Starting out in the Info Sec field can be difficult. Even entry level positions require a certain level of knowledge. Developing the knowledge required to start can be done with home labs at low cost, but just setting up a lab doesn't lead you down the path of success. Creating a lab that enables you to practice attack (red team) and defense (blue team) will enable you to become proficient at skills that InfoSec careers require. This presentation is about the framework of developing red team and blue team skills in unison to gain a deeper understanding of how each side appears to the other. Setting up virtual networks with well documented open source tools like Kali Linux, PFSense, Modsecurity, or Security Onion will be briefly discussed. Finding attack target hosts in Vuln VMs or CTF VMs that have guides or walk-throughs to learn from will be shown. The learning process of the lab will be cyclical, with a full run of the attack followed by defensive response of finding evidence of the attack. The importance of creating Pentest and Indictment reports will be stressed as an important learning tool and job skill.
David Alexander is a Marine that worked on Aviation Electronics for Helicopters. After the Marine Corp he worked on full-motion flight simulators for nine years. The last two years he has transitioned into a Network Admin/Info Sec role for a local hosting provider.