My journey into infosec is well documented on twitter and some will know that I claim that it started in June 2018 in a classroom belonging to BSI Dublin, studying for EC Council’s most poorly named qualification Certified Ethical Hacker. In actual fact, it probably started years earlier than that when I saw James Lyne at a Sophos event and he demonstrated web drive-by attacks or poisoned PDF downloads. I think the James Lyne demo was what drove me eventually to seek the C|EH and it is the latter that cemented my desire to look deeper into this mad, mad world.
Equally well documented and the subject of my talk at BSides London and BSides Liverpool were the difficulties I then faced. How the people that I could find on social media really wouldn’t offer any level of help, support or guidance simply because of that qualification. It was this behaviour that drove me to start watching recorded talks. I started with defcon because it was easy to find and well publicised if not quite the best place to start.
At defcon in 2018, Joe Montmania (@joemontmania) gave the most moving speech I’ve listened to for many years. He shook throughout, he was visibly struggling throughout but he stood in front of hundreds (maybe thousands) of people and spoke about being comfortable feeling uncomfortable. He challenged people to step out of their comfort zones and try something that wasn’t their norm. I’d been offered a job and I was on the fence about taking it. I wasn’t sure I could do it and it wasn’t something I’d ever done before but hearing Joe’s story and the struggles and difficulties he had faced, mine suddenly paled into insignificance and so I took the job, I started a few months later and that was me in infosec.
I spent the next few months studying, learning, building stuff, breaking stuff and dealing with some impostor syndrome. The more I learned about cyber security, the more I realised that I hadn’t known for the past 30 years. If I hadn’t known about this stuff, how had I gotten to where I had in that old part of my life and should I really be here now. I continued to watch some talks, but I found many too technical, so I moved to podcasts which were often more general, more casual and I could also listen to them in the car whilst travelling between sites. It was one of these podcasts that Rachel Tobac (@RachelTobac) in a ninety minute podcast made one particular statement that resonated with me, she simply said “Don’t wait until you are ready, you’ll never be ready”
It was not long after listening to the podcast, that BSides London issued there CFP with a rookie track. It seemed an ideal opportunity to continue to step out of my comfort zone and to be honest I was nowhere near ready! I dropped in my very small submission, it wasn’t a tech talk, but one about my journey and how difficult we can sometimes make it for new people to join infosec. I didn’t hear anything for a few weeks, I didn’t really know how these things worked, but I assumed that having not heard I simply hadn’t been chosen. Then I saw the CFP for BSides Liverpool with a similar offer of mentoring, help and guidance, so I re-wrote the submission gave some more detail and dropped it in.
I can’t remember how long it took, but I was working from home in an email exchange with my boss when I got a message from BSides Liverpool that simply said “ YOU’RE IN, your talk has been accepted.” Instantly I went all cold and felt a panic crawling over me. What the hell had I done. That impostor syndrome I mentioned earlier, yeah that started screaming at me about how foolish this was, who would want to listen to me, how was I going to talk authoritatively to people who had been doing this for years when I’d only been doing it for months. The email dropped on 23rdApril. The next day, the very next day I get an email from BSides London “Congratulations Ian your talk has been selected.” – I went into a full meltdown. I ceased to function as a human being. I could not concentrate on anything, I could not sleep, my mind would not stop… what have you done, what have you done, what have you done.
Eventually, I reach out to one of the Liverpool organisers who had openly offered to support a new speaker. He was somewhere in the outer reaches of cell service and he didn’t respond for several days, you can imagine what my over reacting mind did with that. After what seemed like an eternity, but in fact was probably no more than a few days, I managed to share a short DM exchange with him (@SPCoulson), in six messages he took a confused, terrified old man in a state of permanent panic and made him feel like he could do this. That’s some skill there my friend
BSides London was on first and as promised I was put in contact with my Mentor @Khae, he was nothing if not persistent and once back from his holiday we arranged to walk through my talk – this gave me a deadline, I had to have something ready, we eventually met on skype, I ran through the presentation, some comments were exchanged and he suggested I work on some bits and we would meet again in a week or so. Sadly, my wife was taken ill and rushed to hospital we had to cancel any activity and that meant time was running short to do it again, so I practised and practised every night in my office. My neighbour came home each evening, looked up and there I was with my presentation cast onto the big screen TV talking to the world through the window. I’m not quite sure what they thought, they’ve never mentioned it, but it must have looked quite strange. @Khae and I got one more run through before London, I rushed it, I was so unhappy with it but he pointed out that only I knew that it had been rushed, he thought it was good.
And so, to London. A boy from Stoke, on his way to the smoke, to talk at a cyber security conference… it all felt a bit surreal. I went down the day before to take part in the workshops without even knowing there was a presides just up the road. I met Khae, we chatted for a while, I started to try and speak to people but like many, crowds are not my forte. I thought again about Joe and his “comfortable being uncomfortable” speech and I just got up and introduced myself. Eventually, having done some handshaking I ended up at the bar talking to a chap from the Netherlands… Cooper (@ministraitor) the man responsible for recording more talks and making them available to so many people. He gave me some great advice.
The day finally arrived, I wasn’t speaking until late afternoon and that didn’t help my nerves at all, but eventually the time came, and I got setup and started. Nobody through any rotting fruit, nothing sharp or hard was delivered my way, and there were no mutterings or booing that I heard. In fact at the end they all clapped.
I had over run and so no questions were to be had. That disappointed me, it’s one thing I really didn’t want to do, but a small hiccup during presentation had taken me a couple of minutes into the five-minute question time and we had to swap speakers, but in the walk to the bar, I had five people stop me and comment on the talk or thank me for doing what I’d done. Later as I left the conference I had at least one more. If there were thirty people in that room, one fifth of that audience actively stopped to talk to me about the content. I don’t remember who you all are, but I am ever grateful.
I got home and slept, possibly for the first time in six weeks, without thinking about a conference talk. Four weeks later I went to Liverpool knowing what to expect, I had a slightly longer spot and I at least knew a few people already. I was much more relaxed, and I was able to enjoy that experience far more.
It’s been an amazing and life changing few months. I can’t claim these recommendations as mine, but I can claim them to be good honest advice, they don’t necessarily have to relate to conference speaking, but they will drive you forward if you let them. Firstly, don’t wait until you are ready, you will never be ready, if there is something you want to do, do it now. Secondly, step out of that comfort zone and learn to be comfortable being uncomfortable. I did, I met some amazing people, had an amazing journey and I definitely have that speaker and conference bug.
Given that my talk was all about obstacle and lack of help, I did find so many supportive and helpful people along the way. I thought about trying to call them all out here but i’m worried I’ll miss someone and that would be unfair. If you spoke with me, encouraged me, let me quote you gave me advice, guidance or counselling (and I needed that at times) i’m sure you know who you are and I hope you now how grateful I am.
Be good to each other people, keep speaking, keep talking, keep growing and thank you to everyone who got me started on and helped me through, this amazing journey.