Jim Leroy died doing what he loved!

I have received a few emails and comments related to a blog entry from a couple of years ago about the death of Jimmy Franklin and Bobby Younkin. For those of you who don't remember Mr. Franklin and Mr. Younkin died during a collision while performing a dogfight routine at the Moose Jaw Airshow in 2005.

The other pilot involved in that performance and sole survivor of that fateful performance was an equally amazing pilot name Jim Leroy. Mr. Leroy died himself at an airshow in Dayton Ohio this Saturday past.

There is not much to be said about the loss of another amazing pilot that has not already been said. He was one of a kind and will be sadly missed.

I did however want to point to the amazing job the Dayton Daily News has done of coverage of this event. There is everything there from introspectives, to pictures, to video of the crash itself. A very fitting tribute.

The content is all linked from one page here.

Jim Leroy 1961-2007, may he rest in peace.

Reminder: Inaugural event Friday

Just a reminder...the inaugural regina.whitehats.ca chapter get together is this Friday, April 13th at 7:00 PM at O'Hanlon's pub. I am hoping for a good turnout.

As an aside, I noticed that this event got some press in the Canadian Information Security Newsletter put out by Robert Beggs at Digital Defence. Thanks Robert!

See you all Friday!

Forming a security group in Regina, SK, Canada

As most of you know, I moved out to Regina from Ottawa a few years ago. One of the the things I miss about Regina is the lack of an active security community. Well hopefully I have a way of solving that.

I am announcing here a Regina chapter of whitehats.ca. For now we are starting simply with a blog. At some point in the future hopefully it will have its own mailing list and website. But for now let's start with baby steps.

Hopefully the first meeting will be in April, in a local pub, with some good brews and good conversation.


Rick

So you wanna get into IT Security!

Still catching up on my blog reading. I came across an interesting article by Richart Betjlich over at the TaoSecurity Blog. The post is about suggestions to people with no experience who want to get into the security industry. I whole heartedly agree with Richards suggestions. Here they are summarized for your enjoyment...

1. Represent yourself authentically.
   
2. Stop using Microsoft Windows as your primary desktop.
3. Attend meetings of local security group.
4. Read books and subscribe to free magazines.
5. Create a home lab.
6. Familiarize yourself with open source security tools.
7. Practice security wherever you are, and leverage that experience.
   

As one of the roughly 68,000 people laid off during the continuing implosion of Nortel I have lived through the laid-off experience, and have counselled a few people in this area. A couple of other items I would like to add.

Publish

In the Internet age self-publishing is easy. Put up your own web server at home and register a URL or domain with dyndns.org, or if that is too much work pages like infosecwriters.com will publish quality papers no questions asked.

I know... You all hate writing...so why would you do this?

Firstly, it gets your name out there. The ability to be Googled is not yet essential in this industry, but it sure doesn't hurt.
Secondly, it proves that you can write something coherent and readable and gives potential employers a source besides resume and interviews to measure your ability.
Third, it shows that you are serious! Everyone knows that most people intensely dislike writing. It will show that you have the ability to complete difficult tasks. The fact that you put the effort in will weigh in your favor.

Believe it or not this is not rocket science. I am not suggesting a 50 page treatise on detecting the PDF exploit using Snort. I am talking 5-10 pages on stuff you know. Write as you read... and learn. Consolidate learning from different sources into new views on a subject. Remember there are lots of people at the same level of knowledge as you and lots even lower who will be happy to read what you write to expand their knowledge.

Volunteer

Security organizations and conferences are always looking for people to help out. Volunteer for anything local to you. This is a great chance to meet people in the local security industry, and possibly even get the chance to learn some things.

Another place you can volunteer is community and open source projects. If you have coding skills volunteer for any of the open source security initiatives over at sourceforge or similar places. If you can't code, there are always community projects that are looking for a minimal amount of expertise and lots of enthusiasm to organize documentation, coordinate work etc. Or in a similar vein there are a number of consensus projects like the SANS Top 20 that are looking for opinions.

You are limited only by your imagination and your enthusiasm.

Rick

Witty comments

I've been working hard on studying for a certification the last bit, so I haven't been getting here much. Sorry.

Today I was catching up on some long neglected blog reading and got a chuckle compliments of the lovely people at F-Secure. They ran a contest for witty sayings for laptop stickers. The results are in and some are worth a chuckle...

I lost my password, can you tell me yours? — Azham R. of Malaysia
This is not the wireless access point you're looking for. — Matt L. of Australia
I just click OK to make the box go away. — Justin R. of UK
My botnet can beat up your botnet. — David B. of USA
Password is on a Post-it note on the display. — Ken T. of Germany

Have a good one!
Rick