JerryGamblin.com.

“If it isn’t documented it cant be a procedure” is what I told a coworker in the meeting before I went to have lunch with a mentor I have had since I was in high school.  

Today he shared with me his completed “Mission, Roles and Goals” worksheet.  I was impressed with his and I was a little embarrassed that I hadn’t spent the necessary time to write down my personal mission statement or goals. 

I will be spending the time to do so tonight but I wanted to share with you the outline he used in hope that you might spend the time to do so also: 

MRG Worksheet Blank.pptx
MRG Worksheet Blank.pdf

How long have you done your job?  
How much does that experience mean to your career?

I saw this old Dilbert comic this week and it reminded me that I have been doing network security for about 20 years and cut my teeth securing NT 4 and NetWare servers. 

I know that if I don’t make a concerted effort to stop experience blindness I quickly become the old guy in the comic.  

To do this I try to do the following things:

I read. 
I read /netsec, twitter, Russian hacker blogs, linkedin, mailing lists, white papers, bathroom stalls and anything else I can find about information security. 

I go to conferences and skip the keynotes. 
90% of the conferences I attend have keynotes given by people who make (part) of their living giving keynotes at conferences.  I have heard what they have said, bought their books and dont need to see the same talk they gave last year with new pictures.  I want to be in the room of the kid who has never spoke at a conference before and is likely to throw up and then give the best talk at the conference. 

I make friends with new people in security.
If you are new in the security industry I want to be hear your thoughts before someone who has been doing it as long as I have tells you that you are wrong and you need to be quite. 

I retool ever year. 
If it was up to me I would never sign a contract for a tool over a year in length.  I like to know that the tools I am using are the right tools.  I know people who spend a ridiculous amount of money on the wrong tools because it is easier to keep the tool they have then to go through the pain of retooling. 

What do you do to fight experience blindness?

If you didn’t have an account hacked in 2014 (you probably did) you will in 2015. 

Here are my best tips to help protect yourself online in 2015:

Enable Two Factor Authentication
One of the smartest things you can do to protect yourself online is to enable 2FA on all your accounts that offer it.  I wrote about how to enable it here.   

Be Smarter About Your Passwords
A Password manager (I like LastPass) is a must in 2015.  They help ensure you have amazingly complex and basically uncrackable passwords and helps you to not commit the security sin of password reuse.

Have Good Backups
Do you have good backups?  If someone stole your laptop how much stuff would you lose?

For about $200 you can buy all the tools you need to have great backups.

Buy a 1TB+ USB Drive for local backup (I like this WD Drive).
Signup for a Cloud backup service (I like Dropbox Pro).

Then you have to actually make sure you are backing up to the drive and syncing to the cloud for this to be a good strategy.  I have seen a lot of people buy a backup drive and then never back up to it.

Encrypt Your Important Files
You know those important files you have that you dont want anyone else to see? No, not those pictures… the PDFs of your tax returns… how are you protecting them?

You need to encrypt them (and those pictures) so that if someone does steal your computer they don’t have access.  There are a lot of tools both free (I like Ciphershed) and paid you can pick from and use. 

If you follow these 4 tips your information and accounts will be a lot safer in 2015.

As 2014 draws to a close here is a (not nearly complete) list of the lesson I learned this past year:

Ignore the sign: Jump in the bouncy castle.

There are two ways you can look at your life: What happened to you or What you did. You only get to pick one.

If you want the truth ask a 5 year old.

Find ways to forgive mistakes.

Not every problem has an entirely acceptable solution.

To get things done tell an amazing story.

Travel every chance you get. Travel makes you brave.

Be grateful for every moment you have. Every single one.

When you tell people that you do network security for a living they automatically think you are the worlds greatest hacker and that they are free to ask you to commit a federal crimes for. For the last couple of years I have started to keep a list of things people have asked me to hack to for an end of the year blog post.

My 2014 “Can you hack this for me” list:

A 3rd grader at my sons school asked me to hack his schools network so he could play mine craft. 

If I could hack “China” by a guy at Starbucks and “save America”.

If I could hack a politician’s Twitter account and Gmail account.

A coworker asked me to hack her husband’s email so she can delete an email she sent while mad.

A guy on a plane told me he would give me $20 if I hacked his ex-wives Gmail account.

The same guy asked (loudly) if I could hack the plane I was riding on after Scorpion premiered on TV.

I am not built for federal prison so I would never do any of the things above but please continue to ask me to commit federal crimes for you because I really enjoy writing this blog post every year.

I have been at my new job for a month today and after nine years at my old job it has been a different experience being part of a new team. Here are six things I learned this month that I figured were worth passing on. 

Transition From “You” To “We” Quickly.
Early on in a conversation I asked someone “Why do you do it that way?”  he politely corrected me to “Why do we do it that way”.  Once you get your security card and email account you need to transition from a them to an us mentality. 

Listen More Than You Talk. 
If you know me you know how hard this is for me. A good friend told me a great analyst strives for an hour meeting to be 55 minutes of the customer describing their problem and 5 minutes of you asking important questions. 

Find A Mentor.
If you are going to be successful you have to find someone to take you under their wing early and help you navigate your new environment.  I have found a couple people at my new company I already feel comfortable asking for advice. 

Ask dumb questions.
Don’t spend an hour trying to figure out how the copier works. Swallow your pride and ask someone how it works.  Trust me.

Learn The Language.
My new job is TLA (Three Letter Acronym) heavy.  The first week while I was in meetings I was just scribbling down every TLA I heard and at the end of the week I had 45 of them that were specific to my new job that I had never heard.  Understanding them and being able to use them really helped me feel like I belong. 

Admit You Don’t Know Everything.

My new job uses new technology and has different regulatory requirements from my old job and I am not up to speed on all of it yet.  I have found an honest “I don’t know but I will try to find out” is all that needs to be said. 

At the end of my first month my new job has a great culture and I am really enjoying my time in my first “start up” type company.  Also I am now really good at Madden. 

A couple of photos from around DC tonight. 

At my new job they have a fitbit step count challenge and if you can clock 40,000 steps in one day you can win a $100 gift card.  

The only problem is that there is no way in the world I will ever legitimately get 40,000 steps in one day (The closest I ever came was 25,000 steps one day in London and I was near exhaustion when I made it back to my room).

So if I was ever going to get 40,000 steps in one day I was going to have to cheat. Note: I am not really cheating, I am using a secondary fitbit account for this. 

Let me introduce you to Stepbot POC v.01:

With a $10 remote control car and a some electrical tape I can now average 120 steps a minute (172,800 a day) from the comfort of my desk chair. 

The future plans for the Stepbot include

• Stepper Motor and Stand.
• Raspberry PI Intgeration
• Software to control steps per minute with web interface. 

As I get ready to wrap up 9 years running network security for the Missouri House tomorrow I thought it would be a good time to do one of those blog posts where I sum up what I learned in a nice neat package.

So here are 5 things working in politics has taught me about infoSec (and life):

You can’t win every battle.
If you try to win every battle you won’t win any.  You have to pick the battles that are important to you and focus on winning those.

Favors are the most valuable thing in the world.
The most valuable thing in the world you can have is to have someone feel indebted to you.  You never know when you have to cash it in but it is always nice to know someone has your back when you really need it.

You can’t unsay things.
A politician can ruin their career by saying careless things without checking the facts or knowing their audience.  So can you.  

To have a successful project find people who care about your cause.
The first step to having a successful project is to find other people who are impassioned about the same thing.  If you can’t find those people your project will likely fail.

It isn’t personal.
If someone doesn’t think the same way you do on an issue doesn’t mean that they don’t like you (or that they are an idiot).  If you treat everyone who has a difference of opinion as you as an enemy it quickly becomes you versus the world.