Finding my place, again

October 22, 2018 by Timothy De Block in Experiences

I started writing another Finding my place post. Two paragraphs in I decided to check my website. Yup, I already wrote the post (how embarrassing would that have been?). That post was written in early August, almost two and half months ago. I think I’m still trying to find my place. The Mike Shinoda song at the top of the post is something I play on a daily basis (maybe every day or two). It’s a really good song and something that expresses how I’m feeling.

I’m still trying to find my place. I am taking more time for myself. I’m spending more time with the family. I’m not sure that’s been the best option for me. I have a five and nine year-old and boy can they wear an adult out (much love to the wife). I spent last week on PTO playing video games and watching baseball. I hopped on the computer after putting the kids down and I don’t really feel like playing video games right now. I’m taking a step back.

I have a strong urge to write. A strong urge, apparently, to write something I already wrote (and here we are).

I’m not really sure what I’m expecting out of this post. I think, I’d like to highlight that not everyone has it figured out. I have a kick ass job. A podcast that’s growing. I drink a little more than I should (On number three and feeling good). I probably don’t spend enough time with the wife and kids. I don’t know where I want to go from here. I’m just kind of making it up as I go.

Writing feels good and maybe that’s part of it. I have a need to be productive. If I’m not, I’m not satisfied. That comes at a cost though. It comes at a cost to my personal time. It comes at a cost to my family time. It’s a catch 22!

I’m trying to take a step back right now. I feel like I have those goals in video games. In Overwatch it’s weekly quests and getting my 10 placement matches in. In WoW it’s unlocking allied races that I can then also get to max level (120). I like doing that stuff, but it’s personal goals. It doesn’t benefit anyone else but me. I like benefiting others. It’s why I volunteer at conferences. It’s why I’ll be on my feet for 12 hours a day at DEF CON for the SE Village. I came back more refreshed from DEF CON more than I did any other conference.

That wears on me too though. The constant serving others. I’m trying to find that happy medium. Maybe that happy medium is a fantasy. Maybe life is meant to be these struggles. I feel ashamed that my struggle is being in such a good place. I guess that’s life.

2018-10-11 20_07_58-OSINT - Google Search.png

OSINT resources for beginners

October 22, 2018 by Timothy De Block in Technology

I know what you’re thinking, “not another resource for OSINT.” This post is more focused on helping people just getting started with open source intelligence (OSINT).

This is the second of several resource posts I’d like to do that point people to some getting started resources. This is not meant to be an exhaustive list. Instead I’d like to highlight some of the resources I have found useful and use on a regular basis. This is meant more as a gateway into the deep field of OSINT.

Websites:

Google is the primary tool I use for doing searches. Learning how to Google Dork is one of the most useful skills to have in security, not just OSINT. IntelTechniques has a lot of useful tools for doing specific searches. OSINT Framework has over 1200 tools available for OSINT. Plenty of opportunity to fall into rabbit holes.

People:

These are all people I’ve interacted with regularly or had on the podcast previously to talk about OSINT and threat intelligence.

Training:

I took SANS SEC487 earlier this year and it is exhaustive. Lots of information, tools, and methodology in the course. I also recently took Social Engineer’s Advanced OSINT course at DerbyCon. It’s a shorter and much more focused course. It provides opportunities to play with certain techniques (Google Dorking) and tools (Maltego). Recently, Justin told me he was doing an OSINT course. Follow him on Twitter (above) to keep up with dates and links.

Podacsts:

OSINT on Exploring Information Security

I think this is the easiest way to capture all the podcast content. Plus, it keeps this blog post a little shorter and more streamlined. I don’t want this to be a super long post. The links I’ve provided in this post will lead you to other resources, tools, and ideas in OSINT.

How to get started with OSINT

Something to think about is use cases. Penetration testers use OSINT for assessing and organizations security aptitude. Investigators use it to track down people and companies. Incident responders use it to track malicious domains. Threat hunters use it to identify threats and risks to an organization. Those are some of the things I’ve used OSINT for working on a blue team. I’ve heard of use cases for police, insurance companies, and organizations looking to make acquisitions.

Methodology is also really important. It’s what keeps us from jumping too far down a rabbit hole. Dutch OSINT Guy has a good post on methodology. It’ll take practice and experience, so really just go do it and learn.

BSides Nashville 2018

Information Security resources for beginners

October 16, 2018 by Timothy De Block in Technology

I wrote a recommended resources post back in early 2017. I’d like to update that, as the resources I recommend have changed. I try not to think of my podcast as something for new people to the infosec field. However, the people reaching out to me the most are people who are new to the field. So, I’ve given in and I want to start creating a series of posts directed at new people or those trying to get into the industry. These posts are meant as a gateway, not an exhaustive list.

These are the resources I find the most useful. With out further ado.

Websites:

Krebs is considered the public Intrusion Detection System (IDS) for companies. If you’re getting a call from him, it’s probably not good. He covers various topic primarily around breaches, skimmers, and unmasking malicious actors. I’m friends with Steve. He reports on a variety of infosec related topics. When something breaks on Twitter he’s one of the first people I check to get accurate information.

Podcasts:

Risky Business is the best security podcast out there. It’s the podcast with the best content and quality. The podcast allows me to stay up with the latest infosec news. He’s got sponsored (gotta pay dem bills) podcasts that are just as useful. Security Weekly was the first podcast I listened to. It’s great for getting information and gaining an understanding of the hacker culture. After a while, for me, it turned into a bit of a boys club where they go off on tangents and genital jokes. Episodes are usually two hours long which sucks up a lot of podcast listening times. Finally, there’s the Peerlyst list of podcasts. It has an exhaustive list of infosec related podcasts.

Conferences and local user groups:

Conferences and local user groups are a great place to learn, while also meeting people in the field. The security community is inclusive and welcoming if you put yourself out there. That means doing that awkward social thing. There is very likely a BSides near you. Most local user groups can be found on meetup.

Training:

Information security is an ever changing field. To stay relevant in the field requires curiosity and a willingness to learn new things. Before getting to that point, we need to learn the basics. Irongeek and Pluralsight help with the basics and staying up-to-date. SANS SEC401 is a general course that will provide a good foundation for any security professional. I thought I was above the course, as I was taking it three years into my infosec career (and several more in IT). I was so wrong. The course helped fill in a lot of gaps for me from a security and IT perspective. I highly recommend the course for beginners and those already in the field.

Pen and paper are your most important tools in IT

August 30, 2018 by Timothy De Block in Experiences

I put out a tweet earlier today that seems to have resonated with people.

Pro tip for those in a junior IT position: Have a notepad and pen ready for notes during meetings and when someone is showing you how to do something.
— Timothy De Block (@TimothyDeBlock) August 30, 2018

The tweet was a result from a conversation I had with someone in IT. They were asking me about a decision made in a meeting they were not only in, but also setup. I was a little flabbergasted that he was asking me about what decision was made. "You didn't take notes?" was my first thought.

One of the best (if not the best) tips I've been given in IT, is to bring pen and paper. The idea being to write down instructions or jot ideas or action items or decisions in meetings.

Many years ago, shortly after landing my network administrator gig, I was being shown how to administer one of the many tools we have. As we started going through the tool, the senior in the room asked me why I didn't have a pen and paper. I didn't have an answer. I was then asked how I was expected to remember the instructions. Since then I've gone through hundreds of notebooks. At one point I had them categorized between instructions, troubleshooting, investigations, and a variety of other topics. I don't think there's a true way to take notes. Whatever is found to be the most effective.

For me, it's about step-by-step instructions, follow-up questions, and action items. For follow-up questions, I circle them so I need to go back. For action items, I use a rectangle. Step-by-step instructions are transferred to our documentation repository. Everything else is for remembering context or decisions later.

I take a notepad and two pens to every meeting. I leave my laptop at my desk unless I need to run a meeting. This is two-fold. I don't want to be distracted by the computer and writing things down is more effective for memory retention than typing. I bring two pens in case someone forgot their pen (makes a good impression) or one of mine explodes or stops working.

It's one of the most effective things you can do on a daily basis. If you want to dive into why it's important I recommend Career Tools A Notebook And A Pen episode. They also have several other's on how to take notes. It's what helped me refine my approach.

Finding my place

August 05, 2018 by Timothy De Block in Experiences

Two years ago I move to Tennessee.

We moved because I was taking my dream job as a senior software security engineer. I was sitting with developers as their security resource and improving their security in the software development life cycle. It was the culmination of two and half years of stress, frustration, and putting my family second.

I went to my first BSides in November 2013. It was in beautiful Charleston, South Carolina. I remember it as an overcast day. I went with a buddy from work. The visit would kick of a five year tour of security conferences, two local user groups, and two podcasts. I've put a lot of time into the infosec community, because I knew it would help me advance my career. The reason I found my dream job was at one of the two local user groups I helped get started. The reason I got hired was because of the conferences I attended, the local user groups I helped start, and the podcasts I produced. My experience working with developers helped too.

After getting settled, I started to feel a little lost. For years I had pushed towards the goal of putting our family into a better situation financially. For me to find meaning and feel like I was making a difference. I accomplished both of those goals two years ago. For the past two years I've been struggling to figure out my next goal in the infosec community. I've been lost. I've spoken at multiple conference. I've given training. I've helped organize. Nothing has re-ignited that passion people say I have for the community.

I've thought about starting another local user group in middle Tennessee. I have talk ideas. I have new podcast ideas. I have training that I've started and thought I wanted to continue. None of that is keeping me engaged. I know a lot of good infosec people who aren't on Twitter. They're not going to multiple security conferences a year. They're still doing a damn good job. I envy them.

I've started to spend more time with my family. My kids are at the age where we can play board games. My wife loves playing Splendor. She recently went and saw The Ant-Man and The Wasp and thought it was a good movie. I think I can get her to watch Ironman and the other Marvel Cinematic Universe (MCU) movies.

We moved into a new house last year and we couldn't have asked for a better set of neighbors. Four households are hanging out regularly. We're barbecuing together. We're doing date nights together. We're planning future trips together. All of this is eating into the time I put into the infosec community. I missed putting out a podcast because I've started to focus on things outside of the community.

I'm starting to come to the realization that's okay. It's okay to to focus on things outside the community. I've never had a passion for the infosec community. I've had a passion to provide the best for my family. I could have done the same in another field. I almost joined the military as a paralegal. I believe I would have done just as well in the legal field as I've done in the infosec field.

Going forward, I plan to spend more of my time with family and friends. I still plan to be involved in the infosec community via the podcast, and conferences. The idea, is that the reason why I've struggled to find my place is because I've been focusing on meaning from the wrong area of my life.