Episode 2 - Should have listened to Network Chuck Artwork

Security Chipmunks

Welcome to Security Chipmunks where we talk about the development of cybersecurity skills. To stay up to date in today's world you need to be resilient, that’s why as Advanced Persistent Chipmunks we keep chipping away at it.

All Episodes

Security Chipmunks

Episode 2 - Should have listened to Network Chuck

April 11, 2021 • Edna • Season 1 • Episode 2

Send us a text

In our second episode we discuss Cybersecurity concepts, learning opportunities, upcoming conferences and answer questions from the audience. Stay to the end for the blooper reel!

News

Facebook
https://www.cnn.com/2021/04/04/tech/facebook-user-info-leaked/index.html
https://haveibeenpwned.com/

Conferences
https://introseccon.com/
https://carolinacon.org/
https://www.dianainitiative.org/

We are also asking our listeners to send in your virtual free or inexpensive Cyber conference recommendations.

Question

Question for Neil from the audience: “If I’m running a command in Linux and there is no message. How do I know a command ran? Is there a way to check?”
- Yes, you can view the exit code of the last command run in the session with:
echo $?

Exit Codes
https://tldp.org/LDP/abs/html/exitcodes.html
Special Variables
https://www.tutorialspoint.com/unix/unix-special-variables.htm

Education

DoD Cyber Scholarship Program

https://public.cyber.mil/cysp/

I should have listened to Network Chuck
https://www.youtube.com/watch?v=6HsgCor5I28
https://www.acm.org/membership/membership-options

SANS Work Study Program
https://www.sans.org/work-study-program/

Socials

Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
Follow us on Twitter: https://twitter.com/SecChipmunk
You can find us online at: https://securitychipmunks.com

Unknown: 0:01

Thank you.

Edna Jonsson: 0:08

Welcome to the Security Chipmunks podcast, where we talk about the development of cybersecurity skills. To stay up to date in today's world, you need to be resilient. That's why as Advanced Persistent Chipmunks, we keep chipping away at it. I'm your host, Meg Sedna-Johnson, and I'm here with my co-host, Neil Smalley. Hi, Neil.

Neil Smalley: 0:32

Hi, Edna. What do we got on the list today?

Edna Jonsson: 0:37

Well, first, I want to talk about some news um you may have heard but there was a large facebook leak recently about a half a million users information including phone numbers were exposed in this leak and it was posted on a hacking website according to cyber security experts

Neil Smalley: 1:04

I think some of the confusion around it was that it was from an initial breach a few years ago and some new data has just been leaked.

Edna Jonsson: 1:14

Yep. But it's still a threat to your security. So you might want to check. There are websites out there. One is haveibeenpwned.com. And you can check your phone number and your email to see if you were affected by the breach. So that's it for the news. How about some conferences? Have you heard about any conferences? Any good ones? I

Neil Smalley: 1:44

am not up to date on that enough, as it were. From last episode, we did mention one that's coming up very soon. And that is the IntersectCon event. It's going to be freely available online. Yes. That's like the most pressing one that I know of off the top of my head.

Edna Jonsson: 2:14

OK, so I found out about a couple more. So there is Carolina Con that is happening April 23rd through April 25th. And that's going to be live online. And they will have some workshops, and they have a Discord that you can join, so you can start connecting with people there. And then another one, another conference that I know of, is the Diana Initiative. That conference is going to be part of that Summer Hack... Hacker Summer Camp. Sorry. Are you familiar with Hacker Summer Camp?

Neil Smalley: 3:09

Well, let's pretend I'm not, and let's explain it for people who might not know.

Edna Jonsson: 3:15

Okay, so Hacker Summer Camp is going to be a series of conferences that happen in Las Vegas when we are in person, but that's... They're held in Las Vegas, and there is Black Hat, there's DEFCON, B-Sides Las Vegas, and the Diana Initiative. And so they happen one after another. So you could go and go to one conference,

Neil Smalley: 3:51

still

Edna Jonsson: 3:52

staying in the same hotel room, and you don't have to leave. Yeah, so you go there for summer camp, and you go to the different conferences. Um... Yes, so the Diana Initiative is one that is created for women, non-binary, and trans people to come and learn in an inclusive environment and a welcoming environment. And they have villages. They have a career fair. And one of the cool things that I recently found out is that they have a teen village. So they're encouraging teenagers to get involved in tech and in cybersecurity. So they're going to have workshops specifically for the teens. They're going to have talks that are both for beginners and for teenagers. So they'll have some entry-level information. And I just think that's fantastic. So I'm very excited for that.

Neil Smalley: 5:10

It's great to have events you can go to with your friends and learn about things when you're that age. I know I certainly enjoyed going to different events.

Edna Jonsson: 5:21

Yeah. And you can attend this online for free. The tickets are $5 for general admission, but for unemployed, underemployed and students and for military veterans, tickets are free and they make it really easy to go attend. All right. So listeners, we would love some more recommendations. Please send us your recommendations on any conference that you know of in the cybersecurity field that is virtual this year and is either free or very inexpensive so that it is accessible to our listeners. So I was thinking, what are some ways that people could get involved in their local InfoSec communities?

Neil Smalley: 6:14

So there's... various different groups sometimes it's a little harder to find a group if you're more rural i've definitely run into that problem but there's also this perspective you can always start a group if there isn't one in your area so I mean running a group is a lot of work but it is very rewarding as well I think I say it a lot but you get out of things what you put into them so if you put a lot of effort into things I think you will learn a lot at least that's my perspective perspective on it and so in at least in where I live groups tend to be clustered you know up towards more towards CA at all and whatnot so there's lots of different groups whether it's strictly security or a niche like programming or hardware hacking or something like that so there's all sorts of different opportunities out there.

Edna Jonsson: 7:36

I would say checking out TC groups, DEF CON groups. DEF CON has local groups and the 2600 has meetups. You mentioned 2600 last episode. You're

Neil Smalley: 7:51

still a fan, right? I know that I've actually been to one of their meetups, but as with most groups, definitely try to contact them before you show up because those listings can be out of date sometimes or especially with the pandemic things do change

Edna Jonsson: 8:12

yes I know in my area the groups the deaf group has had online meetings had meetups on discord discord is really the place to talk to people nowadays I don't know if it was this popular before the pandemic I know for me, I was not on Discord until the pandemic hit. I viewed it as, that's the gamers. I am not a gamer. I'm not getting on Discord. And then I started signing up for workshops and things like that. And then one by one, I started getting added to more and more Discord servers and having more conversations in there. But yeah, that is one way that you can get involved with meeting people. I think I last had a conversation on IRC in 2016. They're

Neil Smalley: 9:15

still alive and kicking out there. But I definitely think Discord is more approachable for a lot of people these

Edna Jonsson: 9:24

Let's jump into where we cover questions from our audience. We have a question this week from our audience, and this question is for Neil. Our audience member says, if I'm running a command in Linux and there is no message after the command ran, how do I know a command ran? Is there a way to check for that?

Neil Smalley: 9:50

this is a very good question to be able to see whether or not the command runs successfully, we can use what are called built-in variables. And built-in variables are automatically set by the shell. So for your current session, there are certain things that will hold various values. So in this case, what the variable is holding is the exit code of the program. So whether or not the program failed or run successfully or some other specific error. So to get this, we would just echo space dollar question mark, dollar question mark being the specific variable. And so typically, you'll get just zero, which means the command runs successfully. Oftentimes, you'll get a one, which is a catch-all for general errors. These are the two most common I run into. Otherwise, you can just look up exit codes. If you run into one you don't recognize.

Edna Jonsson: 11:03

All right. Very good. So do you use that command often in your own work? Or do you trust that the commands

Neil Smalley: 11:13

that you run work right away? So I don't use it too often, typically, because I am doing something that I can directly see that either worked or it didn't. So renaming a file, moving a file, deleting something editing it so it's usually something that's human readable that I can go back after I've run the command and check and see that it worked by just viewing it

Edna Jonsson: 11:48

So that leads me to the next thing that I wanted to talk about, which is Google Fu, which is how do you learn all this and how to make your friends and family think that you're an expert and that you know everything? Google Fu, what is it?

Neil Smalley: 12:09

Absolutely.

Edna Jonsson: 12:10

Is it a skill?

Neil Smalley: 12:13

Yeah. Yeah, so it's something that you develop over time. Yeah. Most things can be chipped away at and developed by asking questions that narrow down what you're trying to achieve. So, for example, taking the... previous question we had from running command in Linux there's no message how do I know if it ran so for example you could take the what the command when I approach a problem I have to understand what everything is asking so the question if I run a command in Linux so like if I didn't know what Linux was okay that's going on my list so I build myself out a list of vocabulary and break down each of those terms. So like, okay, Linux, I can put that into Google. What is Linux? And then I could go to the Wikipedia page and read about that. And so once you understand what the sub components of a larger question is, you can really start refining the, the vocabulary of what type of things you need to search for. Sometimes it's as simple as running a command in Linux, but there's no output. How do I see if it ran or not or something like that? Other times you have to find the specific... way people in the industry or that particular subset of speciality define things. I don't have a really good example right now, but there's always going to be something you're coming across that you just don't know what it means. And so as long as you break it up into smaller parts, you can eventually build the larger aspect of what you're looking for. So start small.

Edna Jonsson: 15:16

Okay. Start small. Use the Google skills and ask questions to fill in so that you can get to what you're really trying to find out. Those are good tools for the toolbox. And using tools for the toolbox, you mentioned in there you have a list of terms. A lot of professionals, they keep notes of their learning and of their experiments as they're working through machines. What are some note-taking advice that you have or... services that you recommend

Neil Smalley: 15:59

i typically or at least for years i would carry around like pocket-sized moleskins or as some people like to call them meal books but uh or even other people call them like grimoires or whatnot you know because you have your all your unique to you notes typically everything i might need later will go into my notes not necessarily verbatim. And a lot of times now I have my, my phone, but I haven't always been like, I've, I've lived really before where internet's not that great. Sometimes you are trying to troubleshoot networking and you don't have internet access to look stuff up. So if you have notes on what you're trying to do, it can be quite handy. But the part I was talking about is just reading something new and then taking key points that look interesting to you or that you don't understand and researching them further to develop an understanding of the larger picture of what's going on. It's kind of like starting out in a game or just in like a dark cave with a little flashlight As you go along, you're finding parts to a bigger flashlight. You don't necessarily know how to use it yet, but if you look at each part of it, you can figure out how to build the larger flashlight and illuminate a larger area or whatnot.

Edna Jonsson: 17:46

I want to add with the note-taking that I was mentioning. Taking notes during your learning and making note cards and repeatedly looking over the information that you have learned is going to help you retain the information that you learn. Otherwise, you're not going to remember it in the long term. And a lot of the professionals, they will keep their notes in certain software because copying and pasting things It's just really handy in IT fields.

Neil Smalley: 18:30

So for retention, having the notes or the flashcards to go back to. And so Anki, for example, does that automatically out of the gate for you. So it's just a flashcard program. And you can make your own or download other people's decks of flashcards. And it'll quiz you. you on one it'll keep track of ones you've done and then you mark how comfortable you are with with the answer and then it will automatically keep track of when it should quiz you again so it's really yeah

Edna Jonsson: 19:11

that's a good one that's a great recommendation on the job hunting side so when you are ready to start looking for work uh linkedin has this new feature where when you're setting your profile to open to work you can add a video so a video intro for your page because right now in the pandemic you're not able to meet with people one-on-one and network with them this gives you a chance to let companies and recruiters know who you are so this is going to be a great opportunity if you're good with making videos and there is my recommendation is to go to invideo.io where you can make videos up to 15 minutes for free and use that to make your introduction video you can add text and effects to your videos so I think that's a quick website to make video for your page so that you can introduce yourself to employers. On the education side, I have a featured scholarship again. So today I'm going to feature the Department of Defense Cyber Scholarship Program. So this is a scholarship, Department of Defense. If you meet the qualifications, you get a scholarship to go to college. They have both recruitment scholarships for non-Department of friends employees and they have retention scholarship

Neil Smalley: 20:58

so speaking of learning so about two years ago i think network chuck are you familiar with network chuck he had a video about the o'reilly learning platform or maybe it was called safari maybe it still is i don't remember anyway it's the o'reilly learning platform and basically i should have listened to him um much earlier. I finally got around to getting on the O'Reilly Learning Platform. So I don't remember if he talked about it, but there's been plenty of people who have talked about it at this point, but I still run into people who don't know about it. So anyway, I'm going to talk about it. So if you become a member of ACM, which is the Association for Computing Machinery It's the world's largest computing society, and it has a multitude of benefits, but the one I was most interested in was the fact that it gives you access to the O'Reilly Learning Platform. I think in the Network Chuck video from two years ago, it's like... $49 a month or something. Anyway, it's like let's just say $50 a month if you're not going through ACM. With ACM, as a student, you can get a $20 membership for a year. That's a huge savings. It's not just like the O'Reilly books, which are the color-coded ones where the animal on them and whatnot which are a favorite of mine but they also have publishers like packet no starch wiley all my favorite books and the ones that show up in humble bundles half the time so i really like humble bundles and if i'm buying one a month you know that's like several hundred a year so the membership pays for for itself. It's not as cool as owning the PDF or the EPUB or whatnot. And you have to read it through your web browser. Or if you want it on mobile, you have to read it through their app. Their app's pretty decent. Some I want to that some books won't load quite as nicely through their app, especially like when you mentioned last episode, I think the, how the internet works, that one is a kind of more of a picture book. And so it doesn't really load very well on the mobile app, but overall, I think it's a fantastic resource for students. And then even if you're not a student anymore, they, they, you can still get an ACACM membership and it's still going to be a reduced cost compared to just going and getting the O'Reilly membership outright I would call it a hidden gem that I should have definitely checked out sooner I'm just so happy I've been looking at like all these books that I've wanted to get like the volatility handbook or whatever it's called the book about using volatility for memory for forensics, and then the CIS internals manuals for Windows, inner workings of Windows and whatnot. There was like a no starch book that just came out here in April, where the author maps NIST guidelines to ninja scrolls from like historical ninja stuff to actual NIST best practices and stuff like that. so I've just been having a blast with it and then the other thing that has been covered but I certainly hadn't really heard about it until like I think this year and I've actually just told somebody the other day that I hadn't heard about it is if you're familiar with the SANS Institute they do lots of training and certifications that are in demand. And so they're really expensive. So you'd want your employer to play for it or whatnot. For example, the introduction to cybersecurity, SEC 301, just the course alone is $6,340. So that's... way out of my price so sans has a work study program and if you do the work study program you get four five or six day courses for two thousand five hundred dollars or a one two or three day course and summit for 417 per day so a significant cost reduction that makes it even plausible for a student or whatnot, or just somebody trying to get it on their own and they don't have work paying for it or whatnot. So I think it's a great opportunity.

Edna Jonsson: 26:49

That is a great opportunity. If you're new and you're trying to get into the workforce, if you're able to afford that reduced rate, that is a great cert to get. There are some companies that hold the the SANS certifications in high regard and are much more likely to hire people that have those types of certs, particularly in Virginia, from what I understand. Do you have any last thoughts for the day?

Neil Smalley: 27:20

I'm just excited. There's always something to cover in cybersecurity. There's lots of content that we have yet to go over. There's just so much room to grow.

Edna Jonsson: 27:35

There is a lot of opportunities and a lot of different sections in cybersecurity that you could focus on. So I just want to leave our listeners with this. It may take a little while. It may take a long while, but as long as you're continually working on your skills and you have the desire to get into the field, you will get there. I believe in you. That's our show. Thank you. Thank you for listening. I love Network Check. He is great. He's on YouTube. Free node! But they wanted to know if you have a command that you're running in Linux and there's no command. I'm sorry. If you're running a command in Linux...