Auntie Lesley's subtweety social interaction tips #35:
When you comment on someone's photo and offer unsolicited criticism on 1) Technique 2) OSINT 3) Tool choice, and the poster replies. "I didn't ask for your opinion" or "Yes, I know",
That is the time to stop. Right there.
I know it is something you (at least think you) know a lot about,
I know you are passionate about it,
I know you are trying to help them / their followers,
I know you are sharing knowledge
That is not the venue. It is how you lose friends, community respect, and get blocked.
You can always go write your own tweet thread or blog, or post a video to educate people on the subject! That is perfectly fine! Go forth and share knowledge! Your viewpoint is valuable. Your criticism was not solicited.
Yes, this is a subtweet, but I see it all the time because we are a professional and social community of a lot of very passionate people with very strong opinions about How To Do Stuff.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
I hope your food turns out awful and your kids hate all their presents. I also hope people remember this when you apply for jobs in the future. This is one of the cruelest and most counterproductive moves I have ever heard of inside our industry. I am stunned.
It’s not “touchy feely” of me to point out this was bad. Not only is it stunningly unethical, the overall result on GoDaddy security will be objectively negative as it spoils the fragile relationship between infosec and staff for future IR, reporting, and policy adherence.
In my life as a security professional, I have had exactly three IT friends / colleagues come up to me bragging about the secret digital surveillance they constructed to monitor their kids.
Every single one of them ultimately destroyed and lost their relationship with their kid.
It took so long to happen that despite my extreme discomfort with surreptitious monitoring and privacy invasions I chose to not question a parent as a non-parent. But over the course of a decade, every one of those kids either wrecked their life, or left home and never came back.
They always had this elaborate-sounding, techy panopticon. Some mix of cell location monitoring, fake social media accounts, web usage monitoring. I’ll never know how much the kids ever found out about in the end. The end result, however, was always the same.
I don’t know if this will help anyone in their first place, but I was just setting a family member up with Comcast (only choice) - remember that: 1) you get gouged if you don’t buy your own cable modem 2) you should be calling to (politely) negotiate a new contract annually
I don’t know, here are some other Auntie Lesley tips everyone assumes you already know: 1) adding people onto a family cellular plan is absurdly cheaper in the US than a new account 2) there are small mobile service discounts for everything under the sun from employers to AAA
3) Comcast business costs about the same as XFinity internet in many metro areas and has SLAs in exchange for slightly slower speeds so don’t just rule it out if you’re a cable cutter.
If I accomplish one thing in 2020 it will be to convince every infosec traveler without a pet because of travel to get an adorable and cuddly hamster. Welcome to hamster facts!
1) There are multiple types of hamsters. While dwarf hamsters can be more social, Syrian hamsters like Cassie are introverts prefer to only be friends with you, when they feel like it.
2) hamsters are very tidy desert animals, unlike rats and mice. In fast, most hamsters can be litter box trained in a day or two by simply putting a hamster sandbox in the corner they choose as a bathroom. They will also take adorable sand baths when the sand is clean.
I don’t know who needs to hear this but a key part of finding a mentor is having a good pitch you can deliver about what you’re specifically trying to accomplish and where you want to go.
I don’t reality know how to answer, “Lesley will you be my mentor?”
I have limited bandwidth. What are you expecting from this relationship? Are you even trying to get into my field or area of expertise specifically? Is there someone else who would be better suited to help?
“Lesley, I’ve been studying ICS security and I am thinking about maybe doing so research on xyz but I need to flesh it out?” - I can work with that that, and I understand what you need. We can build a rapport.
Any company that claims to have never suffered a successful intrusion either forges swords at the Renaissance faire with no digital devices, or has a SOC that’s missing stuff.
Or they’re outright full of crap.
I can’t believe I have to say this but the fact that everyone will eventually be hacked, at the same time, does not mitigate responsibility for reducing attack surface, building defense in depth, and performing good incident response. These aren’t mutually exclusive things.
Every intrusion is not the same. Every adversary is not the same.