Reflections from Hack Space Con 2023 🌘

I got the chance to travel to Kennedy Space Center (KSC) on the beautiful Merrit Island in Florida. At the conference I delivered a free training called Practical Networking Fundamentals and gave a talk called CVE Edu. Though I enjoyed leading my own training and talk, it was the people I met and spent time with that had the most impact on me. In this article I will share all my lessons learned and reflect a bit to share takeaways that you may learn from too. Each header is a different lesson learned.

The Space Coast is Awesome

First of all, the location is undeniably the coolest venue for a Cybersecurity/Hacker conference. There's rockets and spaceships all around with reminders of the rich history of technological breakthroughs that happened in reaching space. This was my first time visiting the space coast and I can certainly see why they call it the space coast. It's not just Kennedy Space Center, other aerospace ventures like Blue Origin, Boeing and Space X have sites in the area.

The conference was held at the The Center for Space Education which is one of the many buildings at the Kennedy Space Center. I personally was expecting the KSC to feel more like a museum but it had a more exciting feel closer to an amusement park. It is the perfect blend of museum and amusement park.

Shoot For the Moon

I originally learned about Hack Space Con via a Twitter post. I knew right away that I was going to make a way to attend. The venue sealed the deal for me but even more important was seeing a rock star group of trainers, speakers and infosec legends scheduled to present and lead training.

Among just a few legends are:

Jason Haddix CISO at BuddoBot Inc & Fantastic Educator

Beau Bullock Senior Security Analyst at Black Hills Information Security

Ed Skoudis President of The SANS Institute

Carlos Polop Martin Inventor of countless amazing Hacker Tools (winPEAS, linPEAS & HackTricks)

Phillip Wylie World Renowned Author

Jeff Foley Vice President of Attack Surface

Zach Hill Chief Content Hacker & Sales Director of TCM Security and Creator of IT Career Questions YouTube Channel

Heath Adams (The Cyber Mentor) Founder & CEO of TCM Security

And many more

It would've made sense to have the conference in this building considering the caliber of people that were there:

About a week after I learned about the conference I received an idea.

What if I could teach or talk at the conference?

I went to Hack Space Con's website and submitted my talk idea and structure for CVE EDU. A few days later I get an email from one of the team members responsible for organizing the conference. The email indicates that they are interested in hearing more about my talk idea so we schedule a discussion. In the discussion I share my idea, talk outline, a bit about myself and they decided to put me on the schedule for my talk. Not only that but I was also given the opportunity to deliver my training Practical Network Fundamentals.

Never in a million years did I think one day I'd be sharing knowledge at a conference held at the historic Kennedy Space Center alongside legends in the field. Shoot for the moon and you may end up among the stars is certainly true in this case. If I can do something like this so can you, but you have to put yourself out there and be open to rejection. Do not expect rejection, just know that when you strive to accomplish your vision & dreams you will most certainly run into walls and barriers but ultimately the only way to fail is if you give up so just don't give up!

Building Storytelling Skills and Technical Skills isn't so Different in Practice

The legendary Ed Skoudis was there and he was teaching a free workshop on Story Telling. I had to go.

I encouraged one of my former students and close friend Elijah Barbee (Eli) to attend this conference as well. He also came to this story telling workshop. Prior to this workshop I'd never really considered the importance of story telling nor had I ever intentionally tried to improve my ability to tell stories. Ed Skoudis had us pick a partner (Eli was my story telling partner), a story, and to tell that story in 3 minutes or less. Ed started a 3 minute timer and one person would tell their story to their partner. Once the timer was up another 3 minute timer was started and the other person would tell their story. After the first round Ed taught us some simple tips that could enhance our story. Things like:

• Include numbers, names, odd details and more

We would then go into another round of story telling but try to apply the tips to our story. After that round he gave us higher level tips to apply and we told our stories again. Once the final round of tips and story telling was done each person was given the opportunity to tell their story to the entire group. I volunteered to go first and Eli went second. As Eli and I were preparing we realized that the stories we were telling actually intersected. I was telling the story of how I became a college professor and he was telling his story about he got into the industry. Our stories featured one another and when we individually went in front of the whole group to tell our stories, we included one another to essentially unify our stories.

Our stories built up to the conference and we could connect that in real time. It was a special moment that I will never forget and speaks to the power of helping one another grow not just in the beginning but throughout your career. With enough intentionality you really can grow together and help others along the way, that is what community is all about. That was what Hack Space Con 2023 was all about. Helping each other do and get better!

That said Elijah Barbee is a truly talented and gifted individual currently working in a large enterprise IT role. His dream is to work in the aerospace industry (especially for Space X) in an IT/Cybersecurity focused role. He can tell you just about everything about the latest launches coming up, the rockets, companies and technologies being built in the current space race. If any of you reading this is in aerospace and can assist him in fulfilling his dream please reach out to him, I promise you will not regret it.

Fundamental Skills are Essential to Long Term Success in Cybersecurity

A reoccurring theme and conversation that has been going on at least in the circles I am in is:

"How do I break in as a beginner?"

"Is Cybersecurity a beginner field?"

"What skills do I need?"

This deserves a whole dedicated article but I will speak to this based on conversations I had at the conference. At Hack Space Con there was a good number of people seeking to break into the field which is encouraging to see at a conference. More beginners need to go to these conferences because you will gain high quality guidance and contacts from industry pros that attend. Conference organizers, village leaders and industry pros we need to build more tracks for beginners and even develop pipelines into actual jobs. One of the reasons I did my Practical Networking Fundamentals training was because I wanted to help beginners start to lay a foundational understanding of computer networks. I've noticed this is a learning gap that should be filled and one many universities are not doing a very good job with. Lots of college graduates and beginners in the field need to develop a better understanding of how computer networks work and get hands-on experience with vendor-specific equipment to prepare for the job market.

How can you continually secure a network if you have never built or administered one?

Please don't be discouraged by that question if you are a beginner. I am not a gatekeeper, I'm a bridge builder looking out for your best interest. I do not think there's a set number of years you must spend in an IT role. I just think you need some experience at the foundational level of IT before you can effectively start hacking & securing IT systems confidentally. While you are training and aiming for Cybersecurity focused job roles get an IT support/admin role. It's certainly not as sexy, flashy or as high paying but it pays pretty well and it is work where you build skills directly applicable to most technical Cybersecurity positions.

During the training there were some experienced network administrators in the room. When I asked why they chose my training they mentioned

"I just wanted a refresher and to strengthen my foundations."

Others said:

"I chose the training because the description mentioned it was beginner friendly"

What I realized is that most people have not had high quality-structured training on the subject of computer networking. Training companies and educational institutions..... this is an opportunity to build lessons, labs, hands-on exercises and curriculums that will be of great service to people trying to break into and excel in the industry. It is needed and many people don't realize they need to know computer networking. I'm talking beyond packet tracer and theory. I brought over 10 switches and routers with me. You should've seen the security guard's faces as I was pulling my heavy cart onsite at KSC.

Joke:

*secret service slowly approach me while speaking into radios*

"We got a man with an unkempt goatee, very nerdy with a kart full of electronics and a pink amazon box. He needs to be detained immediately."

Most networked computing environments are not cloud-native. They have switches connecting computers together and routers routing traffic to different networks, out to the Internet and in from over the Internet. VLANs are in place segmenting networks. Yes, hybrid-cloud is certainly a thing in a lot of places but there's still physical network infrastructure and pretty complex logical topologies (VLANs galore, trying to segment all the things). Argue with me in the comments if you are seeing something different on your side. Because of this I think we should train and teach more computer networking. It will help in better understanding how cloud networking works as well.

Labors of Love

Shout out to the conference organizers at Hack Red Con, they are absolute saints and heroes for making this happen. It was clearly a labor of love focused on being a blessing to others:

Ken Nevers

Zachary S Stashis

Daniel Niefeld

It was an honor to be part of it and I hope to be part of it next year where we can go even bigger.

I also want to shout out the awesome folks at Latinas In Cyber who are doing incredible work that the world needs to know about.

Angela Hill, PMP®

Vanessa Morales

Samantha Bolet, M.S., CIPM

It's Not about You... It's about Others

As always, before I end each edition of this newsletter I like to share some good news.

Acts 20:35 AMP reads:

"In everything I showed you [by example] that by working hard in this way you must help the weak and remember the words of the Lord Jesus, that He Himself said, ‘It is more blessed [and brings greater joy] to give than to receive.'"

It is more blessed to give than to receive. This is harder to do than to simply know because it is so much easier to live selfishly. I find it much simpler to just chase money and do what just works best for me and my family but having faith grounds me in a much bigger calling. My family and I are blessed. We believe God takes good care of us therefore we should reach out and help others. One of the main reasons I teach and share what I know is because I believe it is my calling. It is not the best financial decision for me to teach at a community college but it is where I see a great need can be met for people that normally would not be able to receive (afford) a great education. I believe I am called to help learner focused organizations with empowering people to work in this field and live a better life as a result.

I believe everyone has a calling that they are uniquely equipped for and a central part of it involves empowering others to be all they can be in some way.

What is your calling?

Whatever it is, actively seek it and you will experience a life that is full of joy, love and just causes (Simon Sinek's term). It won't be easy..... but the fight will be worth fighting.

Have an amazing week and keep learning!