Interview advice: if your Zoom/email/whatever avatar is any derivative of the Punisher logo, you're making a horrific* first impression. Even if the hiring manager doesn't care, they know others likely will. 1/

*unless you are interviewing for a job as a vigilante
This goes for all sorts of logos/backgrounds/whatever. But know that anything depicting skulls/death/violence is especially triggering for some folks. It's not for me, but I'm always thinking "will this potentially offend a customer?" If yes, you're fighting uphill... 2/
Feel free to explain why I shouldn't care, then go start your own business and connect back with me in a few years.

But forget the business side, think about people. You aren't likely to be more considerate to customers than a hiring manager. Hiring managers know this. 3/
And think about this holistically: are you giving off a vibe that says "potentially offensive/alienating?" That might be okay in some roles and on some teams, but do you really want to artificially limit your opportunities?

Customer facing roles generate revenue and pay $$$. 4/
I'll close with this: you do you.

I only offer these notes because I've seen multiple people show up to Zoom interviews in suit and tie, but with potentially offensive avatars. They obviously care about the impression they deliver, but seem to be missing a key area. /FIN

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jake Williams

Jake Williams Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @MalwareJake

3 Jul
If @GitHub (Microsoft) truly believes copilot isn't infringing on anyone's work, I want to offer them a chance to prove it: I'll donate $50k to a charity of their choice (or @EFF if we can't agree) if they release a Copilot version trained solely on Windows kernel source. 1/
This isn't a joke. It would be amazingly helpful for device driver developers. This in turn would ostensibly benefit Windows users through fewer BSODs. Add the charity money in and there's literally NO REASON not to do it. 2/
So let's set some ground rules:
Independent verification that the newly released model is only trained on kernel source
It's the full kernel source, from all versions (leave Win2k out if you want due to that pesky Java thing)
All kernel drivers owned by MSFT are included too 3/
Read 5 tweets
2 Jul
If you're forcing someone to print and sign a document, understand that you're hurting the underprivileged who don't own or have easy access to a printer. I'm traveling this week and HAD to print something. My friend's printer is broken. This was the cost for ONE PAGE. 1/ Image
Now that's not hurting me a bit, but also recognize it's not the total cost. The nearest place advertising self service printing was Staples, and thankfully I have a car. I'm still out just over an hour + gas costs all in. With public transit, double that (or more). 2/
The money doesn't matter. The time does though. And while my time is more valuable (measured by hourly rate), the time impact to someone underprivileged is much higher. "Pull yourself up by your bootstraps" only works if you don't rob them of time. /3
Read 6 tweets
11 Feb
These newly disclosed vulnerabilities in tcpip.sys are a really interesting case study in why holistic security matters. Sure you should still be patching, but are your firewalls and IPs systems properly configured? If so, these probably aren't an issue 1/
msrc-blog.microsoft.com/2021/02/09/mul…
First, let's look at CVE-2021-24094/24086. Both involve the reassembly of packet fragments. If you've never dealt with issues IP fragmentation and never had to worry about the MTU across the network path, that's okay. It was a common thing many moons ago, but not much today. 2/
In IPv4 there are lots of variations in how fragments are handled, particularly for out of order delivery. It turns out the original standards weren't very clear on this so everybody did what was easy. But as IPv6 was being built, the standard is clear: no overlaps. 3/
Read 11 tweets
10 Jan
For those having to explain to confused family members/coworkers why Twitter/Facebook/etc haven’t “violated the First Amendment,” try this tactic.

Suppose their church runs a “prayer board” where people can leave prayer requests and messages of support (this is common). 1/
What if I posted a link to my OnlyFans. Would they be violating my First Amendment rights by removing it or disabling my account?

Don’t like the church example? What about posting ads for selling black market Fentanyl on an opiate addiction support forum. 2/
“But that’s illegal!” Oh, I hear you. So is inciting an insurrection, but let’s continue.

What about advertising abortion on a Christian message board?

Conversion therapy on an LGBTQ forum?

Good, so why is it okay to remove any of these messages? 3/
Read 8 tweets
8 Jan
As I continue to interact with folks dealing with the aftermath of the NYT JetBrains story, I'm calling it - the story was irresponsibly released.

The story lacks any actionable details and has collectively cost overworked security teams *thousands* of hours in response. 1/4
One defender I know called it "the NYT denial of service." I'm sorry if that hurts the author's feelings, but perspective and all...

"Officials are investigating" is hardly enough with something this big. The impact of speculation like this is HUGE for network defenders. 2/4
I get why executives are hammering security teams for assessments though.

Look at the wording used. We pivot from "officials are investigating" to "the company is unaware of any investigation/compromise" to "officials are not certain how THE compromise" (as if confirmed). 3/4
Read 6 tweets
31 Dec 20
This story is getting a lot of attention. Let me quickly break down for followers not in offensive security what it means.

This is not great, but *the sky isn't falling*. Anyone who says this will immediately result in {thing} is uninformed (or worse) 1/
reuters.com/article/us-glo…
First, we need to take the MSFT information at face value. MSFT says attackers could *view* some code (not sure how much/what) but specifically notes that the attackers could not modify anything.

Claiming "well there's risk they had write access" is unproductive in every way. 2/
As MSFT notes in their blog post, they have embraced an open source threat modeling approach - assume the code will become open and don't tie security to secrecy.

With some companies, you might hear that and call BS. Don't do that here. 3/
msrc-blog.microsoft.com/2020/12/31/mic…
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(