First Time FAQ

Guests and First Time Attendee FAQ

If you haven't attended a Raleigh ISSA meeting yet, here are some notes to make your first trip easy.  We have designated New Attendee Liaisons to meet you, show you around and answer any questions you may have about ISSA, our chapter or events.

1. Dress code is casual to business casual.

2. Show up at RTP Headquarters, 12 Davis Drive around 6:00pm for food and mingling.

3. Walk in the front door and turn to your left.

4. The sign-in table is right in front of you.  Get your name badge.

5. Meet, mingle, eat, be merry and enjoy the presentation.

 

“Where do I begin?”

 At the Raleigh ISSA chapter, we get this question a lot. Whether you’re just coming out of school, or are wanting to make a mid-career transition, you want to “break in” to the Information Security (“InfoSec”) field. That’s great!

 We have some bad news and some good news. The bad news is that InfoSec isn’t easy; you’ll need to study hard, learn a lot of seemingly arcane topics and commands, and then apply them to networks and situations where you either want to prevent a compromise, or create one (in a penetration test where you have the full permission of the network owner, of course).

 The good news is that there are a lot of free and low-cost resources you can use right away to learn about InfoSec! We’ve created a list below of some of them, and will be adding more in the future. Good luck, and don’t be afraid to ask us questions!

 First thing: Start practicing on your own equipment. Do not (do not) practice on or attack or otherwise scan, enumerate, harass, bend, fold, spindle or do anything untoward against any system you do not own or have express permission to touch! Instead, download and install a free hypervisor like VirtualBox or VMWare, then download the ISO files for Kali Linux and Metasploitable and convert them into virtual machines. Practice by using Kali to attack Metasploitable, all on your own computer!

 Programs you should download:

VirtualBox: https://www.virtualbox.org/wiki/Downloads

VMWare Player: https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0

Kali Linux: http://www.kali.org/

Metasploitable - https://community.rapid7.com/docs/DOC-1875

 Second thing: Some of you might prefer structured training rather than exploring on your own. Great! There are many free training resources out there.

Websites you should visit:

Metasploit Unleashed (text) - http://www.offensive-security.com/metasploit-unleashed/Main_Page

Metasploit Unleashed Training Videos by Georgia Weidman - http://vimeo.com/user4997632/videos/page:3/sort:alphabetical/format:thumbnail

SecurityTube - http://www.securitytube.net/

Iron Geek Hacking Illustrated Videos - http://www.irongeek.com/i.php?page=security/hackingillustrated

Finally, one of the best ways to keep up in the security field is to watch what others are talking about! Get a Twitter account (you don’t have to post anything if you don’t want to) and watch the feeds. You’ll learn things much faster than watching the news.

(Note 1: You may find things posted on Twitter that are not-safe-for-work or otherwise offensive. If you encounter some of these, you may decide to unfollow the tweeter / re-tweeter, ignore the tweet, or respond - that’s entirely up to you. Keep in mind before you post that employers are actively looking at people’s social media postings.)

(Note 2: Descriptions are taken directly from Twitter profiles, with minor add-ons as necessary.)

 Twitterers you should consider following:

@jjx - CISSP, HP MASE, Ex-Ballroom Dancer, Speaker, Author | Infrastructure Security & Wireless Specialist, 802.1X devotee, SCADA understudy, security diva. Also ISSA Raleigh Chapter member!

@sussurro - Pentester, author, and award winning poet. My views are mine alone, and sometimes not even that. And he’s also a Chapter member!

@valdez_zoro - Valdez Ladd: HIPAA, HITECH, Cloud, IT Audit & Risk Management. Raleigh Chapter member!

@securityweekly - Paul Asadoorian: Founder & CEO of Security Weekly, Hack Naked TV, Stogie Geeks. Product Evangelist for Tenable Network Security. Hacker, cigar smoker and podcaster.

@lennyzeltser - Business and tech leader with extensive hands-on experience in IT, malware and information security.

@jeremiahg - Founder & iCEO of WhiteHat Security, Web security enthusiast, hacker, international speaker, TED alumni, and black belt in Brazilian Jiu-Jitsu.

@deviantollam - Three things it's never a good idea to do if you're emotional: date, debate, & legislate.

@ihackstuff – Johnny Long : Christian. Hacker. Pirate. Ninja.

@briankrebs - Independent investigative journalist/cybercrime gumshoe. Writes about computer crime. Wrote for The Washington Post '95-'09

@taosecurity - Richard Bejtlich: Husband & father. @FireEye security strategist. @BrookingsInst nonresident sr fellow. Military historian. Author http://nostarch.com/nsm  30% off w/code…

@SecBarbie - Partner at @UrbaneSec, Former CIO/CSO, Proud PCI QSA, Food Freak! and lover of smart cocktails, NY Giants Fangirl, Apple Geek, and purebred…

@jack_daniel - Sporadic Blogger, Security BSides co-founder, InfoSec Curmudgeon, Reluctant CISSP, Tenable Product Manager, Amateur Blacksmith, BS…

@chiefmonkey - Information Security Investigator - full bio here: http://it.toolbox.com/people/chiefmonkey/ … - Check out my case file stories at http://bit.ly/casefiles.

@georgiaweidman - Founder: @bulbsecurity | Faculty: @ians_security | Author: http://www.nostarch.com/pentesting  | Trainer: @BlackHatEvents | Developer: SPF

@BillBrenner70 - Security scribe, family man, author of THE OCD DIARIES #WebSecurity #SecurityThoughtLeadership #Metalhead @Akamai

@HackingDave - CEO of @TrustedSec, Former CSO of @DieboldInc, Christian, Founder DerbyCon, Creator Social-Engineer Toolkit, Artillery, Author, Exploits,…

@hdmoore - Rapid7 Research // Metasploit Founder

@j0emccray - Founder of Strategic Security - Father | Security Strategy | Intelligent defense | #defensibility #resilience | Speaker, writer, podcaster, pundit. Usually SFW.

@HackerHuntress - Recruitrix, bassist, linguist, #Linux fangirl, #infosec dork, bookworm, #Ingress agent, INTJ, gamer, cyclist, Halockian. Opinions are mine.

@jaysonstreet - Globetrotting #PurpleTeam #ProfessionalAmatuer At a conference near you! Always learning & always hoping to teach others! 🙂 also visit …

@J4vv4D - The unholy alliance between information security and cynicism wrapped up in storytelling and youtube. http://www.youtube.com/infoseccynic

@schneierblog - Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru"

@kpoulsen - Investigations editor at WIRED, and the author of the cybercrime book KINGPIN (Crown, 2011). kevin.poulsen@gmail.com. securedr…

@armitagehacker - Developer of Armitage and Cobalt Strike--Tools for Red Teams and Penetration Testers.

@emmangoldstein - 2600 Magazine Editor, Off The Hook and Off The Wall radio host, documentary dabbler, hacker of all things, voyager to DPRK, Cuba, Albania, and now…

@mubix - Certified Checkbox Unchecker http://gplus.to/mubix

@markrussinovich - Microsoft Technical Fellow in Windows Azure, author of novels Zero Day and Trojan Horse, Windows Internals, Sysinternals Admin Reference and…