Recently, I was witness to a lengthy frustrated rant about having to express the same concepts over and over, to different groups, that may or may not contain the same people. While I understand the emotions that prompted the rant, the high-jacking of the meeting did not help the group understand the problem at hand, or move us quicker to a solution.
This brings me around to the point of this article. Who is responsible for ensuring a message is understood?
When in the hold of impassioned or complex thought do we too often dismiss our listener? Are they thick, slow, unintelligent? Probably not. If they are someone you work with, or are doing business with, there is something that has got them where they are at, they bring some piece of puzzle to the table. That aside, what we often forget is that the onus is on the speaker to convey meaning, not on the listener to comprehend. Make no mistake the listener has an active role in the process, and must remain engaged, but if we are not crafting our message so that the listener or listeners comprehend, take away, and hopefully socialize our message, we are not meeting our obligations as the presenter or subject matter expert.
A few things to remember in our quest to being understood:
1. Make less assumptions - Don't automatically assume everyone has the same foundations, take things back to the 50,000ft view, and then bring your focus in on the specifics, after you have established a common baseline.
2. Be Patient and Answer Questions often - Get over the need to get everything out before you're interrupted. If one person has questions or need clarifications, it is undoubtable that others do as well.
3. Socialize your message - While you probably only have a set amount of time to get your information across, ensure that you have done your piece to build solid documentation, or at least some foundational information. A good synapse of the issue at hand in a meeting request, or presentation description will go a long ways to getting everyone on the same page, but this requires that you do some preparation to back up the discussion.
Overall, acting with consideration, and reacting with compassion will go a long ways to ensure that your message is received as intended.
Yours in Security,
JustinTM
Wednesday, August 16, 2017
Sunday, August 6, 2017
Being Green
This isn't an article on espousing the intricacies of "Hulk
smash", or the joys of being a Jolly Green Giant, instead I want to talk
about team inclusiveness. One of the
many takeaways I came away from Army basic training with, was that we are all
"Green". It is a philosophy meant
to eliminate bias and discrimination in the ranks, but it can be broken down to
mean that we have a shared experience. It’s a mantra that since I wear the same
uniform as you, your color, creed, orientation, or religion, are irrelevant to
the fact that we are same, and in this together. Its a determination that you trust me to have your
back, and I know that you have mine.
This isn't just a phenomenon that is isolated to the military
experience. Whatever uniform or hat you
wear, look around at those that are sharing the experience with you. We are in this together; we share the same
concerns and issues. If we remember to
keep this mindset, then maybe, just maybe, we may make that little extra effort
to treat each other with the respect we deserve, and that keeps teams
functioning well.
Yours in Security,
JustinTM
Friday, March 17, 2017
Information on a Linux vulnerability was publically disclosed last week, and was widely distributed yesterday.
The CVE-2017-2636 vulnerability affects the majority of popular Linux distributions including Ubuntu, RHEL 6/7, Fedora, SUSE, and Debian.
The vulnerability is in the N_HLDC Linux Kernel driver and can exploit a double free memory bug to allow for escalated privileges on the system.
The vulnerability can be verified using system test calls with google’s syzkaller fuzzer.
All major releases have a security patch available, and the recommendation is to patch as soon as possible.
Tuesday, January 24, 2017
Parting the Veil
Hats off to Rob Graham @ errata Security for a great blog post that shares some great CLI tools for the infosec crowd: http://blog.erratasec.com/2017/01/the-command-line-for-cybersec.html#.WIhBpFMrKpp
The past week has been quite fruitful, I was able to add the CompTIA Project+ and the Cisco CCENT Certifications. The CCENT was a result of taking the ICND1 exam, the first of 2 exams towards a Cisco CCNA. I am also halfway to attaining the Linux+ certification. My plan is take the next Linux+ exam (LX0-104) to complete the pair, and then move on to the ICND2.
Last week I also built my first Boot-to-root Virtual Machine, the goal was to create a vehicle for sharing my resume that would cause me to stand out. I haven't had a response yet, but once I know that the my clues have been found, I will post the link and a walk-through. It was terribly basic, but a good beginning.
Yours in Security,
Justin
Yours in Security,
Justin
Friday, January 20, 2017
RFR - Request for Resume
Recently a good friend of mine alerted me to an opening at the organization with whom he is employed. The prospect of working again with this fine engineer is certainly not something I would easily pass up, so I set about updating and polishing of my technical resume. Somewhere along the line this document became large and a bit unruly. It is not colossal by any means, but does fit the baby giant classification of a MTU frame size (a baby giant is slightly larger than a IEEE 802.3 standard 1500 byte frame). After doing my best to limit the scope to 4 pages, I thought I was ready for the next step, but was pointedly reminded that I needed a good cover letter to go with it.
Always one to start with a little research first, I looked for the best possible cover letter format. The Harvard Business Review postulates that a 5 line cover letter is in all instances ideal. (https://hbr.org/2009/06/the-best-cover-letter)
A bit of Hello, I heard you had this position open, This is why I would be great on your team, lets talk soon, regards...
Short, succinct, and to the point. While it covers all the necessary bases it really doesn't stand out. So I, with all my extra time, decided that the best approach to gain a Penetration testing position would be to build a boot-to-root hack-able virtual appliance, and embed my resume as the prize for owning the box. To wit, I present my cover letter, that does indeed follow the HBR guidance:
3st33m3d V13w3r,
I am writing in response to the opening for a Security Pen Testing & Assessment Engineer.
I offer over 20 years of highly technical, detail oriented, troubleshooting and analytical experience. I also have solid certification backed project-management skills, and passion for Information Security, all of which should mark me as a value added candidate for your team.
My resume is buried somewhere within [omitted for privacy], if you can gain access to the resume then I deem you worthy of my skillz, and would be willing to entertain a conversation about employment with your fine organization.
Best regards,
XXXXXXX XXXXXX
We will see how it goes.
I hope you enjoyed my musings.
Yours in Security,
Justin
Always one to start with a little research first, I looked for the best possible cover letter format. The Harvard Business Review postulates that a 5 line cover letter is in all instances ideal. (https://hbr.org/2009/06/the-best-cover-letter)
A bit of Hello, I heard you had this position open, This is why I would be great on your team, lets talk soon, regards...
Short, succinct, and to the point. While it covers all the necessary bases it really doesn't stand out. So I, with all my extra time, decided that the best approach to gain a Penetration testing position would be to build a boot-to-root hack-able virtual appliance, and embed my resume as the prize for owning the box. To wit, I present my cover letter, that does indeed follow the HBR guidance:
3st33m3d V13w3r,
I am writing in response to the opening for a Security Pen Testing & Assessment Engineer.
I offer over 20 years of highly technical, detail oriented, troubleshooting and analytical experience. I also have solid certification backed project-management skills, and passion for Information Security, all of which should mark me as a value added candidate for your team.
My resume is buried somewhere within [omitted for privacy], if you can gain access to the resume then I deem you worthy of my skillz, and would be willing to entertain a conversation about employment with your fine organization.
Best regards,
XXXXXXX XXXXXX
We will see how it goes.
I hope you enjoyed my musings.
Yours in Security,
Justin
MostlyNotSecurity - Steps to the winners circle
Once in a while I stumble upon what equates to golden rules... the following may not represent all that glitters, yet falling prey to these classic blunders may limit your forward mobility.
http://viralnavy.com/11-things-smart-people-do-not-say.html
To sum up, avoid the following phrases, for more information read the article:
1. “It’s not fair.”
2. “This is the way it’s always been done.”
3. “No problem.”
4. “I think/This might be a silly idea/I’m going to ask a stupid question.”
5. “This will only take a minute.”
6. “I’ll try.”
7. “He’s lazy/incompetent/a jerk.”
8. “That’s not in my job description.”
9. “It’s not my fault.”
10. “I can’t.”
11. “I hate this job.”
Remember, stay positive, keep a shiny attitude, and stay awesome.
Yours in Security,
Justin
http://viralnavy.com/11-things-smart-people-do-not-say.html
To sum up, avoid the following phrases, for more information read the article:
1. “It’s not fair.”
2. “This is the way it’s always been done.”
3. “No problem.”
4. “I think/This might be a silly idea/I’m going to ask a stupid question.”
5. “This will only take a minute.”
6. “I’ll try.”
7. “He’s lazy/incompetent/a jerk.”
8. “That’s not in my job description.”
9. “It’s not my fault.”
10. “I can’t.”
11. “I hate this job.”
Remember, stay positive, keep a shiny attitude, and stay awesome.
Yours in Security,
Justin
Where have I have I been for a Year?
Long has the question burned in the hearts and minds of intrepid IT hopefuls, and of course the recently techy unemployed; Education or Certification?
In my quest for career path validation, I asked the same question, luckily I found an option that fills both roles. I am currently enrolled in a program with Western Governors University that makes Certification the final for several of the classes. Yesterday I took and passed Cisco ICND1, the first of a two step process to attain the Cisco Certified Network Associate in Routing and Switching, or CCNA R&S for short.
subnote: As a full time Security Engineer, full time student, part time solider, and single parent, I often neglect certain passions and endeavors that I deem negotiable at the time. This blog has been often fallen into that category. As an effort of recompense, I am going to relate more of my study and side projects to this medium.
Among the certifications a security minded person pursing an education through WGU can anticipate:
CompTia A+
CompTia Network+
CompTia Security+
CompTia Project+
CompTia Linux+
LPI LPIC-1
Cisco CCENT
Cisco CCNA R&S
Cisco CCNA Security
Add that that the other courses, and degree attained, and all told you have a very solid base to begin (or continue) a technical career.
Yours in Security,
Justin
In my quest for career path validation, I asked the same question, luckily I found an option that fills both roles. I am currently enrolled in a program with Western Governors University that makes Certification the final for several of the classes. Yesterday I took and passed Cisco ICND1, the first of a two step process to attain the Cisco Certified Network Associate in Routing and Switching, or CCNA R&S for short.
subnote: As a full time Security Engineer, full time student, part time solider, and single parent, I often neglect certain passions and endeavors that I deem negotiable at the time. This blog has been often fallen into that category. As an effort of recompense, I am going to relate more of my study and side projects to this medium.
Among the certifications a security minded person pursing an education through WGU can anticipate:
CompTia A+
CompTia Network+
CompTia Security+
CompTia Project+
CompTia Linux+
LPI LPIC-1
Cisco CCENT
Cisco CCNA R&S
Cisco CCNA Security
Add that that the other courses, and degree attained, and all told you have a very solid base to begin (or continue) a technical career.
Yours in Security,
Justin
Subscribe to:
Posts (Atom)