Why does InfoSec play bass?
•
2 gefällt mir•723 views
Shortly after I was convinced to join Twitter and get engaged with the security community, I started noticing patterns with the people I was meeting. Namely, I noticed that many were also musicians and that the vast majority played the electric bass. As a bass player myself, I understand that the general rule is, if you show up to an open-mic blues jam, you’ll get to play bass all night, and the guitarists will be relieved that none of them have to ‘do bass duty’. I became fascinated with how this pattern seems to reverse in the infosec/hacker community and started to see parallels between security and this particular instrument. I plan to share my research, ideas and theories that I’ve collected on my journey to understand this strange anomaly and look forward to hearing more.
Empfohlen
Weitere ähnliche Inhalte
Ähnlich wie Why does InfoSec play bass?
Ähnlich wie Why does InfoSec play bass? (20)
Mehr von Adrian Sanabria
Mehr von Adrian Sanabria (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Why does InfoSec play bass?
- 1. Why does InfoSec play bass? And other insights into hacker/Infosec culture
- 2. Why are we here?
- 5. Me Nick
- 6. The InfoSec music scene unfolds… @joswr1ght @jsokoly @ax0n @secbarbie @selenakyle @mongold @__sporkbomb @gattica @mattjay @JZdziarski @chrissistrunk @3XPlo1T2 @DanBratt99 @SeanVerity @phoobar @secboffin @maradydd @adelmatrash @hackerhuntress @J0hnnyXm4s @p0wnlabs @daveshackleford @p0wnlabs @chrissistrunk @billbrenner @caseyjohnellis @p0wnlabs
- 7. Why do I play bass?
- 8. Why do I play bass?
- 9. Why does InfoSec play bass? "Good Taste.” -- Joseph Sokoly
- 10. Why does InfoSec play bass? "We like the low, dark and sinister. And backbones.” ”We're not in it for glory or props. Content in the background.” -- Eve Adams
- 11. Why does InfoSec play bass? "Easy, we pull it together. We keep the drums on tempo and support the band :)” -- Dave Lewis
- 12. Doubts – do we really play bass? How could I be sure?
- 13. Time for some Data
- 14. Casual observations versus the big picture
- 15. Security Community/Worker Size Estimates Social Media Conferences Workforce How small is our bubble?
- 16. FollowerWonk Results • Security + researcher = 5334 • Pentester = 1488 • Cybersecurity = 2996 • Hacker = 43571 • Ethical + hacker = 1581 • CISSP – 1605 • Infosec + bass –drum = 11 • Infosec + guitar = 27 Hmm…
- 17. How accurate are my stats? What Statistics? Dead on balls accurate Accuracy Scale
- 18. So what? Why does any of this matter? https://fsmontenegro.wordpress.com/2015/07/29/on-the-shortage-of-infosec-professionals/ @fsmontenegro Follow this guy on Twitter 3561 just in the USAF (cyber command) 2170 just in US Army 1560 Booz Allen Hamilton 1407 Deloitte 1257 US Navy
- 20. Would you like to take a survey? Attackers 45% Defenders 35% IR/Forensics 25% Male 90% Female 10% 1 – Robot Active on Social Media? Nope – 13% No, not allowed – 5% Option 5 – 10% Yes – 79% Yes, but under an alias– 17%
- 21. I throw Information Security events 0% I work full-time in the information security industry 69% I work overtime/double time/too much time in Infosec. I need a vacation. 10% I work part-time in the information security industry 3% I'm a hacker, security researcher, or do something else in security, but it isn't my day job 15% Security student 1% SysAdmin 1% working toward 1% How are you connected to InfoSec?
- 22. Who we are – trolls, pranksters, wiseasses 144 survey respondents, 2448 responses in total I wasn’t able to count the vast number of wiseass responses. • Getting kicked in the face by Jimmy Vo. • I beat up CISOs in dark alleys for fun • Option 5 typo was a favorite (x14) • What do you do in the industry? Space Hitler < Thanks!
- 23. So, this bit about the bass…
- 24. WELCOME TO OUR NEW MASCOT
- 26. Survey results – Music 33% of respondents played an instrument 40% of those were multi-instrumentalists Guitar 28 Bass 8 Violin 5 Drums 4 Saxophone 4 TOP 5
- 27. Survey Results – Martial Arts • Aikido • Boxing • BJJ • Karate • Kickboxing • Krav Maga • MMA • Tai Chi • Tang Soo Do • Goju • Tae Kwon Do • Muay Thai • Shaolin Kempo 19% of respondents practice martial arts
- 28. Friends and strangers alike sent me photos of them doing their hobbies. Not a single photo scarred me for life or led me to need therapy!
- 39. Mycology
- 40. Who are we? We’re a post-dystopian, neo-cyberpunk travelling ren faire!
- 41. Conclusions – we see the world differently They see • A car • A door, a lock, a barrier • Retail environment • Trash bin • Gobbletygook We see • Potential 80mph brick of death • A challenge, a puzzle • Hilariously insecure playground • Intelligence • Something to be decoded, cracked, decrypted… Both a gift and a curse…
- 42. Conclusions Security is a calling for many of us. It isn’t a career… it is who we are.
- 43. Conclusions “It was an accident…” “Can’t remember when it started…” “I had to decide between jail or an honest paycheck.” “It's fun to break rules.” “I like thinking I’m helping”
- 44. What’s Next? What do you want to see? Do you have anything else you’d like to share? What direction should I take this? Avery.Sawaba@gmail.com @sawaba
Hinweis der Redaktion
- Ask if there are any bass players in the audience. Ask them to raise their hands. Look pensive and thoughtful for a moment to let the tension build At this point, I either get to say “See, I told you so!” or “Either you guys are lying, or I’ve just discovered a massive, critical flaw in my talk!”
- Agenda Intro/Expectations (without giving too much of #3 or #4 away) My Story Casual observations vs. big picture and why this matters Who we are – Survey results Making sense of all this Wrap-up, questions and feedback
- A few directions I could have gone with this talk. I envisioned it as something I could give several times, evolving over time. I decided to go lighthearted and entertaining the first time out. At a crossroads with this talk. That’s pretty. There were a few directions I could have gone with this talk. I could have gone serious: ADHD, Burnout, Alcohol – real issues affecting our industry. But I decided to go lighthearted and entertaining for this one. Let me know if you’re interested in the more serious side. Also, I’d love to update this talk and go deeper over time – let me know at the end if that is something you’d be interested in.
- *** Pic of Oprah giving stuff away on one side, hacker stickers on the other Anyone that participated in the survey, feel free to pick up your favorite hacker sticker (over on a table somewhere in the room)! Pass out puzzles – two old school iron puzzles and one rubik’s cube < Have someone help with this stuff Prizes will include two SNES carts and a Bsides Knoxville badge for whomever solves the puzzles. Anyone in addition to those, I’ll give an IOU for a tshirt or sticker once I’ve got them made
- Let me tell you a story about a boy. AWWW, isn’t this sweet… Tell the Sassy Ann’s story of me and Nick Morgan Fast forward to 2009, when Shack talked me into getting on Twitter – yes, the Twitter fun gauge is directly responsible for all my tweets. Go over the 10:1 Guitar:Bass rule and how I started to notice it seemed to be reversed for musicians in InfoSec. This intrigued me.
- Comment that there are some seriously pissed off clarinet players out there. “Why wasn’t my instrument included in his stupid survey!?!” Well, hang on angry clarinet player, and give me a chance to redeem myself! Oh, right, and there’s Dave Shackleford. Sorry, Dave. Seriously though, if you ever have Dave around a piano, try to convince him to play something for you. You won’t regret it!
- Why was I attracted to bass? #1 - Its electric cousin was no different – my actual plan if our old townhouse was ever broken into was to use my Hamer Cruisebass as a weapon.
- Why was I attracted to bass? #2 - If the electric guitar is a katana, the bass is a 2-handed axe. In Resident Evil, I prefer the shotgun. In Diablo 2 and 3, it was the Barbarian for me – dual-wielding giant fucking axes.
- I started asking others about this odd pattern – why did they think so many of us played bass? Put an image for each of them, with the quote, each in a different slide – 3 in all
- I started asking others about this odd pattern – why did they think so many of us played bass?
- I started asking others about this odd pattern – why did they think so many of us played bass?
- Does InfoSec really play bass? How could I find out? Ask for answers, opinions – what do you think? Bullshit? Put multi-instrumentalist tweets here Go go data scientist mode! I decided on a two-pronged approach Interwebs analytics Surveys/interviews
- What about everyone else? What about the non-musicians? We’ve all heard people talk about the echo chamber – having discussions within the “security bubble” – we’re in it now! Do I need this slide?
- Sorry for the shitty quality here – especially to you Apple Retina users out there, this must be torture. Getting this slide together pushed my graphic design and powerpoint skills to the limit. How big is our collective social media reach? When we bitch about something on Twitter, how far does it go? How many ears does it reach in the grand scheme of things? Note, there are some various discrepancies with this data, but I spent a long time making sure it was as accurate as I could get it. Sorry to those of you that are like vampires with sunlight when CISSP is mentioned…
- Well… On a scale from Donald Trump (who feels no need to use statistics) to Mona Lisa Vito (who, is dead-on-balls accurate), my stats are somewhere around the accuracy of Conan O’ Brien’s Clueless Gamer review system
- Job Shortages in InfoSec – people are hiring, hiring, hiring! Hiring and talent acquisition is HARD in InfoSec. EXPERIENCE doesn’t tell you if someone is passionate about security or if they’ll fit in with a tightly knit assessment team or incident response group, for example. CERTS don’t tell you a helluva lot, except for ones with practicals RESUMES are full of hopes, dreams and carefully crafted lies Basically, the only good way to find the people you’re looking for is by asking people you trust – networking. That’s really the most important benefit of a security conference, in my opinion. If we understand why great InfoSec/Hacker talent is great, perhaps it could be easier to find/train/retain the talent! Also vice versa – maybe we can make it easier for you to find your dream job! Great post by Fernando Montenegro here (@fsmontenegro)
- Jobs! Jobs! Jobs! People want to hire you! They want to throw money at your face! It’s like Oprah in here! You get a job! You get a job! You get a job!
- So I decided to do a survey to get a better idea of what was going on here Gender – Exactly the same as my twitter split
- How are you connected to InfoSec?
- What do you do in the industry? Space Hitler Do you actively discuss security/hacking-related stuff on social media? Option 5 (x14)
- So, why does InfoSec play bass?
- Ha, I wish! Just kidding. Well, it turns out that sample sizes matter, and I didn’t have a huge sample size when I collected all that anecdotal data I showed at the beginning of this talk. So, I did a survey. 144 of you wonderful people filled it out. Still a small sample size, but I intentionally made an attempt to get people outside the Twittersphere. Want to know what instrument infosec actually plays?
- The big reveal – infosec plays…. GUITAR. Cue sad trombone. However, it ISN’T a 10 to 1 ratio – more like 3 to 1 Also, half the bass players that responded were like, “BASS, YEAH!”, whereas half the Guitar players that responded were ‘MEH’ about it So, does the big reveal happen here? Or earlier, so that I can point out my mistake was all from this bubble I was in? Also, am I really, really correct here, or am I still wrong? Or is the point that certain aspects of our personalities just aren’t indicators of a greater whole?
- Survey stats – there are two hobbies I felt needed their own dedicated questions in my survey, because of how often they seem to show up – the first of those two is music. 33% of respondents played an instrument – exactly a third. Read some quotes “No, but I have a perfect ear. (Which makes karaoke VERY painful)” I own a bass that I promised my parents I would learn to play 15 years ago. SIR YOU ARE A DISGRACE 40% of these musicians are multi-instrumentalists
- Summary of hobbies, stats
- Now THAT’S the Cavalry! Beau and Claus demonstrating non-hackable vehicles.
- Nurburgring
- Guillaume
- Walt reviewing his novel
- It’s okay, he’s at a stoplight
- I think we’re all familiar with this sight…
- And another familiar sight… Whiskey hackers anyone? Some of us drink, and some of us can’t touch the stuff, but that’s a whole different potential talk, right?
- Anyone know what this is?
- The overwhelming majority of respondents are clearly passionate about this field – very few simply regard it as “just a job” This is what ties it back to the bass – everyone that played the bass was like, FUCK YEAH, BASS! The vast majority of guitarists were, “meh, a little guitar…”
- We stumble upon it < SO MANY! We can’t recall not doing it We had to make a choice We enjoy it Sense of service
- Lots of anecdotal stuff, hit on some interesting points, but haven’t gone too deep What’s next? Would like this to be the first in a series of talks about what makes us tick If I dive deeper, where do I go? Dark or light? More job/career-relevant stuff, or more psychological side?