Undocumented Hacking

As security practitioners, it is our job to take advantage of both documented and undocumented functionality, and then go on to take appropriate measures for both. This may arise as new vulnerabilities from unexpected uses of software or processes, or taking advantage of little known but well documented behavior in novel ways. Coming up with mitigations or fixes can sometimes mean taking a non standard path.

Similarly, the way many of us get into the field might be non conventional, and the way we might need to approach hiring or introducing new talent to the field. In this talk, I’ll go over my path into security as an undocumented immigrant without a college degree, while drawing parallels to security. Concluding with the way we might approach hiring talent with unconventional backgrounds, what might have made a similar journey easier, and sharing resources available.

Expect answers to questions like: How is preparing for a civil disobedience or escalation similar to planning for a security engagement? What is the risk assessment and legal preparation beforehand, when the individual involved is weighting their personal risk, and how does this mirror compliance? And, how is navigating the immigration system when renewing a work permit, navigating the bureaucracy, and escalating your case like a web application pen test?