1. Business in a Bag

    Business in a Bag: Remote workers and the spouses who “meh” them. I’ve given advice like this to people in numerous DM’s and face to face conversations but after seeing this blog post from Whitney, I figured it may be worth a blog of my own. There and Back Again TL;DR, Whitney realized a fully remote gig wasn’t for her and had the stones to do an about face and return to her old gig. That takes a level of guts I don’t myself possess and I applaud her for not only doing it, but writing about it for the world to digest. I started working remotely about 6 years ago. I remember the prospect of working from home to be just the most amazing, and unattainable, notion I could come up with for my career. Previous to my security career, I was your run of the mill IT Monkey for a decade doing deskside support. No way to do that from your living room and PJ’s. So, I was floored when I scored my first fully remote gig with Mandiant. That first day came and I made amazingly witty jokes like “My only traffic jam is when my dog is in hallway!”. My wife didn’t find that amusing the first or 23rd time she heard it. But this was still AWESOME. I thought that first week would be the best thing ever. I could work from my PJ’s, take naps at lunch, play music as loud as I wanted. Every kids dream. By day 2 I was begging my wife to go somewhere, anywhere, after work. Just to have some direct human contact. We became those weird mall walker people in no time. This remote thing was trickier than I anticipated. It took me a few months to get really good at it, and make no mistake, working remotely is an acquired skill. It takes discipline, it takes planning, and it takes constant maintenance to be a productive method of getting your work done. To that end, I thought I’d share some of my own tips and tricks to make it a great and rewarding experience for you first timers. Put on pants. Approach a remote gig like you would any other job. Unless you’re a stripper. But even they start out with clothes on. My point is, get dressed like you were going into an office. Some people even go so far as to wear shoes all day in their home office. Those people are nutjobs. Working in socks is awesome. Communicate. I probably should have led with this one but it’s at least a really close 2nd. Just because a company says they’re “remote friendly” doesn’t mean they’re good at it. Ask questions during the interview process about how they keep the team communicating. What kind of chats do they use? How often will you have 1 on 1’s with your boss? What do they use for tribal knowledge share (wiki, SharePoint, Jira, etc.) Is it standardized? This workflow is supremely important with a geographically diverse team. Never be afraid to be the initiator in those communications, your boss is a person just like you, going down the same rabbit holes. The communication thing is always a 2-way street. Invest in your office space. There are a couple things that are worth every penny you spend on them, mattress’s, shoes and a good home office chair. Or, a standing desk if that’s your thing. I spent a good chunk of change on my chair, some people thought I was nuts but those people can eat it because it’s top to bottom memory foam, weighs as much as a 1974 gremlin and has survived 5 different moves. 6 years later I’m still in the same chair and it’s worth its weight in gold. But on the same token… GTFO of your house. I once built an entire gym in my sunroom because I thought it would be super convenient to have all my interests in one spot, I’d never have to leave the house! Fast forward 6 months and I was selling all of it on Craigslist because I was getting to be that weird shut in with no social skills. Some things are just better done in public. When that $$ comes out every month for my gym membership, It’s not the use of their equipment, it’s an investment in my social sanity. Eventually, you will become comfortable with the isolation. You’ll even learn to love it. But you’ll hit a wall and it’ll drag down your entire mood. So, switch it up. I’m not even joking when I say doing something as simple as posting up from a Starbucks for a day will do wonders for your mood. Get a MiFi or use your phone tether to work on the go. There’s no reason this whole thing can’t be fun and make no mistake, there are tons of work/life balance benefits here. One Christmas I got tickets to see the God King himself, a one Mr. Kenny G. It was a magical night of wonderment and holiday spirit. But I was also on for the 3rd shift rotation so bah humbug. So, my wife drove home and I worked from the car with that blessed little MiFi device. It’s a lifesaver and another one of those things that’s worth every penny. “You gotta keep ‘em separated” - The Offspring. Another tricky part about working from home is that the phrase “don’t take your work home with you” can never apply to you. You’re literally in the same building during work and personal time. Figure out a method to extricate yourself from the issues of the day. For me, although I could do a better job of it, at 5pm I go pick up my kid and when we get home, my phone goes in the cabinet. Not to be heard from again until after everyone is in bed. This is another one of these tips that takes constant care and attention. If you had a bad day at work, the place that sucked the most is still just down the hall. Which leads me to… Have a plan to unwind. Listen, if you’re like me, what you do is part of who you are. It’s how you define fulfillment both professionally and personally so it’s easy to want to keep going after hours. But without a watchful eye trained on the ambition, it can get out of hand. Don’t guilt yourself into thinking you should be at the keyboard even in your off hours. Play some video games, read a book or just lay on the couch and relax. You’ve earned it and you need to recharge for a bit. Take breaks. Take the dog for a walk, get up and stretch, etc. Many a day the clock as turned 5pm and I still haven’t touched my breakfast. A nifty app for this is a Pomodoro timer. Set yourself on a task for 25 minute increments and then take a breather. I’ve found this helps to facilitate concentration and relaxation. Invest in a good organizational app. I like ToDoist but you can pick your poison. It’s incredibly easy to let things slip through the cracks when you don’t have someone near you to remind you what needs to be done. I’m sure there are more tips and tricks to be had but these are some of the more important lessons I’ve learned over the past few years in different locations on different teams. Your mileage may vary but I hope this is helpful both for the newly initiated and those who need a refresher course in the Art of Remote. …


  2. To Fail Is Divine

    I’m not making any NY resolutions this year because I’m still working on mine from last year (I am actually slightly less fat going in 2018, thanks for asking), so I’ll thrown my energies in a one final blog for 2017. This blog was inspired by the following tweets …


  3. rand0h's Essential Follow List Part 1

    On the heels of the “Hunting For Web Shells” webinar that I just did with Sqrrl Data I wanted to follow up with a short post that came from an attendee question. I’m paraphrasing here but it was something along the lines of: “I’m new to the infosec world, where can I go to learn more about things like web shells or overall information security?” My answer was immediate and unequivocal, Twitter. Twitter is where you need to be. I don’t know where I’d be today both in the evolution of my career and my evolution as a person without such an epic treasure trove of people and information readily available 24 hours a day, 7 days a week, 365 days a year. Any time there’s a new breach, new technology, new hacker philosophy, you can find at least 20 people with opinions on the subject, research to back up their opinions and others commenting on it, possibly telling them why they’re full of it. The hacker community has carved a deep niche into the Twitterverse and whether you’re new to this field or well worn and battle scarred, there is never a shortage of education to found there. For the sake of my sanity and yours, I won’t release the entire InfoSec Social Media firehose on you all at once. I have started with two of my main areas of interest, Digital Forensics and Incident Response (DFIR) and Offensive Security (Red Teaming, Penetration Testing, etc.). The third list is a snippet of a larger list that I’ve curated over the last year or so. It’s an excerpt of my “Quality Over Quantity” list. If I deleted my Twitter tomorrow and started all over again, this is the list of people I’d re-follow immediately. The official list is about 80 accounts long but I have narrowed it down to my Top 20. A painful endeavor I assure you. So, without further adieu but with some caveats, I present some of my favorite InfoSec Twitter accounts. These are people and pages that have helped shaped my hacker worldview for the better. Now for the caveat, this is by no means an exhaustive list. I’m sure someone will tell me I’ve made a grave oversight at not mentioning some of their favorite people. I welcome those comments because I’m always looking for new and interesting accounts to follow. We can all stand to learn something new. …


  4. Hold for Housekeeping

    Doing some blog maintenance. brb. …