Silicon Shecky

Infosec Practitioner

Connect

Simple Post

By Leave a Comment

Quick post this week, just to keep posting. With starting a new job this week, I haven’t had the time to really work on an idea for a post. That being said one thing did cross the Twitterverse this week that I wanted to weigh in on.

Seems there is some controversy over a shirt worn by someone presenting at a conference. The shirt which had a woman in a more sexual pose (boobs showing? I could not see the picture well) has again divided the community. The big thing here is that most people I know do not see a problem with the shirt in a general sense, the deem it inappropriate to be wearing while on stage in front of people speaking on a topic. Agreed unless the shirt directly related to the topic being discussed. As a speaker you are representing yourself (and possibly the company you work for as a lot of speakers put that information in their slide deck), and this shows poorly on a professional level. Sure, it might be a small hacking con, and in the world of hackers who cares. Reality is different though. When speaking show some decorum please. It makes it easier for people to take you seriously. I am not saying you need to be dressed up, t-shirts are fine. Just something that is not going to cause a fuss or embarrassment to your employer or to the con. It is not that difficult to do.

Now that I have gotten off my soap box, those going to CircleCityCon this weekend, have a great time. If things go well I will see you all there next year.

I also recently did put in a CFP for DerbyCon so we can see if that flies. If not, I will do it again next year. While constantly trying advances to date someone is frowned upon, constantly trying in a lot of other things in this world is smiled upon. This talk I put in for is not a technical talk, but a soft skills talk so it will be interesting to see if it gets accepted.

Until next time, remember this time!

Change is the only constant

By Leave a Comment

Change, it is constant. We all see it with the speed our field moves and grows. We either change with it all or get left behind. Change also seems to be the only way to stay up to date. People change jobs to increase salary, look for new challenges, get out of static environments and more.

I currently am going to be making one of these changes. Next week I start a new chapter with new challenges, a new vertical, and hopefully more to blog about. The employer I am leaving has been good, but the opportunity I am moving to is what I need at this time. Changing jobs can be a nerve wrecking situation. A few things to remember when even considering changing jobs. First and foremost, does the move make sense. Basically why are you moving to the new position/company. Does it fit into your long term goals? Second, why are you wanting to leave? Is it the environment, the pay or something else? The grass always looks greener but it may not be. Make sure you do your due diligence and research. Hopefully you remember to ask questions to give you an idea if the environment will fit you.

Change is a grand thing and keeps us fresh. As I make my change, I hope that all of you continue to read what I post and understand if I slip on posting a bit.

Crying Wolf

By Leave a Comment

It is happening more and more, and it is hurting how we are perceived. Flaws that are treated as super critical potentially end of the world and upon further inspection are not. This needs to change.

I almost titled this piece OMGWTFBBQ because that is what happened again recently. A flaw was teased on Monday that people got up in arms about. It was not going to be released until Tuesday, but the sensationalism got the better of people, and someone was able to put out the information late on Monday. Yes I am talking about the PGP/SMIME problem, but this is not the first time this has happened. For those into sports the situations turned into, “Upon Further review the call is reversed.” I am no expert by any means. I read the articles, watch Twitter, ask questions, and try to use some basic logic and common sense. That means waiting for good info, and to make sure you have all the info. The situation this week got so out of hand that articles were telling people to get rid of PGP. Again, this rush to judgement that people in our field had turned out to cause more panic than was needed, and turned into bad advice being given out.

Now, I am not going to get into the flaws themselves. There are plenty of others who have done that way better than I can. What I am more concerned about is the reputation of our field.

“We are Samurai… the Keyboard Cowboys… and all those other people who have no idea what’s going on are the cattle… Moooo. “

-The Plague – Hackers

That is how we do tend to see ourselves. That is how others outside of our field tend to look at us. Part of our job is to give good information that can be used to give good advice to the public in general. Unfortunately, we are jumping the gun more frequently. We are not waiting for peer review of flaws before deciding on pushing the panic button. This I feel is mostly due to ego. People want to be known as doing something, anything. We want recognition. With the PGP/SMIME situation those that found the flaw still get the proper credit. They lose points though for the way they released it in a sensationalized way. The people who started flailing like a muppet about the flaws before they eve saw it then caused more problems. At some point doing this people will stop trusting us. We will be looked at the boy who cried wolf. So what can we do about this?

The answers are simple and might surprise you. First we need to slow down. We need to take time to look at flaws when they are released and not look at any hype or sensationalism that builds up around their release. Second, we need peer review. This double checks anything that is being published for accuracy. A flaw could be found but until someone else reviews we need to be skeptical about the severity. Yes this can cause a day or two delay, but the reputation it will build up as us being trustworthy is worth it. People will listen, and will get good advice instead of the infamous OMGWTFBBQ.