John Harper: Helping Hackers Find Their Passions

What’s your professional superhero origin story? For John Harper, the Penetration Testing Lead at Nationwide Insurance and founder of TempestSec and the annual Hackers Teaching Hackers Conference, it came early in his career, before the organization he worked for at the time had a clear security role within IT.

“We had a virus outbreak,” he explains, “and I realized I could put that virus in a lab environment, reverse engineer it using application snapshot utilities, then create an uninstall that would remove all of its components. That’s when I moved into the security space.”

It hearkened back to his childhood when he would take apart his father’s watch and attempt to put it back together, just to learn how it worked. John says it’s that sort of curiosity — and the passion it engenders — that’s the mark of a great security professional. And that’s the passion the Hackers Teaching Hackers conference he founded aims to inspire.

“When I talk to someone to see if they’re interested in a role on my team, I’m not looking for a certification. I want to know: What did you learn through the process of trying to get that certification?”

– John Harper

A Passion for InfoSec

For John, passion is the indicator to help everyone get the most from their careers — and to help managers understand where people can contribute the most to an organization. To run an InfoSec department “takes a lot of people with a lot of different skill sets,” he says. “I like to ask people what they’re most passionate about in technology, specifically.”

“We need people who understand Windows system administration, Linux administration, cloud, networking, wireless, programming and scripting, social engineering and physical controls — everyone has a role that they potentially could play on a team. Then we look to find mentors within the community we can pair them with to help them grow.”

John also sees it as part of an organization’s duty to foster leadership and mentoring within its own ranks. “If you’re built for wanting to share, you get excited easily and other people can see that passion and drive — it’s contagious,” he says. “And if you have good leadership within your organization, they promote it, and want to capitalize on what you know.”

And when it comes to hiring, John is looking for passionate folks whom more experienced staff can mentor.

“When I talk to someone to see if they’re interested in a role on my team, I’m not looking for a certification,” he says. “I want to know: What did you learn through the process of trying to get that certification? How thirsty are you to learn? Are you morbidly curious or are you just kind of like, meh, I might do that in my spare time?”

Taking It to the Community

Hackers Teaching Hackers, held annually in Columbus, Ohio, aims to tap into that curiosity and passion. The conference aims to bring together a wide range of people — security pros, for sure, but also hobbyists and folks who are pivoting from some other career and looking for community.

“We want people to feel comfortable attending even if they’re new to the space,” John says. Or, as the website puts it: “We are all hackers. Always learning, but with something to share.”

Hackers Teaching Hackers features a variety of activities for attendees: speakers and networking, as in every conference, but also hands-on educational experiences, capture the flag (CTF) challenges, scavenger hunts and Packet Wars battles.

“We like to distinguish ourselves from a lot of the other hacker conferences in that we want to have more and more hands-on experiences led by people really knowledgeable in that space,” John says.

“We love how we can spin AWS infrastructure up quickly, but then we also have to figure out how to secure it properly.”

– John Harper

Learning to Protect the Cloud

In 2019 much of the conference’s infrastructure was shifted to Amazon Web Services. “This allowed us to expand our reach beyond the conference attendees,” says John. “We opened up our scavenger hunt and the CTF to anybody in the world who wanted to play.”

But with that shift came security concerns. “We love how we can spin AWS infrastructure up quickly, but then we also have to figure out how to secure it properly. I think the cloud has given us lots of new space to play in. But we definitely have many of the same challenges enterprises do.” And the Gigamon Visibility Fabric™ is a big part of how Hackers Teaching Hackers met those challenges.

In the end, John finds both his day job and Hackers Teaching Hackers to be great environments for feeding his own passions and helping others discover theirs. He says that he’s most excited by working with really smart people.

“Whether it’s staff for the conference bringing new ideas that are hopefully super valuable to the community,” he says, “or spending time working with penetration testing teams trying to solve a puzzle that no one’s even looked at before.”

Join the Conversation at the Gigamon Community

Thank you to John for sharing your experiences and for helping others learn and grow. And of course, if you’ve got tough technical questions or some hard-won expertise to share yourself, come interact with John and hundreds of other Gigamon experts on the Gigamon Community website — guidelines for joining are right here.

Until next time.