August 5, 2019
I’ve always been exposed to the basic concepts of IT security, watching the older guys in my town torrenting movies using a magical thing called a ‘VPN’ or cloning and cracking PC games - all that stuff. But I wasn’t really all that interested in ethical hacking until about three years ago, that's when I realised how much information and documentation was available online for me to teach myself. Once I was confident with the basics I tried my hand on Vulnhub a popular Capture-the-Flag site. It was there I had my epiphany: Seeing first hand just how easy SQL Injection was for regular people to use was kind of mind-blowing to me to be honest.
The fact that simply modifying a query on a browser’s URL bar allowed them to retrieve information gave me the same adrenaline rush I get from snowboarding. In that precise moment, I knew exactly which path to take: a week later I called UCAS and cancelled all of my Software Engineering choices and enrolled on Cyber Security and Digital Forensics courses instead.
As an Trainee I have one more year of Uni to complete, so in these few Summer months I’m totally focused on learning as much as I can, as quickly as I can, from anyone that has anything to teach me!
Shadowing Calum has really opened my eyes to the discipline needed to deliver high-quality pentests in the real world.
I’m learning a lot from Adam about how to approach a webapp test professionally, taking the client along with you so they know what to expect. Even simple things like applying OSINT methodologies or using common tools like BurpSuite in real world - it’s all learning to me.
I started closely shadowing Calum Boal. Learning his good habits and how to be methodical, starting with an unauthenticated prospective (OSINT), before proceeding to authenticated. Being patient, looking for the most common vulnerabilities first before documenting actions and moving on - this discipline has probably been the most valuable lesson for me.
Once I had mastered the basics, I got to do my first supervised OSINT and followed by my first supervised web app penetration test. Having Adam QA all my findings so closely and then approve my report was a great feeling.
Everything basically! The sheer amount of new techniques I will get to learn in just a few months is amazing in itself. Taking part in my first infrastructure pen-test will be my next big milestone - I’m really excited to get started on that one!
I work out how to break things in order to make them better.
I’ve done a lot of different jobs to pursue my passion for IT Security. But working a Chef at Glastonbury with two great friends was definitely the most rewarding, most interesting and one of the best experiences I have ever had. However,.. I cannot divulge any details as to what exactly made it so good. ;)
What’s your number 1 security tip? Treat passwords like underwear:
The problem I would face is choosing between my laptops and my rig. My solution?: I’d simply ‘install’ my laptops as upgrades to my rig, creating a single ‘MegaRig’. Problem solved! 😀
A dry run of how Nicola’s ‘Mega-Rig’ would look just before he escaped the flames.
Crying angrily at my laptop until it either: Magically works or, Completely destroys everything
Witnessing the moment a tow truck has to be rescued by another tow truck. Unfortunately it doesn’t happen very often, but when it does - it’s magical.
Nicola’s idea of heaven a tow truck, towing two tow trucks, each towing a car.
“Java”. I am not sure it’s a quote exactly but I really do hate Java!
The sound of my snow-board's blade cutting into crisp snow. Especially when there aren’t any other noisy humans around.
Nicola cutting into the snow at 2800m in Livigno, Italy
If quantum computers get released onto the mass market before cryptosystems have had the chance to prepare, there could be real havoc. It’s terrifying to think of Quantum’s raw computational power in the hands of regular consumers. Having said all that... I’m still really excited to get my hands on one!
How to survive moving to foreign country without: A. Speaking the language fluently B. Money C. Any particular skills D. Resorting to breaking the law (though there were times it would have made life so much easier!)
Me aged ten. I wouldn’t waste any time waiting to just bump into people that shared my interest in IT. Instead, I’d enbrace Google, and direct my own learning and find my tribe online. While I’m back in the past, I might as well invest in a little BitCoin too right? :D
Surprisingly: I am not, in fact, naturally blue haired!