I keep my DMs open and my email address is public.\u00a0 This, plus the fact that I’m a recognizable face at conferences and generally like to answer folks’ questions means that I field a lot of inquiries… particularly about the hacker community and the world of physical security.<\/p>\n
While I always want to give each person who reaches out an individual and specific answer unique to them, a recent utter flurry of contacts (due to a bout of mainstream press and wider attention) has made it harder to keep up with my inbox.\u00a0 Consequently, I’m going to try posting something here.\u00a0 It will effectively be an amalgam of various answers I’ve written to folk in the past week or more.\u00a0 Some people have been asking about their own career path and job prospects.\u00a0 Others have found that my explanation of security flaws hits home for them because they see these vulnerabilities in their own work environments and want to share this news with others.\u00a0 Other folk simply want to know how to best apply their limited resources in a way that can lead to a more satisfying and interesting vocation or hobby.<\/p>\n
<\/p>\n
At the risk of grossly over-simplifying things, I’m going to paraphrase this matter as…<\/p>\n
Question: “I think what you do is awesome.\u00a0 How can I do that sort of thing, too?”<\/strong><\/p>\n <\/p>\n Again, while I recognize that a one-size-fits all answer isn’t ideal, this is my best shot at responding to the above.\u00a0 We’ll call it the “one-size-fits-most” answer.\u00a0 We are close to Halloween costume shopping season, after all!<\/em><\/p>\n <\/p>\n Answer: <\/strong>Hey! \u00a0Thanks for reaching out!\u00a0 My answer will be 100% honest, but I hope very much that it doesn’t come across as disingenuous or self-serving… it’s a very tricky subject, and far too often companies don\u2019t understand or value this kind of knowledge and skill set properly.<\/p>\n Far and away, the primary answer I have to give folk is one that is simple and also a hurdle at the same time:\u00a0 training. \u00a0I am not one to kneel at the altar of Certifications for their own sake, however if someone has taken the time to successfully complete training courses and pass exams, etc, then that shows current as well as future employers that this individual values professional development and wants to apply their skills.<\/p>\n If you have an employer and you think they can possibly help support your education and would send you to training, that\u2019s great.\u00a0 If your firm is reluctant, however, or does not exactly understand the value of this kind of knowledge or how to leverage it properly, that\u2019s more difficult.\u00a0 If you are seeing security flaws in your own office or company facilities and want to report it\u2026 I urge caution.\u00a0 Advice of this nature coming from internal<\/em> voices sometimes is found to be unwelcome. \u00a0It might be best if you were to bring up some of the evidence put forth in perhaps some of my talks\u2026<\/p>\n