BlackGirlsHack (BGH) Foundation is excited to announce our partnership with The Diana Initiative (TDI) a diversity-driven conference committed to helping all underrepresented people in Information Security. The Diana Initiative is a conference that features multiple speaker tracks, villages with hands-on workshops, and a capture the flag event. BlackGirlsHack Foundation will be partnering with the Diana Initiative to provide scholarships to Def Con and the Diana Initiative conference in Las Vegas in August 2023. These scholarships will provide underrepresented people in information security with travel, hotel accommodations, and tickets to TDI and Def Con.
Last year, BGH provided 23 scholarships to help bring recipients to Las Vegas for hacker summer camp, a collection of cybersecurity conferences which include BlackHat USA, The Diana Initiative, BSides LV, and Def Con. Recipients were able to network, expand their knowledge, learn, and see cutting edge research, advances in technology and learn about the cybersecurity field.
This year, through its partnership with TDI, BGH hopes to bring another 20 people to Las Vegas to help increase diversity in cybersecurity and help them to see themselves in the industry. Donations for Hacker Summer Camp can be made by donating at dianainitiative.org/donate (Leave a comment that the donation is for Hacker Summer Camp) or at blackgirlshack.org/donate and select Def Con Travel Expense Donation.
BlackGirlsHack (BGH Foundation) is excited to announce our partnership with CyberVista, a N2K Networks brand and cybersecurity training and workforce development company. BlackGirlsHack is continuing to build strategic partnerships to build out its training program and provide upskilling and reskilling to diverse groups trying to transition or pivot into Cybersecurity. With this partnership, CyberVista will provide BGH with free access to foundational cybersecurity training that can be used to supplement training initiatives with their current members.
BGH provides training and resources to encourage black girls and women to be engaged in science, technology, engineering, and mathematics (STEM) fields, which have historically had a poor representation of women and minorities. BGH’s focus is to improve access and representation of black girls and women in the cybersecurity industry and executive suites.
CyberVista aims to create a cyber-ready workforce through personalized training programs that provide organizations with the people, knowledge and skills required to defend their most critical assets. Areas of training include computers and networking, inventory management, secure deployment and configuration management, protect and defend, and investigate and analysis―from foundational to expert level.
CyberVista’s free courses that will be made available to BGH include:
Cybersecurity Matters: This material is designed to complement basic security awareness training and provide a deeper layer of understanding of fundamental cybersecurity lexicon. Designed for a non-technical audience, Cybersecurity Matters provides informative and relevant content in an engaging online environment. Learners will walk away with a foundation of cybersecurity knowledge on common cyber attacks and defensive techniques. Beyond basic awareness training and phishing simulations, this content helps learners understand the “hows” and “whys” of cybersecurity, and their role in keeping the organization secure.
Security Essentials for IT: An online program designed to teach IT professionals the key foundational concepts of cybersecurity, the course includes video lessons, case studies, lab exercises, and interviews with an industry expert in IT security. Security Essentials for IT goes beyond general awareness training programs. The course addresses cybersecurity threats and vulnerabilities related to protecting business data and maintaining enterprise systems while incorporating real-world examples and hands-on exercises to put theory into practice. As a result, the practitioner will be more knowledgeable on cybersecurity lexicon, common threats and attacks, and proper mitigation strategies.
BlackGirlsHack presents Girls Hack Village is excited to announce our first Diamond Sponsor for DefCon 30. Corellium® was founded to equip teams with the tools they need to push the ecosystem of Arm-based devices forward. Corellium’s focus is the future and changing what is possible for mobile security testing through our groundbreaking Arm-native mobile device virtualization platform. They’ve committed to helping enrich non-profit and educational initiatives and we’re excited they’ve chosen to support bringing the first Girls Hack Village to the world at DefCon 30 at Hacker Summer Camp. For Corellim, empowering women, nonbinary and other underrepresented groups to improve their skills is critical to building a thriving and diverse mobile security industry.
Whereas my Infrastructure plan is moreso focused on learning the infrastructure as a code principles to be able to develop and destroy servers and hosts in the cloud, my Cloud study is learning more so about the different cloud providers and the way they offer their services. For this I am looking specifically at Cloud based certifications such as those offered by Azure and AWS and Comptia’s Cloud+.
Cloud + (Wiley)
Udemy Cloud Computing for Beginners with Microsoft Azure
YouTube Cloud Computing Course (There’s one by Simplilearn)
My world domination plan includes cloud infrastructure because most of the world’s Fortune companies are running their infrastructures from the cloud. Whereas traditional networks included server farms, and physical infrastructures, cloud computing infrastructure includes all of the networking, storage, power, and virtualized resources that an organization needs. There are currently 3 main companies in the Cloud Computing market Amazon Web Services, Azure, and Google Cloud. Each providing Infrastructure as a Service (IaaS) models where they serve as third party hosts offering core infrastructure for their customers.
While each of the cloud computing companies offers the ability to for example create a Virtual Machine (VM) or a Virtual Network in the cloud, at a large scale companies such as Netflix, Hulu, Amazon, and others need their infrastructures created and destroyed in a much more efficient way. To do that the provisioning, modifications and removal of virtual servers, some organizations use infrastructure as code services such as Terraform and Kubernetes. Terraform is a vendor neutral service that allows you to develop code to provision servers on AWS, Azure, VMware and a number of other cloud services providers in the market. Kubernetes on the other hand takes a container management approach to infrastructure as code to manage system servers and networking. These are both very important to big tech companies and therefore very important areas that are needed for my world domination plan.
Resources I have for my study of Infrastructure include
Terraform training (available from their website)
Kubernetes training videos (available from their website and youtube)
If you’re interested in ethical hacking and penetration testing in general, much of the practice and home lab set up includes setting up various Linux machines and using them to practice your scanning, enumeration, hosts, ports, services, and vulnerabilities exercises are done with Linux machines. To set up a Kali machine which is at the beginning of many home lab set up guides, you need to put it on a Linux machine. Also, many of the tools you will find yourself using are command line tools and many commands do not work the same in Windows as they do in Linux. This is why if you’re interesting in pursuing a career involving ethical hacking that it is important that Linux be on your world domination plan and why its a refresher on mine.
I used to be well versed in Linux in undergrad but haven’t really had to use it since then except in vms that I was putting together for my home lab. Part of this effort for me is Linux specifically, and part of it is just an overall command line refresher. Either way, this is one of those topics that I have an abundance of resources, many of which are free or cheap.
What time is it? Its Java time! Today is Java day in the world domination plan and so the discussion is resources to help you learn Java. I tend to lean heavily on the free and cheap resources so this list is by no means exhaustive. Also just a caveat, I have programmed with Java for a few years in the past so my Java day is moreso of a refresher and to learn how to do it more efficiently and securely.
Test Automation using Selenium WebDriver with Java: Step by Step Guide
Core Java Volume I–Fundamentals
Git (You can use GitHub as a repository for your code and Git to push and pull it from the command line)
Today’s study topic is on GIT. I don’t have a lot of variety for Git topics but what I do have I’m going to share. Amazon kindle has a Git tutorial called Ry’s Git Tutorial. It’s rated almost 5 starts and it’s FREE. It’s 140 pages. Pearson Advance also has a course called Git Essentials. They offer classes for free now and again and this was one I picked up. Git also has a tutorial on their website as well as some videos. There are lots of paid books available on the topic on Amazon but I like my books free or close to it.
As part of the What Can I Do series, I have been advocating for you to take inventory of your KSAs (Knowledge, Skills and Abilities) and tasks as they apply to your existing areas of expertise and use them to find areas within Cyber that you have existing experience. The NIST SP 800-181 framework was designed to help define the tasks and knowledge areas that are needed for the cyber security professionals in the workforce. If you’re considering doing a career change or focusing your efforts in school to get a career in Cyber, start with what you know and expand from there. The What Can I Do posts are meant to show roles in cyber security that you can take your existing KSAs to show your experience doing the work. Documenting your areas of experience are only one part of your killer interview, the other is showing areas that you have been working on that may not be demonstrated in your existing work experience. My recent inventory and my goals for world domination showed that for the types of jobs that I plan on claiming, I needed to expand my KSAs. For me, while I have experience in technology, information assurance, development, risk assessment, and project management I need to expand my experience in other areas. To game-plan those areas I developed a list of 10 things I wanted to work on to help increase my KSA. Enter the World Domination Plan (Dramatic music plays in the background). My world domination plan includes 10 areas that I want to expand my breath of knowledge and gain practical experience. Those areas (for me) are Infrastructure, Cloud Computing, Linux (refresher), Certified Ethical Hacking, Python (Scripting languages), Git, Networking, Web Development, APIs, and a Java Refresher. I set up reminders on my calendar on a rotating 10 day schedule where each day I work on one of those 10 items. My goal, is to document practical experience, a portfolio if you will, of the areas I have gained experience outside of my existing role. What does that even mean??? So today was python day 050. Today I’ve been reading my Python 3 Object-Oriented Programming pdf book on my kindle (from a past Python related Humble Bundle) and working on implementing a game I like to play in Python. I like variation in my learning platforms so I’ve got a lot of different resources I use to supplement my Python learning including Codecademy (free trial and then student discounted monthly or annual price… I caught a deal for 119 for a year), ITPro.tv, Python bootcamp on Udemy, Python ethical hacking (another humble bundle gem), and Python for networking engineers (humble bundle). I set up an account on Github and my code is available as I’m working on it. As I take on additional python projects (my next one is to come up with a program to figure out how much I spend on GrubHub a year) my Github account will show my mastery of the python language, my ability to document my code (don’t look for that on my game right now), and my ability to tie in multiple technologies (programming, Git, APIs, VisualStudio for Coding). My plan is to share with you my plan for each of my 10 areas so that you can get ideas for how you can supplement your work experience and show you have more skills than you’ve learned at your job(s).