,
11 tweets,
4 min read
Read on Twitter
Earlier this year I transitioned from product into security. This is my #infosec story.
It all started about two years ago with the WannaCry incident (en.m.wikipedia.org/wiki/WannaCry_…). Some rando had stopped malware from spreading by buying up a domain name, and this legit blew my mind.
It all started about two years ago with the WannaCry incident (en.m.wikipedia.org/wiki/WannaCry_…). Some rando had stopped malware from spreading by buying up a domain name, and this legit blew my mind.
I thought you had to have serious 1337 chops to stop worldwide cyberattacks?? Apparently I’ve had it in me all this time?
Well that 'rando' happened to be on Twitter, and not only did he possess actual 1337 chops, but a wicked sense of humour to boot.
Well that 'rando' happened to be on Twitter, and not only did he possess actual 1337 chops, but a wicked sense of humour to boot.
I’m talking about the fabulous @MalwareTechBlog of course. Shortly after that I found @malwareunicorn, who is living proof that 1337 chops and fashion can go hand in hand (come to think of it, why the heck not). Then @SwiftOnSecurity, and down the security rabbit hole I went...
After a bit of digging around it became clear that no, it's not as simple as going around snapping up domain names. You need to know (or have an inkling of) how malware works, why it works that way, and how you can find out more about a particular specimen. Fascinating stuff.
And besides, security is much, much more than just malware. Many security incidents were made possible just because we're humans doing typical human things. We cut corners to meet deadlines, budgets or expectations, and unwittingly leave vulnerabilities all over the place.
So last year, I was given the opportunity to work on some security projects due to a shortage of staff. It was challenging but fun, and coming from a motley background in web dev/social media/ecom/support/payments/product/bd I could bring a lot of nuanced insight to the table.
We joked about me joining the security team, but everything was peachy so I brushed it off.
Furthermore, I never thought I'd be cut out for security. Sure, I've cracked passwords, messed around with servers and often read HN, but me, a hacker...nah, why rock the boat.
Furthermore, I never thought I'd be cut out for security. Sure, I've cracked passwords, messed around with servers and often read HN, but me, a hacker...nah, why rock the boat.
Fast forward to the end of the year, and a re-org is shuffling things up. Suddenly the invitation to join the security team looks pretty tempting.
I bring it up again, and this time it's for real! See pics in first tweet for proof (my shiny new business cards arrived this week!)
I bring it up again, and this time it's for real! See pics in first tweet for proof (my shiny new business cards arrived this week!)
Now I'm aware that I'm way behind everyone else and will have to play catch-up (got 60% on the Security+ pre-study exam, so I've been binge-reading @DarrilGibson & @professormesser et al).
That said, I'm super excited to join the #infosec community! Took 2 years but here we are!
That said, I'm super excited to join the #infosec community! Took 2 years but here we are!
You all are the best❤️ Ping me if you’re in town and I’ll take you out to bubble tea😄
Btw @LiveOverflow also has amazing content on YouTube, highly recommended
