| >> Etc, etc etc. I can't help it. Totally! I can't help it either. I dont' really think I'm that clever either, it's just a personality thing. You just want to know how things work, especially when they seem trivially flawed at first glance and you wonder if anyone has bothered to check! The thing that got me yesterday was my building's security gate. When you swipe your prox card, it plays a tone pair that sounds exactly like a DTMF tone, and then the latch opens. I had one of those forehead-smacking moments where you can't believe you didn't notice that already, and then the rabit hole: Any sound would do to alert the human that the gate was opening, so why are they using this one? Hey, there's totally a dial pad next to it! Is the security gate really made out of POTS telephone parts? Is it some wierd fake legacy compatibility thing that's just made out of software? If it actually listens to itself to open the gate, then is it subject to a trivial playback attack, like the dictaphone scene from Wargames? Does it have real phone number? IP? No _way_ it could be that easy, right? Right??! That would be soooo dumb I'm sure that wouldn't work, but omg I have to go down there _right_ now and find out! Hmm, wait there's also a security camera and this is a really stupid reason to get arrested... <takes some deep breaths and tries to control self> It's easy to think, naively, that someone should do something about this, I'm someone, and they would rather hear it from the good guys. But that often turns out not to be true. Also, it seems like it's really hard to sell security mindset as a candidate for a dev job. I spent a fair amount of time on formal software and systems security coursework, but I couldn't really figure out how to market that to an employer. It seems like most management thinks of security as an IT or Devops task or something that isn't a developer's job, and other devs think of security a separate role, occupied by the person that just says "no" to all kinds of things. I hope this isn't generally the case, because I think this stuff is really important and I want to help. I'm just not sure how get there from here... |
Find a smaller company who has a more relaxed hiring process and sound smart. Be fluent in bash, python, and write at least one or two small programs in C so that you understand how to build such projects from source, how headers work, etc.
Then, work like hell to close the gaps in your knowledge. The job will provide you a constant drip of new things to frantically learn about, which is the thing I've appreciated the most about this opportunity. I really feel my skills growing just because I'm using them to feed myself.