Tag Archives: Career

Go home HackMiami you are drunk

Posted on 2013-01-14 | 5 Comments

IMPORTANT UPDATE 2

The official response:

Track Updates

Recently the HackMiami 2013 Hackers Conference received several complaints from individuals within the information security community regarding the chosen titles of the speaking tracks, NewF%27s and OldF%27s.

These complaints indicated that HackMiami may risk alienating the support of a key demographic within the information security community.

We have discussed the issue at length, and decided that we did indeed plan the track titles in haste, without considering the inclusion or opinions of a very vocal minority. As such, have decided to make some changes.

In addition to the NewF%27s and OldF%27s tracks, we will be creating a new third track that tailors specifically to the audience that was offended by the original oversight, and the track will be called MoralF%27s

The MoralF%27s track will feature talks about hacktivism, digital civil liberties, ethics, legal issues, and free speech.

We hope that this correction satisfies our critics, and we invite them to submit CFPs for this track at:

http://www.hackmiami.com/cfp

Regards,

The HackMiami Conference Team

IMPORTANT UPDATE

Thank you for doing the right thing.

Recently, a colleague from a side project contacted me to ask me to submit a talk on the project to HackMiami. Like everybody else in the Western Hemisphere, I immediately thought “sweet, boondoggle!” Even if my employer (who has nothing to do with this post) wouldn’t pay for the trip, I figured I would pay my own way, because, hey! Miami!

Then I read the CFP and… well.

Just in case they change things later, here are the names and descriptions of their tracks:

Track 1 – NewF#gs – A novice track will be available for new hackers who are learning the ropes. If you have a presentation that you believe would be beneficial to the community and will give n00bs a starting point to advance their skillsets, then this is the track for you. Total presentation time is 50 minutes.

Track 2 – OldF#gs – An advanced track for the old school greybeards looking to show off their latest projects and research. If you have any hot research, code drops, vulnerability disclosures, or advanced attack methodologies that you want to present on, then this is the track for you. Total presentation time is 50 minutes.

Now, I recognize the 4chan meme. There is a place in the world for 4chan memes, and that place is 4chan, not a hacker conference with people of all backgrounds. Without really touching the LGBT issues here (which I acknowledge but lie well outside the scope of this blog), the level of unprofessionalism here would stun a rhinoceros. As my buddy and co-worker Kevin asked, what ideas did this beat out? What was worse than this? Did your first draft have “fresh hos” and “used up hos” for the track names and you rejected that for being disrespectful to women? “We need to be more inclusive, guys.”

And hey, if you think any of us want our names and professional reputations hooked up with those terms, you have lost your ever-lovin’ mind.

In sections of the infosec community, we’re having all these discussions about misogyny, privilege, and anti-harassment policies. And then HackMiami decides to name their tracks after childish homophobic little memes from the seedy underbelly of the Internet. Not cool, dudes. Welcome to my list of “conferences I won’t attend because the organizers are scumbags who annoy the crap out of me”.

→ 5 Comments

Posted in Conferences

Tagged , , ,

Theory versus practice: threat-centrism

Posted on 2011-11-08 | Leave a comment

Al Gore: THAT IS AN IMPROPER USE OF INTERNET TECHNOLOGYI currently work in a threat-centric role, in the sense that we detect and respond to threats as they occur. We handle malware, log analysis, and network & system forensics. So I use “threat” in a concrete sense: bits that represent the actions of outside parties who may do harm to our enterprise.

At the same time, many security roles (including an opening I’m considering at my company) focus on an “information security architecture” team. These roles often handle vulnerability assessment, data leakage prevention, and general issues of design, planning, and policy. Note that the incident response team usually exists separate from architecture, which is where I have to make some private assessments.

I’ve started taking the advice of Greg Pendergast by “assessing, to the extent possible, whether you could make this new position your own by working in the threat-centric aspects.”

This concept strikes me as really interesting: how do we work real threat data into architecture? This differs in important ways from threat modelling, in which we design systems to counter different possible threats. In theory, theory and practice are the same, but in practice, they’re completely different.

I’ve got some ideas of how that could work specifically in our enterprise, but generalized answers might be worth considering as well. For example, how do organizations handle the sharing, both inbound and outbound, of threat data? Who handles the overall architecture of security monitoring systems? What log data can you get that analysts may not even realize exists (or could exist)?

The ideas have started to flow and I look forward to seeing what happens next.

→ Leave a comment

Posted in Notes

Tagged , , , , , ,

Saying something worthwhile

Posted on 2011-06-21 | 1 Comment

A recent article at Hacker News on understanding the “obvious” got me thinking.

I’ve established a professional goal to start presenting and speaking more often. I’ve done so on a very limited basis in the past, though I have significant public speaking experience in non-professional fields (ministry). The times I’ve done it, when others have offered me up or otherwise somehow coerced me into speaking, have gone fairly well. Not that I’m doing MLK-style oratory on the intricacies of information security, but everyone, including me, seemed to enjoy the experience.

However, whenever I see a CFP or similar for a conference or professional group that I think has some relevance to my work, I get cold feet and rarely submit my name or a topic. This doesn’t have anything to do with the general concept of getting up in front of an audience and talking. It has to do with questioning whether I have anything worthwhile to say.

To clarify: I don’t work in research. I don’t work on really bleeding-edge stuff. But I do work with technologies that I’d characterize as a little bit ahead of the curve, and my team has had some fairly successful implementations. Past investigations have led to some interesting and even colorful case histories. And when I get together for conversations with my peers at other firms, virtually or in meatspace, I find that we actually do work on some cool stuff (or at least don’t struggle to the degree that some others might). Malware detection and response, SIEM usage, incident response procedures, digital forensics… kinda sexy, at least a little.

'Some times I believe I can fly' by R'eyesThe problem comes when I see that CFP and I think that the cool stuff I work on must seem blindingly obvious. I mean, we’ve worked it out, so surely everybody else has as well, right? This flies totally in the face of actual experience and evidence, but it happens all the same. Inevitably, I remember the time Slashdot turned down an article I wanted to submit on a tech layoff in 1999 or so because it ‘sounded like everyone else’s story’. (They weren’t wrong.)

So I don’t quite know how to go beyond just dipping my toes in the water and jump in without slipping and hitting my head on a rock. Do any of my friends and colleagues have suggestions?

→ 1 Comment

Posted in Conferences

Tagged , , , ,

Kissing your sister: professionalism in infosec

Posted on 2011-02-28 | Leave a comment

I’ve thought more and more about 0ph3lia‘s “most honest post“. A few bits in particular rang true with me.

Sometimes I don’t know what I’m even doing in the computer security industry, but on other days, I love it to death…and I guess that’s alright.

Seven or eight years ago, somebody asked me why I got into security. I instantly answered, “because I like a job where I need to be smarter than the other guy”. And I’ve ended up doing okay for myself, but similar frustrations to 0ph3lia’s do come up. Even now that I work in incident response instead of security architecture and consulting, most of my job consists of explaining to someone why they can’t do what they just did.

That’s not really fulfilling. It doesn’t feel like working on stuff that matters. Maybe that’s why I get so annoyed when people just don’t want to listen. ‘Stepping on the air hose’ doesn’t really make something. It might help something not to get unmade, but that seems like the professional equivalent of kissing your sister.

Where do I go from here? I do enjoy IR when we really dive into the guts of a problem. Digging through many gigs of SIEM data to find the elusive evil bit gets my motor running, and I really do like crisis management. Everyone else loses their head when the fail whale comes up for air, but that’s when I really thrive. On the flip side, though, we have to avoid the temptation to turn everything into a crisis. And, generally speaking, coming into a problem after the fact means that we have to kick some ostriches in the tail rather than simply stay away from the lion.

I could stay with what I do now, of course, but I occasionally think about getting back into application security (ideally with my current employer). That could also happen in another organization that already has understood the need to build security into their SDLC. I really do want to feel like I can help build something new. Even better (but possibly more soul-sucking), maybe I should work for a security product company? I’ve previously learned the hard way that consulting doesn’t suit me, and sales engineering even less so.

For now, I’ll just resolve to blog here more often and see where that takes me. The best way to figure out what I think about something is to write about it.

→ Leave a comment

Posted in Meta

Tagged , , , , ,