Silicon Shecky

Infosec Practitioner

Connect

Simple Post

By Leave a Comment

Quick post this week, just to keep posting. With starting a new job this week, I haven’t had the time to really work on an idea for a post. That being said one thing did cross the Twitterverse this week that I wanted to weigh in on.

Seems there is some controversy over a shirt worn by someone presenting at a conference. The shirt which had a woman in a more sexual pose (boobs showing? I could not see the picture well) has again divided the community. The big thing here is that most people I know do not see a problem with the shirt in a general sense, the deem it inappropriate to be wearing while on stage in front of people speaking on a topic. Agreed unless the shirt directly related to the topic being discussed. As a speaker you are representing yourself (and possibly the company you work for as a lot of speakers put that information in their slide deck), and this shows poorly on a professional level. Sure, it might be a small hacking con, and in the world of hackers who cares. Reality is different though. When speaking show some decorum please. It makes it easier for people to take you seriously. I am not saying you need to be dressed up, t-shirts are fine. Just something that is not going to cause a fuss or embarrassment to your employer or to the con. It is not that difficult to do.

Now that I have gotten off my soap box, those going to CircleCityCon this weekend, have a great time. If things go well I will see you all there next year.

I also recently did put in a CFP for DerbyCon so we can see if that flies. If not, I will do it again next year. While constantly trying advances to date someone is frowned upon, constantly trying in a lot of other things in this world is smiled upon. This talk I put in for is not a technical talk, but a soft skills talk so it will be interesting to see if it gets accepted.

Until next time, remember this time!

Securing the Future, Securing the Community

By Leave a Comment

Community can be an awesome thing. It can also lead to a mentality of privilege, lying, shaming, head turning, and alienation.

I feel one of the best things about being involved in information security is the open community. through the community I have learned, made friends, and gained self confidence. Yet there is an ugly side of the community that has been coming to light, and the reveal has been a long time coming. The treatment of women, and the subsequent use of our talents to berate them, and those that support them, into silence. I am not talking about general disagreements, but about sexual misconduct. Sexual misconduct includes, continuous unwanted advances, drugging of women to allow for sexual advances that would otherwise be rejected, and rape.

We are the nerds, the geeks, the originals before being a nerd was the cool thing to be, before there were sub-categories of nerds and geeks. We were the ones who looked at the jocks and wanted to be like them, who were picked on, beaten up, and otherwise treated like we were less than everyone else in school (especially high school). We didn’t get to go to the cool kids parties, were (and might still be) socially awkward, and of course, had trouble getting dates. We looked at those who treated women poorly as bad people, something we would never do. How the times have changed.

We have become those jocks, those frat boys, those that will do whatever we want, to whomever we want and feel we can get away with it. You can look at the recent headline about the Tor Projects Jacob Applebaum, and the allegations against him. You can look at the whole backlash about Defcon and people I know and trust that have had their drinks drugged. There is a sense of entitlement, and the second someone goes and puts the truth out there, they get slammed, shamed, and people go on a social engineering tirade against them and anyone who supports them. All this because they are the opposite sex and we still haven’t learned the best way to deal with them is as human beings? To talk to them, to get to know them, to respect them for who they are and what they know?

Yes, we (we includes myself) are all guilty of sexist remarks, sexist jokes, staring at the opposite sex. That will never completely go away, and there are women who don’t mind the passing joke among friends, who sometimes find it an ego boost that someone is checking them out. I know I’ve made women in and out of the infosec community uneasy at times, especially when they haven’t gotten to know me yet. I try not to, but I am socially awkward to a degree. I will not push anything sexually on anyone though. I hear someone say they were drugged or raped, and I will stand behind them unless proven to be a falsehood. The law of the land might say Innocent until Proven Guilty, but that is for breaking the law, not public opinion, and definitely not the way the human mind tends to work.

I really wonder how many great ideas, and leaps forward we have missed in IT overall and infosec specifically, because women are afraid of us? They hear, and now with social media, see the fallout if you make an allegation and do not want to deal with it. They are not made to feel welcome. All of this because a relatively small portion have done bad things, and the rest of us either turn a blind eye or shame and attack the victims and their supporters until they disappear.

We are security people. Let us start by making our community a secure place for everyone.

Support, How do they get away with it…

By Leave a Comment

I find the world a funny place. There is so much irony and hypocrisy in it that you can’t help but laugh if you stop to really think about it. Well, Laugh or cry.

Being an IT consultant, I support my clients. Its part of the job. Heck without giving them the best support I can, I wouldn’t have a job. So I sit back and look overall at support from different areas of the tech industry and notice that certain areas tend to be able to get away with different levels of support and still survive.

We shall start off with hardware support. Companies, not just like Dell and HP, but like BFG, Creative Labs, and the like. I find these companies relatively speaking have the best support. Even bad support from these companies is still better than the best support from some of the companies in other categories. Yeah, they might make us go through the stuff we have tried before, or make us run some super secret diagnostic program, but once you have gone through the routine, they are pretty quick about getting replacement items out to you.

Next area is the ISP. The ISP is a hit or miss on support. Having worked the help desk at one, back when most people were using dial up connections, has given me an unique insight to the world of ISP tech support. It really depends on a couple of factors, one being the person you actually get on the phone with, and how you react to them. The places that ship me out to places like India (AT&T does this), I tend to despise because they follow a script and that is that. You need to know how to navigate around these issues to get to a competent tech in the level 2 range. Other companies such as Comcast have a decent bunch or lower level techs, and at least you can understand them, but still all the ISPs have one thing in common. They are taught that they are to say it is not their fault until one of two things happen. First their managers say, “Ok, we can now say that it is an outage on our end because X amount of people in that area have complained,” or they have run out of ideas, have transferred you to the next level, and that tech has decided it is their issue. It is tough to get them to admit that it is their problem without a widespread outage.

The final area is the Software industry. This by far is the worst area overall. They will run through their script and then just dump you. The don’t listen to their customers, and if you should have a problem with install media after the next version comes out, they will tell you that you have to buy new media. In this area, the best support I’ve found had come from Microsoft of all places, but most OS companies are decent. When you get into software that tends to be more specialized, such as contact management, accounting software, and other more niche software where there are fewer and fewer players, the support gets worse and worse. How some of these companies stay in business is a case of being the only player (or at least well known player) in town.

The end result is to paraphrase Forrest Gump, “Support is like a box of chocolates. You never know what you are going to get.” Being a consultant, this of course means you should be doing your research before any install or migration. As far as actual support for the software goes, I will get involved with it when the client needs me to, but I shudder when I have to call those tech lines.