Tag Archives: Hacker News

Everyone codes. No one quits.

Posted on 2012-04-28 | Leave a comment

Chewbacca fighting Nazis on a giant squirrel.So FreeCause has an initiative to make all its employees learn how to code. Not that everyone will join in developing production code, but they have to learn the fundamentals. In their case, they use Codecademy which teaches JavaScript. Despite some of the bellyaching on Hacker News, this makes sense to me for a number of reasons.

  • This can help people understand the tools that could assist them with their normal day jobs as hey gain the confidence to look into writing scripts and macros. IT staff in particular frequently lack any coding (scripting) skills unless they are developers or Unix sysadmins.
  • They will have a better understanding of the web technologies they run across in their daily lives. This applies especially well to Codecademy users who learn JavaScript.
  • Learning to code teaches you to break a problem into parts and think analytically. We can probably all agree that our society could use more people with good critical thinking skills.
  • Everyone in an enterprise should have a core understanding of the elements of major functions. Yes, this means programmers should understand the very basics of finance and human resources and probably other areas that don’t occur to me at the moment.

There are two kinds of elitism: One is the belief that only the most informed and qualified individuals should make the decisions for a group. The other is the belief that those who do not belong to the “elite” have no business even dabbling in affairs beyond their supposed comprehension. The latter isn’t healthy to any organization, much less broader society, but walking a mile in your neighbor’s (or co-worker’s) shoes can have lots of positive effects.

→ Leave a comment

Posted in Links

Tagged , , ,

Evernote as memory extension

Posted on 2012-02-19 | 1 Comment

"photo.jpg" by By {Guerrilla Futures | Jason Tester}Several months ago, I mused about mining my own personal data for various purposes. Several areas that interested me had to do with what I read, especially online. So having recently discovered Evernote, I think this will work perfectly. For the last couple of weeks, I literally clip every single article I read online. Well, except for the ones that bore me so much that I bail after the first paragraph or two.

Yes, this means that if I read your blog post, or a news story, or anything else from Hacker News or Paper.li or Twitter, I clip it. Usually, I’ll do this with the Clearly extension for Chrome, unless I find it when using my phone. Later, I go through whatever is in my inbox notebook and tag it before moving it to an archive notebook. This has the effect of building up data for a decent tag cloud, although I haven’t built one yet. And if I can even remember a snippet of an article, I can go back to find it.

Of course, Evernote has other use cases, but so far using web clipping as a sort of external memory has stood out as the primary one for me.

→ 1 Comment

Posted in Notes

Tagged , , , ,

Two Things: SIEM and DFIR edition

Posted on 2012-01-31 | Leave a comment

"Two Stick" by lucianvenutianThanks to Hacker News, I ran across the charming and thought-provoking concept of Two Things:

“You know, the Two Things. For every subject, there are really only two things you really need to know. Everything else is the application of those two things, or just not important.”

You also might think of these things as first principles, though these might represent something even more basic. After spending some time thinking about it, I came up with the following. Feel free to add your own or point out what I’ve missed.

Two things for DFIR:

  1. The bad guys always leave evidence behind.
  2. You aren’t looking for it in time.

Two things for SIEM:

  1. Log analysis matters more than log management.
  2. SIEM analysts eventually become DBAs. (Bejtlich‘s Principle)

I don’t know whether anybody else has called it that before, but I sure wish I could find the canonical reference for Bejtlich’s Principle.

→ Leave a comment

Posted in Notes

Tagged , , , , ,

Data flow for personal consumption

Posted on 2011-11-15 | 2 Comments

This post is mostly for my benefit as I’m sorting out my information flow and consumption. But in addition to the meta-cognition of thinking about what I’m thinking about, I thought I might get some ideas from people. If this seems boring or overly pedantic, feel free to skip it, but I enjoy these sorts of things from time to time.

Input

So, like almost everybody else, I have a surplus of incoming data. The firehose unleashes as soon as I wake up:

  • Work email
  • Personal email
  • Twitter
  • Google+
  • Blogs
  • Reddit / Hacker News / occasional forum usage

Meatspace interactions should probably count here as well, but talking with my wife and kids, or the friendly barista who brews my soy latte, don’t need the same sort of management process. Depending on how much time I spend on the items in that list, or rather how much energy I choose to devote to them, that can become overwhelming. Some of them offer more value or take higher priority. For example, work email gets much more of my attention than Reddit (most days).

Tools

In order to handle that flow, I have several tools with which I’ve grown comfortable (and a few others that I use for experimentation).

This lets me filter and organize diverse inputs, possibly collating them into several tools (e.g. blogs -> RSS feeds -> Google Reader) or even structuring data that may not be presented as such. Yahoo! Pipes in particular may need replacement soon, as I haven’t set up any new projects with it in a while.

Outputs

Sometimes, I want to share what I’ve come across. This might be for fun or it might be due to work needs. Other times, I end up producing something as I integrate and synthesize this information (like in a blog post or internal analysis).

  • Work email
  • Personal email (rare)
  • Blog post
  • Internal document or other work product
  • Sharing (Google+, Twitter)
  • Link blog / social bookmarking

I notice that nothing here really comes from Reddit and Hacker News. That stuff mostly just goes straight to internal consumption; I certainly don’t share back there much except for the occasional comment and really occasional link submission.

Process

I really need to stay focused on continual improvement here, because the real bang for the buck comes from focusing on things that matter. The best example of this? Eliminating almost all Internet fora (message boards) has helped, not just in terms of time spent but also in my general mental state.

However, I make a point of starring things in Twitter or Reader that deserve more attention than I can give at the moment. Emails get flagged for attention so that they show up in my Outlook Tasks, or perhaps get added to my personal kanban. If I’ve read it and think it might be worth someone else’s time, I’ll share it via Delicious. If I think I’d like to invite some discussion on it or find it particularly awesome, I’ll share on Twitter or Google+ (rarely both as I don’t have much intersection between my networks).

When I notice that some class of input seems to require more manual processing than it should, I look for ways to streamline it. That might mean a rule in Outlook or assigning an OIB label, or finding an appropriate method to automate its processing. Like any other optimization process, this usually involves looking for the best bang for the buck — including possibly dropping the input altogether if it doesn’t give enough value.

As part of my job, I often handle incoming threat (or risk) intelligence, including via internal methods like an FS-ISAC alert or via my own open source monitoring. That’s a special case and one I’ll tackle in a future article due to its sensitive and specialized nature.

→ 2 Comments

Posted in Notes

Tagged , , , , , , , , , , , , , , , , ,

Saying something worthwhile

Posted on 2011-06-21 | 1 Comment

A recent article at Hacker News on understanding the “obvious” got me thinking.

I’ve established a professional goal to start presenting and speaking more often. I’ve done so on a very limited basis in the past, though I have significant public speaking experience in non-professional fields (ministry). The times I’ve done it, when others have offered me up or otherwise somehow coerced me into speaking, have gone fairly well. Not that I’m doing MLK-style oratory on the intricacies of information security, but everyone, including me, seemed to enjoy the experience.

However, whenever I see a CFP or similar for a conference or professional group that I think has some relevance to my work, I get cold feet and rarely submit my name or a topic. This doesn’t have anything to do with the general concept of getting up in front of an audience and talking. It has to do with questioning whether I have anything worthwhile to say.

To clarify: I don’t work in research. I don’t work on really bleeding-edge stuff. But I do work with technologies that I’d characterize as a little bit ahead of the curve, and my team has had some fairly successful implementations. Past investigations have led to some interesting and even colorful case histories. And when I get together for conversations with my peers at other firms, virtually or in meatspace, I find that we actually do work on some cool stuff (or at least don’t struggle to the degree that some others might). Malware detection and response, SIEM usage, incident response procedures, digital forensics… kinda sexy, at least a little.

'Some times I believe I can fly' by R'eyesThe problem comes when I see that CFP and I think that the cool stuff I work on must seem blindingly obvious. I mean, we’ve worked it out, so surely everybody else has as well, right? This flies totally in the face of actual experience and evidence, but it happens all the same. Inevitably, I remember the time Slashdot turned down an article I wanted to submit on a tech layoff in 1999 or so because it ‘sounded like everyone else’s story’. (They weren’t wrong.)

So I don’t quite know how to go beyond just dipping my toes in the water and jump in without slipping and hitting my head on a rock. Do any of my friends and colleagues have suggestions?

→ 1 Comment

Posted in Conferences

Tagged , , , ,