There’s this nasty trend in broader cybersecurity of these folks who like, did something huge - built a tool, did research, exploited something big - back 5, 10, 15 years ago, who are now gatekeepy and patronizing to new people in the field, and push them out. I don’t understand.
Like, someone gave all of us a chance. We were all new, once. Why be so aggressively kings and queens of our castles now?
We’re not hacker gods. Why does everything have to be done our way *exactly* as it was a decade ago? Why can’t we be welcoming?
I’m not talking about a specific individual. Please don’t post your guesses here. I see this same personality type in *every* blue and red team niche. It’s a small number of senior and executive people.
I just can’t understand it. Ok, you did a cool thing! Good work.
As @munin says, now it’s our turn to enable junior people to do something cool, too.
I have seen very competent and bright junior people reduced to tears by this. They’ve been belittled and mocked by the senior people whose work they respect.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The great thing about being ~middle age is knowing exactly what you like, which manifests in very amusing ways when you are single and childless. “You know what would be good in the living room? A big Lego Rube Goldberg machine, discount tequila, and a sauna”.
My married friends: “maybe we could do this in the basement”
My parent friends: “I do not understand any of this but it’s cool. Do you have wet wipes?”
When I started working 100% remotely over three years ago, I was frustrated with not being able to have dynamic chats (professional and banter) with my team. I’ve honestly found that time, better tools, and the past year of more people being remote have rectified most of this.
The worst situation for a remote worker is being the *only* remote worker and not having a team that can compensate for that well. Now that we’ve reached a tipping point, almost everyone in IT now empathizes with remote workers and conferencing and chat tools have improved a lot.
It’s possible that COVID-19 actually made remote work feasible for some tech organizations that would have made it really uninviting under other circumstances.
Hello, I would like to introduce you to the new plethora of free cliche hacker stock art, now *finally* available in a multitude of genders and skin tones. But still entertainingly cliche and extremely context-free.
Apparently we all have large terminal text that displays on our back walls and on our faces
We have friends now! We are no longer solitary hackers. But we all dress like the 90s movie. Fairly accurate.
This is one of those things I'm saying for the sake of educating people, not the sake of subtweeting or being trite:
I just got a LinkedIn ping from a recruiter. I am a relatively polite and prudent person and I like to decline politely instead of ignoring those. (1/n)
The recruiter told me the job was "vulnerability engineer". No description attached. My immediate response was, "I'm sorry, but I'm an incident responder / DFIR. This isn't an applicable posting for me."
Clearly, vulnerability management & research are very different fields.
The recruiter replied that the company is actually seeking an incident responder.
Folks. You need to be careful what you're naming your job positions. I'm not looking, but a lot of people who are might have ignored this note entirely.
I find it a lot more telling that their executive blames security issues on an intern than that a large organization had a weak password on an exposed server. The latter is unfortunately common, but it will never be remediated with the former.
Think back to the companies that had a major, public incident and then drastically changed their cybersecurity culture because of leadership buy-in. Target. Motorola. Norsk. Maersk. Then think about the ones who didn't.
Target and Motorola became noteworthy cybersecurity community participants and pipelines for junior talent.
A thing I do at Dragos (not a plug, just thought you might find interesting), is elaborate functional and crown jewel analysis of industrial facilities where I spend days interviewing staff to figure out all the horrible things that could happen and what device could cause them.
Like I literally spend days of my life figuring out what PLC on what shelf could cause places to explode under specific operational and security conditions
It's interesting. I found out how to spoil eggs en masse and also cause cataclysmic chemical chain reactions.