Career in Information Security
A introduction to career options in information security domain along with other advices useful for people starting into information security.
This was first delivered @ c0c0n 2023 career village
A introduction to career options in information security domain along with other advices useful for people starting into information security.
This was first delivered @ c0c0n 2023 career village
AI Generated Content Disclaimer
Note: This summary is AI-generated and may contain inaccuracies, errors, or omissions. If you spot any issues, please contact the site owner for corrections. Errors or omissions are unintended.
This presentation at c0c0n 2023 makes the case for home labs as a practical way to expand capabilities in information security and technology. Anant Shrivastava covers the infosec specialization landscape and its empathy gaps, explains why self-learning through home labs is more accessible than ever, provides concrete guidance on what to build and how to maintain it, shares his own home and cloud setup in detail — including a self-hosted LLM — and demonstrates how running personal infrastructure builds holistic skills across networking, administration, automation, and security. The recurring theme: “the empathy angle is a very needed angle” that is missing most of the time.
The talk opens by identifying a fundamental problem in the information security landscape: too many branches and subcategories have produced deep but narrow specialists who never pay attention to what other people are doing. The resulting empathy gaps are illustrated through familiar exchanges: security professionals telling developers to “just patch it, what’s the big deal?”; developers telling pentesters “just pentest it, 3 hours is more than enough”; developers telling ops “it works on my machine, why isn’t it working at your end?” — without understanding that AWS scaling is not instant, regions have CPU thresholds, and quota extensions take hours or days. Anyone in product security or cross-functional interactions, Anant argues, would agree that people lack empathy.
The proposed solution is cross-skilling through home labs: self-learning by experiencing the full journey from nothing to building software, deploying it, testing it, getting attacked, and securing yourself. The goal is not to become a full-fledged practitioner in every discipline, but to develop enough firsthand experience to understand why “just patch it” becomes “I can’t immediately upgrade” when your server actually goes down.
Four converging factors make home labs practical now: affordable hardware (available for ₹5,000 fresh or secondhand), free cloud resources (Oracle Cloud offers a free ARM VM for life), readymade automation templates (Ansible, Terraform scripts where you just change variables and run), and reduced friction compared to the manual configuration of earlier eras. The barrier to entry has never been lower.
Practical home lab components solve real problems while teaching transferable skills. Pi-hole provides DNS-based advertisement and malware blocking (Anant notes it blocks 25% of his daily DNS traffic). A NAS provides local cloud storage and backup. Network isolation puts IoT devices on separate routers. Tailscale/Headscale creates a VPN network for global device access. Self-hosted password managers address post-LastPass trust concerns. Each component teaches multiple skills simultaneously.
Before building, three questions matter: Do I need hardware? (Pi-hole and NAS require physical devices, but many labs run on free cloud resources via free-for.dev.) How much upskilling is needed? (Abundant resources exist, and the lab itself is the learning vehicle.) What are the maintenance challenges?
Maintenance receives detailed practical treatment. Software upgrades require maintaining an inventory (even an Excel sheet), subscribing to RSS/email feeds for update notifications (Anant uses ASUS Merlin’s RSS feeds for router firmware), and actually performing periodic updates — knowing an update exists is half the story. Hardware issues call for monitoring SMART data proactively and paying attention to physical indicators like loud fans or clicking noises. Anant shares that his NAS purchased in 2014 had its first hard disk failure in 2021 after 7 years of constant read/write, and recommends against stockpiling spares given consumer-grade replacement availability.
The backup strategy follows the 3-2-1 rule: three copies of data, two different media types, one offsite copy. The speaker’s personal implementation: laptop copy to cloud, local hard disk via Time Machine, protecting against both media failure and location failure (fire).
Anant’s home setup is shared in detail: an ASUS router with ASUS Merlin firmware (the configured network travels with the router — plug into any ISP and the network remains configured), Pi-hole on Raspberry Pi, two NAS devices for photos/videos/audio/backups, Tailscale VPN for global connectivity, and a personal server with 40 cores and 128 GB RAM (purchased for ₹80,000–90,000 from data center discards — a 6-year-old enterprise-grade rack mount). This server hosts containers, VMs, and a self-hosted LLM trained on personal knowledge management data.
The cloud setup extends the lab: static sites hosted on a personal server, an Nginx server, and a Fediverse/Mastodon-compatible ActivityPub instance at social.anantshri.info — maintaining data ownership even if the broader fediverse disappears.
The backup architecture demonstrates the 3-2-1 rule at scale: web server content backed up to Tarsnap; Mac machine to Google Drive/OneDrive plus Time Machine; Obsidian PKM to Synology NAS to Backblaze and iDrive (two separate copies for critical data); iPhone and Pixel devices syncing to Synology; Tailscale enabling automatic photo sync from devices to NAS.
The Q&A produces practical details: the rack mount server has a 750W rating but generally runs at ~100W; smaller devices (Intel NUC, Raspberry Pi, Orange Pi) consume only a few watts; fire hazards are manageable with airflow around devices, and external cooling is only needed when running at 100% capacity constantly.
