Timothy De Block

  • Blog
  • About
  • Technology
  • Media
  • EIS Podcast
  • EIS Archive
DSC_0361.jpg

Information security is a journey not a destination

June 02, 2019 by Timothy De Block in Experiences

It’s actually two journeys or two parts.

Part one: Getting into Infosec

This is where the journey begins. Usually with a desire (or need) to get into the information security. Sometimes you didn’t even know you were on the path. Which was my case. I joined IT because it seemed interesting and did a pretty good job of paying the bills.

I’ve been thinking about this more, because I’m going through the hiring process for a junior level position. I’ve noticed a variety of backgrounds of people trying to get in. Some people are coming from the military, others college, and yet others from working in IT. The junior positions don’t require security experience, it does however require some kind of college or IT experience.

Another observation I have is that, the candidates that are sticking out are involved in the infosec community and taking advantage of the many free resources. There are conferences, forums, slack channels, podcasts, blog posts, capture the flag events, videos, VulnHub, Hack the Box, bug bounty programs, and much more. Being involved in those things is very important because once you get in…

Part two: Being in Infosec

You have to utilize all those resources to keep up with the field. It’s been called a cat and mouse game between attackers and defenders. Technology is in a constant state of advancement and enhancements and with it comes new security challenges. A few weeks ago four vulnerabilities got dropped over a four day period that required me to understand the vulnerability. I had to understand how it is exploited and how we can mitigate it. I used blog posts, podcasts, Twitter, Google, and reached out to some people.

That last one is particularly important. The others are found on Google. Getting to know people requires putting yourself out there. Overcoming nervousness and anxiety to meet some new people. The benefit is two fold: you can ping ideas off people and you’ll increase your chances of finding opportunities within infosec. The perfect first job in infosec is rare. By perfect I mean a place to grow and advance. Even if you find a good organization there may not be a chance to advance or move up.

Below are a some links to help look for conference and other events in the area. I like BSides events because they have a low bar to entry. Usually $10-30 bucks for a day of talks, networking opportunities, and food. If that’s too much volunteer. It’s a great way to help out the community (reflects well on a resume) and be in a position that requires interaction. I only interacted with a few people at my first event as an attendee. As I continued to go to events my interactions with different people and the same people increased. How quickly this happens depends on how many events are attended.

These events also don’t require you to be in the field. You can start building your knowledge and opportunities before you get into the field.

Resources

Meetup.com - Good place to find local user groups in your area

Infose-conferences.com - Pick your state and any adjacent state you’re willing to travel to

June 02, 2019 /Timothy De Block
infosec, career, security conferences
Experiences
Comment
Photo by Hunters Race on Unsplash

Photo by Hunters Race on Unsplash

Management is a shift in mindset

April 23, 2019 by Timothy De Block in Experiences

If you ever go into management in the infosec field (or really any field) get ready for a huge shift in mindset.

Finishing the Exploring Information Security podcasts was a great decision for me. I would love to still be doing it, however, it’s just not valuable for me as a manager right now. I am no longer thinking about the latest happenings in infosec. I am still paying attention to what’s going. It’s just that my performance is largely reliant on the people that report to me. That means managing workloads, removing blockers, providing feedback, making decisions, and metrics.

It’s been a shift for me, even though I knew it was coming. I have to delegate or else I get to caught in the day-to-day operations. It’s not efficient for me as a manager. I’ve seen others get promoted into management and struggle. Largely because they still wanted to do the technical things and get paid as a manager. That’s just not possible based on the role. I’ve always wanted to go into management. I find the challenge in how do I get the most of the people that report to me. How do you make someone as productive as possible.

Oh, it’s also about politics. If you can’t, “play” the political game you will struggle as a manager. To get things done as security professionals requires building relationships with other departments. We in security have a big stick. Using that stick to get things done has the effect of making people not like you. Instead I like to build relationships using the techniques of social engineering. It’s much more effective and people tend to like you afterwards.

A resource that helped me prepare for a management role is Manager Tools. It’s a great tool for figuring out how to be an effective management. They’ve been around for several years with lots of topics to dive into. Even if you’re not interested in management they have the Career Tools podcast, which focuses on career advice. There’s resume, interviewing, how to ask for a raise, and much more. The hosts are very direct and to the points, which will rub some people the wrong way. They have data to back up their recommendations, though. I can confirm that using their techniques has helped me shift into management and become a better professional. The most beneficial being how to write a resume and interviewing.

Prior to listening to the Career Tools podcast, I struggled writing resumes and interview. This despite going to seminars and reading books on how to do both. At one point it took me 15 months to find a new opportunity. After listening to the podcast I increased my job offers dramatically and eventually found my current opportunity that I hope to retire from.

I’m hoping to document my experiences in future blog posts. While I’m not as focused on the technical infosec things, maybe I can contribute from the career advice of things.

April 23, 2019 /Timothy De Block
Career, Resources
Experiences
Comment
EIS_PodcastArt.jpg

Life and podcast update

March 06, 2019 by Timothy De Block in Experiences

Tonight I will be sitting down to record the last podcast of the Exploring Information Security podcast. I wanted to take a moment and put it in blog form to collect my thoughts. It’s been a wonderful ride producing the EIS podcast. I started it back in 2015 because I wanted to shift my energy to the infosec field. Previously, I produced an Astros podcast that ran for three to four years. We’ve hit around the same amount of episodes.

Energy is the key word

I’m find it hard to get motivated to produce podcasts for EIS. The quality of the last two months of the podcasts have been below my standard. I apologize for that. I also believe that it’s a sign that I may need to stop producing episodes for the foreseeable future. I say foreseeable future, because I think the podcast is a wonderful resource for people in the industry. I’d like to continue. The motiviation and the energy I get from the podcast isn’t there. Part of that, I think, is due to my schedule last year.

I went to eight security conferences last year. I traveled every month for both security conferences, training, holiday, and leisure activities. I was worn out by October and ended up leaving DerbyCon early because I wasn’t in a great place mentally. I’m trying to take a break this year. I have plans for two security conferences this year and that’s it. I’ve been going hard in the infosec community doing podcasts, attending conferences, speaking, volunteering, and blogging. That’s all led to my current role.

I was promoted

I am now the manager of security engineering, application security, and pentesting at my company. I couldn’t be happier. I also couldn’t be more exhausted. I come home more much more drained. That’s partly because I’m spending a few more hours at work each week. It’s also because, it’s a constantly flow of work and I’m trying to get adjusted. My mindset has also shifted. Now instead of being as concerned about a security appliance or control, I’m concerned about how I put my people in the best position to succeed. I’m managing workload more than actually doing the work. I’m trying to figure out how we can be more efficient, while also navigating the political minefield.

Management is something I knew I wanted to get into years. So much so, that I’ve been listening to Manager Tools since 2014. I have a great manager and a great CISO. You probably don’t know there names and that’s okay, because there’s a lot of good people in the security industry that are doing good work that you don’t know about. I’m fascinated by that and I’m curious if that’s something I should do. Pull back from the community. Contribute and do it more strategically (manager word!).

Future of the podcast

Maybe this is it. Maybe I bring it back in a year. Maybe I start a new one. I don’t know. Maybe someone takes up the EIS logo (contact me timothy[.]deblock[@]gmail[.]com or Twitter @TimothyDeBlock). I’d like to maybe blog more. Right now I’m focused on my new position. I’m focused on putting my people in a position to be successful in the field. I’m focused on my family who hasn’t had me home as much because I was at a conference or a meetup. This isn’t good bye. This is the closing of a chapter and the start of a new one.

March 06, 2019 /Timothy De Block
EIS, Podcast, Career, Management
Experiences
Comment

The more I dig into #infosec the more I find that the really good people aren't people you've heard about on Twitter.

— Timothy De Block (@TimothyDeBlock) January 29, 2019

Some thoughts on infosec and social media

January 30, 2019 by Timothy De Block in Experiences

I posted the thought above on Twitter a couple nights ago.

Rereading it, I feel I need to expand upon my idea, because there are a couple motivators for the tweet. First, the tweet was not worded very well. It comes off as saying that people on Twitter are not as good as those not on Twitter. This wasn’t my intention. I think there are really good people both on and off Twitter. The idea is more about myself and evaluating whether or not I’d be a better infosec person if I were to stay off Twitter.

A majority of the people I work with on the security team are not on Twitter. All of them are really good at what they do. I know there are more of those types of people, because I’ve worked with others who are really good at what they do. Twitter is a very small subset of the people within the infosec field. I think it’s important that what is said and done on Twitter doesn’t necessarily reflect on the entire industry. I was also watching a YouTube video at the time of a buddy of mine who has a Twitter account, but doesn’t tweet a lot. He’s really smart and is doing some pretty amazing things in the field. I’ve wondered if I need to be spending more time being productive and less time on Twitter.

Twitter being just a small part of Twitter is also why I was a bit disappointed to hear that this year is DerbyCon’s last. I like to go to DerbyCon. I have a good time and I catch up with friends and make new ones. There’s a lot of positives to the conference. Unfortunately, there is also some drama, which gets amplified by Twitter. It’s draining on the conference organizers. I get it and I don’t have any ill feelings towards their decision. It’s their conference.

What I think it highlights to me is that sometimes we need to step out of our own little bubble and look around. Twitter, and social media, is our own little world. We create it and curate it to our beliefs and preferences. It can certainly be a useful tool for information, but it can also create our own bubble that consumes and drowns us.

Things that get our attention the most are on social media are controversial. It’s frustrating and depressing. I take solace in the fact that there’s a larger world with the those things but also a lot more good.



January 30, 2019 /Timothy De Block
social media, DerbyCon, infosec
Experiences
Comment

I did a thing!

January 04, 2019 by Timothy De Block

I bought a C922 Pro Stream Webcam at Best Buy last week (thanks for the price match!). I’ve always been intrigued by streaming, but was never able to pull the trigger. That changed last week. I figured why not! Plus, I can try using it for the podcast.

If I can get affiliated (need followers and interaction in chat), I can start making money. With that money I intend to donate it to a monthly charity. I’m guessing this could take a while as I build an audience, however, it’s something I consider a goal in 2019. If Twitch is your thing, I’d greatly appreciate that support!

Check out the Twitch channel.

January 04, 2019 /Timothy De Block
Twitch, Streaming, Media, Overwatch
Comment
  • Newer
  • Older

Powered by Squarespace