Infosec Groups and hands-on experience

markulous

Not sure if this belongs here or the infosec forum...

So I had a meeting with my company's Infosec Director. I'm trying to find an "entry-level" (I use that term loosely) security job. He gave me a lot of good feedback. The SOC here is a bit more advanced than a typical SOC as far as duties (e.g. they aren't just looking at a screen and escalating everything), but he did say that he preferred to hire people that don't have much security experience. I told him I'm going back for my MSISA, still trying to get more infosec certs, subscribing to security feeds, following twitter/blogs, etc. But he said I should be a bit more active and get experience in other ways if I'm looking to break into the field.

He mentioned some groups like ISACA or ISSA and a couple of others as well as getting a malware lab going. I really appreciated the advice and will end up doing some of that.

My question to TE is, does anyone know any other good ways of getting good experience to leverage a job opportunity? With a full-time job, enrolled in my masters, and having a wife and two kids, time is a factor, so I'm hoping I can do a lot from home. The meetings for some of those orgs sound really interesting (e.g. a "capture the flag" hacking session) but it's difficult to be gone from my home for several hours.

devilbones

Have you looked into OWASP?

markulous

I have not but I'm looking at it now. Looks like there are projects and other stuff I can do to get my hands on. This looks great. Thanks!

bigdogz

YMMV with the various groups.

It sounds like your Infosec Director wants to mold minds. Maybe he wants you to obtain some hands on using a lab but not to rely on certifications as much. ISACA is more managerial and policy based and ttys to promote their certifications.
OWASP and ISSA can be more technical while ISACA is more policy based.
HTCIA is a good group of technical guys, but again...your milage may vary.

Start a lab as he suggested. It's odd he said malware because you need to have some programming knowledge....
You may want to find out the experience of the people in the SOC have and go from there.

I just bought a new laptop with 32 GB of RAM as it will be used to bring up other VM's and used for Pen Testing and Forensics.

Good Luck!

markulous

That's exactly what he sounded like (molding minds). He didn't seem overly arrogant or contrived in any way, so I thought it was a good thing for me at least.

I'll have to look at HTCIA and see how that looks.

The most interesting website he gave me was a Defcon group around here. Seemed like to be the best amount of information. Only downside is that it's a few hours for their meetings and it's really difficult to get away for that long with what's on my plate. Especially when it's a ways away, but I think I will try to do it.

I have zero programming knowledge but I think he recommended that just because it further shows my passion for getting into infosec. He said even if I had no clue what I was doing and failed on it, it'd show a lot that I was being more active with hands-on experience. I've done malware remediation before, but never tried to experiment with it too much or dissect it. I would imagine that unless he thought I was a poor employee, that if I told him I did all of this stuff that he recommended and went exploring more (rather than just certs and reading trends), I'd at least get an interview.

If not, then I think 6 months of doing this and having a CEH I should be able to go somewhere else and get a SOC, Auditing, or other Blue Team entry-level infosec job.

stryder144

Have you joined Infragard? They have meetings every other month or so, so the time away from family wouldn't be too bad.

danny069

How about doing a meetup group in your area you guys can practice offensive/defensive simulations with each other and use various tools.

markulous

He actually mentioned that. Have you joined that, stryder? I saw that there is a Denver chapter. I didn't see where a price was listed on their join page.

markulous

danny069 wrote: »

How about doing a meetup group in your area you guys can practice offensive/defensive simulations with each other and use various tools.

That's a good idea too. I wouldn't be able to meet up in person a ton but I can check on meetup websites.

stryder144

I have joined and it is free. Just took a few days to get accepted. Some on here said it took months to get accepted, though it shouldn't really take that long.

rudegeek

What-up guys. I'm in Denver as well.

I checked out the application for the Denver Chapter of the Infragard. Kinda threw me off that they ask for SSN. Is this typical?

cyberguypr

Yes. Remember this is lead by the FBI. They will run your info against all sorts of databases.

danny069

Yeah they will run a background check on you from since you were a baby in case you held up any candy stores and things of that nature. Of course, I am kidding about the candy store part.

markulous

I just applied. Said it can take up to 3 months. I've lived in a few counties so not sure if that will delay it. My record is clean though so maybe that will help.

devilbones

markulous wrote: »

I just applied. Said it can take up to 3 months. I've lived in a few counties so not sure if that will delay it. My record is clean though so maybe that will help.

I have moved 9 times in the last 17 years and it took me about a month to get accepted.

markulous

Then I would assume it'd take me about the same amount. I've moved probably a similar amount of times. Not sure how far they need to go back either though.

stryder144

The Denver office is pretty quick. I had numerous assignments in several countries over a 22 year period and my application was approved in less than a month.

Danielm7

I'm an infraguard member, took me at least 3 months to get accepted. Coworker said it can take up to 6 sometimes for our local branch.

markulous

I finally got accepted into InfraGard. Also got Splunk deployed at my home.

I'm trying to join some Capture the Flag events. I did find this site: https://trailofbits.github.io/ctf/ctf.html Anyone know of any good ones that are fairly entry-level? I think it'll be good experience and yet another thing I can put on my resume.

alias454

I'm sure you have seen this but a ton of good info on this thread http://www.techexams.net/forums/off-topic/51719-best-security-websites.html

Here is a short list of hacking war game sites (not all links work from the sites YMMV)
Resources ~ VulnHub
OverTheWire: Wargames
https://www.hacking-lab.com/
War Games. Current and past hacking simulators and challanges
And don't forget about the ton of information on https://www.owasp.org/index.php/Main_Page

stryder144

markulous wrote: »

I finally got accepted into InfraGard. Also got Splunk deployed at my home.

I'm trying to join some Capture the Flag events. I did find this site: https://trailofbits.github.io/ctf/ctf.html Anyone know of any good ones that are fairly entry-level? I think it'll be good experience and yet another thing I can put on my resume.

Security Use Cases with Splunk - InfoSec Resources

markulous

stryder144 wrote: »

Security Use Cases with Splunk - InfoSec Resources

You rock! Thanks for that, I'll get started tomorrow morning.

renacido

I think by "malware lab" which to me sounds vague (reverse engineering lab? forensics? malware analysis?) he probably meant a lab of VMs where you can put up an open0source or demo version of a bunch of standard security tools (fw, ips, siem, vuln scanner, kali, etc) and a vulnerable distro or 2 as victim machines and do some labs where you either run malware or some other type of exploit against the victim VMs and look for indicators of intrusion on the logs, packets, etc while also getting practice in using the offensive tools and techniques to generate the attacks. You get to run red-team and blue-team tactics in the safety of a lab environment and the whole thing can be set up with little to no money invested.

YMMV with the groups but there's a net benefit in being part of the infosec community as it were.

To me if I'm looking within other teams for potential hires for my SOC, someone who demonstrates a passion for security, enough to lab on their own and join these groups, is at the top of my list. Those who see infosec as a "jobby" not just a job make the best security pros. I'll take a non-certified IT pro who geeks over security and studies it on their own time because they have a true passion for it over a cert warrior any day of the week.

markulous

That makes sense. I really don't know much about reverse engineering malware, but me setting up a SIEM-like program such as Splunk and going through some stuff should hopefully give me a better understanding of things and make myself more marketable.

renacido

markulous wrote: »

That makes sense. I really don't know much about reverse engineering malware, but me setting up a SIEM-like program such as Splunk and going through some stuff should hopefully give me a better understanding of things and make myself more marketable.

Things you need for a kick ass security lab, with free versions (free or open source):

- Hypervisor (VirtualBox, Hyper-V (bare metal), KVM, Xen, VMware ESXi)
- Firewall/IPS (Pfsense, Sophos UTM)
- NIDS/HIDS (Security Onion)
- SIEM (OSSIM, Splunk)
- Pentesting platform (Kali 2)
- Vulnerability Scanner (Nessus, Nexpose, OpenVAS)
- Dev tools (compilers, editors, debuggers, IDEs) if you plan on creating your own exploits or tools
- Vulnerable systems to use as victims (Metasploitable2, vulnhub, webgoat)

That should get you started. Note that along with all the open source stuff there are home use or demo versions of commercial tools analogous to these.

markulous

Nice. I'll have to start with Security Onion in a VM and see if it's something I want to deploy on my home network.