After a looooong hiatus the Security D-List Interviews are back! To ring in the New Year and get the ball rolling once again we interview author, hacker, speaker and all around nice guy, Jayson E. Street.
Q: Tell us a little about yourself.
Wow what a loaded question to start with ;-). I am a person looking for questions to help answer who I am, an author who loves to read, a father who gets grounded, a husband always on the first date, a human who is saddened by humanity (but sometimes uplifted by it) and an INFOSEC professional who does not see this as a profession. I am not an expert, cynical, or a mature person. I have a lot more serious info about me out there on the web, so no need to put your readers through all of that.
Q: How did you get interested in Information Security?
I’ve always loved the idea of being able to help others. I started in physical security over 20 years ago and at some point grew tired of being shot at, I have a lot of good stories from working on a Gang Task Force but not many good memories, so I answered an ad for computer tech support. Then in 2000 I learned you could do security + computers and, well, I never looked back. It has been an awesome time with no shoot outs (so far).
Q: What is your educational background (e.g. formal schooling, certifications, self-learning, etc.) and did it add value to your information security career?
Though my childhood was not normal or pleasant, I had dreams of going to college and becoming an activist lawyer. I dropped out of high school in the 11th grade to get a job to help support the family, but the main truth is I just was not in a place where I could see myself having a future, so I gave up. I do regret not completing high school and opting for a GED. I have always stated that it was the wrong turns, as well as the right ones that have brought me to the road I’ m on now and I wouldn’ t change where I am for anything.
As for certifications I started collecting them to have some kind of paper to show others that I did know something or at least, knew how to pass a test. I firmly believe though no matter the degree or the certification the only way to know how qualified someone is would be by asking them questions and conversing with them. Judge them for what they know and contribute, not by what they can frame and hang on their wall.
Q: What did you want to be when you grew up? Would you rather be doing that?
I wanted to be a teacher, the “ captain my captain” kind (movie: Dead Poets Society), who didn’ t just teach but inspired. In a way, I feel that I am. Though I would like to do it more formally. The main reason I talk at conferences around the world and at local lunch meetings is simple, I want to teach and share the passion I have for Information Security.
From the baker to the banker information security is part of your life. Some may not realize it or think it only affects the wi-fi access point next door, so I want to help them to see the truth and empower them to protect themselves online.
Q: What projects (if any) are you working on right now?
The revised version of the book is completed and is available on Amazon ;-). Thanks to Brian Baskin, Marcus J. Carey & of course Syngress for getting it back out. I’ m now working on a movie deal for the fictional part of it. Plus working out the story for the sequel, which takes place mostly in Europe and will be a longer and more advanced storyline. Plus a few other battles here and there I’ m trying to win.
Q: What is your favorite security conference (and why)?
That is an obvious one DEFCON! When I was in Beijing at XCon people would call me DEFCON since every day I was wearing a DEFCON shirt and Jacket. Even at my conference ExcaliburCon that I co-founded in Wuxi China I was wearing my DEFCON shirts 🙂
The reason is because coming from America the main conference I heard about as I got more into hacking & INFOSEC was DEFCON I know if I was in Europe it would be CCC but even in Europe they want to come and experience the wonderful contained educational chaos that is DEFCON. The first time I made it to Vegas I knew I would be back every year and I have. I also fulfilled one of my personal dreams the last two years by speaking there.
Q: What do you like to do when you’re not “doing security”?
Not much, this is not a career choice but what I do for fun. Just one look at my Lab will tell you that. Some people invest in sailboats I instead have the hacker lab of my dreams. When I come home from work I am in the lab then some family time, then put the kids to bed then back in the lab to around 2 or 3 A.M., most days. The lab is not all INFOSEC. I do play World of Warcraft, Modern Warfare 2 and several other computer games. When I am actually AFK I try to spend time with my family and do things IRL. 🙂
Q: What area of information security would you say is your strongest?
Defense is my strong suit I love building a secure infrastructure. Not just making sure where the IDS/IPS or Firewalls go but all the different aspects of creating a secure environment. I love trying out how to break systems/networks then devising a defense for it. You have to be able to know how to attack if you want to effectively defend.
Q: What about your weakest?
Programming!! I can’ t even manage perl. I realized early on I was not going to be able to contribute to the community by creating a new tool or exploit. That is why I try to help the community by bridging the gap of the INFOSEC/Corporate world. I want to make people aware of the dangers computer criminals pose and at the same time educate them that being a hacker does not make you a bad person by default.
That is the main reason I started the Dissecting the Hack community at dissectingthehack.com. I want a place where people who were just getting into or just mildly interested in Information Security could go ask questions and not be judged. There are people in the INFOSEC industry who take great pride in being better than others and spend their time pointing out the wrong in everybody else with out giving proper input on how anyone can improve. We need to be shown the flaws but we should, at the same time, be willing to help educate and help others who have fallen or made mistakes. My site is not for the perfect to educate the ignorant, but a community helping each other to grow.
No one knows everything but together we can all teach each other something new and valuable we didn’ t know before.
Q: What advice can you give to people who want to get into the information security field?
Don’ t get into this field unless you have the commitment to fight the good fight. I tell people that if you get into this because you think it is a good career choice then you will fail because the people you are fighting are having a blast and having fun. We need to be able to match that zeal and passion, plus we are the good guys so we have that going for us as well 🙂
Q: How can people get a hold of you (e.g. blog, twitter, etc.)
That is easy, I spam the inter-tubes with sites.
My personal site is http://F0rb1dd3n.com.
The book/community website is http://www.dissectingthehack.com.
You can find me on Twitter as http://www.twitter.com/jaysonstreet.
And if you ½ way know me, friend me on FaceBook 😉