Infosec Career Podcast – Episode 9

Tim Medin is the founder of Red Siege and a Principal Instructor for SANS.  Tim and I discussed how he started doing security research and eventually got to his work with Kerberoasting.  It’s a process that requires persistence and a lot of “failures” before the success comes.  He’s an incredibly talented person and is extremely easy to talk to.  I think you’ll be able to hear that as you listen to this episode.

iTunes
Google Play Music
Stitcher

Jason’s Notes

Security Research

1. Pick something you are interested in, even if it isn’t new or unusual.
2. You don’t have to do original research.  One of Tim’s early projects was to follow someone else’s blog post on hacking an IP camera.  He bought a different model, followed the blog post to get started, and then worked at the things he discovered.  This actually resulted in a bug bounty for Tim before bug bounties were really a thing.
3. Things frequently don’t work out like you were hoping in research.  Keep going anyhow.  Even with the failure, you will learn things.  Don’t be afraid to fail.

Collaboration

1. Working with others is hugely important.  You get ideas from talking with others that you never would have thought of on your own.  Go ahead and talk about what you are doing with others.
2. You can collaborate on research, tool development, or writing blog posts.  This can also help raise awareness of your work.  You can collaborate with some really cool people.  Just participate.

Starting a Business

1. Only start your own business if you really want to be a business person.  There’s a lot of overhead and grinding work that goes with running a business.  Your tech time will drop as you do the administrative side of things.
2. Don’t quit your day job to start a business until you have the initial clients or contacts for subcontracting work.  You need to have work coming in so that you have the cash flow to survive.
3. Cultivate your contacts and relationships with people first.
4. Be ready to deal with paperwork.  It’s just part of the deal.
5. You can set up a business that runs with how you want your life to be scheduled.  Tim cites Robin Wood (@digininja) as an example of this.

If you want to contact Tim or learn more about his work, check out his website at redsiege.com or on Twitter using @timmedin.