The Grey Hat Group Manifesto
What follows is a piece I wrote for the Grey Hat Group, a cybersecurity group I help run on campus. We have had an unexpected flood of new members this year and I wrote this to help the newcomers find their place.
So you have joined the Grey Hat Group. You have signed a Code of Conduct. You logged into the super secret website. You have a signed PGP key. You have been poking around the IRC channel. So now what?
There is quite a lot to do in the Grey Hat Group actually. We compete in competitions. We teach each other new skills and tools. We talk about current events. We do a lot.
So, where do you fit in? Here’s the trick. Do whatever you want. The Grey Hat Group is about cybersecurity, true. But more than than, it’s about being a hacker, and a hacker scratches his own itch.
Want to play around with RF? Awesome. Do it. Teach us about what you learn.
Want to run your own web server? Great. Find people who know what they’re doing and pick their brains.
Want to crack passwords? Why not? Just don’t touch my stuff.
The point is that now that you’ve joined the club and we’ve walked you through what it takes to be a member, it’s up to you to decide where you go with it.
Here are some of the things we like to do together.
We like to learn things in the Grey Hat Group. Cybersecurity involves a lot of tools, protocols, techniques, and competencies and the truth is that none of us are even close to understanding it all.
So when you spend a weekend learning Metasploit or some other thing inside and out, come back and tell us about it! If you think it’s cool, odds are that a lot of us will think it’s cool too.
That’s why we schedule talks. So you can brag and we can learn. It turns out that there are a lot of smart people in the Grey Hat Group. The problem is that we’re all intimidated by each other. Like it or not, most of us are nerds, and we nerds need to work on our social skills. So put together a talk. Get out of your shell and share what you know.
Talk to an officer if you have something in mind.
So the secret is out. We don’t know everything. So what do we do about it? We find people who do. We hunt down faculty, alumni, and industry folk to pour their knowledge into our poor n00b heads. So, if you have a connection to some hacker wizard in Bellevue, get him to talk to us. If you know some networking guru in Portland, bring her in!
We like college. We really do. But we would like to get jobs eventually. So we bring in people who have actually seen the outside of a classroom. We can even get money to bring someone in.
Talk to the Industry Liaison about bringing in an outside speaker.
Do you know what a CTF is? Who cares, do one anyway. Grey Hat Group members participate in all kinds of Capture the Flag events. We look for events that let all different skill levels learn and have fun. Here are some events worth looking into.
- CSAW CTF
- Pacific Rim Collegiate Cyber Defense Competition
- National Cyber League
- Cyber Quests
You’re probably saying “I have no idea what I’m doing. How could I compete in a CTF?” To that I say nobody knows what they’re doing, especially before they start. Get your hands dirty and have some fun.
Who said we had to stop going on field trips in college? Forget that. It turns out that there is a lot of cool stuff that isn’t happening inside the networking lab. So we go there.
I encourage you to check out whatever catches your fancy. In the Puget Sound area alone you can find ISSA Rainier, Batman’s Kitchen, LinuxFest Northwest, and Agora (if you can find Agora). Get a group together and go check stuff out.
And of course, we go to DEF CON. It’s kind of a big deal.
Do you have an idea for a project? Do you want help writing software. Do you want to build an IRC bot that plays Pandora in the IAN lab and yells curse words in demand? Bring it to the Grey Hat Group. (Actually, we already did the Pandora one.) Nowhere on campus will you find so many people who are into what you are into (except maybe IEEE or WICS). This is the place to recruit. Check out our GitHub and talk to our CTO about hosting your project there.
Like I said, there is a lot to do in the Grey Hat Group. Please get involved. Signing in every week and sitting in your chair counts for something, but you’re selling yourself short if you leave it at that. Find a project, join a team, learn a skill, give a talk, do something. And don’t be afraid of messing up. The only way to learn most of this stuff is to do it wrong a hundred times. This isn’t one of your classes; the only way to fail is to quit.