5 Mentalities of Infosec

Throughout my journey of breaking into and working in Infosec I have experienced a lot of personalities types. However if I specifically focus on just the parts of these mentalities that tie directly to Infosec skills I feel like they fall into 5 categores:


  • Possesses only surface/concept level knowledge of topics
  • Frequently thinks they know more than they do
  • Less technical despite thinking otherwise
  • Argues using others facts and research


  • Has had the realization that they don’t know as much as they think they do
  • Struggles to strengthen skills
  • Runs tools and takes paths already taken or documented
  • Always fighting to catch up


  • Infrequently seeks learning opportunities
  • Happy with their skills as long as they can do their job
  • Typically uses more discretion when answering questions
  • Doesn’t frequently get along with specialist or those that seek to improve their skills on a more aggressive timeline


  • Knowledgeable about a wide variety of topics
  • Possesses a good set of practical skills
  • Ability to modify/write tools and put things together in new ways to get outcomes
  • Frequently answers questions from experience


  • Very focused on a couple of related topics
  • Can concisely and accurately answer questions
  • Uses own knowledge to answer questions
  • Can frequently prove their answers to an in depth level through hands on or prior research

I Hate BlockChain

Recently I was introduced to the world of BlockChain by a friend at work @ecryptolee (Co-Author). I’m now about 3 months into studying the topic and one thing continuously remains true. This truth is that many people have dubbed this technology useless. However one simple trend existed amongst almost every single one of the individuals that made these accusations. They had done very little research into the topic and possessed hardly even a surface level understanding of the technology.

Before I start let’s make it clear that the explosion of crypto currencies that has come out of this space is alarming and in my personal opinion completely unnecessary. In the world of crypto currencies I’m heavily focused on the coins that from my own research I see potential for future realized value. The 4 I like currently are Bitcoin, Ethereum, Litecoin, and Monero. More specifically I’m primarily looking into securing the coins, wallets, and exchanges.

I’ve accumulated resources while on this journey which I can assure you is a bit tricky when almost anything you lookup returns pages of crypto currency OMG articles. My challenge to you is to at least do a bit of research before completely hating this technology. I would like to have at least one argument with someone where they have a sound technical reason why they think BlockChain sucks so much.



Just the core idea of what a BlockChain is obviously confuses people because the explanations I hear are downright awful and misinformed. If you are going to tell me how much you hate BlockChain I at least expect you to have a basic understanding. Let’s start by helping you gain a fundamental understanding of BlockChain:

If you are interested in jumping right into the development of BlockChain a few resources gave me insight into how the code was structured. Most BlockChains can have cores built in multiples languages. If you want to learn the technical break downs of how it works read these so you can argue with me about the deeper elements of BlockChain:



Bitcoin was the first decentralized use of BlockChain. Understanding the fundamentals behind it is the first step towards understanding what it is. First thing you’re going to want to do is get a baseline understanding of the technology. After you complete this you will have all the knowledge necessary to argue with all the Bitcoin lovers and let them know how you feel.

A great place to start is with the following book:

After you get the fundamentals down it’s a good idea to catch up on everything that has happened. Most coins have websites with additional information. They are also open source so you can freely review the code. I can guarantee you not one person I have argued with has done this. Most of them even have full white papers which break down the initial reason for creation and other technical details.

You can use the following resources to get a baseline understanding of Bitcoin:

To jump into the development of Bitcoin here are some resources that helped me understand its core implementation:

So my first question was is Bitcoin secure? It’s holding value how do we know the code is secure. People ask questions about the code base frequently and thankfully Dan Guido has done some research in this space:

The Bitcoin Github also provides a test harness for fuzz testing which can be used with AFL:



Litecoin is a fork of Bitcoin which was created because they believed they could make a faster version of the coin. Thus far they have succeeded to some degree at this and will release LitePay in the near future. This is a company that will use the Litecoin network to transfer funds.

You can use the following resources to get a baseline understanding of Litecoin:



Ethereum took a different approach to all of this and decided to make a network that would run decentralized applications called Smart Contracts. Ethereum has had their share of security issues. I will discuss those issues in the Smart Contracts section.

You can use the following resources to get a baseline understanding of Ethereum:



I thought that I should at least mention one privacy coin. The idea behind a privacy coin is that the transactions on the BlockChain are private. Privacy coins hope to solve some of the issues associated with completely public BlockChains.

You can use the following resources to get a baseline understanding of Monero:


Smart Contracts

Smart Contracts put simply is the idea that you can write a piece of code with rules baked into it that will make decisions. The purpose being that once compiled and deployed to the network it cannot be changed. All outcomes are based on the code that runs. This is both innovative and scary because a lot of security issues have been discovered around Smart Contracts.

When digging deeper into BlockChain security I found the following research and tool development:


I was happy to find out that many of the exchanges had bug bounty programs. This was a strong indicator that they took security very serious as you should when handling high volumes of money, bank account info, and a storage of value.


When exploring this bug bounty program I found a protocol called FIX that I’m definitely going to invest some time into researching. It is a widely used by many crypto currency exchanges as well as normal stock exchanges. SecForce has done research in this space and created a fuzzer for this protocol:


Wallets are used to store the private keys necessary to prove you are the owner of a crypto asset. There are both hardware and software wallets. For the purpose of storing private keys most would agree hardware wallets add a  layer of security. Paper wallets can also be created completely offline and stored safely. Securely storing your crypto assets is a topic that without a doubt needs more security awareness surrounding it. These are just my initial thoughts and resources.

To get a core understanding of how wallets work you can review these resources:

The first hardware wallets to catch my attention due to their popularity was Trezor and Ledger Nano S. I will probably do a whole write up on the comparison of these 2 in regards to security in the future. Currently I believe from my research that the Ledger Nano S is more secure.

here is my preliminary review of the 2 most popular hardware wallets:


Hardware: Trezor 


  • STM32F205 [A common ARM Cortex M3]
    • Not considered a secure MCU and carries no common criteria certification



Hardware: Ledger Nano S

  • STM32F042K [Main controller]
  • ST31H320 [Secondary secure controller]
    • Bank grade secure enclave for private key storage
    • EAL5+ common criteria certified
    • Stores device key to protect the software from being tampered
    • Even if memory was dumped from the Ledger this would not affect the secure storage



Mining is using either a CPU or GPU to run a computation to discover a piece of the next Block in the chain which proves that you solved it. In some cases like Bitcoin to make significant progress you need proprietary hardware called ASIC miners. This results in issuing the crypto currency available in that next block to the person who submitted the solve. This is put extremely simply just for an initial introduction but most of these verifications are either Proof of Work or Proof of Stake.

To learn more about how mining works you can review the project below:

BlockChain != Crypto Currency

I just wanted to make one additional note that BlockChain technologies are not exclusively used for crypto. There are a wide variety of use cases including supply chain management, identity management, and tracking of documents and other transactions.

Here is a list a few projects that use BlockChain for other things other than crypto:


The first thing I learned from this research is that the technologies used to implement BlockChain, run exchanges, and create wallets were not that obscure(Contrary to popular beliefs). Research quickly led me into familiar territory. My goal is simply to start educating people so that they can make informed decision about BlockChain and the surrounding technologies. With a little more information at least you can have a more educated argument with people around you. Or worse case scenarios you get sucked in like me and might actually like this stuff. However you will never know if you let somebody else tell you how much to hate it.