Have you ever seen a speaker at a security conference, an expert being interviewed on television about the latest cyber attack or an instructor at a whiteboard with the breadth of knowledge one should have when putting your career in their hands? Have you ever wondered what it took for those people to get where they are? Now just imagine all of those people wrapped up into a single individual, add into the mix the extra duties of business owner and husband, and you start to get a picture of Dave Chronister of Parameter Security, HackerU and ShowMeCon.
Covering everything from his first programming project as a child and his BBS days through his first ‘real’ IT job and into how he became who he is today, read on for a fascinating interview. Dave also shares his thoughts on helping you get that job in InfoSec, hiring someone for your next security project and some great general advice. In anticipation of ShowMeCon 2015 June 8 – 9, get to know a little more about the man (and woman) behind St. Louis’ ONLY Premier Hacking & Offensive Cyber Security Conference.
By Jason Haddix
Love it or hate it, crowdsourcing is here to stay. While it’s been mostly confined to development and design, eventually it was going to come to security. Two such gentlemen trying to pioneer the space are Casey Ellis and Sergei Belokamen. Being long-time hackers and having seen how the security space works, they decided to start Bugcrowd. Here’s a description directly from the source:
“Bugcrowd is by far the most comprehensive and cost-effective way to secure websites and mobile apps. We’ll do a brief consultation and help you set the budget, the duration, and which websites or apps you’d like our curated crowd of researchers to test. The Bugcrowd researchers get to work finding security flaws in your applications. All testing can be routed through Bugcrowd’s crowd-control system, providing control and accountability. Any bugs are submitted to our Secure Operations Centre as soon as they are found. We validate the flaws and, at the end of the bounty, reward the first researcher to find each unique flaw. We provide you with an easy to understand report for you to hand to your developers… We can even recommend partners to help you fix what we find!”
Join me as I interview them both about their new venture and uncover some interesting information about security testing on a massive scale, as well as how to start. For example, if you are a tester looking to participate, it couldn’t be easier. Fill out the “Ninja” form and create an online profile (public or private) in which you provide Bugcrowd with your PayPal email address. Then you wait until you receive an email message announcing a new bounty… and it looks a little something like this…
The Ethical Hacker Network is an online magazine with a focus on those in the profession. It’s wonderful to have technical content, videos, book reviews and an active discussion forum, but what good does it do if we can’t help our readers achieve their career goals? Being an “online” magazine also means that we have a wide audience not confined within the borders of the United States. How can we also help our international audience? One way to answer both questions is to continue our ongoing series of interviews with ethical hacking movers and shakers. So here is another conversation with someone who can provide some quality insight to the questions posed above, because he did it. Ilia Kolochenko became a professional ethical hacker in Europe.
Ilia is the CEO of High-Tech Bridge, a security services and research outfit in Geneva, Switzerland. But clearly he wasn’t born a chief executive. Just like most of us, he grew up dreaming of being a hacker, even if he had no idea it was an actual profession. This is his story, and it was quite surprising to see just how similar it sounds. But that’s not a bad thing. He took his passions, combined them with his military skills, added in a little workplace frustration, and… Well you’ll just have to find out for yourself.