All we are is dust in the wind

This morning was a gut punch of reality. It took a bit for me to work through all the thoughts I had. I’m starting to realize I use my work as an escape to not deal with “real life”.

It started out as a normal early Tuesday, a lot of meetings scheduled, lots of emails to return, a puggle wanting to be walked, and chatting with some coworkers across the world. What I didn’t expect while dashing back and forth between my computer & the kitchen making my breakfast was that one of my coworkers out of the UK would let me know that someone that I worked with but never met passed away last week. This man was always helpful, always wanted to do his part to make sure that I got what I needed. We would chat about how we needed to grab a pint someday when I made it to London. We collaborated on a lot of projects. He was jovial, intelligent, and although he was all about getting things done you could tell he would be the same guy who would go for a pint with you after work & yell at the sports game on TV. From what I gathered from my coworker he was near the same age as I am, but was fighting cancer…all the while working like nothing was wrong nearly to when he passed.

We are all living our lives on this floating space rock to the best of our ability, and we never know when our time is up. I’m getting to the age where I have family, friends, coworkers, former schoolmates, and neighbors that pass on from health reasons, accidents, etc. and we never are prepared for it to happen. We always think “I’ll catch up with them next time”, but there might not be a next time. I see posts on social media about friends mourning their loved ones untimely passing and I don’t know what to say to comfort them. So often our lives are so chaotic and fast-paced that we don’t take the time to visit, have a chat, spend time, ask them how they *really* are. Are they ok? We don’t know unless we ask. Be there for people & skip that appointment to do (whatever) to be able to say you don’t regret your last time with that person.

Rest In Peace Paul. I’m sorry I never got to meet you in person.

A guy from the US learning Gaeilge

I decided to do an entry on my desire to learn the Irish Language or Gaeilge.

A lot of my friends have wondered why I would want to learn a “dead” language. It turns out that “At least one in three people (~1.8 million) on the island of Ireland can understand Irish to some extent. Estimates of fully native speakers range from 40,000 up to 80,000 people.” [1]

One of the biggest challenges for me personally was that growing up learning English, I can’t understand the pronunciation of a lot of the words right off the bat. I look at the words “Dia duit” and I don’t get “gee-uh gwitch” out of it at all. I also didn’t want to start mispronouncing anything if I tried to speak with someone when I was in Ireland and look like a “Plastic Paddy”. I have to go back 5 generations on my mother’s side before I have any Irish heritage so I’m not going to be visiting relatives over there or anything. Speaking to someone in their language and screwing it up wasn’t something I wanted to portray as a US citizen either.

One of the things I was curious about being in tech was an easy way to start to learn how to “type Irish” so I could take notes in class. I spoke with one of my instructors and found out that using an iPad with Swype installed & the Gaeilge keyboard chosen allows you to slide a stylus across the keyboard & it will try to predict what Irish word you are trying to spell including the fadas.

The great part about taking notes this way is that holding the spacebar down with the stylus will allow you to quickly switch between English & Gaelic. This way you can Swype out “Dia duit – ‘gee-uh gwitch’ – means: God to you” on your tablet even if you’re in the same spot as me & can’t read your own handwriting.

I also found some information on about typing Irish letters including the fada on a USA QWERTY-layout keyboard. It can be found here:

One good thing about living with all this technology is the ability to put the CD’s from our Irish book into Itunes so I can listen to someone pronouncing the words over and over without having to annoy someone asking them to repeat something dozens of times. It’s allowed me to learn to say “Tá sé go deas bualadh leat” (Tah shay go jas boo lee at) and a few other ones that have proven difficult for me as I start out.

While this isn’t the easiest thing I’ve done and it definitely puts me out of my comfort zone, it’s something I’d really like to continue. So if anyone out there wants to learn with me let me know!

-Slán go fóill


[1] –

Conferences & single people

I won’t write much about this (because more than likely no one cares about my opinion on it) but there was a blog post concerning dating this weekend & how security conferences are not I agree with the statement about how women are treated poorly when some men get drunk. Some men think they are more suave than they are after a bit of alcohol. If I have ever done this, I apologize to anyone I’ve offended and I hope someone points it out to me someday. What I disagree with though, is that conferences cannot be places that you meet someone you’re interested in. If you’re in the same field, it gives you something to chat about. I saw a number of couples walking around the conference hand-in-hand and seemed quite happy. I completely agree that women should feel safe & accepted in our industry. On the other hand to draw a hard line of basically “don’t date someone you meet at a conference” is, to me, a bit much.

I am pretty awkward when it comes to women. That’s not a revelation to my friends, or uncommon with many men I know in general. Personally I have mostly stayed away from asking anyone in the industry out just on the premise that if it didn’t work out, it could be even more awkward. So to keep myself and my female friends comfortable, my stance is that if a lady is interested in me, she’s going to have to come right out & tell me. I don’t want there to be any miscommunication, so rather than cause an awkward conversation, I’ll stay friends with her & not say anything.

Just my $0.02. YMMV.

Is this thing on?

Wow it’s been a while, huh?

I guess I should write more. For now, let’s start with the easy stuff. I am hitting a few conferences this year and I hope to see you all during at least one of them. Here’s the list:

I’d love to hang out with anyone reading this so hit me up on Twitter & let’s make plans. If you want to split a room at one of them, that’s negotiable depending on how well I know you. I’m all about saving some money. If you just want to toast a drink I’m cool with that too. You never have too many friends.

Sexism isn’t just in infosec

For a while now, people in my industry have been talking about sexism in infosec, and rightly so. Sexism exists in a lot of the world and it’s wrong no matter the location or profession. I started to think about how prevalent it is and I wanted to get some other opinions from women who worked in or dealt with other male dominated fields. I decided to talk with my sister who is a manager for a big-box home improvement store, as well as one of my friends I’ve known for about 20 years who has previously worked in law enforcement, volunteers as a firefighter/EMT, and works as a dispatcher for both.

I gave them the same three questions and asked for their honest opinion of what they see on a daily basis. Here’s what they said:

1) Do you feel that your opinions and contributions hold less weight in your industry or that you’re cast-off or slighted because you’re female?

  • Sister: Every day I see customers walk by a female associate who knows more than the male associate to ask a question only to see the male associate turn to the female associate to find out the answer for them.
  • Friend: While my industry is predominately female, I work closely with a predominately male profession.  I do feel that many of those on the male-dominated side tend to brush off the contributions the female-dominated side provides them.   While at my volunteer position, I feel brushed off frequently because of my gender.

2) Do you think you’ve been passed over for promotions/raises/accolades, etc. solely based on the fact that you’re a female?

  • Sister: No, my management (male & female) pushes me to do more because I care about doing a good job.
  • Friend: In my profession, no.  In my volunteer position, yes.

3) Do you feel that those you work with/for or those you serve harass or flirt with you because they feel that because you’re a female that they can, or feel that they can get you to do something for them?

  • Sister: No, I feel that because they are trying to flirt with me, I can shut them down completely and walk away. It may be diff in technology because there is no immediate cost to the customer.
  • Friend: I am fortunate that I work and volunteer with a group of people that treat me with respect, and that when there is harassment or flirtation it is all in good fun.  I previously worked under a supervisor who treated me as if I were incompetent because I was female. He would send my male co-workers to check up on me and make sure I was doing the job right.  He treated me as if I were his secretary rather than his team member, and I eventually refused to work under him.

While this may not be a norm or even a majority in all professions, there still exists a bias towards male opinions and contributions in many societies and we need to keep talking about it. This post was not meant to downplay the sexism in infosec, rather I want to broaden the discussion and make it more about how we treat the women in our society. They are intelligent and hardworking and deserve our respect. Don’t down play what they offer and they may just teach you something new.

First lesson in learning python

So I thought it would be a good idea to put my money where my mouth is on learning. With my new position one of the things we need to be able to do is pull data from the tool we use via their API. I was told that an easier way to do this is with the python language and I had already been wanting to learn it so it seemed like an easy fit. The only issue is that I’ve never been a “coder” so I was hoping this would be a good start down that path.

I enrolled at Coursera in their python class and started watching the tutorials. This went great right up until I got to week 1’s mini project. The project was to write a program that would use a pre-set list of choices to play against the computer in RPSLS or Rock, Paper, Scissors, Lizard, Spock. It’s a variation on the game so there are less ways to tie.

I’ll save you the frustration that I went through for about 2 hours and say that my lesson learned by this was that I, like many people, need to stop the “instant gratification” requirement in my life. I was wanting to do incremental steps to see progress from my work without looking at the overall picture. This caused me to get data that I wasn’t expecting (all zeros instead of 0-5), and frustrated me a lot. What I wasn’t realizing was that one function had to provide data to the next to get the correct response. Going forward I’ll have a better idea of what to look for when I’m getting data but not the data I’m looking for when troubleshooting.

Burgers & Steak

So this has been said in a few different ways, but I figured I’d throw my twist on it. I was thinking today about the fact that you make choices in life. In your career, in your love life, in everything you make sacrifices of what you could do for what you want to do. The best way I could describe it is the differences between Burgers & Steak.

The premise is “hmm…well I could order the burger, or I could pay extra for the steak”. Now extra could be money, it could be time, it could be giving of yourself, whatever it is for that particular situation. In the instance of food, you’re weighing the taste of a steak and the extra money of a steak versus an (usually) inexpensive choice of a burger. While the burger tastes just fine, you want a juicy steak now and then.

In the realm of love, you could try to keep after the “steak” of a high-maintenance person who wants all of your time, money, love, etc., or you could eat a burger and be perfectly content with something that is satisfying and doesn’t bankrupt your wallet, time, emotions.

In work it’s a little different. You could say that you want the “steak” job. You want to be the ultimate (insert job here, CISO, Pen-Tester, Evangelist, Coder, etc.). The thing is, you need to sacrifice for that. You need to reduce other areas of your life to be able to devote that much (time, money, passion, etc.) to that pursuit. This is perfectly fine if you’re willing to move the time/money/passion to this part of your life. Your other areas of life are going to be affected though.

In your career you could chose the path of the “burger” though, and try for a little more balanced approach. You could still get the same “meat”, meaning you could be in that type of a job, but not the best or the “rockstar” (I hate that term). You would be the CISO, or the App Sec person, or whatever you chose, but you wouldn’t be the best at it. What you gain out of this is that the other areas of your life will be enriched by the extra time you spend in those areas. Your relationship will be stronger, you will be better at the guitar, your pet will remember who you are, etc.

The reason I bring this up is this is the week after Thotcon and BsidesChicago. I met a lot of ridiculously smart people the previous weekend. The kind of people that, even after being in IT for 13+ years, you feel like you’re the new guy. You start to get a little discouraged because you want to be that good. You want to be able to come up with things they come up with, or be able to discover new things like they do. The thing is though, that perhaps you may not be as good at coding as the next person because you took that weekend with your significant other to walk the dogs and just lay around. It’s not a bad thing, it’s the choices we make. It’s what you value and how you approach it. The burger is not a bad thing. It’s filling and a lot of times it’s comfort food that we need because it knows just how to pick us back up to make us happy. This is advice for myself even more than anyone else, but:

“Just be yourself. You’re not that person you just talked to, you’re you, and they have had different experiences than you have. Live your life and make the decisions you’re going to make. They make you who you are and why people love you.”