The Post Con Crud and Thoughts on Harassment

Caught some nasty germs from being at BlackHat and DefCon.

More importantly – More than a few fellow attendees reported on Twitter that they were sexually harassed. I ask myself, WHY is this still a fucking issue? I don’t have answers, there is behavior here that is not likely to change.

Las Vegas is full of knucklehead predators that I will never understand. I was in the airport there one time a while back and saw a guy and his minions leaving their plane and leader dude screamed or woo-hooed loudly into the face of a security guard. IN THE AIRPORT. A police officer might have arrested dude, but hey, it’s Vegas and I can do whatever I want. Yeah, tired of that mentality.

When a cab driver is leering at, and making sexually harassing comments, to a fare, that shit should be reported and action taken. When a bar patron is leering at, and sexually harassing, another patron, and that person does not welcome that attention – We can rely on security or bouncers to try to deescalate but I doubt the recipient of the unwanted attention will even say anything in the first place.

When the perpetrators of the harassment, sexual or otherwise, are part of the hacker/infosec communities, we can’t allow this behavior to stand. Do we somehow believe this behavior is only exhibited in Vegas during conventions? I would be willing to bet that the same behavior is exhibited at work, online, etc. This is a huge problem in itself.

Interesting thread on Twitter about this – And people that fight online scourges like revenge porn are the ones asking on this thread, HOW are we going to help here? Deescalation training is amazing, I have read through some of the resources that are freely available, and I have taken away some good info. I agree wholeheartedly that self defense training, especially in practical arts like Krav Maga, builds confidence, and that confidence alone can be enough to make the harasser hear ‘NO’. I also know that violence is not going to be the answer. Should not be.

There are times, of course, when you are not going to have your wing-person close at hand – times like going to the airport to catch your plane and the cab driver is being more than creepy.

And of course, I have to write this: I am a large, middle-aged white guy. I have literally no idea of the types of harassment that others have been subjected to. I can’t. As I age, I am not nearly as intimidating as I once was, but for the most part, I am left alone. I acknowledge that I am coming at this from a place of zero experience. I do have a family, including my life partner (she/her), a daughter and a granddaughter. We all have vested interest in holding the harassers accountable. But once again, I don’t pretend to have answers.

I started thinking a lot about this, and I decided that I needed to get some things in print.

I would ask any person that is being harassed to NOT do anything that will place you in any physical danger. I know some folks will ignore the offending party until he (cuz it’s almost always a he) goes away. If this works, I would be surprised. Some of the dudes I have seen, being ignored by their target, get really agitated and physical.

It’s stupid and terrible that the person being harassed has to leave and seek help. It is sickening.

And I feel like even writing any of this is like victim-blaming. Again, sickening.


Old Dogs, Part 1.

How do you get motivated to learn new material? How do you then retain that new material and apply it to your career or to earning IT certs?

Since I am debating signing up for a Masters program, I am attempting to get myself in the right frame of mind. I will not have as much free time, I’ll have deadlines, and I won’t be able to muck around on social media sites (LinkedIn is the only one I actively look at, but it’s still just as nefarious a time suck as any of the rest of them!).

The search for novelty will also need to be curtailed – I love to look at MassDrop and see what kinds of things I ‘need’ that I didn’t realize I needed! I have a robotic arm kit sitting next to me here as I write this that has not even been cracked open. This wandering and mindless buying will not work when I have tuition payments to make, even reasonable ones.

Now, I have, in the past, done many IT certifications and at one point I felt like I had a fair amount of momentum and then just lost it. When I lost it, I was not pursuing the certs for myself any longer, really, but more because I had committed to seeing them through. That ended up being an expensive mistake for me, and I still never reached the end goal with the cert in question.

Even now, I have several unread cert-related books that I’ve acquired with all the best intentions. Cloud Security – Yep, gonna be hugely important, should get these books and get certified…You get it.

What ensues is the battle between what I should be doing to be better at my job, versus what I want to be doing to stay current and be employable in the future. Both are important, but there are some times when, no matter how disciplined I am, I can’t stand to do anything related to either.

More to come.

Putting the Cart Before the (Trojan) Horse I

It’s entirely possible that I misunderstand or am missing the point completely…I’m talking about ‘threat hunting’ – Proactively searching your network for threats with the intention of sussing out all the bad.

My problem is not with threat hunting, but I think in most organizations at which I’ve worked in infosec, it would be premature to threat hunt, when we can’t even explain what our normal, day-to-day functioning looks like or ‘acts’ like.

Full disclosure: I am definitely a curmudgeon, so pointing out something like this should come as no surprise. I just think that a solid foundation – logging, access controls, privileged access management, regular audits on user permissions, and on and on – would be a far better use of our limited infosec practitioners’ time.

More to come.

New Word!

Teammate just came up with a new word: WORDAGE!

Like verbiage and wording had a kid. MINT.


New year, new partner; New year, new boss and team!

Last year, as a new SE, only selling for 9 of 12 months, I hit 80% of my quota. With the new partner (new to me, not new to sales or LR – he used to be an SE too!), I have a really positive outlook. Of course, I have already had a couple of anxious days, thinking ‘wtf, I am not cut out for this!’, but really, it gets in the blood quickly. I had some daunting and disheartening failures, but more recently, I’ve been landing new accounts and that feels really good.

Focusing on more training for myself is key now, and maintaining my responsiveness is nearly as important.

2018, we are in you.

Year of Less

Less messing around, that is!

My first year as a sales engineer is basically in the books – tomorrow is it – and I’ve really learned a lot about myself, the job, working as part of a team. It has been a great experience overall and I am still exceedingly glad that I was offered, and took, the opportunity.

Last year at this time, roughly,  I made a similar declaration to myself that this was it – no more mister-messing-around-guy! I was going to succeed and it was going to be laser-focus and iterative improvement. Meh. I mean, I did well for a new sales engineer, but there is a lot to learn, and the person in this role must be very flexible and able to roll with any situation seamlessly. That is not really me, but I am learning. As far as focus, there were times when I was so lost and frustrated that I was in a mental gridlock with myself. This is something I do!

When I don’t see a clear solution or path forward and there are more variables than I am comfortable with, I tend to gridlock and take no action. This is another area that I am slowly and surely tackling but it’s not easy, and therefore not comfortable. This one takes time. Sales seems to have so many more competing priorities than most other areas in which I’ve worked over my career.

Enough of that stuff, now on to the good and the plans!

  1. Read even more – I read a lot but I also laze out and watch stupid stuff on TV, although commercial TV has made it easy for me to quit with all their dumb advertisements all the time.
  2. Read more relevant material – I am focusing on information security, sure, but also on machine learning, AI, data management and Big Data, and on subjects like attention and focus.
  3. Plan. I have to get back to that one (ha!)
  4. Learn time management and prioritization techniques that work for me, my family and the job. I tend to procrastinate, and I tend to get in my own way. This item is going to take further study, but I think a couple of small things might have huge returns. For example, doing documentation and followup immediately after a call or meeting not only helps me remember and retain information, but it also means that the stuff is done and not sitting until the end of quarter or until it’s too late.
  5. Focus on my process and workflow and not on the tools that are out there. I tend to try new tools and end up not using them, or any for that matter. If email works for me to track right now, then it works until it doesn’t – revisit then!
  6. Feedback – as painful as this is, I am going to need to keep asking for it and internalizing it. Sales partner is moving on and she’s been the one giving me the best and most frequent feedback. Sometimes sucks to hear, but mostly it’s been hugely helpful.

Looking at this freehand post, because as you’ll recall,  I am not a planner, I see that focus and particularly focus on the most important things, is what I need to, well, focus on.

Imagine that!

Subjects (books) I am starting with:

Anything on Logging

Anything on SIEM

Anything on ML, AI or Big Data

Not a planner…

Recently, like a few days ago, I decided quite suddenly that I want to put together a five-year plan for my life and career. I have never, ever, been a planner. I don’t think that my PFC is very good at the executive functions that comprise planning. And it’s hard – difficult – to plan. It takes a lot of thought and preparation. All areas at which I am pretty mediocre.

But there I was, holding a little baby (my partner the Missus watches her at our home), and I was thinking about how much I love this baby. Mind you, she is not related but her mum and now dad are like niece and nephew to us. So anyway, thinking how much I love this baby and how I really want to be involved in her life, her whole life, going forward. And something fell into place in my mind. I need to plan to be here, barring unforeseen events or accidents obviously, for this kiddo and for my grand kids.

Clarity like this for me is uplifting. It’s unusual for me to experience that kind of clarity.

At a very high level, I desire and plan to stay in my field (infosec) and I want to earn a Master’s degree in same. I’ve bandied this about before, but I think I would like to teach someday, and would need a minimum MS to do so at the level I have in mind. So that was goal #1.

There were several others, goals that is, and they came in a jumble – but my health is a very big and critical area for improvement. My nephew and I were talking on Christmas day, and in short, his message was this: If you really wanted to, I mean really, you would. About getting in shape, about learning grappling (this was his example). Message received, Mr. K, thank you for being gentle about it. I have to get past my mental block about exercise. I am scared of it, of the discomfort, of being out of breath on hills…Yes. Deal with it, right?

In the past year, as I’ve learned LogRhythm and how to sell and what it means to be part of a sales team, I’ve enjoyed a certain aspect of the job a lot more than the rest of it. The part I love is becoming the trusted adviser to my clients, and not just about LR (although that is central) – I spent 20 years in the trenches, similar ones anyway, and I get what their challenges are. I must not lose that perspective, and since I am not in the trenches any longer, I have to find other ways to remain aware of what is going on. Still thinking on this one.

Lastly, I am not happy in California any more. Or at least not a good part of the time. Missus and I are thinking of moving to Oregon, but this is not in the short term. This one is one that we have to visit and revisit and think about. We are both native to San Diego, and maybe this is a grass is greener thing…

How do I plot a plan? That is what is next for me…

A Single Glass of Pain

On two separate occasions now, a coworker has said ‘…a single glass of pain…’ rather than ‘…a single pane of glass…’

I’m thinking it’s subconscious.

New Year, New Role – The First Month! Part .5

I have now been in IT for over 20 years – I started in 1996 as a cabling tech, working on phones and data cabling (including IBM mainframe COAX cable, that is some dirty work!)

For that entire span, I have worked mostly as a network engineer and as an infosec engineer. I have found that these two fields can be quite complementary and have had a pretty good run in both fields.

At the beginning of the year, 2017, I started in my new role with LogRhythm, as a Sales Engineer. I am so excited for this opportunity, and I can’t even begin to express how much fun it has been so far. I am just starting to get up to speed, and to be totally honest, we have an awesome SIEM offering. But I want to address the elephant standing on the gorilla in the room…People keep saying,’Oh, you went over to the Dark Side!’

If this is, in fact, the Dark Side, then yes, I have gone and with relish!

But really, all this stuff is so new to me, and this is the first time I have been on this side of the table.

The Sales Engineer is paired with sales execs, and in my case, I have been paired with two very fine human people. We’ll see how that works and translates in to quotas met and all. So far, they have shared with me their philosophies on selling, and we are all simpatico – We don’t do hard sells, we are not going to be cheesy or icky or the like, and we are going to be honest and ethical. Sound like the Dark Side? Nope.

All this drinking from the firehose has left me reeling…In the best possible way!

IT Career Truths – Part Zero

I started writing my list of IT Career Truths on LinkedIn, and I think they are totally awesome.

Here’s my original list.

  • GREP is your friend – I have not made a t-shirt of this yet, but I still want to.
  • Always check the logs – ALWAYS CHECK THE LOGS.
  • Break out the ‘Sniffer’, the packets tell the story – Learning to read sniffs is the second best thing I have done for my career.
  • When you imagine sitting ‘IN THE ROUTER’, it is easier to figure out which interface you want to focus on and which direction the traffic is flowing.
  • You can never Telnet to a UDP port (no matter how much you want to). I can’t even recall how many times someone has told me that they couldn’t telnet to SNMP’s well known port 161 (UDP).
  • GREP is your friend. GREP IS YOUR FRIEND.
  • Pick a layer and work up or down from there methodically – Reference models are here to help us, they are not just pretty posters. I usually start at physical, but that’s only if I have zero idea of what I am looking at.
  • Your ‘gut’ may tell you something, and it may even be correct, but it is not a substitute for facts – All this stuff, the internet, *NIX, all of it, was created and developed by physicists, engineers and other scientist types. Your gut may lead you there, but once there, deal in facts, please.
  • GUIs come and go, but command lines are forever.

20 Years On…

Whenever I am asked now (and even when I am not asked), I always tell whomever will listen that learning Linux to the level I have is the best thing I have ever done for my career. And I mean BEST THING – Including Cisco certs, InfoSec certs, all of it.

I have some idea why learning Linux and using Solaris are so important to me, and I think it has to do with having closer access to what the machine is actually doing.

I realize this is a very imprecise statement, since the machine is doing something physical and the OS is doing something else, but the point is that the inner workings of the system are not as much of a black box as they are with an OS like Windows – From the perspective of a fairly normal user, that is. If you are a Windows OS MVP, that’s a level of skill very much like that of the old Bearded Wizards of the UNIX world, so Kudos! Most of us are not at that level, however. In Windows, at least in my mind, it is much more difficult to get to that level of Gong Fu than it is for a person to install a flavor of Linux and start banging away at it.

I am grateful ‘Angry Mitch’ to his friends, for MAKING me learn *NIX commands when I started working for him in 1997. The command line was intimidating at the very least, and I came from a background that included very little computer usage, let alone any UNIX/Solaris/Linux. Mitch made me learn, in the context of maintaining a RADIUS server for ISDN RAS user authentication, and it was extremely uncomfortable and difficult for me. Now, I can’t imagine NOT having learned *NIX. I’m not some guru hardcore Linux/Unix admin, but I am definitely not unskilled either.