Security Chipmunks
Security Chipmunks
DEF CON's Noob Village: Creating Space for Cybersecurity Beginners
Ready to break down the intimidating barriers of cybersecurity conferences? Join us for an eye-opening conversation with Josh Mason, a former Air Force pilot and cyber warfare officer who's on a mission to make the industry more accessible to newcomers.
Josh shares his personal journey from military service into the cybersecurity field, revealing the challenges he faced along the way and how those experiences inspired him to help others navigate similar paths. As the creator of DEF CON's upcoming Noob Village, he's tackling a problem many have whispered about but few have addressed: the often overwhelming nature of hacking conferences for first-time attendees.
The Noob Village concept is refreshingly innovative - creating a dedicated space where beginners can find guidance, connections, and support without judgment. We explore the unique features of this initiative, including a beginner-friendly CTF with a twist: participants earn recognition not just for solving challenges but also for helping others succeed. With talks from industry experts like Jason Haddix and Philip Wiley, plus a "No Stupid Questions" table staffed by friendly volunteers, the village promises to transform how newcomers experience DEF CON.
Perhaps most valuable is Josh's insight into effective networking in cybersecurity. Forget strategic business card exchanges - he advocates for simply showing up with a friendly attitude and genuine curiosity. Through his experiences at conferences like Wild West Hacking Fest (which he describes as feeling like "a family reunion I look forward to"), we discover how the most meaningful professional connections often start with casual conversations and shared experiences.
Curious about breaking into cybersecurity or making industry events more inclusive? This episode offers practical wisdom, encouragement, and a reminder that behind every intimidating technical challenge is a community of people eager to help you succeed. Connect with the Noob Village Discord community at noobvillage.org/Discord and discover how you can contribute to making cybersecurity more welcoming for everyone.
Socials
- Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
- Follow us on Twitter: https://twitter.com/SecChipmunk
- You can find us online at: https://securitychipmunks.com
is from a cooperative project for acquiring skills essential to learning. Welcome to another episode of Security Chipmunks, where we keep chipping away at it. I'm your host, edna Johnson, I'm here with my co-host, neil Smalley, and today we have our guest Josh Mason. Josh, go ahead and tell us about yourself.
Speaker 2:Hey, thanks for having me, edna and Neil. I'm a former Air Force pilot and cyber warfare officer. I've taught cybersecurity after getting out. I've now gotten into the sales side after doing some consulting work with pen testing companies, and I like helping people get into cyber myself. It was about five years ago, beginning of 2020, I got out of the Air Force and I learned how hard it is to get a job in cyber, and so since then, I've been trying to help other people use the tools that I found along the way help other people use the tools that I found along the way.
Speaker 1:Yeah, that's awesome. I love that you not only like figured out how to get into cyber for yourself, but you're also helping other people around you and lifting them up and helping them figure out how to get into cybersecurity. It's really kind of you. So I heard that you have a village that's coming up at DEF CON.
Speaker 3:Noob.
Speaker 1:Village, so that's really exciting. What can people look forward to at Noob Village?
Speaker 2:So one of the things I had heard about DEF CON was that it's not very noob friendly.
Speaker 2:Unless you know people or you've been around for a while or you know what you want, def CON can be kind of overwhelming.
Speaker 2:So I had the idea a few years ago to have a whole village where it could be hey, if you're new, show up here first, we'll help you out, we'll point you to things, we'll connect you with people, and so that's a little bit of what Noob Village is doing and we're working alongside.
Speaker 2:We've got friends in Lonely Hackers Club, we've got friends at the Diana Initiative, and so all three of us are actually communities kind of in the same space on the second floor where we'll be having a super new, friendly CTF and an area where, if someone doesn't know how to do a CTF or they're wary, they're brand new, they haven't won a black badge at a wild west acting fest and they want to get into it, we're going to have people there willing to answer questions, happy to walk them through things. We're actually going to even have like a pro-am sort of thing. There's going to be a award for some people doing the CTF. There's also going to be a reward for people helping. So if you're a helper you can register. I'm used to VAR sales or like partner sales or like you register a deal, so then you get the benefits of that deal. Oh, yeah.
Speaker 2:So we're kind of going to be doing that here where, oh, I helped Susie with this challenge and she passed it, so I'm registering that and now I get points, and so there's going to be the regular scoreboard but also the helper scoreboard. Be like who can be the most helpful?
Speaker 1:That's pretty cool.
Speaker 2:Yeah, we're going to have some like CINAC red team is actually going to be sponsoring the prize. So next week, when all the lego stuff goes on sale on, uh, may 4th, we're gonna get some really huge uh lego sets like a millennium falcon or so, uh the death star, things along those lines for those those are gonna be prizes don't know when you say le stuff is coming out, what are we talking about here? So have you seen the Lego Millennium Falcon?
Speaker 3:I know there's been different versions of Lego Millennium Falcons through the years, but I wasn't aware of any new ones coming out.
Speaker 2:Not new. They just go on sale on Star Wars Day, may 4th, because may the 4th be with you, right? So we'll see what cool stuff comes out on sale, gotcha.
Speaker 3:I just wasn't sure if it was like a special Cynac edition or something oh, we should talk to people about that yeah, you can also make like custom lego figurines.
Speaker 1:I love legos so you can make them custom and like you could put like noob village on the back of it or something that would be kind of cool that would be cool.
Speaker 2:A lot of the ideation that we're doing is in Discord and if anyone wants to go to noobvillageorg forward, slash Discord, we'll take them to the link to our Discord and really anyone can jump in with ideas. I don't know if it's the best way to do things, but it's what I'm doing and it's working out really well.
Speaker 1:That's great. I really love that. You're encouraging people to help out and get involved and volunteer and getting other people involved. That's great. It's wild.
Speaker 2:I didn't know what to expect, which is, I should have known to expect some things. I've been volunteering with Simply Cyber and I used to volunteer with Cyber and Security, and I've worked with Wild West Hacking Fest, and there's plenty of people who will raise their hand and volunteer. There's people who will make podcasts to help out new people and people to do mentoring and speak on the topics, and so it shouldn't be that surprising. But at the same time, I was like I don't have anyone who's like I'm in. If you do this, it was well, I'm here, I'm doing this. Who wants to help? And the server's got like 250 people in it now.
Speaker 3:And I invited a few, you know.
Speaker 2:I invited Wade and Philip Wiley and, uh, you know yeah, folks, folks yeah yeah eddie and etc. Um, but organically. Uh, just people saw things on linkedin or on reddit and were like I want to help with that, I want to be part of that and it's really, really freaking cool.
Speaker 1:Yeah, that's awesome.
Speaker 2:One of the other things that we're going to have is a no stupid questions table where we'll answer anything Career stuff, def, con stuff, hacking stuff. There's no stupid question. If we don't know, we will find it out. And yeah, one of the great things, we put together these ideas, we brainstormed and then we like pick the stuff and now I've assigned them to leads and I'm kind of leaving it up to them to flesh out the managing, the managers. It's wild.
Speaker 1:Yeah, that's awesome, so you're delegating. Exactly, it's the yeah, that's awesome, so you're delegating.
Speaker 2:Exactly.
Speaker 1:It's the best way to get stuff done. When you get others to help, you get the work done 100%.
Speaker 2:You know what it's like running. You do the local death con right? Yeah, I do.
Speaker 1:I organize with DC 407.
Speaker 2:Yeah, and like it can be a lot of moving parts yes finding people who will take something and run with it takes a lot of the pressure off.
Speaker 1:I I find yeah, so I heard there's going to be talks.
Speaker 2:Yeah.
Speaker 1:What kind of talks are you going to have?
Speaker 2:We're going to have CTF one-on-one type talks, uh, from uh, ben Nomsack. Uh, I also have LinkedIn on my other window. Jason Haddix just got back to me. He's doing a talk on like bug bounty 101. Tyler Ransby is going to do a web app, pen testing 101 and a new friendly stuff. Actually, I think I'm working with them to actually have a challenge in the CTF and they'll walk people through that challenge and then it'll be easily repeatable if they want to do it themselves. Phillip Wiley is going to do a. I asked him if he'd do his Pentester Blueprint talk, so he's on board for that. Alith Dennis is going do um a talk. I asked her to do like an intro on osint and social engineering. Um, I've got a whole list, I should just pull that up.
Speaker 3:But yeah, a bunch of talks those are like phenomenal speakers yes, it's funny, you bring up the blue tester, uh, the pen tester blueprint. I actually uh have that on my desk right here, so nice yeah one of the first ones I got.
Speaker 2:I yeah nice. And it's a weird world where I remember hearing philip's podcast and seeing him on linked LinkedIn and getting the book and reading through that and then bumping into him at stuff. Or when he was at different companies, I was like well, they say to reach out to someone who's at that company to ask things, so pinged him on LinkedIn, ask some questions. He's like here's my phone number, give me a call. And we chatted and yeah, great friend, hung out at a bunch of different conferences and I love it, it's awesome.
Speaker 3:That's what I've been discovering. People are just so nice and willing to help you out if you just ask them.
Speaker 2:Yeah, it's one of those things where I think we think of like the celebrity Hollywood or like politician people on TV kind of world and like they're distant and so like. Then in like cybersecurity, we've got people who show up on things, who host podcasts or who speak at conferences and we're like, oh, that's like a celebrity, but it's just a person who either has like a low tolerance for shame, like myself, who's willing to just show up and look stupid, or just friendly people willing to help out. So yeah, it's wild. Willing to help out, so yeah.
Speaker 1:It's wild, yeah, and those people are so willing to help others and it's kind of why they volunteer and put themselves out there. But the people that you see that you think are like huge celebrities. Some of them are like overwhelmed with messages, but some of them, like the more local ones and and people who you are in your community, near you, they welcome you, reaching out and asking questions and, um, learning more about the field and stuff like that. So it's pretty cool.
Speaker 2:There's uh, I don't know, but you guys, I, I get, or you'll I get a ton of um messages on LinkedIn that are spam, like people's trying to sell me things or recruiters trying to hire me people. I don't know, I don't know what they're trying to sell. It's really annoying. But then, every once in a while, I'll get someone who's like new and they're like oh, I'm thinking about doing this like excellent, that's the message I want to get. I want to get the person who's like hey, I've been studying this, is that going to help me get a job? So then I can, you know, go into the whole spiel and like share all the knowledge and help out. Um, I love getting those, but I think people are scared of being like I don't want to take up your time, but people show up with questions, like questions that they want answers to, like I. I know I'm not alone, because I've heard other folks share the same things and you're nodding, so I assume that you feel similar.
Speaker 1:So yeah, I I love helping people who are new to the field and want to know, because I know like when you're first getting into this, you don't know what this career is like. You don't, you don't know the landscape and you're trying to figure it out. And there's some things that you can read online, but it it helps to have somebody that's been there before and can guide you, and so it's great when you can ask for help and get some guidance.
Speaker 2:Exactly.
Speaker 1:Yeah.
Speaker 2:I'm actually uh, that reminds me I'm horrible at uh, I'm actually working on a book with packed right now, uh, beginner's guide to cybersecurity. That is amazing. I've been trying to like put all the stuff that I know in there, um I love that that's gonna be, awesome I'm looking forward to it coming out. Um, my editors don't really get my vision for it. They keep wanting me to make it like a textbook, mm-hmm.
Speaker 1:People aren't going to read a textbook. Yeah.
Speaker 2:Exactly.
Speaker 1:Yeah, I think PACT does have a lot of history with making textbook type of material, so I can understand that. But yeah, I get that you're trying to not make a textbook, you're trying to get something that people want to read. They want to go not just like they took a class and have to read it, but like I actually want to read, they want to go, not just like they took a class and have to read it, but like I actually want to read this because it's so interesting.
Speaker 2:Yeah right, that's, that's the goal. Um, I've got I know I've got a unique voice, uh, in the space and so, but I don't know people react to it in positive ways, so that's continue to do my thing. Hopefully it, yeah, keeps working.
Speaker 1:Yeah, so I know that you breaking into the field, you did a lot of volunteering. So, like, in your volunteering time, what has been your most like favorite volunteer activity that you did and what do you feel like has been your most favorite volunteer activity that you did and what do you feel like has been the most impactful?
Speaker 2:Ooh, my favorite, I think, remains Wild West Hacking Fest it's. It always feels like either a church retreat or like a family reunion that I look forward to, if that makes sense.
Speaker 2:I've been to Wild West Hackenfest so it makes sense to me but, like for our listeners who may have not been to Wild West Hackenfest, it's more like a summer camp than anything else, except your activities are talking about hacking or defending or discussing policy with you know, leadership, that sort of thing. And then the people who you're interacting with live and breathe the same struggles that you do both at the job, trying to get the job, like um, uh around all the technical pieces and the non-technical pieces, and it's uh, it's one of those things. It's not easy to get to Deadwood, south Dakota.
Speaker 2:The scenery is worth it though, yeah, you got to fly out there and then get on the bus or rent a car. If you're, I show up. I showed up early last year and I'm going to this year to help out with training, so the buses are running on that day Cause there's like five of us. Yeah, but you get out there and then you're kind of in the middle of nowhere, all these casinos and little hotels and like it's uh cute and it's, you know, quaint in the mountains and everyone is super nice.
Speaker 2:John's like first and second rule is it's not, you know, don't talk about fire club, it's be kind. And the second rule is be kind. And so you just end up with like this very friendly feeling from everyone and uh, instead of, but you still get quality stuff Instead of, but you still get quality stuff Like some of the most skilled or experienced folks in the community are there contributing and they're friendly and they want to hang out and do like who's slide is it anyways? Or karaoke, or play magic, the gathering. I've got a picture from last year of a bunch of us with Jerry Osher and Bo Bullock and Zach Hill and man, why am I blanking? Kennedy, trusted Zach, dave Kennedy.
Speaker 1:Dave Trusted Sack, dave Kennedy, Dave Kennedy, dave Kennedy and Dave.
Speaker 2:Kennedy. And then a bunch of other, just random, like folks who are brand new, all playing Magic the Gathering and I think Bo beat Dave Nice, but like that's what you get. There is like people who like own cybersecurity companies or companies or like are the lead, like instructor for cloud pen testing, oh, and like really helpful folks just there to hang out and, you know, make new friends themselves.
Speaker 1:Frankly, yeah, that's awesome.
Speaker 2:Yeah.
Speaker 1:Yeah, I love the vibe when I go to Wild West Hackfest. Everybody's so nice and everybody's friendly and there's no egos there. You're just an attendee and that's an attendee, and you're just there to have fun Exactly.
Speaker 3:And I mean, isn't that what networking is really about? Like people ask, how do I network? And it's like, well, make friends, yeah be friendly.
Speaker 2:Like show up and be friendly. Like there's plenty of places on social media or um, on like on youtube live streams or on linkedin or discord communities or at conferences. Like just show up and be friendly. It's not to be great at anything, you don't have to be an expert, you don't have to know a whole lot, but if you're friendly, like man, that'll go far. I can take a friendly person willing to put in some work and, like turn them into something huge. So yeah, so, yeah. So people who are like I don't know I don't run into many of them, people who aren't friendly, I don't know, I don't know where those people are.
Speaker 2:Fortunately I don't really attract them. They don't like my vibe or something. That's fine.
Speaker 1:Yeah, that works for me. Nice, they don't like my vibe or something. That's fine. Yeah, nice, um, all right. So getting back to the the question with volunteering, your favorite volunteering was wild west.
Speaker 2:yeah, yeah, um, I'm really looking forward to new village. It's hoping it fills a gap, that it fulfills a need, and there's a little bit of me where I constantly wonder, like, do I just think that we need that thing? Am I being like full of myself? But I'm really hoping it it does go places.
Speaker 2:Um, the most impactful I don't know uh, I've run into folks all over the place. I made some of the videos and helped with the test for um or I'm mostly qa'd and ideated with alexiersploit on EJPT version two. So like sometimes people walk up to me and be like oh hey, I took the test and I recognize you from videos Like that's awesome. Some people from podcasts, some from Simply Cyber, some from other talks I've done I never know what's going to hit with people and I'm always surprised and like I don't know. It feels really nice to hear someone be like oh hey, this really helped. It's like, oh, I'm glad, that's that. That was the goal.
Speaker 3:Yeah. You just never know who is going to be affected by what you put out there. So it's definitely a journey and experience to uh find that out for sure, exactly.
Speaker 2:Exactly.
Speaker 1:All right, Well, thank you so much for being on the podcast. Please make sure to like, follow and subscribe, and we'll catch you on the next episode of Security Chipmunks. Keep chipping away at it.