How to Re-Awaken Your Inner Hacker

Wednesday, January 04, 2012

Rafal Los


Steps to Avoid Mental Stagnation - Or how to re-awake your inner hacker

Working in corporate IT can be mind-dulling, believe me I can sympathize.  If you're lucky enough to be a security researcher, penetration tester, or hands-in implementer of newest technology then you're one of the lucky ones - the rest of IT Security folks aren't so lucky.

The side effect of being employed to defend the corporate assets tends to be that you fixate on specific technologies or "tech stack" that belongs to your organization. 

If you're a Microsoft Windows shop, running SQL Server and other Microsoft-base products, with specific hardware you fall into the rut of thinking only how to defend those assets and from the specific perspective of the tools and processes available to you. 

Tunnelvision is easy to develop, but very difficult to shake - again I speak from experience.

What worries me is when you've been working in corporate IT for 10+ years in a single organization or a single organizational profile (education, finance, whatever) and you can't seem to break free of a specific train of thought. 

I've talked to people lately who work in a government sector organization and have been fixated on specific methods, tools, and technologies and when we talk about the bigger picture and other types of hacks that are out there - or even some of the more innovative stuff - their eyes widen and glaze over.  The scary part is that these are seasoned information security professionals with a decade or more of experience.

So what has happened to these once vibrant minds?  They've gone stale, fallen into a rut and lost their passion for learning new things... mostly out of necessity of working the same job every day, the same way, as it ever was.  To all of you who feel like this - I say it's time for something fun.

I encourage you to hit up a conference that's local, probably free (let me suggest Security BSides very highly) and will open your eyes back up to the world around you, and maybe kick-start that creative thinking again. 

Information security cannot be a population of sheep, zombies or whatever other metaphor we want to use - we must be the most innovative thinkers, the ones who truly do think different and always question everything. 

With that in mind - here are some things I recommend, your mileage may vary, some assembly required and batteries not included:

  • Attend a conference - start with one of your local Security BSides or DC (i.e. DC312, DC605, etc), or some other local group that holds semi-regular conferences.  OWASP is another great resource if you're into applications and development - but there are countless others... find one, attend, and open your mind again.
  • Participate - Don't just go to a conference, sit through, try not to fall asleep, and go home back to your existence.  Learn something, and take it home with you so you can build on it.  As a speaker nothing makes me more nuts than an audience who show up, stare, then just file out ... speakers love to talk, interact and share ideas - why aren't you taking advantage of that?
  • Find your "thing" - Everyone has something they particularly care about.  Maybe it's those self-checkout kiosks at your local retail outlet, the cellular modem-enabled traffic lights, cryptography, web applications or whatever ... find your thing and dig.  Dig and don't stop until you're satisfied you know everything there is to know and you've broken it every possible way... then start over and find another avenue.
  • Publish - If you want to really test yourself, publish some research.  I've met people who are really smart who have never published anything, and the exact opposite too.  Know that the best way to see how much you know is to publish something and subject it to other's comments, scrutiny, and thinking - you need to learn how to take criticism and adapt and adjust your thinking - this process is called learning.
  • Join the social media - There, I said it... Twitter is valuable.  Interact with other creative hackers, join a forum community, Twitter, IRC channels (for the brave) and other social media types of venues where people share ideas and communicate in real-time.  Hackers are a really tight-knit community and most of us are happy to tell you what we've learned to benefit from the collective addition of your brain power.

I hope this post inspires you to jump in and do something this year.  As most of us turned off our corporate brains for a while and let loose on the holidays - hopefully we stayed off the couch and stayed hungry... learn, hack, and expand your mind.

Cross-posted from Following the White Rabbit

Possibly Related Articles:
OWASP Hacking Innovation Information Security Infosec Professional Security BSides Conferences
Post Rating I Like this!
Javvad Malik Great post Rafal, spot on.

I'd just add that there isn't much excuse for people to not be able to learn as the tools and resources with which to learn and practise are freely available.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.