Randomly, I’ve been asked by people how I got started in the security world, specifically within IT. To be honest, it’s a little amusing to me seeing as I know there is so much more out there I still have to learn. But looking back, I can see that I have come quite a ways, and I have loved every step along the way. I figured it might be worthwhile for me to post my thoughts, and the path that I took about how I really started working in this great industry, and give my thoughts on what a successful security person might be (by no means can I provide the all-encompassing list, but it’s just my thoughts). This will be broken up into numerous blog posts on here.
My first exposure into security probably came at college, I know significantly later than probably many others out there. I took my first security class at a school which barely offered any, and I could not wait for it to begin. Throughout the course, I realized it wasn’t going to be all that intensive, I found the material easy and very logical to understand, which resulted in great grades for the class. However, the real learning came to me when I began talking to the teacher, and meeting up with him after class. Through this one on one time, I was exposed to the first hacking tool I’ve ever seen, Metasploit. I still remember him saying, “Hey, see that server over there? Watch this.”. He then fired up Metasploit on his computer, typed in all of his commands, and boom, a shell popped up. When I saw him make a folder via the shell, and then it pop up on the desktop of the server, it was like this black magic to me. At the time, I felt like people always heard about hacking attacks, network infiltrations, but it’s just some news story far away, and it doesn’t really happen. When I saw it happen right in front of my eyes, it’s like my whole world opened up.
I went home that very same day, installed Auditor (pre-backtrack days) and fired up metasploit. This was my very first interaction with not only metasploit, but linux also. I had never used linux, knew of it, but just never tried it before. I can’t tell you the number of times I lost my documents (until I finally started saving them on a usb drive) when trying to learn how to setup dual partitions on a single hard drive to run linux and windows. I finally settled on Kubuntu at the time, and started trying to learn the OS.
At the same time, I was lucky enough to have a roommate who told me, “Yeah, you can try hacking into my computer”. So I did. It took quite some time, as I never really knew what I was doing. But, like the security class, I still remember the first time I was able to break into his system. It was some basic remote code execution that he hadn’t patched on his XP computer, and I setup to do a VNC injection as the payload. I just couldn’t believe my eyes when I saw it successfully worked, and then when his actual desktop showed up on my computer, and that I could actually move his mouse on his computer with my computer.
It was right then and there, that I knew exactly what I wanted to do as my job.