Intermittent Hiatus : A Blog Update

While I may or may not have any regular readers yet, because of my personal goal to blog regularly, I want to state that I will not be able to meet my posting goals for some time.

The bad news:

On February 16th, I sustained a concussion at this time am struggling with light sensitivity and concentration issues at this time.

That’s why I haven’t been able to make updates on my projects, and haven’t been sharing much of what I’ve found and learned for a few weeks.

I have a lot of ideas and projects I want to work on as well as resources I’ve found and wanted to do write ups on. But trying to catch up on school, and personal projects as the breadwinner of my family has meant that I’m stretched thin right now.

The good news:

My first priorities are to graduate this semester or next semester while getting back into my job full time. In order to do that, there will be doctor visits, and other appointments, as well as plenty breaks sitting in dark rooms.

What is really great, is that I have an excellent husband, work place and peers who have helped me step back a bit, and given great advice. It’s shown me that uprooting my life to study IT, and going out of my way to be involved in the cybersecurity community (as much as I can) was the best thing I could have done.

Closing thoughts:

It’s funny how right now, some mental tasks are “easy” and others are sometimes impossible! For example, counting more than a few things, staying on task, or doing arithmetic… not so good. Yet, I can generally express myself sufficiently. There is a big difference between expressing experiences, and writing well about complex issues. But I have a feeling as I get better, I’ll want to share what I’ve found for accessibility software and the like. Maybe someday I can contribute to improving or expanding some of the vision and focus tools!

On a similar note, despite my successes, my years at UVU have been an extremely difficult period in my life. The sordid details aren’t important, but suffice to say I’ve become well acquainted with my own burnout-doppelgänger. Having a serious but recoverable injury has shown me how much I’ve learned from the bad in the last four years. I finally understand what is meant by the saying that hardship builds character. And it’s reignited my passion for my studies at a time when I was once again, setting unrealistic standards for myself. If I had given up sooner, I wouldn’t be so lucky now.

I hope if you’re burning out, or facing a monumental struggle right now, that you also hold on to hope and take care of yourself. It may or may not get better, but I promise, if you don’t give up, you will get stronger.

Mastodon Cloud-Server Progress Update : Digital Door Knocking

As a small update since my first semester-project post my Mastodon cloud-server project has been approved!

My next step is to reach out to groups who may be interested or could benefit from having their own social media server.

While I may be able to target the project to my contacts in IT or cybersecurity, or from art school, my advisor had excellent suggestions for reaching out to established groups who could benefit such as campus clubs, non-profits organizations, a church group or even a city rec center. In other words, there is surely a group who would like to stay connected without having to use big social media platforms.

Currently, I’m compiling a list of possible contacts, and drafting fitting proposals per group. Hopefully, I can find a group that is interested and comfortable with the proposal. I’m very excited to get underway!

Cost allowing, I plan to setup a server for personal use, such as amongst friends, in order to get started on the technical and logistical aspects. This should help me when I make contact with an interested group.

Until next time, best of luck to you in all you do! : )

Why should I try College Cyber Defense Competitions?

If you are an information technology or cybersecurity student with the opportunity to participate in a collegiate cyber defense competition I highly recommend you take advantage of it. If you don’t have the opportunity to join an existing team I suggest you make one!

Why? Because when you are tasked with defending a network you’ve never seen before, with one hand tied behind your back, while your CIO and CEO demand extensive reports and policies be written while you respond to intrusions … a lot of things start to click. Things that you’ve learned in class, or personal experimentation, get tied together within a greater context. You’ll learn from your teammates and be forced to learn new tools or concepts on the fly. And, if you’ve never been given administrative privilege in a network, not of your own design this is an extremely useful experience.

It’s a really, really bad day at work simulator.

It will test your nerves, communication skills, technical skills, team cohesion, and organizational skills.

You might stress-break-out but you’ll get a hell of a rush when you take back machines.

At some point, you’re going to think the hackers have taken down a service or system and, if you’ve kept good enough change logs, within five minutes you’ll discover that you, or a team member, hurt yourself by overhardening. If you don’t have good enough change logs or your team isn’t gracious and humble enough to absorb mistakes you’re gonna have a bad time. This fear is affectionately and resentfully referred to as The Ghost of Red Team. And it’s a perfect example of how psychological this event is. Unlike an athletic sport, you can’t compare your team’s performance to others, and you may not be sure about your adversaries’ performance either.

Similarly, if your team doesn’t have enough respect for business injects, such as the aforementioned policy writing assignments and reports, you will lose. It’s not the cool job and nobody wants to do it but you will lose if someone doesn’t do it and do it well. Just like you need all your services up as long as possible, you need every inject turned in and done as well as possible.

These competitions are incredible learning experiences and potentially good networking opportunities. In light of that, I’d like to be able to help students who are interested in cyber defense competitions get an idea of what they’re in for and how to prepare. I can’t and won’t get into specific detail about particular competitions. But, I can and will write what I would have liked to know about preparing for competitions in general. Hopefully, it’s beneficial to you.

 

First BlackHat USA and the Conference Associate Program

This summer I had the opportunity to work at BlackHat USA as a conference associate and attend DefCon, both for the first time. Having never been to Las Vegas or such major conferences I was ecstatic for the opportunity.

My experience at BlackHat was primarily shaped by the Conference Associate program. Through this program students and alumni from certain universities can apply to work  as BlackHat support staff. Conference associates are put up in hotel rooms in or near the venue, earn a wage, get about one meal a day, and earn access to conference briefings online in addition to scoring a DefCon badge. While most the day was spent preparing for the conference or helping attendees, evenings provided ample opportunity to meet new people and make new connections. I made friends with peers in the program and had the opportunity converse with professionals about career development. I even met some of my online friends face to face for the first time!

The opportunity to ask professionals face to face what they are looking for in good candidates for various roles was extremely helpful. Additionally, it was great to learn about the highly varied backgrounds that brought them to their current point. There are stereotypes about who is interested in cybersecurity, and an idea that everyone starts in tech in the first place. I’ve found that isn’t the case. The greatest common denominators seem to be curiosity and drive.

I had also thought I wouldn’t know anyone there but I learned that several professionals from the DC 801 area worked in the NOC. Some of whom I had met at previous security conferences. As someone working at the conference rather than attending it, the social opportunities are the highlight. When it comes to networking, I am someone who is more interested in becoming friends with people who have similar professional interests than I am in rapid fire business card distribution. What I learned from my first multi-day major conference is that it is a better than usual opportunity to build relationships. Everyone is away from home, and to a potentially lesser extent away from work, and therefore ready to talk and play.

Some real highlights for me included making friends with my roommate and other conference associates, meeting Tarah Wheeler and getting my copy of Women in Tech signed, and discussing career development with pentesters over lunch.

If you have the opportunity to work as a conference associate through your school, like UVU or UAT, I highly recommend it. Earning a wage there can help with your travel expenses and make it a bit easier to get to DefCon. The one downside this year was we received our DefCon badges after BlackHat the same Thursday that DefCon started.

 

 

My tips regarding a first time Vegas visit and BlackHat USA:

  • Pack light and purchase snacks at the local walmart or to order from Amazon Prime Now if you don’t have access to a car or don’t want to get an Uber. (Take it from someone who packed 3 boxes of clif bars.)
  • Uber is super expensive! Account for this when you choose your hotel room. I walked a lot to save money but The Strip is designed to corral consumers, not to be walkable.
  • Drink a ton of water. Drink more water than you think you need and purchase it from a supermarket or walmart. Otherwise you can end up paying $10.00 for a bottle of water. Get some aspirin too while you’re at it.
  • Bring your own portable battery. You don’t want to be plugging into any old USB port after all. Burner phones/devices are also a good idea but it’s still important to maintain physical control and not make any unecessary connections. 
  • Bring cash and store it securely so you don’t need to withdraw from machines.
  • BlackHat: If you are a student and venture into the vendors area it is helpful to have specific questions or to go with a professional. Not everyone on the vendor floor knows how the product they are pushing works and if they do they likely want to speak with someone who has decision making power in a business. However, it should be noted some vendors love talking to students because they see them as potential contributors, future customers or possible interns.
  • BlackHat Conference Associate: If you have time to explore during the conference itself try to go see demos instead of talks. You can get access to talks later unlike Arsenal Demos.
  • BlackHat USA: If you wait until the last day to purchase apparel you can probably get it on sale. However, if you are an average sized male be aware your size may not be available by the time the sale comes.  
  • Wear quality shoes made for walking which have already been broken in. This is not the time or place to break in a new pair of shoes or suddenly transition to minimalist footwear.
  • Pace yourself when it comes to alcohol. Never leave your drinks unattended and drink plenty of water!
  • Go to bed early enough to enjoy the next day! By the end of a week I hadn’t met my personal sleep requirements so Def Con was more difficult than it need otherwise be.
  • Give yourself time to recharge your batteries at night as well. Especially if you are an introvert, it can be exhausting to meet so many people and be in such busy places all day. Take some time to read a book, take a soak, go for a jog or take care of yourself in some other way.
  • Walk the strip at least once. You see so many interesting things, displays and people. Go see the fountain show at the Bellagio, you will not regret it.