Time
4 hours 21 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:00
I don't do you thinks it's been very helpful.
00:03
It's our first question. This one I'm gonna give Thio I'll have 10 start with when job surging. How would someone answer the What experience Do you have a question relative to cyber security if their experience is in the gray area without incriminating themselves? For those who don't already know, Gray Hat hacking is sort of this quasi legitimate term
00:22
discusses the people who have performed
00:25
Perhaps, you know, black hat or malicious or bad guy activities, or have also, you know, performed security analysis and positive, beneficial in support of an organization. Ah, lot of times we're talking about great hacking. We're talking about people who went bug hunting, found a vulnerability, talked to the company about disclosing it, and then either
00:42
the company didn't react fast enough for didn't react the way they like,
00:45
and so they just throw that vulnerability out into the world. Sometimes you talk about gray hats as black hats who are what we call activists, and I don't call them that normally because I think that term is it's like nails on a chalkboard to me. But it's a term you hear in the media a lot. And those people who are performing, you know, black hat and potentially malicious hacking
01:03
to pursue something that they believe to be a moral right.
01:06
Great example that would be like people who work for Wikileaks. You know, whether or not they are correct in that moral right is its own question. But the people who are pursuing these these goals are generally people who are working for something they considered morally superior than whatever law breaking.
01:21
So that's the question Can how would you describe your job experience without incriminating yourself?
01:26
Well, rule number one is Don't say Hey, Yeah, I hacked the Pentagon, you know, on Friday and I did this, but but think about what you're doing. So if you are in that gray area, if you are a black hat hacker looking to convert to the other side, then focus on like what you're actually doing, right? So I'm doing these things with these particular tools. You know, I've got Lennox knowledge at this level,
01:47
you know, whatever task you're actually doing,
01:49
you know, again, without incriminating yourself. So don't say like I did. You know, I did this against this particular company or this type of router. I just mentioned that, you know, in my own practice, I've done these things on my own, you know, lab environment or something like that. So
02:04
it's, you know, you're in the gray area there, so just don't way. Can't give you legal advice. Let's just say that I know Joe is eventually gonna go to law school, but not yet. That's way we're going to keep driving in there a couple times in this video. We are not lawyers. Nothing we say in this video will constitute legal advice. If you take what we say is legal advice, you're not going to have a good day.
02:23
Just head. Yes, yes,
02:24
Yes, more. More than likely Not gonna have a good day. So yeah, really? Just break it out. You know, that's s anything even if even if you're not in the gray area and you're just trying to learn different things, you know, practicing things, you know, in your own labs, bust out those things, you know, into a document or some kind of demo video where you're showing like, Okay, this is what I'm doing. You know, this shows my skill level
02:44
for this particular area,
02:45
and that's the biggest thing. That's what employers want to see. They want to know because I could send a resume and Jorgensen went in. But if neither of us really has the hands on skills where we can prove it, the employer doesn't know, like who's who, right? They don't know if I'm better than Joe. If she was better than me, by the way, we're both the best. Exactly. Yeah, exactly. Every we know everything.
03:05
Just kidding.
03:06
No one knows everything. By the way, if they're telling you that they have, like no skills, that's a good good, perhaps, but anyways digressing a bit there, but really just showing your skills right? So not showing a legal skills. So figure out whatever illegal stuff you're doing or gray area stuff you're doing. Figure out the actual skills there
03:23
and what you can present to an employer. One of the best things that you could do
03:27
if you're someone who is engaged in activity that would be classified as you know, illegal or would be considered a breach of laws and regulations. One of the common ways that people sort of self rehabilitate and become white hat hackers or
03:39
sort of, you know, get involved professionally
03:43
is by publishing their research, doing it through the proper disclosure and revealing that information in the company or the organization first, giving them the opportunity to actually handle that problem and then publishing it in a safe, secure, sort of responsible fashion.
03:59
And that's a way that you can kind of make that transition. You can take a lot of things you're doing that may have been sort of quasi legal or illegally uncertain and move that back towards something that you can talk to an employer about. Uh, you know, I would say the best way to avoid incriminating yourself is not committing crime. That's generally
04:15
I'm willing to say that that's probably advice that a lawyer would give you is don't commit crimes,
04:20
but yes, in general, just whatever you can do to translate your skills back, just sort of a more abstract way you're gonna you're gonna see some success with that

Up Next

Introduction to IT & Cybersecurity

In this FREE IT and cybersecurity training for beginners, you will learn about the four primary disciplines of information technology (IT) and cybersecurity. This introduction to IT course is designed to help you decide which career path is right for you.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor
Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor