Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Easy as 3.14159 (Score 1) 205

by bobdehnhardt (#49237383) Attached to: Ask Slashdot - Breaking Into Penetration Testing At 30

First off, start playing. Grab a free VM tool like VirtualBox, load up some raw Linux and Windows VMs in it, launch Kali, and start poking around. Break things, but in a manageable, recoverable, legal way. Never, ever, ever poke at something where you don't have written permission from the owner. If you want something a little less random, Lamp Security had some guided CTF exercises out there a few years ago that took you through the pen test process.

Look into formal training. In my experience, SANS has some decent hands-on classes, and you get a fancy certification to go with it. A better option would be to look into Black Hat Training class, and stay for the briefings and Defcon.

Talk to people in the profession. There are a lot of security folks on Twitter - Jack Daniel, Jeff Moss, Dan Kaminsky, Johnny Long, HD Moore and Deviant Ollam to name a few. Follow them, ask questions, join in conversations. Meet up with them at conferences. Security professionals love to tell war stories, and we love to educate people who are interested and want to learn.

Speaking of certifications, don't make the mistake of making them a goal. For what you're looking at, the so-called "big name" certifications (like CISSP) are pretty meaningless. CEH (Certified Ethical Hacker) would probably be worthwhile to have, since it would relate directly to the work you're doing. But realize that certs are mainly viewed as window dressing - great for the business card and marketing department, but all they prove is that you're good at taking tests. Make sure you're getting the knowledge that goes with the cert, and can demonstrate it in the field. The skills and abilities are far more important than the letters in your signature block.

Comment: Laplink or null modem (Score 1) 466

by bobdehnhardt (#49143611) Attached to: Ask Slashdot: Old PC File Transfer Problem

I think the biggest issue you'll run into is finding something that will work for the DOS/Win 3.11 device.

See if you can rustle up a copy of Laplink with the LPT cables. It was designed for moving files in just this scenario; using the LPT cable was always a lot faster than serial, which topped out at 115kbps. Yes, that's kilobits per second, you young whippersnappers.

If you can't find laplink, find (or build) yourself a null modem cable. Hook it between the two systems' COM ports, and fire up a basic transfer program that supports batch transfers (look for ZMODEM support).

Comment: Perfect world (Score 2) 182

by bobdehnhardt (#47966113) Attached to: Ask Slashdot: Who Should Pay Costs To Attend Conferences?

In a perfect world, your employer would jump at the chance to send you, give you full per diem and a room in the conference hotel, rental car, and an allowance for books and materials on sale at the conference.

But as Huey Lewis said, "Ain't no living in a perfect world."

I was fortunate to go to Black Hat and Defcon in Las Vegas for 11 years while I was at my previous (private sector) employer. They paid for all but the first time. For that one, I took leave, paid my own way, and then came back and demonstrated to them the value and knowledge I picked up (mainly by starting just about every sentence with "Well, in a talk at Black Hat..." I got laid off when the company was downsizing, ended up in a public sector agency, which sounds very similar to your situation (great people, interesting work, surprising lack of sticks inserted up people's butts). Same situation - I had to go on my own first, the next year they willingly paid for me to go.

Your employer is at least offering to pay for the training piece, which says that they see some value in this. And I know how hard it is to do things like this on a public sector salary (which is still about 40-50% of an equivalent private sector one). My advice: look for the bargains. Stay at a cheap casino (you can get into places like Excalibur for $40-50/night, sometimes lower) instead of the conference hotel. Walk and use the monorail to get around ($10/day). Eat fast food, or fill up on conference munchies - don't eat in the conference hotel or celebrity chef restaurants, but find the coffee shops and cheap buffets. And most of all, talk to your employer. Tell them you're willing to go on your own dime this time, but when you get back, you'll want to make the case for someone from your group going every year, fully paid.

Comment: Social Opportunity (Score 3, Insightful) 274

by bobdehnhardt (#47674203) Attached to: Of the following, I'd rather play ...

My choice is Poker, because for me, it's the most social of the games listed. When my friends and I were all local to each other (we're now scattered to opposite ends of the country), we'd get together for penny-ante games that were more about conversation, jokes and obscure movie references than about gambling. The big winner of the night might leave $4-5 richer, the big loser might drop $2-3, but everyone would have had a great time.

Comment: Re:how many of these people don't want to retire? (Score 1) 341

by bobdehnhardt (#46810701) Attached to: I expect to retire ...

For me, it's financial. I was downsized in 2010 and out of work almost 2.5 years; went through savings, cashed out my 401(K) (at the bottom of the market), lost my stock options because I couldn't afford to exercise them and the company would do a cashless exercise or buy them back. I love my new job, but for retirement, I'm starting at Square One. In a little over 15 years, I'll be 70 (yes, yes, I'm old), and I figure that's the absolute earliest I can afford to retire. If I can do a few more years after that, I'll get a little better retirement package and life will be a bit better.

If I had my druthers, I'd be retiring before 65.Sometimes life has other plans.

I am not now, nor have I ever been, a member of the demigodic party. -- Dennis Ritchie