UPDATE: I wrote a follow up!
I’m gonna start with this: I am writing this blog less than a month before my ProsVsJoes live Capture the Flag event happens. (note: I am editing it 4 days before my ProsVJoes competition.) I am sitting in my friend’s living room because I have just moved across the country from Florida to California and my new apartment isn’t ready yet and I gotta be honest, I haven’t once felt prepared for this. From the moment this event entered my inbox thanks to a manager who seems to feel like I have some kind of potential and value to add to the security world to this moment editing this blog right now, at no point have I been like, “Oh, yeah I got this.” I am dread personified, a sweatdrop laden forehead staring at Windows sysadmin options and wondering, “How did I get into this mess?” I alternate between thinking I’m going to let my team down and thinking maybe I shouldn’t be doing this at all to completely forgetting that this is in fact something I voluntarily signed up for and I need to be studying for it right now.
Did I mention I just spent a week driving out to California and another week living in a hotel? That’s not exactly conducive to learning how to defend Windows and Linux from professional hackers on a red hat team who have already dropped compromised code into the machines you’re defending before you’ve even had the chance to make a username and password.
PHEW. Ok, got that off my chest. Still nervous, but feeling better.
After all, it is called Pros vs Joes. It is meant to be a challenge. It is meant to be an underdog story. So let’s embrace it. Let’s do it.
In Las Vegas, every summer for many many years now, there has been a confluence of events all happening in the same two week span. The unofficial name for all of these is Hacker Summer Camp, and there are two big events that anchor it: Black Hat and DEF CON. Black Hat is a business oriented security conference while DEF CON is more focused on individual hackers. Around these events are many other smaller conventions and get togethers, some taking place within the larger events themselves. One such event is BsidesLV.
Bsides is a community driven DIY security conference that has events in cities all over the world. Their Las Vegas one is considered one of the four core events, the other three being Austin, Washington DC, and San Francisco. These events are full of speakers and community and are great fun. Our head of Community spoke at BsidesCharm and I have applied to speak at Bsides Orlando.
BsidesLV has been running a special Capture the Flag (CTF) event for several years now, and that event is ProsVJoes. The idea is to have several teams of non hackers go up against a team of professional hackers. Each team of Joes (us non hackers) has a professional hacker team leader, and meets to discuss tactics, knowledge needed, and more. Then, over two days, 8 hours each, the Joes defend a Windows and Linux system against the attacks of the Pros. On the second day, the Joes are allowed to also attack other blue teams. Points are tallied based on a number of things, and a winner declared!
Because it’s a big chance to level up.
But sometimes there are big leaps. Moments or events that allow you to make lots of progress quickly. Sometimes these big leaps involve trying to do something beyond your current reach or ability. It's a huge stretch.
In RPGs, like Final Fantasy VII (the best Final Fantasy, but not the best RPG. That's Chrono Trigger), you get XP for winning fights. The weaker the enemy, the less XP you get. Very strong enemies and difficult fights give you more XP and you can level up. You can grind on lower level enemies and eventually get there, but it’s hours of work. Sometimes days or weeks. However, sometimes the best course of action is to take on a stronger boss that maybe you’re not quite ready for, and do something very difficult for a high reward.
That’s ProsVJoes for me. It’s a live CTF (which I’ve never done before) and it’s a practical application of all the things I’ve been reading about while learning online for the past four months.
It’s going to be brutal, and I’m banking on it being transformative for my learning and education in Cybersecurity. After all, diamonds aren’t made without extreme pressure.
Not yet, but I think I have potential. A diamond in the rough, one might say.
And at the same time I am terrified. Re-read the first part of this blog. I CLEARLY feel out of my depth here.
I’m trying to harness that worry into action. Because if you worry without action, you’re staying still and changing nothing. In my case, since I’m trying to improve and grow my skills, I need to take action. If I listen to the part of me saying, “You’re not gonna be able to do it, you’re not good enough, you have never done this,” and decide not to do it, I’m right where I was before. No growth, no skill level change, no nothing.
So it’s, “Feel the fear and do it anyway!” time. Because courage and determination are not emotions without fear; they literally cannot exist without fear. If you're not afraid and doing something, then it's not courage, it's habit. It's mundane. I'm not courageous for writing a blog or talking about my transition to tech. I love doing that stuff. But sitting in a room of people who have lots of security experience and trying something really new and scary.
So I’m going to CTF, capture the fear, and use it to push myself to succeed. Or at least die trying.
Ok probably not die it's not that serious. But you will see me with a beer in my hand once the day is over, that's for sure.
Oh, no this is a PRE blog. I haven’t gone yet. But stay tuned here for my Post ProsVJoes blog!
If you'd like to come see me struggling to kick hackers out of our Linux and Windows box, ProsVJoes is at The Tuscany in Las Vegas on August 8 and 9 all day. If you say hi I might have some ProjectDiscovery stickers for you! And Myself and my team will be at DEF CON as well! You can check out our Nuclei Demo Saturday at 2 pm, and find us around the event other days. Learn more about all we have planned here!
If you'd like to join our Discord, click here!