Tuesday, June 28, 2011

I do it for the Lulz

I've always done for the lulz.   Security that is.  When I lecture to students up at UW, I try to warn them that don't do this job for money. 

Anyone going into infosec for the money, the prestige, or for the job security is seriously misguided.   I tell them the only reason I do it is for the lulz.  I warn them to prepare to face the humiliation of having a server hacked, the terror of knowing the bad guys will outspend and outlast you, the tedium of when nothing happens and the crunch when you need to justify every thing you've done to an auditor and the budget axe.  It's tough, it sucks, it's relentless, and I still love it.

What are my lulz?  The thrill of the chase. Heck, forget the chase, how about actually taking down some bad guys?

Besides the sexy stuff, I also get lulz making an organization safer… or even if it's just a friend of the family that needs some malware scraped off their machine.  Sure, it's tough work but it feels good to make the world a little safer, a little saner when you're done.  And knowing that you've deprived some creep one less victim.   Lulz.

I get my lulz designing new systems, making the strong, making them resilient, making them better than they were before.  And digging deep and figuring out where the holes are, where's the best place to fix things, and then working on presenting that to the people that care.  Even more fun than all the puzzles and video games in the world.


Technology, and especially information security has always been more than a job to me.  More than even a career.  It's a calling.  Don't tell my boss, but I'd do this even if they didn't pay me.  It's what I do.  I can't help it. 

And to those who say we're losing the war.  Whatever.  I've been hearing that for years.  The world hasn't ended.   I know that more systems than ever are online now and somehow we failures are still protecting a majority of them.   I know we'll be always outnumbered always outgunned.

That's what makes it a challenge.

Friday, June 17, 2011

Decompiling the week.

What an amazing week...

Fantastic time at Source Seattle.  If you didn't make it, you should really check out what you missed.

Great keynotes by Kris Herrin and Eric Cowperthwaite.  Nice getting the executive "big picture" on breaches and managing security.

Thoroughly enjoyed giving my talk and a lively audience as well.

Fascinating lunchtime discussion with Marcia Hofmann about privacy and the nature of social media.  Enough to make me re-up my membership in the EFF.  You should consider it too.

Not only a great demo by Ron Gula, but he spent time after the session doing a one-on-one with me giving an insider's tour of their software.  It was great to see a master at work.  How often do you get that kind of access to that caliber of talent?

If Source wasn't enough, I had to get me some Agora where Kirk B. pointed me at this fascinating paper on assuming a state of compromise.  Since that's what this blog is all about, you should check it out.

Now I need to sleep...