PWB in the Caribbean

PWB in the Caribbean, Part 5

In this final post of our PWB in the Caribbean series, Johnny picks up from where he left off in Part 4, reflecting on his experiences during the week and the impact it has had on him personally. Without further delay, we’ll let Johnny wrap up the series.

“This is tough. There’s a lot going on. This connecting to that.. all over the place. If you need help, tough luck.” -Muts

The astute reader may be asking an interesting question: “Why in the world is Johnny Long taking a PWB course in the Caribbean?”

Itʼs a fair question. After all, I spent more than ten years in the field of security as my sole profession. Iʼve performed hundreds of penetration tests and physical assessments for scores of government, military and Fortune-100 clients with a nearly flawless kill ratio. It stands to reason that I would have little to learn from a class like this. Well, Iʼve already outlined pretty clearly how the course filled in a lot of gaps for me, despite a spectacular career in the industry. Itʼs clear that anyone at any level can benefit from the course.

But the question still stands. After all, Iʼm “semi-retired”. I ran off to Africa to run Hackers for Charity and Iʼve been living off a shoestring budget for the past couple of years, on the peripheral of the industry in a developing country where I suffer technical atrophy each and every day. So why in the world did I invest in a jaunt to the Caribbean to sit in the PWB course? It doesnʼt seem to map properly to my current career tangent, and it certainly begs the question of where, exactly, as a self-employed charity hacker, I came up with the funds.

In an effort to properly answer these questions, I must employ a bit of full-disclosure. Muts and the entire Offensive Security organization have been long-time friends of mine and big supporters of my work with Hackers For Charity. Weʼve been connected at the hip through many joint podcasts, fund-raising events, and conference activities. Through the years, weʼve gotten to be a bit like family, we share a mutual respect for each other, and get along famously.

Muts and I have had several lengthy discussions through the years about “whatʼs next” not only for Hackers for Charity but also for BackTrack and Offensive Security. Most of our discussions would end tangentially, with both of us retreating to our separate corners to unravel some heady, tangled webs of ideas. Some of those ideas bore fruit (such as the fundraisers for the BT4 release and Metasploit Unleashed and the migration of the Google Hacking Database into Exploit DB) while too many others were put on hold thanks in no small part to our mutually busy schedules.

Since this past Defcon, and more specifically since DerbyCon, a few of our discussion points started to converge and bubble back to the surface.
For example, I would whine to Muts that I missed the industry, missed doing pen tests and hated the technical atrophy that I felt in Uganda. I told him on more than one occasion that even though the work in Uganda was worthwhile, “I felt like a piece of me was dying.” Muts would scratch his head, and ask how he could help and I would reply with a pathetic, “I dunno, whatcha got?”

Or, I would ask Muts why the highly-regarded Offsec training doesnʼt expand and he would reply, “We need more great instructors,” followed by an all-too-knowing response of, “Know of anyone who might be interested?”

At some point, Muts and I realized that there were too many unexplored possibilities in our relationship and it was time to see if there was any potential in a partnership. (Ehh.. Be good. You know what I mean.)

With the PWB course around the corner, Muts offered to fly me from Uganda to check out the course. He paid for all my expenses and admittedly it was a risky business proposition for him, but this wasnʼt really like business at all. Rather, it was the logical next step. He was in essence saying, “Hereʼs what we do.” He did ask one thing of me. He asked if I would audit the class, keep an honest record of my experience, and provide the class with “war stories” as I saw fit.

What you have read over these past few posts is my honest account.

My glowing review is in no part due to Offsec funding my trip. If my review had been negative, Offsec would have likely used it to improve the course and not blogged about it.

As youʼve read, my experience was well beyond every expectation. The instructors are top-notch. The material is well-thought-out, balanced, relevant and challenging. My bond with this team strengthened and on so many levels, I realized I wanted to be a part of the magic that is Offensive Security.
Since the course, Muts and I have had more focused discussions. Muts was genuinely surprised when I asked if there was a part-time slot on the Offsec team for me.

So this will serve as my official announcement. Beginning in mid-December, I began working with Offensive Security on a part-time basis. My work with Hackers for Charity will continue, but for twenty hours a week I will do what I can to forward the goals of Backtrack and Offensive Security. Iʼm thrilled to be a part of such an amazing team and I look forward to working with a group Iʼve come to think of as family.
Initially, I will be focused on the PWB course. I will be reviewing the content, updating the course and lab manual, digging deep into the material to solidify my knowledge in each disciple we cover, and eventually Iʼll be stepping in as an instructor.

So like I said, PWB was quite literally a transformative course. Iʼm excited to have been a part of it, and Iʼll hope youʼll join us for the next one in the Caribbean in March 2012.