.com/home/2014/05/29/infosec-i-didnt-fly-accross-the-sea-to-see-you-mumble-and-stumble-on-stage/
http://theocddiaries.com/well-being/drinking-at-security-cons/
Step 1: Proactive Media
Organizing a con?
“A conference is just an admission that you want somebody to join you in your troubles.”
- Will Rogers
Step 5: Preach the word!
• Start talking about – What we do– What we protect– Cool stuff in the community
Step 6: Get them involved
Start differentiating white/black hats
Secure their own data
Get other organizations to look into
security (http://solidmonster.com/)
Step 8: Show your passion
• Break out of your shell, hard to do but worth it
• Eve Adams (@HackerHuntress): Attack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields
• Cue awkwardness (@rattis & @secureholio)
Step 10: Man up
Don’t be an ass to normal users
“Your customer doesn’t care how much you know until they know how much you care. ~ Damon Richards”
Sum it up
1. Include local media
2. No douchbags allowed
3. Mention it everywhere
4. Teh Webz
5. Social Media
6. Involve & Teach users
7. Canned responses
8. Talk to people irl
9. Pay it forward
10. Be nice to your users/customers