Who Should Attend?

• Anyone trying to break into their first infosec role, but especially those mid-career professionals attempting to transition into a new cybersecurity career!

• Hiring managers or infosec recruiters who can't seem to find the right personnel

• Anyone who has a friend or colleague trying to move into cybersecurity, but who can’t seem to get a break (and they're not sure how to help rewrite their resume)

• Anyone who wants to try a different sort of workshop format :D

Workshop Takeaways

After this workshop, participant-players will:

• Take home practical solutions that people from any field can use to buff their own career-characters’ chances of landing their first job in infosec, including: skill-to-skill “translation” lists, easy interview answer reframing, and role and certification shortcuts.

• Enjoy an interactive security tabletop exercise, lead in the style of a homebrew RPG campaign as a practical hiring process demonstration – including a “career character” worksheet walkthrough, the hiring process “encounters,” and rolls for success!

• Feel empowered and less alone, as one of many who struggle to break through the modern infosec hiring process roadblocks, while embracing how they -- as mid-career or otherwise transitioning professionals from non-infosec industries -- are truly desirable hires for a modern security program specifically and their overall hiring organization more generally.

Participant Tools Needed

• Personal dice and pens optional
  • We'll provide the workshop character sheets, plus dice and pens for those who need it!

Workshop Outline (Estimated 4 hours)

[NOT FOR EXTERNAL PUBLICATION -- CFP CONSIDERATION ONLY]

SESSION “GAME” RULES (est. 20 min)

• Intro of concept
  • 2x sheet handouts – initial worksheet & in-session worksheet – plus dice

• How the workshop works

  • Campaign with “encounters” and “rolls”

    • Four primary “encounters”
      > Industry recommendation / rebuff (Tavern guy offer)
      > Initial application screening (Sign up for tournament)
      > “Smaller” initial interviews (Tournament rounds)
      > Hiring manager interview (Final tournament round)
    • General encounter format
      > CAMPAIGN set up
      > GM (Stryker) led discussion about real-life scenario with the group, presenting both personal experience and research as needed with group’s questions and general discussion.
      > Participant-player interaction (through ASKING QUESTIONS or TAKING ACTIONS, either of which may require skill check ROLLS) to set up success by finding out more about the situation or otherwise influence outcomes.
      > ROLLS (or REROLLS) for success or failure of overall encounter – no damage, just succeed / fail check
    • Rolls
      > Will include question outcomes, character abilities and actions, and class “buffs” / “debuffs”
    • While the three main encounters and some skill-checks will be pre-planned as outlined, the GM (Stryker) will build in flexibility, depending on discussion and unplanned participant-player suggestions / campaign movements.
    • While the three main encounters and some skill-checks will be pre-planned as outlined, the GM (Stryker) will build in flexibility, depending on discussion and unplanned participant-player suggestions / campaign movements.

  • How character sheets work

    • GM (Stryker) to fill out an example character sheet(s) to use as the “group avatar” character during the campaign, while each individual participant-player will also use their own sheet(s).
      > Participant-players will be able to suggest group avatar actions or approaches to move the campaign along, impacting the group’s overall progress.
      > Occasionally, the GM (Stryker) will survey the participant-player results, and use the overall group’s success (or failure) to buff or penalize the group avatar character’s rolls.

• Where to grab resources (in case we run out of time)

  • Link with all research, materials, and paper handouts

• What will NOT be explained at the start:

  • Participant-players may be able to form temporary party-teams, depending on the turn of the campaign overall and specifically within designated portions of the campaign below.
  • The GM will also be observing each participants’ interactivity and engagement with the workshop, offering up “secret” buffs on their turn to suggest group avatar action or for their individual rolls.
  • Participant-players will be instructed to introduce themselves to the person seated beside them, with name & contact information, but clear this is optional (…. and thus, the campaign has begun without them knowing)

WE BEGIN OUR TALE… (est. 45 min)

• Fill out initial worksheet with current character-player, not optimized for infosec.
  • Example of GM’s (Stryker’s) own character sheet, based on early marketing career (w/brief list of core skills, competencies, & successes) and motivations to transition (boredom, security field interest and talent, DEF CON 31 & Black Hat 2023).
  • Group avatar made, based on (or separate from!) GM example
• CAMPAIGN starts: Opening from abstract w/skepticism in tavern
  • Every participant-player to ASK QUESTIONS to or about “tavern hiring manager” / job description to better figure out how to approach this “conversation” / application
  • ROLL (and it’ll probably fail, especially for group avatar)
• Talk about why this didn’t work with the group – in the campaign and in real life
  • Discuss common themes in others’ job searches, why they might be like that, what’s “fair” vs what’s “done”
  • GM (Stryker) recounts personal rejections despite personal recommendations, OSInt discoveries on why hiring managers reject entry-level and alternate-level candidates

BREAK (est. 5 min)

REVISING YOUR CHARACTER SHEET (est. 55 min)

• Use second “real” character worksheet to re-spec (or uplevel) current worksheet to the new “character class” of the desired role vs current abilities. GM (Stryker) to cover and foster group discussion on:
  • Skill-to-skill “translation” to new career terminology
  • Rediscovery of atrophied skills that could be revived
  • Discussion on What to learn net-new or otherwise certify
  • Environmental factors (with personal experience and research) for buffs and debuffs
    • Luck, bias (racial, age, industry), networking, personal finances
• GM Stryker to show personal old (marketing) vs new (infosec) resume & LinkedIn profile
• Participant-players adjust character sheet with reskills and buffs
• CAMPAIGN continues: Hiring poster for same position! They’re holding a tournament to hire new defenders. Group-avatar heads to the initial sign-up desk outside of the arena and needs to convince the person at the sign-up table that they should be allowed to compete.
  • Participant-players ASK NEW QUESTIONS to or about “sign up desk” / job description to better figure out how to approach this “conversation” / ATS, based on previous discussion.
    • If someone gets stuck, GM (Stryker) will ask what they’d like to try out or otherwise find out more about in a real job application process. Then, the GM may offer a “translated” campaign action or question that may buff (or debuff) the overall reroll attempt, based on previous discussion.
      > All participant-players may benefit from the question’s answer (no hidden answers), but they will also all take the debuff (if any).
      > At GM’s (Stryker)’s discretion, a successful answer to the question may require a skill check from the participant-player.
    • Participant-players can also take ACTIONS that may buff (or debuff) the reroll attempt, based on previous discussion (and roll for it).
• REROLL for ATS check pass
  • If participant fails BUT introduced themselves earlier, they may ask the person they met earlier to re-roll an assist as a “resume reviewer”; if higher than 13 on a 20-sided dice, then re-roll

BREAK (est. 5 min)

BATTLE ROYALE (est. 55 min)

• CAMPAIGN restarts: The group avatar has made it through! The tournament offers a lot of types of weapons and battle fields. Lots of bladed weapons, though those aren’t the best for our group avatar. How do we want to approach this?
  • GM (Stryker) leads discussion on picking a transition role, including:
    • Reconciling previous successful projects and natural abilities (“campaign roll successes”) with desired security role responsibilities
    • “Dual class” vs “upleveling”
      > Whether to pick a “hybrid” role that deliberately merges the skills from previous role with the current one, versus revising and repositioning previous role’s skills
• Participant-players ASK QUESTIONS about the situation or TAKE ACTIONS of the group avatar to put the group in the best outcome for success. (Same rules as previous encounter apply.)
• ROLL for first round combat! (Proof of capabilities)
  • GM (Stryker) to offer buffs to participant-players who have portfolios, certifications, or group projects.
  • IF failed, participant-players may ask their neighbors to roll for an assist as a “networking introduction” and recommendation; if higher than 13 on a 20-sided dice, then record that roll for later reference and RE-ROLL.
• ROLL for second round combat! (HR screening interview)
  • GM (Stryker) to offer buffs to participant-players who seem helpful or otherwise pleasant to be around, as social engineering buff to analogous initial HR screening.
  • IF FAIL and got a networking assist, RE-ROLL.
• 1:1 individual participant-player ROLL/S for last-chance combat! (Technical interview, which doesn’t happen in every role)
  • Participant-players who failed either of the previous combats have been “knocked down” to last-chance bracket.
    • Participant-player may ask another fellow player they think can best assist, with GM (Stryker) added flavor and buffs.
      > Other player will take buffs (or debuffs) based on this participant-player’s ultimate outcome in this bracket.
    • Participant-players may ASK QUESTION or TAKE ACTION to better position themselves for victory, with same rules as before (minus group buff outcomes).
    • ROLL – if still loss, then may take two ACTIONS or QUESTIONS for group avatar until end of campaign, or otherwise act as NPC if called on by GM (Stryker). They may still roll / play individual sheets through the end.

BREAK (est. 5 min)

BOSS FIGHT ENCOUNTER (est. 40 min)

• CAMPAIGN continues! The final round in the tournament is against your future party leader: The individual from the tavern who initially rejected the group-avatar in the first place!
  • GM (Stryker) leads discussion on:
    • How to reframe “tell me about a time when” STAR questions for truthful applications of previous context
    • When it’s okay to say “I don’t know” or “I haven’t done this” (“… but I would find the answers by doing XYZ” / “I would try this”)
• Participant-players ASK QUESTIONS about the situation or TAKE ACTIONS of the group avatar to put the group in the best outcome for success. (Same rules as previous encounter apply.)
• ROLL to get offer!
  • IF FAILED
    • … and participant-player got their initial introduction based on a “networking introduction” roll, then add their recommendation dice roll; if initial roll + added roll is higher than 13 on a 20-sided dice, then REROLL
• GM (Stryker) to allow for a “group fight” (that is, boosting of an applicant’s credentials before the hiring manager interview with a group project, credential, or other proof of capability)!
  • Dynamic and fluid based on campaign thus far. 😊
  • Includes all failed rolls / lost people

CAMPAIGN WRAP UP & QUESTIONS (remaining time 😊)