Life and podcast update

March 06, 2019 by Timothy De Block in Experiences

Tonight I will be sitting down to record the last podcast of the Exploring Information Security podcast. I wanted to take a moment and put it in blog form to collect my thoughts. It’s been a wonderful ride producing the EIS podcast. I started it back in 2015 because I wanted to shift my energy to the infosec field. Previously, I produced an Astros podcast that ran for three to four years. We’ve hit around the same amount of episodes.

Energy is the key word

I’m find it hard to get motivated to produce podcasts for EIS. The quality of the last two months of the podcasts have been below my standard. I apologize for that. I also believe that it’s a sign that I may need to stop producing episodes for the foreseeable future. I say foreseeable future, because I think the podcast is a wonderful resource for people in the industry. I’d like to continue. The motiviation and the energy I get from the podcast isn’t there. Part of that, I think, is due to my schedule last year.

I went to eight security conferences last year. I traveled every month for both security conferences, training, holiday, and leisure activities. I was worn out by October and ended up leaving DerbyCon early because I wasn’t in a great place mentally. I’m trying to take a break this year. I have plans for two security conferences this year and that’s it. I’ve been going hard in the infosec community doing podcasts, attending conferences, speaking, volunteering, and blogging. That’s all led to my current role.

I was promoted

I am now the manager of security engineering, application security, and pentesting at my company. I couldn’t be happier. I also couldn’t be more exhausted. I come home more much more drained. That’s partly because I’m spending a few more hours at work each week. It’s also because, it’s a constantly flow of work and I’m trying to get adjusted. My mindset has also shifted. Now instead of being as concerned about a security appliance or control, I’m concerned about how I put my people in the best position to succeed. I’m managing workload more than actually doing the work. I’m trying to figure out how we can be more efficient, while also navigating the political minefield.

Management is something I knew I wanted to get into years. So much so, that I’ve been listening to Manager Tools since 2014. I have a great manager and a great CISO. You probably don’t know there names and that’s okay, because there’s a lot of good people in the security industry that are doing good work that you don’t know about. I’m fascinated by that and I’m curious if that’s something I should do. Pull back from the community. Contribute and do it more strategically (manager word!).

Future of the podcast

Maybe this is it. Maybe I bring it back in a year. Maybe I start a new one. I don’t know. Maybe someone takes up the EIS logo (contact me timothy[.]deblock[@]gmail[.]com or Twitter @TimothyDeBlock). I’d like to maybe blog more. Right now I’m focused on my new position. I’m focused on putting my people in a position to be successful in the field. I’m focused on my family who hasn’t had me home as much because I was at a conference or a meetup. This isn’t good bye. This is the closing of a chapter and the start of a new one.

The more I dig into #infosec the more I find that the really good people aren't people you've heard about on Twitter.
— Timothy De Block (@TimothyDeBlock) January 29, 2019

Some thoughts on infosec and social media

January 30, 2019 by Timothy De Block in Experiences

I posted the thought above on Twitter a couple nights ago.

Rereading it, I feel I need to expand upon my idea, because there are a couple motivators for the tweet. First, the tweet was not worded very well. It comes off as saying that people on Twitter are not as good as those not on Twitter. This wasn’t my intention. I think there are really good people both on and off Twitter. The idea is more about myself and evaluating whether or not I’d be a better infosec person if I were to stay off Twitter.

A majority of the people I work with on the security team are not on Twitter. All of them are really good at what they do. I know there are more of those types of people, because I’ve worked with others who are really good at what they do. Twitter is a very small subset of the people within the infosec field. I think it’s important that what is said and done on Twitter doesn’t necessarily reflect on the entire industry. I was also watching a YouTube video at the time of a buddy of mine who has a Twitter account, but doesn’t tweet a lot. He’s really smart and is doing some pretty amazing things in the field. I’ve wondered if I need to be spending more time being productive and less time on Twitter.

Twitter being just a small part of Twitter is also why I was a bit disappointed to hear that this year is DerbyCon’s last. I like to go to DerbyCon. I have a good time and I catch up with friends and make new ones. There’s a lot of positives to the conference. Unfortunately, there is also some drama, which gets amplified by Twitter. It’s draining on the conference organizers. I get it and I don’t have any ill feelings towards their decision. It’s their conference.

What I think it highlights to me is that sometimes we need to step out of our own little bubble and look around. Twitter, and social media, is our own little world. We create it and curate it to our beliefs and preferences. It can certainly be a useful tool for information, but it can also create our own bubble that consumes and drowns us.

Things that get our attention the most are on social media are controversial. It’s frustrating and depressing. I take solace in the fact that there’s a larger world with the those things but also a lot more good.

I did a thing!

January 04, 2019 by Timothy De Block

I bought a C922 Pro Stream Webcam at Best Buy last week (thanks for the price match!). I’ve always been intrigued by streaming, but was never able to pull the trigger. That changed last week. I figured why not! Plus, I can try using it for the podcast.

If I can get affiliated (need followers and interaction in chat), I can start making money. With that money I intend to donate it to a monthly charity. I’m guessing this could take a while as I build an audience, however, it’s something I consider a goal in 2019. If Twitch is your thing, I’d greatly appreciate that support!

Check out the Twitch channel.

2018-12-26 23_10_38-We are OSINTCurio.us – Helping the OSINT community stay curious.png

Curious about OSINT?

December 27, 2018 by Timothy De Block in Media

Check out https://osintcurio.us/. It’s a new site authored by several pretty well known names in the industry. How it got started is a mystery (how I got invited is even more of a mystery).

I’m really excited for the site. There are already 11 posts on the site (including my origin post), including one about Python and how to use it for OSINT purposes. As with other communities I’ve contributed to, there’s a lot of excitement to start. Then it dies off. I don’t think this is the case here. There’s a lot of people involved that are really into OSINT. Most of them are regular contributors. I hope I can match their energy for this site.

BSides Nashville 2014. One of the first pictures I took for the security community.

How to increase your chances of breaking into infosec

December 19, 2018 by Timothy De Block in Experiences

Get involved with the infosec community. That’s it. I’ll elaborate.

The best way to get hired for a security role is to know someone. The key part of that sentence is the, “know someone” part. That requires getting out there and doing things within the community. That can be a variety of things:

Contributing to open source projects.
Become an active member of a niche community in the field (OMG the slack channels out there). Writing a blog post.
Producing a podcast.
Attend a conference.
Shooting pictures at a conference.
Volunteer at a conference.
Speak at a conference.

These are all the things I’ve done. I also see people doing things like:

Twitch streaming.
Writing a book.
YouTube channels.
Singing.

Find something you’re really passionate about (not infosec) and bring it to the field. For me it started with photography. I’ve always liked taking photography. I have a media arts degree and took some photography courses (so I kind of not what I’m doing). I reached out to a BSides organizer to see if they’d be okay with me coming and shooting some pictures at the conference. That one contribution, eventually led me to my current place of employment (and I absolutely love what I’m doing).

It was BSides Nashville. One of the organizers works at the place I’m currently employed. They were looking for an AppSec guy, so told her AppSec guys. I luckily knew one of those AppSec guys and as a matter of fact had just started an OWASP Chapter with that AppSec guy. You never freaking know when things will connect for an opportunity*.

* I met my wife, because we saw someone we knew on the highway at 80 MPH. A story for another time.

Prior to that I would look for a job via online postings. At one point it took me 15 months to find a new job. I got into security via a job posting, so there is a path that way. It’s just not the most efficient. I got my next security role, because I had helped start a monthly local user group meetup. The CISO was looking for a few good security people. That local user group has gotten several other opportunities. Mostly because of who you know; partly because it looks really good on a resume. It looks like you’re engaged.

Everyone has a different path. What increases the chances is getting out there. Contributing without expecting anything in return. Showing that you can provide value to someone else. What are your strengths and passions? Now bring that to the infosec field.