An industry mailing list I’m on recently had a conversation that started asking about Master Degrees but had some hiring managers chip in. They said a question they tend to ask is to have the candidate tell about their home lab.
I’ve been asked this question a few times in the past, and I’ve asked people this question in job interviews. I know it’s to find out what kind of passion the candidate has for the job, but I think it’s starting to become a bad question to ask.
Here is why I don’t have a home lab.
- Cost:
I’ve had labs in the past, a lab for the CCNA, a self contained virtual network using ESXi, multiple smaller VM labs to test different things. Different SDR setups to test hardware.The problem is, the equipment for the lab isn’t free. Even buying used or cheap still costs money and to be honest I have other things to spend my money on. A lab is a nice to have, but I’ve got other places to spend my money. Even $5.00 Digital Ocean Droplets add up fast if you have more than one.
There is also the power and internet connection cost for the lab. Including buildout costs if power or networking isn’t where you want to put your lab.
I just don’t have the money to build out a new lab.
- Space:
I don’t own my own home, so I rent. In the places I’ve rented over the last 10 years, if I had a lab, it had to be either in my bedroom or in my front room next to the TV. The place I’m renting now it would have to be next to the TV which would make watching TV for my significant other hard.I’d love to have a lab in the basement like I did at the last place we rented. But that was a fluke. I can’t run cables and wires room to room easily. If I owned a house, I could put holes in the walls and floors. But since I rent, can’t run cables. Or if I did, I’d be paying to enrich someone else’s property.
The basement at where I’m renting currently doesn’t have many outlets. I think there are a total of 6 down there. While there is room in the breaker panel to run some more, I’d have to hire a professional to come run that. I could do it myself, but inspections are more frequent when you rent.
- Time:
Between work, school, non-degree classes, being involved in 2 lock sport groups, and hopefully volunteer work in the near future, plus the typical things we do in life, when do I have time to play with a lab?Remember there have been been blog posts here lately about not having time to study Python like I want to, and having to relearn Pcap analysis from lack of use and focusing more on malware with them. (Which that ESXi box I have would help with, if I had a way to set it up in the basement).
- The lab I build for my passion, may not be what you want to hear about:
Which of these would help in the interview for a SOC person doing Threat Intelligence or Incident Response?
I had a lab of switches and routers to study for the CCNA. They no longer matched what was being covered in the CCNA and I couldn’t afford newer stuff even used.I’ve built a lab for SDR testing. It was a laptop and a Raspberry Pi. Not much of a lab.
I built my Raspberry Pi WIDS lab. It was network cable spread across the floors to different rooms, and a major tripping hazard for everyone in the house.
I had a “travel” lab on my laptop of a couple of images to do red team related work on. Kali Linux, Windows 7, and Debian Linux. Instead of becoming a Red Team pen-tester I used it to learn more about hardening systems.
I had “travel labs” on my laptops to run non-windows programs for learning perl, python, or write production scripts. but then is that a Lab or a part of the production environment.
Lab using Raspberry Pi as a TOR proxy (Onion Pi), so everything connected to it goes straight to the tor network.
I had a wireless “lab” for the Offensive Security Wireless Professional. It was a vm running Backtrack 3, that I connected an Alfa wireless adapter too.
I had an ESXi server set up with PFSense, Windows 7, Security Onion, a Linux box for RT, a Linux box for general purpose use, and a SANS SIFT Linux box. But it never got used much.
I’ve spun up “labs” to test new to me Linux Distros. Fire up a VM install the distro and see how it works for a day or two.