JerryGamblin.com.

I had the chance this week to speak at the 44CON Cyber Security conference on communication skills. 

One of the take aways from my talk is that security professionals should always think CISSP when they are communicating.   Not this CISSP (which is great) but they should think this CISSP when the communicate: 

Clear

The single biggest problem in communication is the illusion that it has taken place.
– George Bernard Shaw

How many times have you thought you communicated something clearly only to see it blow up in your face because the words you said and the words they heard weren’t the same.  

Making sure your communication is clear is on the most valuable communication skills you can work on. 

Informative
The more informative your communication is the more persuasive it will be. It is why I am a big fan of the PoC||GTFO concept.  You will be amazed at how fast you can get things moving if you can show someone a proof of concept of a bug. 

Simple

sim·ple
ˈsimpəl
adjective
 easily understood or done; presenting no difficulty.

When you communicate do you make sure you have done all the calculus of the problem and left the easiest problem available?  

Succinct
I was talking to a marketing professional a few weeks ago and he average executive reads the first 3 lines of an email.  If you are sending the CIO  a 3000 word email on a XSS bug you found you have wasted 2900 words. 

Passionate 

“I have no special talents. I am only passionately curious.” -Albert Einstein

“You have to be burning with an idea, or a problem, or a wrong that you want to right. If you’re not passionate enough from the start, you’ll never stick it out.”  ― Steve Jobs

If you make sure your communication is clear, informative, simple, succinct and passionate you will be amazed t home many more doors will be opened for you. 

I had lunch with a mentor last week and he closed lunch with this thought and it has been stuck in my head ever since: 

There are two choices you are constantly making in your life, you either change things or accept them. 

We make that choice hundreds of times a day and most of the time we don’t even realize it. 
Do I pick up my sons toys out of the living room or do I accept the mess?
Do I  help the lady with a flat tire or do I accept it so I can get to work on time? 
Do I say something about a problem at work or do I accept it so I dont make waves? 
Do I volunteer in my community or do I accept it as is? 

The truth is anytime you notice something that you want to change and don’t you have accepted it.   We all have excuses on why we don’t try to change things and I have tried all the mental gymnastics to disprove his quote but I cant. 

Ever year on my birthday I always like to take an hour and write down some of the lessons I learned and quotes that have inspired and motived me over the year.  

Here are some of my favorite from this year: 

The only real things that matter in life are attitude and perspective. The same thing can happen to multiple people but it’s each of their attitude and perspective that changes the impact, effect and aftermath.

I try to think about this everyday and make sure I have proper perspective on things going on around me. 

Expectations kill gratitude.

This is a humbling thought when you apply it to your interactions with people you deal with every day.  

Everyone won’t like me. 

It took me a long time to be comfortable with this.  It doesn’t however mean that I shouldn’t try to like love everyone.

I’ll do whatever it takes to win games, whether it’s sitting on a bench waving a towel, handing a cup of water to a teammate, or hitting the game-winning shot. – Kobe Bryant

Everyone wants to hit the game-winning shot but how many of us can be content sitting on the bench if that is what is best for the team?

Younger people tend to see things in black and white. Experience lets you see the grey.

<Insert ‘50 Shades of Grey’ Joke Here>

Not everyone will appreciate or notice all your efforts.

If it needs to be done you should just do it anyway. 

If you can’t explain your position clearly in simple language, you probably don’t understand it yourself.

but…um…you know…security….cyber…hacking…trust me. 

“Nobody ever planned to be broke, fat, lazy, or stupid. Those things are what happen when you don’t have a plan.” -Larry Winget

Planning has been a big part of this year for me. 

Don’t ever make someone feel insignificant or inadequate.

This is a lot harder than it sounds. 

Find something you’re passionate about and become really, really good at it.

I found what I am passionate about…. I am working on the second part. 

Life throws curve balls. If you never learn how to hit one you will end up looking foolish.

Seriously… really foolish. 

“Sometimes life hits you in the head with a brick. Don’t lose faith.” – Steve Jobs

I <3 Steve Jobs. 

What is your time worth? 

That is the question that started my lunch with a mentor last week. I thought for a second and did some quick math and then pulled $300 an hour number out of the air.  He laughed and gave me these two quotes:

The price of anything is the amount of life you exchange for it.
– Henry David Thoreau

“My favorite things in life don’t cost any money. It’s really clear that the most precious resource we all have is time.”
– Steve Jobs

He went on to explain “If You Can’t Measure It, You Can’t Improve It“ (a running topic in our conversations).  So I sat down this weekend to figure out what my time is worth.

With the help of this life expectancy calculator I found out that I have 47 years of life left.   Using a date duration calculator that is 17,176 days (or 412,244 hours).  That makes every hour 0.0002% of my life. 

So here are some basic break downs:

Work:
A 40 hour work week is .008% of my life.
A work year is .416% of my life. 
A 5 day business trip is .024% of my life.
20 more years of work is 8.320% of my life. 

Sleep:
9 hours of sleep is 0.001% of my life.
A year of sleep is 0.655% of my life.
Sleep will take up 30.790% of the rest of my life. 

Miscellaneous: 
Watching a season of a TV show would be 0.005% of my life. 
Watching 10 football games a year would 0.006% of my life. 
Hitting the gym 5 hours a week would be 0.047% of my life.
Taking my son to swim lessons would be 0.020% of my life. 

The numbers are interesting but the more important lesson for me is to realize and treat my time like a valuable non-renewable commodity.  I need to give it freely to my family and friends while using it wisely for professional purposes and guarding it from time sinks.

What is your time worth?

Information Security is an occupation filled with professional cynics, curmudgeons and defeatist who are often proud of that role and at the same time do not understand while they are not included in decision making in their companies. 

I think some security professionals think that Mordac is a role model:

A mentor of mine who is a CISO for a large organization has this quote hanging in his office: 

Successful people find a solution for every problem and unsuccessful people find a problem in every solution. 

We ended up having a fairly long discussion around this quote and he walked me through his basic rules of saying no.

Never Say “No” when you mean “I don’t know”.
If you are in a place to help make a decision an acceptable answer is always “I don’t know, I need to think about it”.   If it isn’t you aren’t being asked you are being told what is going to happen.

No isn’t a solution. 
You are being paid to provide solutions to help your company become more secure. Saying no makes other employees find reasons to work around you. No one wants to be insecure they just want to be productive. 

Saying “No” make you a target.
Saying no means you are not helping. You are leaving someone else without a solution for their problem and giving them someone to blame.

Say No.

Sometimes there isn’t a good solution to a problem an you just have to tell people no.  You are now not acting as a problem solver but as a sanity check. If you get too many of these types of questions it probably time to brush up your resume. 

Using the time-lapse feature in iOS8 to capture some quick snow shoveling. 

Today is “Safer Internet Day” and I couldn’t let such an amazing made up holiday go by without giving you some of my favorite personal security
tips. 

Enable Two Factor Authentication.
Google, Facebook, Twitter and hopefully your bank all offer two
factor authentication.  Enabling it adds an extra layer of security to
help protect your accounts. 

Be Smarter About Your Passwords.
A personal password manager (I like LastPass) is a must.  They help ensure you have
amazingly complex and basically uncrackable passwords and helps you to not
commit the security sin of password reuse.

If you dont use a password manager you should follow the 3 basic rules of good passwords: 

15 characters or more. 
Mixture of uppercase, lowercase and special characters. 
Unique for each site you visit. 

Change Your Passwords Often.
No matter how complex your password is it is necessary to change it
regularly. I suggest changing all your passwords at least two
times a year.