Feel free to ping me on Twitter etc.

Cheers…m

With regards to Twitter, I agree following too many people means you miss things, currently I’m only following people that either tweet things of interest to me or seem to have a good “reputation” on Twitter.

The challenges for Pen Testing is something on my list to try, and I will no doubt blog about my success and failures, I’m a patience person so I’m in no rush to have hundreds of hits (and the content isn’t there yet either). My blog is more like my own personal diary of how my “skills” are developing, if people read it all the better.

There aren’t any “local” security groups near me, but I intend to go to Defcon and possibly OWASP in London next year. I hadn’t heard of the InfoSec Mentor programme but I will have a look now.

I was actually having a look at the Offensive Computing courses, might see if I can convince work to pay for it..

Thanks for the reading book lists, some of those are on my list. I’ve been making a list of areas of InfoSec that I need to work on and then adding books to my list as I go.

Again thank you for taking the time to response to my comments.

Adam

>> I’ve never really worried about who follows me and who doesn’t, at the start maybe a little but I really don’t care. I don’t think I’ve ever asked anyone to follow me but I have had folk DM me, then unfollow so I couldn’t DM them back

I don’t like following too many people because I find that I miss so much from the people that I do want to follow. There are lists out there but again they’re subjective to the creator and many are full of “thought leaders” and “evangelists”, which IMHO isn’t a good thing and they’re not the people you want to follow. A lot of the time you get real “gems” out of really clever people who don’t have that many followers, nor do they care about having many.

On Twitter, you can comment on what others tweet as most folk are decent and will reply, engaging in a conversation Say enough interesting things and you’ll be followed. Similarly tweet links with your own comments & hashtags. This will most likely generate RTs etc.

I personally don’t follow people lists – it’s generally friends, friends of friends or folk who I feel are industry leaders and if any of that lot retweet something interesting, I’ll trial following the person who was retweeted.

Although I may not follow someone, I’ll always reply to a tweet to me, something a lot of so-called “security thought leaders” don’t do. Why? No idea, maybe their ego gets in the way? On the other hand, some sh!t-hot folk (who you imagine are incredibly busy) will go out of their way to help.

2. I have a blog, which although isn’t 100% security related will feature articles about Security, but then what? For example I was looking for a Pen Testers process flow diagram, Google was no help so I made my own, but who/how do I get it checked to see if it’s right before I blog about it?

>> I think you’re doing the right things but driving traffic to your site is difficult, especially when the people you want to read it are usually busy and many are trying to do the same thing as you whilst others are choosy over what they’ll read.

Have you thought about doing some of the challenges for pen tests or forensics on the web? You could the contests and post your solution on the blog after the challenge close date? That’ll generate traffic to your blog and usually get folk offering constructive criticism.

For me, I did a combination of the study route, was lucky enough to meet Brian Honan and got invited to be part of Iriss Cert, created HackEire, presented at local security meetings and posted links to what I did (as well as being fairly chatty on Twitter).

I’d recommend looking around where you live to see if there are any Security groups – Owasp, 2600, DefCon or even on the net, have you thought about applying to InfoSec Mentors as a mentee?

I think everyone’s different and you figure out along the way what works for you.

3. Courses – Are they worth it (I know hands on experience is best)? If so which one? SSCP, CEH, Security+

>> As I said on the blog, I’m a huge fan of SANS/GIAC and the ‘red aprons’, however, I do appreciate that they’re expensive I’d also look at the Offensive Computing courses, I’ve heard nothing but good about OCSP and OCSE (they are cheaper). I’d like to try them myself but if I do another course, it’ll most likely lead to a divorce!!

I don’t know enough about the others to comment though I’ve heard very mixed reports about the middle one.

4. Books – I’m reading 3 at the moment, but is there a book list somewhere? Or is it a personal choice?

>> On the HackEire blog about HackEire 2011, I posted some books that would’ve been useful for the CTF – http://www.hackeire.net/2011/11/hackeire-2011-ramblings-part-1.html.

Personally though, it’s a personal choice and if you want some guidance, you can’t go wrong with Bejtlich’s list – http://www.bejtlich.net/reading.html.

I’ve worked in IT for 15 years, I went to College but never University and I got my first IT role based on the fact I knew how to chain two hard drives together. Since then I’ve worked mostly in a Windows environment but I’ve done everything from helpdesk, 1st and 2nd line support, field engineer to project implementations. I class myself as lucky that over the years I’ve managed to build new HP blade environments from scratch, manage firewalls, VPN, wireless networks and I’ve spent the last few years helping build large e-commerce environments and managing the Citrix load balancers we have here.

I’ve always had a passion for IT Security, I blame it on watching the movie Sneakers when I was younger, but it’s not an area I’ve ever heard a job in.

So I’ve decided that it’s an area I want to build my knowledge and experience in, but necessarily to end up in an IT Security role (although that would be cool).

However despite a lot of time with my friend Google I’ve discovered it’s a hard area to break into, for some of the following reasons:

1. I have a twitter account and I’ve followed people that tweet about InfoSec but I can’t find any lists of who I should be following, and once I’ve found people, how do you get them to follow you?

2. I have a blog, which although isn’t 100% security related will feature articles about Security, but then what? For example I was looking for a Pen Testers process flow diagram, Google was no help so I made my own, but who/how do I get it checked to see if it’s right before I blog about it?

3. Courses – Are they worth it (I know hands on experience is best)? If so which one? SSCP, CEH, Security+

4. Books – I’m reading 3 at the moment, but is there a book list somewhere? Or is it a personal choice?

For me, the biggest issue isn’t learning the techniques, I can build VM’s, download software and play to my hearts content but surely it’s more about the Community and getting yourself involved and “known”. How does someone who wants to learn, tap into the people that already know? Is the InfoSec community a sharing community or is it closed to only those in the know??

Thanks.

Adam