Oct. 15, 2018

0day - From "Geek Squad" tech to DevSecOps

0day, a security researcher who specializes in distributed systems security, discusses getting into computers as an inner-city kid, acknowledging how our hangups can affect the growth of InfoSec, the benefits of older technology, and much more.

0day (“Zero Day”) is a security researcher who specializes in distributed systems security.

Throughout his career journey through a "Geek Squad"-like service at Circuit City ("Firedog") to trading floors and corporate information security, he’s amassed significant experience in the industry. He is an example of how security consciousness is important even before you're an official security "pro."

In our conversation, 0day discusses getting into computers as an inner-city kid, acknowledging how our hangups can affect the growth of InfoSec, the benefits of older technology, and much more.

Episode Highlights

  • 0day defines distributed systems and how he and his team ensure they remain secure

  • How his first hacking experience arose out of necessity

  • The inner-city program that fostered 0day’s early interest in computer systems

  • How the Modem Age's less-advanced technology gave him a clearer understanding of how computers and the Internet worked

  • How Circuit City allowed o take his first step into the professional tech world

  • His first taste of information security dealing with his company’s most dissatisfied clients

  • Tracking down a security vulnerability through a coworker’s NSFW browsing habits

  • Thoughts on the modern security industry and how it could be improved

  • The importance of getting over prejudices and mentoring those coming into InfoSec

  • Book and conference recommendations for those starting out or interested in the industry.

  • Average routine at his current job

  • Why computer science alone isn’t a solid enough background to get into InfoSec

  • Advice for overcoming shyness at your first security conference

Quotes

  • “The malware I came across in those days, I still don’t see anything as unique.”

  • “We should really reach out to a wider swath of society to give them an interest in information security.”

  • “We, as a community, need to be less exclusionary by default and be willing to look at some of these candidates who we are ignoring just for the sake of our feelings toward a particular certification or particular path.”

  • “We, as people who are more seasoned in the industry, now have the responsibility to also make ourselves available to those who are coming into the industry.”

  • “When you take away some of the complexity, it makes it more difficult for someone to understand the underlying constructs, but at the same time, it makes it easier for them to access so there has to be a balance.”

  • “As you start to get really familiar with anything, you can see both the dark side and the light side of it.”

  • “We, as professionals, have some responsibility to disseminate correct, accurate knowledge.”

Links

Getting Into Infosec:

Follow Ayman on Twitter

Breaking IN: A Practical Guide to Starting a Career in Information Security