We changed the world here.
Really.
Friends were made.
Loves found.
Careers advanced.
Ideas explored.
Information shared.
News broke here.
Shoulders were cried on.
Hugs were exchanged.
Sometimes only online, sometimes that was enough, but often what started here became very real.
So fucking wrong. Data from the past year is not data on "working from home". It's data about being forced to work in a home-based crisis center on short notice with little or no prep for many, during a series of social and political crises and a pandemic.
I'm an old person in a movie. In spite of the fact that my generation and those before me invented computers and the internet we're portrayed as technically incompetent by younger people who can't use switches with ping.
She would have been 58 today. We would have celebrated our 39th anniversary two weeks ago. I'm in a great place now, but a huge hole remains and always will. Live the hell out of life, love like it won't hurt, nothing is forever.
Oh, hey, if you are in Vegas, you should remember to take care of yourself. And then take care of those around you.
And if you are not in Vegas, you should remember to take care of yourself. And then take care of those around you.
Today was my last day at Tenable, after almost 11 years. It has been fantastic, personally and professionally, to be part of Tenable as it grew into the global cybersecurity giant it has become, but it is now time for me to start a new chapter in my life and career.
Ah yes, the "let's avoid politics in tech" crowd. Some of the most dangerous nonsense out there. Ignore social and political implications of technology, the next thing you know privacy has evaporated and we have systemic abuses throughout gov't and industry. Like, you know, now.
Pre Vegas reminder: I like booze. But if you don't that's cool, don't let anyone make you feel pressured to drink. Hang with me if you want, I'll make sure you have non alcoholic options.
Forgive the sentimentality, but what I see is not just mourning for a candle than no longer burns, but celebration of all those lit from that now-extinguished flame.
Damnit people, stop with the photos at protests (oh, and conferences). It's not paranoia given the state of recognition software and the political climate. Crowd shots from behind may be ok. Speakers who choose to be public may be ok. Otherwise, not without express permission.
Them: "We're implementing a voice authentication system so you do not have to enter your password, we've captured enough of your voice to..."
Me: NOOOooooOOOoooo!! NEVER!!
Them: "But..."
Me: There are hundreds, if not thousands, of hours of my voice on the Internet
Them: "Oh."
"Why does this hurt so bad, it's not like we were all that close"
Because we are all dealing with our private struggles and losses, the public ones bring us together, and all the grief pours out.
I believe in the Oxford Comma. But being uneducated, I also believe in the College Dropout Comma, that's where you sprinkle them, throughout your words, liberally, and wantonly.
Not worried about the total breakdown of society or anything, but just out of curiosity, how long do you have to cook someone who dies of COVID-19 for the meat to be safe to eat?
🧵
Thirteen years ago, Security BSides did not exist.
Today, there have been 715 BSides events around the world, hosted in 197 cities spanning 55 countries.
After you've had your coffee and warmed your hands over the dumpster fire of modern life, do something pleasant for yourself. Then do something nice for someone else.
I've noticed a couple of strange coincidences. Some of the folks who frequently observe how toxic the hacker and infosec communities are, they aren't always very nice. And the folks who talk about how good the communities can be, they're frequently pleasant people. Odd that, eh?
How to screen for natural infosec talent:
Ask for a worst case scenario for any common situation. If the answer appalls you and keeps you up at night, HIRE THEM!
Mornin' all. In spite of the significance of the day I'm in a good mood and feel like sharing, here's a photo of my late wife and I in 1976 at a HS dance. 70s fashions, woah.
You know what feature I would love in Twitter? Seeing all of the tweets and all of the replies that I should. In order. All the time. Forever and stuff. All. In order. Always. Did I mention "all" and "in order"? Because I want that.
It is always a bit embarrassing having conversations with folks around the world when they apologize for their limited English skills. Their English is always better than my nonexistent skills in their native language.
If you are having trouble disconnecting from the internet to give yourself a break from the madness, have you tried using Comcast as your ISP? That should do the trick.
I spent many years wishing I could be cool enough to be the Johnny Cash of infosec. It is becoming clear that maybe I should work on being Hacker Fred Rogers. I'm a bit too cranky to pull it off, but damn, there's a need.
It was just a little thing, but it was a huge milestone. It only took a few minutes, but it took 42 years. I donated the last batch of my wife's clothes to a local charity today.
Oh shit, I had a thought. I'm sorry.
What if, once it is safe, we start gathering, not for conferences, but just meet up in cool bars and restaurants, hug, swap stories, treat and tip the staff well?
Shop talk allowed, but only in small doses.
Hello friends and neighbors.
The world is a mess, our communities are full of bullies, abusers, hypocrites, and other badness.
And yet, here we are.
We can focus on the bad, which is easy, or we can try to make things a little less bad.
Imma try a little kindness.
And coffee.
LinkedIn is not Facebook. Facebook is not LinkedIn. Please keep your moronic social and political drivel to FB where it belongs, and keep your naive and simplistic business ideas and training spam to LI where they belong. TYVM.
Sometimes you need good photos or portraits, not boring headshots. I met Tracy Page, in a coffee shop last year, I finally got around to doing a session with her. She's amazing. If you need great images, check her out. Here's one she did of me:
I'm not fool enough to do it, but every time I see this diamond in the very rough I hear it calling me to buy it, fix it up, and convert it into a rolling tiki bar.
I'm trying to develop a new skill, it's foreign to me, and damned hard. It involves using the word "no" other than in the context of "no worries" or "no problem". Next up, trying to back away from some of the things I'm already doing.
I am in a great place now, I have been gifted with a second Forever Love, we are living a great life and going forward, not living in the past or wasting time on "what might have been".
But sometimes you look over your shoulder, and it's all right there.
Robert Tappan Morris went on to co-found both Viaweb and Y Combinator, and has been a tenured professor of CS and EE at MIT for well over a decade. More to his story than the worm.
1990: Robert Tappan Morris was sentenced to 3 years probation, fined $10,000, and ordered to perform 400 hours of community service. Why? For releasing the Morris worm in 1988, becoming the first person convicted under the then-new Computer Fraud and Abuse Act (CFAA).
I've been losing followers over the past several weeks.
I will not say "good riddance", as hardening the divides does us no good, but neither am I grieving over the loss. Black Lives Matter. There is systemic abuse in law enforcement. Racism is entrenched in the US.
I guess this needs to be said again, too. If you want to use
@Target
as an example of a breached company, fine. But at least use them as model of being owned, seeing the light, and building a solid security program post-breach.
3am brain: hey friend, you awake?
Me: no, leave me alone
Brain: as long as you're awake, want to dwell on that time that person was a jerk?
Me: which... no, damn it.
Brain: ok, but remember that time you screwed up?
Me: which time?
Brain: you will never sleep again.
Sharing this widely today, posting here as a thread.
As some may know, I left Tenable and the cybersecurity industry in 2022. After being involved in BSides continuously since before the first event in 2009, it is now time to consider the future of my engagement with BSides.
I am an old white dude. I know I miss a lot, and can't fully understand the injustices of this society from my vantage point. But I watch, I listen, and learn. It saddens and scares me when I see ignorance and a total lack of empathy from so many.
This message was posted somewhere private, but I have to share an excerpt:
"thanks to BSides LV I was offered a position somewhere I’ve always wanted to work."
If I had a heart this would warm it.
This breaks my already shattered heart. He did not deserve this.
It is hard for me to say that those who lied to him about it don't deserve it. I'm trying to be decent here, but it gets harder and harder.
Brace yourselves, I am going to be very positive about the CISSP here.
At least when I took it, the safety of people was considered a priority above all else. Above all else. Above locking your computer, above securing your stuff. As it should be.
You may be wondering what comes next for Uncle Jack. Sorry to disappoint, but you’ll need to keep wondering for a bit, I’m going to wander for a while as I transition to the New Thing, which is *not* in cybersecurity or computer tech, and is under the radar for now.
I want Mediocre Class, like Master Class, but with much lower expectations. Uninspiring titles like:
"How to be less terrible at (something)"
"How to just have a little fun with (something)"
"You're no Santana, but at least learn to tune your guitars"