What to do at Source Conference Dublin?

So I’ve been thinking of what I should do the three “tourist” days I have in Dublin. I land late morning on Tuesday the 21st, so I have the rest of that day, Wednesday, and Saturday to wander. This is in addition to the evenings of Thursday and Friday after the conference.

There are a few things I’ve had the opportunity to see while I was there the other two times including the Kilmainham Gaol, Trinity College & Book of Kells, The grounds outside the Royal Hospital Kilmainham, Guinness Storehouse, and the Garden of Remembrance.

While these are some amazing things to experience, I’m hoping to find some more to add to the list. The previous two tours took a city tour but it was very rushed and I didn’t get to see what I wanted to. I’ve got a few things that I don’t want to miss while being over there this time. If you feel I’m missing some, please let me know!

I’ll be staying at one of the Jury’s Inn’s near the conference so if you are in the city or near there, let’s hang out and talk! I can’t wait for this trip!

I miss you Patrick

Today I went to the wake for one of my best friends in the world. Patrick and I met when I started playing softball at a church my sister attended. Both of us were football fans and liked to razz each other over the fact that our favorite teams are in the same division. This made for some interesting conversations and Sunday afternoon’s while we cheered on our teams. The more we played on the softball team, and the more we hung out the better friends we became.

We started attending the same men’s small group for church, and as we lived near each other, we would take turns driving over to the pastor’s house. Over the months, these trips gave Patrick and I a time to share a lot of our lives and the struggles we had. We realized that a lot of what we had gone through in life, the other person had gone through as well. Patrick knew more about my life, my past, and my struggles than anyone in the world. He became my best friend and confidant for anything I needed advice on or was working through.

Patrick fought brain cancer a few times and suffered through brain surgery, chemo, radiation and still had a swagger about him that most people couldn’t hope to pull off. Although he didn’t share much about the cancer, I knew that it was always something he thought about. Near the end of his life, he was struggling with a few things and was having a hard time with them. We went out to talk one night and had a few drinks, talked about life and what he was struggling with. A few months later I received a call from him because we hadn’t hung out lately. I kept saying I needed to call him back, needed to catch up and say hi, but life was busy and it kept slipping my mind. A few weeks ago I found out he was in the ICU and his wife said that it wasn’t looking good. Within days he had passed on.

Tonight I went to the wake and seeing his wife and his mom, and hearing how he had the same thoughts running through his mind about needing to call me to catch up hit home. You’re not guaranteed tomorrow. You don’t have time to do stuff “later”. If you care about someone or you want them to know you’re thinking about them, you need to tell them now. Care about the people in your life and let them know you do. You may never get the chance to tell them if you put it off until “later”.

I’m sorry for not staying in touch better Patrick. I can only hope you knew how good a friend you were to me. Godspeed my friend.

Sexism & Harassment

Not sure why I’m writing this, other than to give my own opinion. A few things were said today regarding sexism and sexual harassment in the conference arena, and while I agree with most of the items mentioned one of the links provided in the stream stated that telling someone that they are attractive (or not attractive) was offensive. While I can see the assault, rude comments, unwelcome advances, and the like as something that should be dealt with, I felt this went too far.

Regardless of where you are, be it work, school, the mall, the bar, a conference, or walking down the street, you are in public. If someone finds you attractive, and pays you a polite compliment (for example: “You are very attractive and I’d like to get to know you”), you can politely thank them and say you’re either interested or not. At that point they know where they stand. If you automatically take offense to the first thing they say, and were to berate them for having that opinion of you, I feel that would be out of line.

While you’re entitled to your own opinion, and you may not be attracted to that person, they are a person as well, and deserve the same respect that you would like them to afford to you. If they do not approach you and pay you that compliment, a connection could be lost. I believe that while respect must be adhered to, the “time and place” is irrelevant in most times (yes I know, hitting on people is sometimes tacky, see funeral, divorce court, etc.).

What should be adhered to at all times is respect. If you respect the person you are speaking to, they should respect you back. You can think of how you would want someone to talk to your son/daughter/sister/brother/mother/father and if they are showing that level of respect, respond accordingly. If not and you want to slap them senseless, that’s on you.

Irish Obsession

Alright so this is going to be a non-infosec post, so if you read me for that, you may want to go write some code or pop a box.

So I was texting with my wife about a tweet that Dave Shackleford made about a job in Vienna, Austria (my wife’s favorite country because of the Sound of Music movie). I was teasing her about how she wouldn’t mind going back to Austria (we were there last year) and how I want to move to Ireland. Now neither of us speaks German and that would definitely be an issue with moving to Austria. She also is a sunshine person (she gets moody when it’s cloudy/winter) so either country would be difficult for her to live in as well.

So with the overkill on the back story, it got me thinking on being obsessed with everything Irish. When we took our (4 years late) honeymoon there last year, I was on cloud 9 for 13 days. We were immersed in Irish culture, history, music, and people. I couldn’t get enough to the point that I was showing our 1000+ photos to anyone that would sit long enough to watch. We made the decision to go back this year when my parents and sister started talking about going. We’re now taking almost 2 weeks to go back in September.

I started thinking about all of this and how I’ve wanted to learn more about Ireland for as long as anyone in my family could remember. I used to think that my Grandfather’s parents or something must have been from Ireland with how we always used to say we had Irish ancestry. I actually got into the Ancestry site and found out I have to go back 5 generations on either side before I hit the Emerald Isle. I only have to go back 4 before I hit Germany on my maternal side. So it turns out that I’m not as Irish as I’d assumed as a child. With that in mind, it makes it a little strange that I have such an affinity for Irish Culture. My wife has been known to tell people asking me if I’d like (some “Irish” thing), “It’s Irish, he’ll love it”. Why that is, I have no idea. My family is definitely not “just off the boat” from Ireland or anything. I am proud that I have it in my heritage, but my family has been in the USA for generations, and I can also trace back to Germany, Wales, England, France, and possibly the Netherlands. If someone were to ask me where I’m from, I’m not going to say I’m an “Irish American”, I’ll just say I’m from the United States. I was actually offended for our tour director in Ireland when one of the old men on the trip told him “Well I’m as Irish as you are!” when he was born in New York somewhere.

I bought 4 different CD’s of Irish music while we were over there to add to the half dozen Celtic cd’s I had, and from the time we made the decision to go again, I’ve been conversing with @SecurityNinja, @BrianHonan, and @mckenna1977 about a tweet up while we’re over there. I just wish I knew where the obsession comes from. The time that I spend researching different folklore or history takes away from getting better with Infosec, but maybe it is just a diversion that I need at the time to let my brain cool off.

Not sure if this is normal or strange, thoughts? Anyone have a similar situation?

Yeah so…

…maybe you’re smarter, or have been in infosec longer, or perhaps you had someone help you along. Those are all really great things to have. What they are not is a license to lord it over everyone else or use it as a personal ego trip.

There are a lot of great people in this industry. There are ones that are trying to help people like myself get to where they want to be because it’s better for the industry as a whole. If you are not helping others learn you are part of the problem. There are those who help by creating blog posts on how to use tools or provide targets for those of us trying to learn to use the tools. Those are the people who are the “rockstars” of this industry. Not the ones that discovered the latest 0-day du jour.

Jayson Street made a comment when we were hanging out before Thotcon that hit the nail on the head. There are people out there who say “I broke it. You’re welcome.” They don’t care if anyone can fix it, they don’t care if anyone else learned from it. They are just there to beat their chest and inflate their own ego. That’s not helping anyone.

There are quite a few people out there that want to help others out and want to answer questions or give advice. Unfortunately those are also the ones that are often berated and put down because someone disagrees with their thoughts or feels they are only talk. Bringing attention to security is what we need and what we want. If we can get more people to care about security our job will be that much easier.

Will I ever be the top pen-tester in the world? No. Will I ever be on the cover of a magazine for how brilliant I am? Probably not. The reason I want to take this road is because I want to make the company I’m working for just a little bit wiser on what their risks are, so they have the knowledge to make a decision. It’s not a grandiose goal and I will probably never get rich off of it, but I’ll love going to work and I’ll do my best to help out those that come to me for knowledge and advice.

So to the @jaysonstreet @elizmmartin @ben0xa @securityninja @jwgoerlich @coolacid and @davienthemoose of the world, thank you for your insight and encouragement from a guy trying to start anew in this arena.