Andrei Avădănei presented on his journey in information security and entrepreneurship. Some key points included:
1. He founded the security conference DefCamp in 2011 and the Cyber Security Research Center in Romania (CCSIR) to promote the local security community and industry.
2. Through DefCamp, he aimed to connect smart security professionals in Romania and worldwide through informal talks, competitions, and networking events.
3. His lessons emphasized an offensive security mindset, iterating on ideas through failures, building honeypots and backups, and staying responsive to feedback to improve.
4. He believes the black hat/white hat distinction is oversimplified and professionals can create positive impact
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
A journey through an INFOSEC labyrinth: Lessons on security through entrepreneurship
1. A journey through an INFOSEC labyrinth
Andrei Avădănei
Founder & CEO DefCamp
contact@defcamp.ro
2. After this presentation...
➲ You won't be a better hacker
➲ You won't learn how to break things
(if you are a cop, please leave the room, it's nothing interesting here)
➲ You won't learn how to make a conference
➲ You won't learn how to become $$_$$
➲ You will learn IDEAS
3. Summary
➲ About me
➲ Security through entrepreneurship
➲ DefCamp
➲ CCSIR
➲ Q&A all the time. :-)
4. About me
➲ Founder & CEO of DefCamp
➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager,
Community Manager, Speaker, Team Coordinator :)).
➲ Founder CCSIR
➲ Community manager @worldit.info
➲ Vice President at GREPIT
➲ Volunteer at BitDefender Romania
➲ Great results at several thousands national and
international competitions
➲ and others.
5. History
➲ 2006-2007
- I was doing my best to learn how to build viruses in Pascal (lame, I know)
- I began to meet and discuss with people
- I was proud about by my first RFI (LOL!)
- In the same period I began to help a security community to evolve. The
community evolved and I along with it
➲ 2008
- I began to attend at local and national IT competitions
- First result : 0 pts and last place.
- Second result after several months : First place.
- The rest is history.
➲ 2009
- founded worldit.info.
2010 until today
- I joined in GREPIT. Organised G5, G6 and G7 in great teams.
- I made OpenIT @Suceava, 12 hours competition with over 60 attendees
from Romania.
➲ March 2011 – DefCamp idea sparked my brain.
➲ September 2011 – DefCamp @Bran (~70 attendees)
➲ December 2011 – DefCamp @Iasi. (~150 attendees)
➲ November 2012 – Founded CCSIR.
➲ December 2012 – DefCamp @Bucharest. (~200 attendees)
➲ During this time I got good results at (inter)national computer science
competitions (algo, web dev, soft dev, security, educational etc).
➲ … and many others.
6. Lesson #1.337
Offensive security is better than defensive security!
Be tenacious, try to get more failures to succeed!
Disclaimer :
➲ That was my short story …
➲ The whole story is for my future nephews. :-)
➲ In reality there are many IFs, you know those statements from
computer science courses ^_^
7. Lesson #2
If you are a good sniffer it's hard to fail!
Listen all complaints of your friends circle and scale their frustration into projects!
8. Lesson #3
Build a honeypot, log and parse all the traffic. You'll catch a 0day !
Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
9. Lesson #4
Share wisely!
Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
10. Lesson #5
Create backups in the cloud!
You should ALWAYS have an ace up your sleeve!
11. Lesson #6
Encrypt your data!
Sometimes is better to shut your mouth up and weight your words!
12. Lesson #7
Tunnel your traffic!
Monitor how and where your words/projects/ideas are spreading for a better privacy.
13. Lesson #8
Stay up to date and upgrade if needed!
Iterate, iterate, iterate!
14. Lesson #9
Be prepared to get hacked!
Be prepared to fail. I was hacked several times in my history and here I am.
15. Lesson #10
Be responsive
Build, listen your feedback, change, listen your feedback and so on...
16. Summary
Security through entrepreneurship
➲ 1. Offensive security is better than defensive security!
➲ 2. If you are a good sniffer it's hard to fail!
➲ 3. Build a honeypot, log and parse all the traffic. You'll
catch a 0day!
➲ 4. Share wisely!
➲ 5. Create backups in the cloud!
➲ 6. Encrypt your data!
➲ 7. Tunnel your traffic!
➲ 8. Stay up to date and upgrade if needed!
➲ 9. Be prepared to get hacked!
➲ 10. Be responsive.
18. DefCamp
➲ IT Security & Hacking Conference
➲ Informal talks
➲ Connect smart guys from Romania and World Wide
➲ Experience exchange, connect with people, innovate
➲ Building a platform for launching and promoting local
industry enthusiasts to the world
➲ DCTF, Wall of Sheep
➲ Three editions 'till now (Bran, Iasi, Bucharest)
➲ More to come
21. Or, why not ...
Passion, competitions,
experience exchange
After parties results
flirting with the shooter
:>
Hacker girls :X
22. Or even more...
Sharing
Mass-media
Protection
Great audience
23. Why DefCamp?
➲ Because we care about passion
➲ We are not business guys but are trying to make a
business from passion
➲ We have great speakers world wide, a smart audience,
cool parties, hot chicks and black hats! :-)
➲ You can find a job (for ex. KPMG this year con), you can
find friends, experience, resources
➲ You find 0days, vulnerabilities, showoffs, POCs, practical
and theoritical talks
➲ We have something for everybody but you should learn
where to look.
➲ We are not give everything, but you can get all by yourself
➲ ….
24.
25. CCSIR
➲ Cyber Security Research Center from Romania (Centrul
de Cercetare in Securitate Informatica din Romania)
➲ Projects
➲ Security Communication platform
➲ Security research
➲ Tracking
➲ Experience exchange
➲ International partnerships
➲ Do we have something like this in Romania!?!? We don't.
➲ ccsir.ro will be our public interface
26.
27. Last but not least – some ideas
➲ Why Romania? It's a good place to start scalable projects.
➲ Try to predict the unpredictable and have a backup plan for unknown.
➲ Quality is very important, the money will come..
➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc)
➲ Merge these stuff in an unusual way to create new things
➲ You cannot build something revolutionary, but you could build something different based
on others experience
➲ Be honest, be crazy, believe in you and in your instincts
➲ Build a network of inputs around you and learn how to output only the important bit
➲ Pay attention to the people who listen more and talk less, they might be the next star
➲ Create small things step by step and thing big, now it depends about your legs length :P
➲
➲
➲ ...and most important, be persistent!
28. Bonus : Black hat vs White Hat vs W/E Color Hat
➲ It's a bullshit (B U L L S H I T), only a buzz word
➲ We hate when hackers are considered thieves
➲ I believe that there isn't any pure black hat or white hat
➲ … but there is a mix of variables that can tag you on a
specific time in a side or another
➲ You can create great things in the INFOSEC field in a
professional way
➲ CCSIR might be a good approach for making proffesional
research