How Did I Figure Out I Wanted to Work in IT Security?

Randomly, I’ve been asked by people how I got started in the security world, specifically within IT.  To be honest, it’s a little amusing to me seeing as I know there is so much more out there I still have to learn.  But looking back, I can see that I have come quite a ways, and I have loved every step along the way.  I figured it might be worthwhile for me to post my thoughts, and the path that I took about how I really started working in this great industry, and give my thoughts on what a successful security person might be (by no means can I provide the all-encompassing list, but it’s just my thoughts).  This will be broken up into numerous blog posts on here.

My first exposure into security probably came at college, I know significantly later than probably many others out there.  I took my first security class at a school which barely offered any, and I could not wait for it to begin.  Throughout the course, I realized it wasn’t going to be all that intensive, I found the material easy and very logical to understand, which resulted in great grades for the class.  However, the real learning came to me when I began talking to the teacher, and meeting up with him after class.  Through this one on one time, I was exposed to the first hacking tool I’ve ever seen, Metasploit.  I still remember him saying, “Hey, see that server over there?  Watch this.”.  He then fired up Metasploit on his computer, typed in all of his commands, and boom, a shell popped up.  When I saw him make a folder via the shell, and then it pop up on the desktop of the server, it was like this black magic to me.  At the time, I felt like people always heard about hacking attacks, network infiltrations, but it’s just some news story far away, and it doesn’t really happen.  When I saw it happen right in front of my eyes, it’s like my whole world opened up.

I went home that very same day, installed Auditor (pre-backtrack days) and fired up metasploit.  This was my very first interaction with not only metasploit, but linux also.  I had never used linux, knew of it, but just never tried it before.  I can’t tell you the number of times I lost my documents (until I finally started saving them on a usb drive) when trying to learn how to setup dual partitions on a single hard drive to run linux and windows.  I finally settled on Kubuntu at the time, and started trying to learn the OS.

At the same time, I was lucky enough to have a roommate who told me, “Yeah, you can try hacking into my computer”.  So I did.  It took quite some time, as I never really knew what I was doing.  But, like the security class, I still remember the first time I was able to break into his system.  It was some basic remote code execution that he hadn’t patched on his XP computer, and I setup to do a VNC injection as the payload.  I just couldn’t believe my eyes when I saw it successfully worked, and then when his actual desktop showed up on my computer, and that I could actually move his mouse on his computer with my computer.

It was right then and there, that I knew exactly what I wanted to do as my job.