Last week I went on a course and it was epic - probably the best technical course I’ve ever attended. It was entitled “Hack Yourself First”.
Why was it so good?
It wasn’t the subject matter – as interesting and entertaining as it was.
It wasn’t the “best hotel in Glasgow” venue (although Blytheswood Hotel, you did let yourself down a bit. Please be decent about it and sort this guy out – special cakes at coffee break really didn’t cut it).
It wasn’t the fact the course was created by Troy Hunt, a world-renowned security expert, although that was an influence.
No, it was down to the delivery of the course by Scott Helme, another world-renowned security expert, based here in the UK.
There’s nothing worse than being on a course (which you’ve paid for) that’s being delivered by someone who is simply doing their job, which is to deliver courses. Blah, Blah, Blah…
Instead, we spent two days listening to someone who lives, breaths, eats and sleeps security. He’s not just delivering someone else’s material – he’s talking about all the expertise and experiences he’s acquired along his career path of working in development, test/QA and then security. That comes out in the delivery.
As for the course itself? Wow! What an eye opener.
A lot of it was focused around Web and JavaScript. I stopped doing web development when tables were the answer to everything, and CSS was mostly about colours and fonts. Talk about being out your depth. I quickly felt like a bit of an impostor. The fact was I probably the oldest person in the room didn’t help – on the distribution curve of ages, I was in the outlier’s section. Young hipsters with MacBook’s, covered in stickers. Me with my corporate Dell and one cyber security sticker to help with my “street cred” (and it’s probably not even cool to call it that anymore).
We had a website supplied with vulnerabilities for us to find and exploit. I was amazed at how quickly the web experts in the group found them and took advantage of them in creative and sometimes amusing ways. We also did some work around mobile which was also interesting. I learnt a lot from that section all by itself. Many of the tasks we undertook were also a lot of fun, but it was ultimately about learning what the various tools can do. Watching the back-end database for a website being extracted record by record was quite sobering.
Fortunately, my personal remit for attending wasn’t to be super good at hacking (with a view to hacking your own systems), but simply to understand where the scope lies for systems to be vulnerable and how those vulnerabilities might be exploited. I have a fabulous team of highly skilled people here at Exmos that will take my new knowledge and build it into our development and support processes.
So, there you have it. Two days being educated by someone passionate about his work. What better way to end a week?