From PC Repair to OSINT Professional
Hello Ricardo! Please introduce yourself and share your background.
I have been doing IT/Security work now for 20 plus years. I started out in a big blue box store doing computer setups and malware/virus removal. During my time in the retail store, I moved into doing in-home PC setups and Repairs. This is what got me into wireless setups for homes in the DFW area. I did wireless home setups all over the DFW area for your average family and for current and past NFL players. I moved from doing retail services into doing tech support for a local area school district. This is where a lot of my troubleshooting skills were tuned and where I learned a lot of soft skills, probably one of the most underrated skills anyone in this industry should be learning early on.
During the next decade, I spent my time supporting kids (students), teachers, administration, and others. I managed to learn everything from the wall to the ceiling and all the things in between. I moved from desktop support to Network Administrator within my first two years. I managed servers, switches, routers, firewalls, phones, wireless, and anything you could really think of that makes a school district function in today's world. My passion was more on the wireless side, so I learned to automate all the server and active directory management. Once I felt like I had learned just about all I could with our wireless setup, I moved over to firewalls and hunting within our network. This is where my passion for threat hunting really took off, and eventually led me into cyber security and learning how to become an ethical hacker.
I never really became an elite hacker that I saw in the movies, I just became more curious about learning more and having an understanding of how most things work. In the most general sense. Never an expert but a master of many things. I really leaned into my hunting passion more and found open source information gathering often referred as OSINT. OSINT became the one thing that I found myself never really getting bored of and that led me into Intelligence.
After my nearly decade in the school district, I moved over to the sport entertainment industry for a brief 2 years and did some support and security work for a well known NFL franchise in the DFW area, I bet you can’t guess who. After my brief stint working for a Star franchise, I went back to retail for 5 years and worked as a Security Analyst, Security Engineer, and Security Operations Manager. I learned so much in those 5 years and I was hungry for more, so I ventured into the vendor space for 3 years for a Digital Risk Protection/Threat Intelligence Provider. After those 3 years I found myself back at my previous employer I was at for 5 years, as a Security Engineer again, with a goal to build out a Cyber Threat Intelligence program.
What advice would you give to an aspiring security professional?
The one thing I tell all aspiring security professionals that I mentor, is stay passionate and hungry. This is an industry that is never slowing down and always changing. There is always something interesting happening and never a bored or dull moment.
If certifications are your jam, go get all the certifications you can. This shows potential hiring managers you are always learning and staying up to date. I am not a hater towards college and degrees as they have their value as well. This is another place folks could potentially pick up those soft skills that are so valuable in the business world we all work in.
If you want to stand out, have a well structured resume, and work on building your own lab at your house if you are able too. You can always find cheap old hardware that will run some flavor of Linux. If you network and find security meetups or groups in your area, this is also a good place to pick up hardware others may be trying to part with. These meetups are also a good place to meetup hiring managers.
You have earned several cybersecurity certifications throughout your career, which is an impressive achievement! How do you view the role of certifications in building a successful career in cybersecurity?
I tell anyone getting into cybersecurity, to look at CompTIA and their certification track. Most people can skip the A+, and start with the Network+ and Security+ certifications. This is a great start and will allow you to either continue to other CompTIA certifications or move into others like Practical Junior Penetration Tester (PJPT) from TCM security. Or if you are like me, focus on getting all the OSINT training you can and get the Open Source Intelligence Profession (OSIP) by Intel Techniques.
Speaking of certifications, you have completed a few Open Source Intelligence (OSINT) courses. How can people use OSINT principles to protect themselves online?
When it comes to learning OSINT and how to use those skills to protect yourself, I tell folks to Google yourself. Pretend you do not know anything and all you have is an email or vanity/username. Learn the art of the Pivot and think like an attacker. How could you use the information you find to create a good phishing email or potentially access your online accounts due to bad password practice. Do OSINT on family members that are willing to allow you to pry into their lifes a little, but leave them better off than they were prior. Always find a teaching moment to show the risk around the data you are finding.
The most important thing I tell people is to not overshare on social media, and let your family and friends know if you are not comfortable with having your image shared or loaded on their post as well. For parents I tell them to communicate, so often we hear stories that would have been avoided if there was communication and some sort of parent involvement. Parents please don't put the family stickers on your cars or that “I married a trucker” sticker. This is the same as oversharing on social media, but now the threat actor can follow you home.
What has your experience as a co-host for the DEFCON Group 940 been like?
Being part of a group of individuals that want to help others get into the industry and be successful is amazing. It has also allowed some to get over their fear of presenting. But the best part is to see the success of others. I have always enjoyed sharing what I am passionate about and teaching people.
What hobbies or interests do you pursue to unwind and maintain a healthy work-life balance?
My hobbies are mostly into wireless communications still, I dabble with wireless or RFID some still. I also like to storm spot/chase during the severe weather seasons when I can. Outside of technology and cyber, I play basketball. I am not as quick and can't jump as high anymore, but I still have a decent shot for an old man.
I also like to learn more about how to help those in need. Mostly things like CPR, and how to properly triage a wound or broken bone. This led me into going through my county's Community Emergency Response Team or CERT training. This also allows me to volunteer for things like search parties when looking for missing people. This eventually became something I do on the side in trying to help with missing person cases and public service announcements asking for assistance. Another great way to practice and work on your OSINT skills.
Thanks for taking the time to answer these questions! Please link any social media you’d like below.
Thanks Ricardo!
Thank you Ricardo for sharing your story and thank you for reading!
Want to share your own cybersecurity story and insights with us? Learn how here 👉 https://www.hackerasks.com/share/
Member discussion