If you are reading this, thank you! I introduce to you an initial series of articles that I will refer to as Project Straylight. This is a component of a larger vision of Brevity In Motion (a comprehensive collection of content, training, tools, and resources), but right now, we begin with this blog. Anyone who has ever spoken with me in a professional capacity knows that I love information security. I am fortunate enough that it is both a career and a hobby.
I have been blessed to work and learn from many of the best in the industry. Many that I am proud to call friends. The opportunity to cross paths with so many brilliant minds is humbling.
Something that has been on my heart (and ultimately on my new year’s resolution list year over year) has been to begin a blog. I have wanted a channel to distribute and share knowledge beyond my coworkers and close peers and contribute back to the industry.
The intent of project straylight is three-fold:
- Accelerators — To introduce a series of accelerators that can help security researchers and companies improve their information security capabilities.
- Mentoring — To help you advance your career in information security; whether you are just getting started, trying to advance into a principal technical role, or even if you are working in a leadership capacity.
- Collaboration — To learn from you, to establish more connections, to bounce ideas for feedback, and to help solve this challenge of security together.
Beyond fighting with my inner-self and that ever present imposter syndrome, knowing that every bit of information that I share may not be close to the wealth of knowledge that you have in this area, no longer will I let that hold me back. To anyone wondering, should they begin sharing their knowledge and content broader. The answer is absolutely yes. I want to learn from you. Very little of what I will share here is novel. It’s a culmination of the greatest minds in the industry compiled together into my own world view. I would be far from where I am today if it were not for the knowledge, teaching, mentoring, and chances that people have taken on me.
I hope you challenge me to keep this project going. As with musicians, there are phases of creativity and outpouring and during those times, there is an overflow to their listeners through songs, instrumentation, and lyrics. I have shared this with a few others recently, but I have been working in the security industry now for about 12 years. I missed the earliest stages of the industry of the IRC channels, message boards, and meetups. Instead, I’ve lived vicariously through the stories shared at various cons or through books such as Cult of the Dead Cow. Throughout my entire career, I have never experienced a better time to get involved than now. It truly is unprecedented! It is crazy that it takes a pandemic, but the amount of virtual opportunities with limited to no barrier of entry is growing exponentially. I feel like we are revisiting much of the early days of InfoSec that I missed but have the opportunity now to soak it all in and be a part of an extremely rare advancement to our industry. With the continuous free virtual offerings and generous contributions through conference organizers, trainers, speakers, and content creators, it is now not a question of is there budget for this training or can I take the time away from family or work for this conference. It is now a question of which things do I consume, where do I participate, and how can I balance the time. Jump into Twitter conversations, join any advertised Slack channels or Discord groups, participate in CTFs, and don’t pass up all of these free conferences and training opportunities this year. The timing of all of this likely will not last forever, so if there ever was the right time to take your next step in the industry, this is it!
So this is me — honest and transparent — hoping that even if a piece of information can help you or bring you success through this series, every bit of investment has been worth it. These views are my own and not reflective of my employer or any others surrounding me. However, my hope is that you can take bits of this knowledge, improve on them, constructively correct me when necessary, and use this content to drive your own success.
“Stray light is light in an optical system, which was not intended in the design. The light may be from the intended source, but follow paths other than intended, or it may be from a source other than the intended source.”
Success in security, hacking, and puzzles all require creativity, ambition, curiosity, and logic. Building a resilient defense is hard. Building an effective security program is exponentially harder.
Let’s solve this together!
Any supporting content for the blog will be available on GitHub at https://github.com/brevityinmotion/straylight. Follow me on Twitter @ryanelkins and never hesitate to reach out.
Thank you for your time and welcome to Project Straylight!