Thursday, September 30, 2021

Episode #65 - Hope Restored Lessons From GrrCON

 Hope in one hand and shit in the other! this is what I was told as a child about hope, this is because hope is commonly associated with expectations, and expectations lead to disappointment.

 It was not until later that I learned hope could also mean a want or desire for something to happen, that hope is about anticipation for positive outcomes.

Then I remembered I work in information security, an industry that at times appears to be a hopeless wasteland of soul sucking, ungrateful people, never-ending greed, over inflated egos, blaming and shaming and awful behavior. An industry were the vendors treat their customers like victims, while peddling rebranded anti-virus and packet inspection as next gen and don’t get me going on the “Rock stars” of the industry are high on their own farts.

Work in this industry long enough and you will start to lose hope, lost hope that anything will change, that we can get ahead of the criminals, that we can do the right thing, that we will become diverse and inclusive, that we will help and protect those we serve, that the next generation will know how a computer and network actually works.  

Feeling hopeless makes it hard to get up each day and keep fighting this fight, hopelessness is hard on mental health, passion and drive start to suffer and apathy starts to set in. It was in this spiral of negative feelings about our industry and its future that I found myself, when I arrived at my very first GrrCON.  

What unfolded over the next few days, surprised, renewed, refreshed, inspired, encouraged, empowered, energized and left me with a restored since of hope.

After spending an amazing time hanging with and learning from some of the kindest, nicest, humblest, smartest people in infosec. I could see we have a chance to do better, to be better and there are some of us in this industry who are in it for all the right reasons. From the amazing folks at ILF to the thoughtful sessions, the openness to share knowledge, and humbleness of some of the biggest names in the game. Every person I met from the newest in the industry to the dusty old dinosaurs (holding up a mirror) every single person was eager to help, excited to grow and learn from one another regardless of experience level.

We need to take what makes the attendees of GrrCON so special, put it in a bottle and sell it as a service.

All this and more tonight on the Security Shit Show with Chris, Evan and Ryan.

Tonight at 9pm Mountain 10pm Central

Thursday, September 9, 2021

Episode #62 Over the hill and through the woods we go to…. Where are we going, I can’t recall, I may be going senile.

 To grow old is one of life’s blessings, but it is not all roses, one day you wake up and find you have injured yourself while sleeping, maybe today is the day you discover you have knees, and they are very unhappy with the way you have treated them over the years. Or maybe it is the day you realize that you cannot keep up with all the new things and changes happen around you daily.

Sometimes as I reflect on growing older, and the older I grow the more I seem to reflect on that, not because I am fearful of the aging process, or that I am worried about my final outcome (hint I love Jesus). I reflect because I ask myself what I have done to set up the next generation for succuss, what can I be doing with the time I have left to help.

In my career I have watched the birth and growth on an entire industry, and have seen how the technology we have made has had a profound and lasting impact on what it means to be a human and how you interact with the world. Those who come after us do not have that luxury, they are lacking the background and understanding of the grey hairs.

Each year that goes by it becomes clearer I have forgotten more than I currently know, that with age and experience comes a price that must be paid. I don’t know all the latest and greatest things happening, new tech, new vulnerabilities, new exploits. The good news is how you deal with them has not changed much in the last 30 years.

Experienced professionals have stories to tell, advice to give and lessons they learned the hard way that they can share. Are we doing enough to mentor those coming up in the industry, before our minds leave us and we spend our days sitting in a chair reminiscing about the good old days and how you had to yell at the people in your house, “Hey I am on the internet, hang up the phone” or that one time we waited 4 hours for a jpeg to download? Or when you knew what was on your network and could explain what it was doing?


I find myself pondering this question as I grow older, I ask what legacy we are leaving the next generation that are following behind us, who are looking to us for guidance and leadership.

What lessons have we learned both technical and non-technical that we want to pass on. What scars have we earned that taught us how to avoid them in the first place? What are WE doing to pass that knowledge onto those who will be here after us?

 In an industry that is so competitive and based on secrecy, are we doing enough to pass down the hard-earned knowledge that no book or class can teach, only being in the battle and earning the scars are you able to pass on the learnings from that experience. If we do not share our knowledge, then the same mistakes will be made over and over again by those who come after us.

I like growing older because I value the experience I have gained, the scars I have earned, the joyous moments and the painful ones just like the title of one my favorite western films, the good the bad and the ugly, and with age you WILL see all the Good The bad and the Ugly life has to offer in your lifetime.

Although sometimes I feel like a lost shoe on the side of the highway, where did it come from, how in the F did it get here and does it still serve a purpose.

I used to wonder why all the “Old people seemed to be cranky and fed up with the world, and each day that point of view makes more and more since to me.

Join us tonight for a discussion on aging, the impact it has on us as humans and security professionals and most importantly, what are we doing to pass on the experience we have to the next generation.

Evan, Chris and Ryan 

Thursday, September 2, 2021

Episode #61 Say Something Nice...

I remember my Mother teaching me “if you don’t have anything nice to say, then don’t say anything at all” and there’s a LOT of merit in that statement for various situations.... However, when it comes to our industry, and some of the companies, folks, and players INSIDE of it I must admit I’ve broken that rule on several occasions.
Which brings me to the rather splendid Osthoff Resort, sandwiched between Milwaukee and Green Bay, Wisconsin.
I’m here...
Surrounded by a posse of FBI agents, InfraGard folks, and businesses...

THANKFULLY I’m not alone in this pickle. I’ve got Evan Francen and Ryan Cloutier, CISSP with me to even out the odds a little.
And we’ve just spent the day (I’m up on stage in a couple of hours to complete the trifecta of apocalyptic horsemen) beating the living snot out of the entire industry, LOTS of folks, companies, and agencies that are in it.
Which means we should probably end the day thinking/saying something nice. IF nothing else we need to give folks some hope (and ourselves some redeeming qualities beyond just binging the alcohol.)
SO, this evening the #shitshow IS going to be live FROM the FBI/InfraGard stage and IF we can, we’re going to find some good things to talk about. There might be some pauses, some moments of silence as we work out what IS good....
Come along, hang out, join in (we’re doing audience participation on this one)
AND let’s see if there ARE some good things inside InfoSec (aside from the availability of alcohol, tea, and caffeinated beverages)

Shout out to InfraGard for allowing us in!
AND to the Federal Bureau of Investigation (FBI) for being nice enough to not arrest me on sight again....
‘all for now, see folks late

Episode #71 You talkin' to me? You talkin' to me? You talkin' to me? Then who the hell else are you talkin' to? You talkin' to me? Well, I'm the only one here. Who do the f*** do you think you're talking to? Oh, yeah? Ok.

Every time I encounter an ego in our industry, I immediately think they are channeling their inner Robert Denerio. Or when I run into a vend...