Friday, September 16, 2016

Inaugural Post - Intro to the idea around OFFESEC-RVA

When people hear that I am a pentester, their eyes light up and they ask "How can I get into penetration testing?"

I wouldn't recommend the way I got here.

Also, most companies I talk to have a very difficult time finding qualified skilled people.

My thought on starting this is to connect people together so that they aren't doing work in a vacuum by themselves.  Connect people that are interested to resources that will help them to start developing the skills and accumulating knowledge without spending tens of thousands of dollars on mediocre training.  I'd like to do it in a way such that a small group of people can work on exercises and learning together, remotely, with a way to connect them with local mentors to ask questions, get guidance, and avoid major pitfalls.

I've been really impressed with the way that the local http://www.meetup.com/HackRVA-Meetup handles their book club.  A small group agrees on a book, sets some reading goals, then gets back together regularly to discuss the material and set the next reading goals.

I've been really impressed with a group of US Navy Sailors at Navy Information Operations Command in Norfolk, VA who put together a group to conquer the OSCP.  They met weekly either in person or virtually, set goals for the material, and continually helped each other with difficult concepts in the labs.

I'd like to provide a way for local RVA professionals to get started into offensive security/pentesting, and for people that already have base knowledge but want to find a group to expand with to do things like the OSCE course, various web app testing skills learning, more advanced attacks, proof of concepts, and whatever else comes up.

So, an initial kickoff will happen through https://www.meetup.com/OFFSEC-RVA/, so go there and register.

There is a slack group at https://offsec-rva.slack.com, contact me or someone else that is there to get access.  Slack would be a great way for a study group to talk and help each other between sessions, and a good way for local mentors to monitor and help out.

The meetups for groups can be in person (which is harder for people with jobs and families and tough schedules) or they can be virtual through Google Hangouts or other applications...or a combination of both.

The outline to start with will be to have a social gathering for introductions, see what interests there are for starting an intro to hacking/offsec group, talk about courses, materials, etc, and working out how to get started with one or more groups.

I don't think there are any right or wrong answers, but working as a group with achievable weekly goals and the ability to get help for complex and difficult topics should help keep people motivated and moving to completion.  You can get a sense at the end if this is something worth putting more resources into personally/professionally or not.  If you are in any sort of information technology, the knowledge gained will help you regardless of whether it becomes a career path.