Tuesday, April 11, 2017

Making A Difference

Maybe this blog post will motivate someone who's feeling a bit frustrated when they land here...and inspire that person to keep going when they feel like giving up.

Some days a person can feel like, "What's the point?" You might have some goals that start to feel unattainable, or maybe you are rethinking your goals altogether. "Why am I doing this anyway?"

At these moments you feel like dropping out. Quitting. What's the difference. What does it matter? The frustration starts to boil over and maybe, you think, it would be better to quit and become a barista or a bar tender on a remote island and enjoy the beach instead. Life could be so much simpler.

I was having one of these moments at a certain large company - the company doesn't matter because these things happen everywhere. It felt like I was being blocked from moving to a new department. At the same time I am being blocked, I get an email thanking me and telling me how much the company appreciates five years of my life via some automated email generation system that lets me pick out a gift. It feels very artificial but I'm sure the intention was genuine by whomever designed that system.

I start thinking why do I work so hard and why do I do all these things? Everything is a struggle. Maybe I should just quit running the Seattle AWS Meet Up because it's all so much work and I'm not sure why I'm doing it anymore. I just like the technology and the people but maybe I just need a break...and suddenly - AWS contacts me and says they want to make me an AWS Hero.

What? What's that...I didn't even respond to the emails at first. I thought it was someone trying to sell me something and playing to my ego. I'm no hero. This can't be real. But AWS got through to me and then I looked it up and thought, wow, that is really nice! Someone does appreciate all the hard work. Check out all the AWS Heroes and if you know any of them, it's nice if you let them know you appreciate their work. Maybe even offer to help!

As for that job, I asked some people to give me reviews in our HR system to show how my actions were helping people within the company. I worked with people across all lines of business on a daily basis. I also wrote a blog post explaining how I had helped fix a problematic process at the company. Coincidentally, the company approved the transfer to the new department the same day. I was very excited about the move and working in that department seemed pretty cool. I was optimistic about fixing some things that we all felt were broken.

Then another thing happened shortly after that...WatchGuard Technologies contacted me to offer a pretty cool job. Again, I expose that I am a complete and total nerd and one of my favorite things is looking at network traffic and related logs. I wanted to work on threat intelligence, network logs and security automation. I'm into data and correlation and baselines and anomalies. I think about predictive analysis and real time and scalability and data sharing to help stop the bad guys faster. I think the cloud can facilitate doing these things. I was writing a paper related to that very topic when I was contacted. WatchGuard works with network logs and firewalls so this was a great fit.

Initially I worked on helping the company move to AWS. Now I'm writing for WatchGuard's security blog: Secplicity and doing security research. This so far is a pretty cool gig and I'm excited to be doing it. I once listened to a presentation by the former commander of the Blue Angels. He said something I really liked - when you come to work you should be thinking "Excited to be here". And I am. But sometimes when looking at all the security threats and breaches you think wow, can I ever make a difference? Do people even get security? Do they care?

I was looking for some links related to my Target Breach white paper for a blog post and that's when I noticed something. People are referencing my paper in their research. You can see some links at the bottom of the page. Wow! That's super cool because when I wrote the paper I wanted to understand myself exactly what caused this breach and explain it to other people in the simplest way possible. I wanted to take security breaches out of this esoteric realm and break it down so more people would understand exactly how it happened, and as a result how to protect their systems and networks. I stepped through the breach and each point along the way that facilitated the attack.

And it seems that perhaps, in some small way, this has helped some people gain a better understanding of security and references to the paper are helping to spread the knowledge further to others. It seems like the effort might be helping students learn more about how these attacks are happening. Maybe it will help some of them to go on and better secure their networks and reduce the attack vectors in their employers' environments. Maybe it will help vendors and companies improve security as well.

And as for me, it made me feel like, in some small way, I was making a difference.

And that made my day. And it keeps me going.

-----

References to Target Breach White Paper:

http://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/

https://bol.bna.com/wake-up-call-ashley-madison-lawyers-up-after-breach/

https://issuu.com/pbcwu/docs/identity_theft_prevention_and_mitig

https://www.termpaperwarehouse.com/essay-on/Books-of-Ark/420534

https://www.nist.gov/sites/default/files/documents/2016/09/16/rapid7_rfi_response.pdf

https://engineering.jhu.edu/jhuisi/wp-content/uploads/sites/63/2017/02/Identity-Enabled-Transactions-Based-on-the-EMVCo-Payment-Tokenization-Specification-Capstone-Project.pdf

https://freedompenguin.com/articles/opinion/how-big-is-your-target/

https://www.law360.com/ip/articles/746452/tips-for-guarding-ip-against-cyberespionage

http://repository.law.umich.edu/cgi/viewcontent.cgi?article=1164&context=mjlr

http://www.bucks.edu/media/bcccmedialibrary/con-ed/itacademy/The%20Target%20Breach.pdf