Listen to the full episode here:
http://gettingintoinfosec.com
In this first episode, I chat with Dan Borges, a professional red teamer, blogger, and security tool developer.
Dan discusses his early experiences using and exploiting computer systems, how InfoSec experts work with companies, and a new tools he and other created and released this year!
Episode Highlights:
• Dan explains how he became involved in information security,
including his introduction to programming through a Lego robotics
program.
• His early experiences as a pen-tester—i.e. a penetration tester, who
looks for system security weaknesses—and why it’s difficult to get
hands-on experience in that field.
• The benefits of becoming an Offensive Security Certified Professional
(OSCP).
• What does a red team do in an organization, and how is it different
from pen-testing?
• Dan describes the day-to-day life of a pen-tester and the kind of
conflicts they can run into.
• A few war stories from the trenches of InfoSec, as well as some of
the tools pen-testers use.
• How being grounded led to Dan’s earliest hacking experiences, and the
ways his parents fostered his interests and mentality.
• What conferences should InfoSec beginners check out?
• Fun and beneficial ways you can “hack” reading.
• Dan’s tips for those starting off or looking to transition into
Infosec.
• An in-depth look at one of the newer tools Dan uses for his work.
• The rules and intricacies of InfoSec competitions.
Quotes:
“It’s such a catch-22 to get practical, hands-on experience to go to these jobs because, y’know, hacking’s illegal, right?”
“We don’t just go in and blow the brakes off people, we’re trying to measurably improve security.”
“It was a constant escalation war, cat-and-mouse like that. They’d take something away and I’d figure out how to use the computer with that limitation.”
Links:
Dan Borges’ personal blog: http://lockboxx.blogspot.com/
Dan’s LinkedIn: https://www.linkedin.com/in/borges1337/
Dan on Twitter: https://twitter.com/1njection
Dan and Alex's DEFCON Talk on Gscript
Gscript: Genesis Scripting Engine
NationalCPTC (Collegiate Penetration Testing Competition)
Outro Music: Missing You by Trash80
