SlideShare a Scribd company logo

Infosec & failures

Ange Albertini
Ange Albertini

video recording https://www.youtube.com/watch?v=erZ2JlfTtcE (smaller deck, but w/ more personal details) Ange Ąż杏 Albertini Hack.Lu - October 2017

Technology
1 of 79
Download to read offline
Infosec & failures Ange Ąż杏 Albertini Hack.Lu - October 2017 *new slides
This talk is not about "funny" failures . ...not about making fun of people failing to understand or unable to take measures. That's patronizing at best, and often bullying. http://gunshowcomic.com/648
Same old song. I me mine. See? I told you! They suck. *
Infosec is typically about winning A series of "Success stories" to impress/motivate you. They present their wins, but you don’t see their numerous failures. Stars waste their energy to become big and create hot air, black holes naturally attract others.
There's a lot to learn from others' failures - tune down your impostor syndrome. - the grass is not that green on the other side…
the presenter Instructions to manually remove a boot sector virus With a hex editor In a french magazine in 1989. - Interested in Infosec since 1989 - Video games preservation since 1999 - Drawing since 2012 All opinions expressed during this presentation are mine and not of my employer(s), present or past. http://fr.1001mags.com/parution/svm/numero-66-novembre-1989/page-146-147-texte-integral
As you probably just noticed, I'm not a psychologist. No complex concepts, no latin words. I can't parse their format anyway. *
the talk - another enumeration of <worked for me>? - I've been already told that I'm "successful". But according to what? - behind each of my "successes", so many failures my head hurts. - There's plenty of stuff I'd like to have been told before. So here they are - they might sound obvious, or not. http://owlturd.com/post/166478439794
Personal Group This is a 2 part talk, about 2 kinds of failures...
I keep seeing the same repeated recipe with the same baseless hope for change. You can't find anything new if you keep trying the same way. I've seen too many people burning out. And many people don't understand the difficulties of infosec.
Group failure What could we improve?
Infosec feels like an oral tradition. To study a new topic, you have to jump from talks to article to blog posts. It looks ok, but nothing happens when a link dies.
Share differently? Too many conferences. Conferences -> paper -> 1 URL -> single point of failure?
Preserve knowledge Just rely on the Internet Archive and VirusTotal ? Knowledge preservation is about content preservation, not file structure - actual PoC crafting
We can't even replay old exploits and learn from them. Retrogaming was weird/awesome when it started, now it's mainstream. How long before RetroPwning is a thing? How long before we store a Vm snapshot - not just a PoC - per working exploit?
We can't even re-use our own knowledge. Yet we blame others for 'not knowing' or not listening to us. So many… conferences, talks, FUD, snake oil, buzzwords… So much noise…
So many talks, then what...? Too much noise! Up to each of us to sort everything ourselves… (and it's tiring)
There's no trail of knowledge to follow. Too few experts. too few milestones to refer to. And many broken links. Only Academia preserves. Is the model of free slides bound to fail?
Books I'd buy. Best of Hack.lu
Conference talksCurse or blessing? * https://www.tomgauld.com/
...is overrated! It's not because you can't present that you can't be amazing. (and too often, a presentation is not the most useful way to share your findings) Presenting is full of arbitrary standards - "5 ideas per slides. 1 min per idea. 15 secs between slides" - which can be a huge waste of energy. PRESENTING *
You were selected! Ask how many talks were rejected! You know your topic, and you even improved since you submitted! Be honest, be yourself, use your style: Infosec needs moar diversity. Worried about your talk? *
It's just normal! It's just that you're focused on the important things. It won't disappear with experience, you'll just get used to it. It just helps you to tone down little disturbing things - such as lack of sleep, hunger... - before your talk. Pre-talk anxiety *
Just be careful of Q&A! The bigger the crowd, the more stupid the questions, (shameless people can hide more easily) => Politely redirect them to /dev/null Speaking in front of a bigger crowd is easier ! *
Imagine speaking in front of: your employer, your parents [in laws], your banker, the top 10 experts in the industry, and your worst enemy… OMG my life is doomed! Now imagine if they're all hidden in a huge crowd! Pfew! Now they're much less likely to even reach the mike :) *
A shot of non-fuzzy alcohol, Strike a victory pose, your favorite music - YMMV! It could improve your mood, and consequently the whole talk. Give yourself one last push before the talk *
More efficient than your next talk? - Gather materials. - Write notes. - Prettify (optional) - share / sell You can even do it for someone else's content. => https://archive.org/details/4amthology
Infosec jumping the shark Infosec jumping the shark https://twitter.com/MalwareTechBlog/status/920017904359186432
Not enough responsibility? Laws to back your claims? Branded vulnerability? Crappy specs? Snake oil? We know they're wrong, But the culprits are still at large!
The Infosec crash is coming. Like the video game crash of 1983? Too much noise and hype => loss of trust/interest
Short-sighted goals are addictive. Wait for measurable badness, fix, show impact. Prevent an entire attack class… no measurable impact. Guess which ones make your shareholders happy?
Short-sighted goals are here to stay. Even breaches don’t make so much financial impact. Nothing will change until a breakpoint hits. Insurances will eventually make a difference? (they associate money with restrictions)
We’re just at the start of a cycle... Computer infosec is still very new. I'm just trying to be realist, but please prove me wrong :D
Personal failure Nothing matters if You’re broken inside.
You are the most important person in infosec. Because nothing will matter anymore if you’re broken/burnt out.
Infosec makes it easy to burn out. Bullsh*t bingo, Snake oil, drama… It's seen as a gold mine by many opportunists.
listen! Since broken people can't easily speak anymore. If you're fine people often look happy right before taking action: they have already taken their decision, so they feel "relieved".
Fix yourself... ...and then you can help and fix others later. If you're broken
Infosec is about failure. Accepting, embracing, avoiding… It doesn’t mean we want to fail! But we need to accept the state of failure. The knowledge will come. The more the better. My most important advice
You can't know the path if there is no map.
The Shadoks mentality: 1 chance in a million? Fail 999,999 times ASAP! My motto: let's fail! And learn why! https://en.wikipedia.org/wiki/Les_Shadoks
A single success is a long line of failures.
TRY DISCARD BETTER? KEEP My only algo for creativity.
It's ok to... - Have no idea what do to next - To have taken the "wrong" path - To have taken "too much" time
Loosing hope? Find yourself a sub-quest: - to keep the engine running. - to bring extra knowledge, in a playful way. Letting the dough rest is not a cooking failure. Keep that fidget spinning around your fingers. Can’t beat the stage boss? Get more XP in side quests!
How good you think you are How good you are Impostor syndrome (conscientious expert) Dunning-Kruger effect (shameless ignorant) Which one is the best? PS: I have 2 I.S. feeding each other (for reversing and for drawing). http://chainsawsuit.com/comic/archive/2014/09/02/impostors-revealed/
What I know What I think other people know. What I know What other people know.
All you need is the right challenge. Turn your daily routine in fun challenges. InfoSec can be veeeery boring... Start Playful path BOOORING TASK FUN GOAL
Spare energy
What doesn't kill you make you stronger: choose your archenemy wisely. Don't spend too much energy with the minions.
Blame the game, not the players! Be careful of power dissipators!http://dilbert.com/strip/2017-10-02
Forgive You'll spare some energy for yourself. Try walking in their shoes before blaming. Do not forget That's nitro for your willpower. *
TBH you don’t need an archenemy. Finding a mentor / soulmate Can change your world. anyway, just ignore the players. Most of them don't deserve to be your enemy.
Diversity is good! For your brain, for your skills. People outside your speciality or even infosec can really make a difference in your work/life. Go and speak to people. Outside your team, outside your comfort zone.
Out of fuel? Take a break! (I know, it’s hard sometimes) Your friend can't take a break? Insist! "Force them"! Break their phone! Kidnap them (j/k)
Ultimately… you don't owe Infosec anything! Feel free to leave (some awesome people in Infosec are "just" hobbyists) Come back if you wish, as you are.
Others can't always share your perspective. No, not even your closest friends. Follow your convictions - and try! time critics Progress "Weird" "New"
if I'd listened everything that they said to me, I wouldn't be here! and if I took the time to bleed from all the tiny little arrows shot my way, I wouldn't be here! the ones who don't do anything are always the ones who try to put you down and you could spend your entire life walking around in the nowhere land of self doubt Henry Rollins - Shine
Can’t make big plans? Just be a lemming! just one. single. tiny. step at a time. repeat
There's no useless step. A tiny weird gear now could be the missing piece in a whole engine later. *
Can’t get motivated? Set a deadline w/ a 3rd party Just make a tiny bet with a friend, And imagine their grin if you fail. Deadline as a Service ? :)
It has to start somewhere It has to start sometime What better place than here, What better time than now? RATM - Guerilla Radio If we don’t take action now, We settle for nothing later RATM - Settle for Nothing
Cherish your little flame Keep some daily time for yourself To do your own personal stuff. Maybe do it right at the start of the day! Whatever rocks your boat, really! Your shadow is for Plato's cave - keep the flame for yourself!
You can't take care of anything/-one if you can't take care of yourself first! And your body too, there's no health credit!
You're not ugly, You're just not your type. You were born with a specific body, but your brain later decided to prefer a different kind. * Appreciate your body, it's your best supporter.
Data is addictive: we can't help judging arbitrarily. => Drop some tables and give people more air. Linux/Windows, IDA/Radare, Vi/Emacs, Tab/Spaces, Intel/At&t, Certifications... Diploms? Where we're going, We don't need diploms.
Don’t worship Everyone makes mistake, (and everyone eventually gets replaced) so anyone could be proved wrong. Listen, but also try. Best answer to feedback: “what did you try?”
Need ideas? You probably have great ideas - There’s no jungle in Finland ;) Disconnect: all devices off, out of reach, out of view. Isolate: noise cancelling, background noise, shower, bar... Pen & paper: to not forget without being disturbed. Or a laptop with a single open editor window at best. Speak out loud: put your brain at rest. 10 mins of purge your daily misery, 10 mins of cold boot. Uninteresting people makes excellent whitenoise generator :p
Keeping ideas They go away too fast, really! Keep a notebook with you, next to your bed. And yes, wake up at night to write them down. You'll be grateful the next day. *
If you don’t even try, your idea is worth nothing. If you don’t try your own idea, you can’t convince anyone else to. Your ideas are born in their most favorable ecosystem: you.
If you feel out of place in this world, then you were born to create your own. *
Death(can't be more gloomy, can we?) Don't take it like this...
Death is just the last action in your own game. What will you do before? BPX ExitProcess. Run. Break. What’s on your memory dump?
Conclusion
(Wow, that was gloomy) Don’t take all this too seriously, I’m only sharing opinions! I even fail at writing proper conclusions. Don't mind me, I'm just an impostor ;)
Fixing the world's systems starts by fixing infosec. Fixing infosec starts by taking care of yourself. Iwishyouhappywins... ...andmanyconstructivefails;)
Reminder: It's about using your energy wisely. Not an excuse to be a @!#?@!: A @!#?@! stays a @!#?@!.
* "Cry me a river" ? No privilege prevents your brain to mess you up. (color, religion, gender, orientation, health, wealth...) Yes, I probably have it easy.
Acknowledgments: NewSoft, Gynvael, Doegox, Halvar Joachim, Bruno, Claudio, Barbie, Paul. Thanks! Feedback?

Recommended

You are *not* an idiot
You are *not* an idiotYou are *not* an idiot
You are *not* an idiot
Ange Albertini
 
Beyond your studies
Beyond your studiesBeyond your studies
Beyond your studies
Ange Albertini
 
10 Ways to Turn Your Learners into Zombies
10 Ways to Turn Your Learners into Zombies10 Ways to Turn Your Learners into Zombies
10 Ways to Turn Your Learners into Zombies
Kineo
 
Easy tips for your tweets by bill stankiewicz,
Easy tips for your tweets by bill stankiewicz,Easy tips for your tweets by bill stankiewicz,
Easy tips for your tweets by bill stankiewicz,Bill Stankiewicz
 
authoring a hero's journey: finding meaning through story
authoring a hero's journey: finding meaning through storyauthoring a hero's journey: finding meaning through story
authoring a hero's journey: finding meaning through story
Joyce Hostyn
 
Ten ways to turn your learners into zombies
Ten ways to turn your learners into zombiesTen ways to turn your learners into zombies
Ten ways to turn your learners into zombies
Cammy Bean
 
Writing better e learning
Writing better e learningWriting better e learning
Writing better e learning
Cammy Bean
 
Caesar
CaesarCaesar
CaesarSammy Ennebt
 

Recommended

You are *not* an idiot
You are *not* an idiotYou are *not* an idiot
You are *not* an idiot
Ange Albertini
 
Beyond your studies
Beyond your studiesBeyond your studies
Beyond your studies
Ange Albertini
 
10 Ways to Turn Your Learners into Zombies
10 Ways to Turn Your Learners into Zombies10 Ways to Turn Your Learners into Zombies
10 Ways to Turn Your Learners into Zombies
Kineo
 
Easy tips for your tweets by bill stankiewicz,
Easy tips for your tweets by bill stankiewicz,Easy tips for your tweets by bill stankiewicz,
Easy tips for your tweets by bill stankiewicz,Bill Stankiewicz
 
authoring a hero's journey: finding meaning through story
authoring a hero's journey: finding meaning through storyauthoring a hero's journey: finding meaning through story
authoring a hero's journey: finding meaning through story
Joyce Hostyn
 
Ten ways to turn your learners into zombies
Ten ways to turn your learners into zombiesTen ways to turn your learners into zombies
Ten ways to turn your learners into zombies
Cammy Bean
 
Writing better e learning
Writing better e learningWriting better e learning
Writing better e learning
Cammy Bean
 
Caesar
CaesarCaesar
CaesarSammy Ennebt
 
Super fast product creation
Super fast product creationSuper fast product creation
Super fast product creation
PLINIOLOPESCALDEIRA
 
Make du Jour ipadpalooza16
Make du Jour ipadpalooza16Make du Jour ipadpalooza16
Make du Jour ipadpalooza16
Amy Burvall
 
Design for dreams not needs: who do you want your customers to become?
Design for dreams not needs: who do you want your customers to become?Design for dreams not needs: who do you want your customers to become?
Design for dreams not needs: who do you want your customers to become?
Joyce Hostyn
 
Dangerous Ideas Intro Quotes
Dangerous Ideas Intro QuotesDangerous Ideas Intro Quotes
Dangerous Ideas Intro Quotes
Brian Auger
 
Cognitive Rehab - David McRaney and John Romano from SXSW 2015
Cognitive Rehab - David McRaney and John Romano from SXSW 2015Cognitive Rehab - David McRaney and John Romano from SXSW 2015
Cognitive Rehab - David McRaney and John Romano from SXSW 2015
David McRaney
 
Make du Jour with EdTEchTeam
Make du Jour with EdTEchTeamMake du Jour with EdTEchTeam
Make du Jour with EdTEchTeam
Amy Burvall
 
5 things audiences hate about presentations
5 things audiences hate about presentations5 things audiences hate about presentations
5 things audiences hate about presentations
Arthur Sevenstern
 
4 Game-changers for Presentations
4 Game-changers for Presentations4 Game-changers for Presentations
4 Game-changers for Presentations
Fortify Services
 
Convince Me! – Why Should I Buy?
Convince Me! – Why Should I Buy?Convince Me! – Why Should I Buy?
Convince Me! – Why Should I Buy?
Convinsys
 
How to think different
How to think differentHow to think different
How to think different
IDF761
 
How to Create an INSANELY GREAT Presentation or Pitch
How to Create an INSANELY GREAT Presentation or PitchHow to Create an INSANELY GREAT Presentation or Pitch
How to Create an INSANELY GREAT Presentation or Pitch
Martafy!
 
Testing in the Age of Distraction: Flow, Focus, and Defocus in Testing
Testing in the Age of Distraction: Flow, Focus, and Defocus in TestingTesting in the Age of Distraction: Flow, Focus, and Defocus in Testing
Testing in the Age of Distraction: Flow, Focus, and Defocus in Testing
TechWell
 
People Hacks
People HacksPeople Hacks
People Hacks
Adam Keys
 
How to come up with digital ideas.
How to come up with digital ideas.How to come up with digital ideas.
How to come up with digital ideas.
The Thought Police
 
Fabian Delahaut - Réussir son pitch - Workshop 1
Fabian Delahaut - Réussir son pitch - Workshop 1Fabian Delahaut - Réussir son pitch - Workshop 1
Fabian Delahaut - Réussir son pitch - Workshop 1Start Academy
 
A talk about talking!
A talk about talking!A talk about talking!
A talk about talking!
Tanya Reilly
 
Ten Tips to Better Powerpoint
Ten Tips to Better PowerpointTen Tips to Better Powerpoint
Ten Tips to Better Powerpoint
Geoff Stewart
 
Overcoming Imposter Syndrome
Overcoming Imposter SyndromeOvercoming Imposter Syndrome
Overcoming Imposter Syndrome
Dan Linn
 
SXSK(evin)
SXSK(evin)SXSK(evin)
SXSK(evin)
22squared
 
What Not To Do (In Freelancing)
What Not To Do (In Freelancing)What Not To Do (In Freelancing)
What Not To Do (In Freelancing)
Pete Lancaster
 
How to Deliver a Great Presentation
How to Deliver a Great PresentationHow to Deliver a Great Presentation
How to Deliver a Great Presentation
Berlin Office
 
Writing Better e-Learning Scripts #Training18
Writing Better e-Learning Scripts #Training18Writing Better e-Learning Scripts #Training18
Writing Better e-Learning Scripts #Training18
Cammy Bean
 

More Related Content

What's hot

Super fast product creation
Super fast product creationSuper fast product creation
Super fast product creation
PLINIOLOPESCALDEIRA
 
Make du Jour ipadpalooza16
Make du Jour ipadpalooza16Make du Jour ipadpalooza16
Make du Jour ipadpalooza16
Amy Burvall
 
Design for dreams not needs: who do you want your customers to become?
Design for dreams not needs: who do you want your customers to become?Design for dreams not needs: who do you want your customers to become?
Design for dreams not needs: who do you want your customers to become?
Joyce Hostyn
 
Dangerous Ideas Intro Quotes
Dangerous Ideas Intro QuotesDangerous Ideas Intro Quotes
Dangerous Ideas Intro Quotes
Brian Auger
 
Cognitive Rehab - David McRaney and John Romano from SXSW 2015
Cognitive Rehab - David McRaney and John Romano from SXSW 2015Cognitive Rehab - David McRaney and John Romano from SXSW 2015
Cognitive Rehab - David McRaney and John Romano from SXSW 2015
David McRaney
 
Make du Jour with EdTEchTeam
Make du Jour with EdTEchTeamMake du Jour with EdTEchTeam
Make du Jour with EdTEchTeam
Amy Burvall
 

What's hot (6)

Super fast product creation
Super fast product creationSuper fast product creation
Super fast product creation
 
Make du Jour ipadpalooza16
Make du Jour ipadpalooza16Make du Jour ipadpalooza16
Make du Jour ipadpalooza16
 
Design for dreams not needs: who do you want your customers to become?
Design for dreams not needs: who do you want your customers to become?Design for dreams not needs: who do you want your customers to become?
Design for dreams not needs: who do you want your customers to become?
 
Dangerous Ideas Intro Quotes
Dangerous Ideas Intro QuotesDangerous Ideas Intro Quotes
Dangerous Ideas Intro Quotes
 
Cognitive Rehab - David McRaney and John Romano from SXSW 2015
Cognitive Rehab - David McRaney and John Romano from SXSW 2015Cognitive Rehab - David McRaney and John Romano from SXSW 2015
Cognitive Rehab - David McRaney and John Romano from SXSW 2015
 
Make du Jour with EdTEchTeam
Make du Jour with EdTEchTeamMake du Jour with EdTEchTeam
Make du Jour with EdTEchTeam
 

Similar to Infosec & failures

5 things audiences hate about presentations
5 things audiences hate about presentations5 things audiences hate about presentations
5 things audiences hate about presentations
Arthur Sevenstern
 
4 Game-changers for Presentations
4 Game-changers for Presentations4 Game-changers for Presentations
4 Game-changers for Presentations
Fortify Services
 
Convince Me! – Why Should I Buy?
Convince Me! – Why Should I Buy?Convince Me! – Why Should I Buy?
Convince Me! – Why Should I Buy?
Convinsys
 
How to think different
How to think differentHow to think different
How to think different
IDF761
 
How to Create an INSANELY GREAT Presentation or Pitch
How to Create an INSANELY GREAT Presentation or PitchHow to Create an INSANELY GREAT Presentation or Pitch
How to Create an INSANELY GREAT Presentation or Pitch
Martafy!
 
Testing in the Age of Distraction: Flow, Focus, and Defocus in Testing
Testing in the Age of Distraction: Flow, Focus, and Defocus in TestingTesting in the Age of Distraction: Flow, Focus, and Defocus in Testing
Testing in the Age of Distraction: Flow, Focus, and Defocus in Testing
TechWell
 
People Hacks
People HacksPeople Hacks
People Hacks
Adam Keys
 
How to come up with digital ideas.
How to come up with digital ideas.How to come up with digital ideas.
How to come up with digital ideas.
The Thought Police
 
Fabian Delahaut - Réussir son pitch - Workshop 1
Fabian Delahaut - Réussir son pitch - Workshop 1Fabian Delahaut - Réussir son pitch - Workshop 1
Fabian Delahaut - Réussir son pitch - Workshop 1Start Academy
 
A talk about talking!
A talk about talking!A talk about talking!
A talk about talking!
Tanya Reilly
 
Ten Tips to Better Powerpoint
Ten Tips to Better PowerpointTen Tips to Better Powerpoint
Ten Tips to Better Powerpoint
Geoff Stewart
 
Overcoming Imposter Syndrome
Overcoming Imposter SyndromeOvercoming Imposter Syndrome
Overcoming Imposter Syndrome
Dan Linn
 
SXSK(evin)
SXSK(evin)SXSK(evin)
SXSK(evin)
22squared
 
What Not To Do (In Freelancing)
What Not To Do (In Freelancing)What Not To Do (In Freelancing)
What Not To Do (In Freelancing)
Pete Lancaster
 
How to Deliver a Great Presentation
How to Deliver a Great PresentationHow to Deliver a Great Presentation
How to Deliver a Great Presentation
Berlin Office
 
Writing Better e-Learning Scripts #Training18
Writing Better e-Learning Scripts #Training18Writing Better e-Learning Scripts #Training18
Writing Better e-Learning Scripts #Training18
Cammy Bean
 
Os Keyshacks
Os KeyshacksOs Keyshacks
Os Keyshacksoscon2007
 
How to defeat impostor syndrome: confessions of a developer
How to defeat impostor syndrome: confessions of a developerHow to defeat impostor syndrome: confessions of a developer
How to defeat impostor syndrome: confessions of a developer
Matteo Bruno
 
Inspiration
InspirationInspiration
Inspiration
Sander Claassen
 
SPEAKER 2.0 PRESENTATION FILE
SPEAKER 2.0 PRESENTATION FILESPEAKER 2.0 PRESENTATION FILE
SPEAKER 2.0 PRESENTATION FILE
Andrew Griffiths Enterprises
 

Similar to Infosec & failures (20)

5 things audiences hate about presentations
5 things audiences hate about presentations5 things audiences hate about presentations
5 things audiences hate about presentations
 
4 Game-changers for Presentations
4 Game-changers for Presentations4 Game-changers for Presentations
4 Game-changers for Presentations
 
Convince Me! – Why Should I Buy?
Convince Me! – Why Should I Buy?Convince Me! – Why Should I Buy?
Convince Me! – Why Should I Buy?
 
How to think different
How to think differentHow to think different
How to think different
 
How to Create an INSANELY GREAT Presentation or Pitch
How to Create an INSANELY GREAT Presentation or PitchHow to Create an INSANELY GREAT Presentation or Pitch
How to Create an INSANELY GREAT Presentation or Pitch
 
Testing in the Age of Distraction: Flow, Focus, and Defocus in Testing
Testing in the Age of Distraction: Flow, Focus, and Defocus in TestingTesting in the Age of Distraction: Flow, Focus, and Defocus in Testing
Testing in the Age of Distraction: Flow, Focus, and Defocus in Testing
 
People Hacks
People HacksPeople Hacks
People Hacks
 
How to come up with digital ideas.
How to come up with digital ideas.How to come up with digital ideas.
How to come up with digital ideas.
 
Fabian Delahaut - Réussir son pitch - Workshop 1
Fabian Delahaut - Réussir son pitch - Workshop 1Fabian Delahaut - Réussir son pitch - Workshop 1
Fabian Delahaut - Réussir son pitch - Workshop 1
 
A talk about talking!
A talk about talking!A talk about talking!
A talk about talking!
 
Ten Tips to Better Powerpoint
Ten Tips to Better PowerpointTen Tips to Better Powerpoint
Ten Tips to Better Powerpoint
 
Overcoming Imposter Syndrome
Overcoming Imposter SyndromeOvercoming Imposter Syndrome
Overcoming Imposter Syndrome
 
SXSK(evin)
SXSK(evin)SXSK(evin)
SXSK(evin)
 
What Not To Do (In Freelancing)
What Not To Do (In Freelancing)What Not To Do (In Freelancing)
What Not To Do (In Freelancing)
 
How to Deliver a Great Presentation
How to Deliver a Great PresentationHow to Deliver a Great Presentation
How to Deliver a Great Presentation
 
Writing Better e-Learning Scripts #Training18
Writing Better e-Learning Scripts #Training18Writing Better e-Learning Scripts #Training18
Writing Better e-Learning Scripts #Training18
 
Os Keyshacks
Os KeyshacksOs Keyshacks
Os Keyshacks
 
How to defeat impostor syndrome: confessions of a developer
How to defeat impostor syndrome: confessions of a developerHow to defeat impostor syndrome: confessions of a developer
How to defeat impostor syndrome: confessions of a developer
 
Inspiration
InspirationInspiration
Inspiration
 
SPEAKER 2.0 PRESENTATION FILE
SPEAKER 2.0 PRESENTATION FILESPEAKER 2.0 PRESENTATION FILE
SPEAKER 2.0 PRESENTATION FILE
 

More from Ange Albertini

Technical challenges with file formats
Technical challenges with file formatsTechnical challenges with file formats
Technical challenges with file formats
Ange Albertini
 
Relations between archive formats
Relations between archive formatsRelations between archive formats
Relations between archive formats
Ange Albertini
 
Abusing archive file formats
Abusing archive file formatsAbusing archive file formats
Abusing archive file formats
Ange Albertini
 
TimeCryption
TimeCryptionTimeCryption
TimeCryption
Ange Albertini
 
Improving file formats
Improving file formatsImproving file formats
Improving file formats
Ange Albertini
 
KILL MD5
KILL MD5KILL MD5
KILL MD5
Ange Albertini
 
No more dumb hex!
No more dumb hex!No more dumb hex!
No more dumb hex!
Ange Albertini
 
An introduction to inkscape
An introduction to inkscapeAn introduction to inkscape
An introduction to inkscape
Ange Albertini
 
The challenges of file formats
The challenges of file formatsThe challenges of file formats
The challenges of file formats
Ange Albertini
 
Exploiting hash collisions
Exploiting hash collisionsExploiting hash collisions
Exploiting hash collisions
Ange Albertini
 
Connecting communities
Connecting communitiesConnecting communities
Connecting communities
Ange Albertini
 
TASBot - the perfectionist
TASBot - the perfectionistTASBot - the perfectionist
TASBot - the perfectionist
Ange Albertini
 
Caring for file formats
Caring for file formatsCaring for file formats
Caring for file formats
Ange Albertini
 
Hacks in video games
Hacks in video gamesHacks in video games
Hacks in video games
Ange Albertini
 
Trusting files (and their formats)
Trusting files (and their formats)Trusting files (and their formats)
Trusting files (and their formats)
Ange Albertini
 
Let's write a PDF file
Let's write a PDF fileLet's write a PDF file
Let's write a PDF file
Ange Albertini
 
PDF: myths vs facts
PDF: myths vs factsPDF: myths vs facts
PDF: myths vs facts
Ange Albertini
 
An overview of potential leaks via PDF
An overview of potential leaks via PDFAn overview of potential leaks via PDF
An overview of potential leaks via PDF
Ange Albertini
 
Advanced Pdf Tricks
Advanced Pdf TricksAdvanced Pdf Tricks
Advanced Pdf Tricks
Ange Albertini
 
Funky file formats - 31c3
Funky file formats - 31c3Funky file formats - 31c3
Funky file formats - 31c3
Ange Albertini
 

More from Ange Albertini (20)

Technical challenges with file formats
Technical challenges with file formatsTechnical challenges with file formats
Technical challenges with file formats
 
Relations between archive formats
Relations between archive formatsRelations between archive formats
Relations between archive formats
 
Abusing archive file formats
Abusing archive file formatsAbusing archive file formats
Abusing archive file formats
 
TimeCryption
TimeCryptionTimeCryption
TimeCryption
 
Improving file formats
Improving file formatsImproving file formats
Improving file formats
 
KILL MD5
KILL MD5KILL MD5
KILL MD5
 
No more dumb hex!
No more dumb hex!No more dumb hex!
No more dumb hex!
 
An introduction to inkscape
An introduction to inkscapeAn introduction to inkscape
An introduction to inkscape
 
The challenges of file formats
The challenges of file formatsThe challenges of file formats
The challenges of file formats
 
Exploiting hash collisions
Exploiting hash collisionsExploiting hash collisions
Exploiting hash collisions
 
Connecting communities
Connecting communitiesConnecting communities
Connecting communities
 
TASBot - the perfectionist
TASBot - the perfectionistTASBot - the perfectionist
TASBot - the perfectionist
 
Caring for file formats
Caring for file formatsCaring for file formats
Caring for file formats
 
Hacks in video games
Hacks in video gamesHacks in video games
Hacks in video games
 
Trusting files (and their formats)
Trusting files (and their formats)Trusting files (and their formats)
Trusting files (and their formats)
 
Let's write a PDF file
Let's write a PDF fileLet's write a PDF file
Let's write a PDF file
 
PDF: myths vs facts
PDF: myths vs factsPDF: myths vs facts
PDF: myths vs facts
 
An overview of potential leaks via PDF
An overview of potential leaks via PDFAn overview of potential leaks via PDF
An overview of potential leaks via PDF
 
Advanced Pdf Tricks
Advanced Pdf TricksAdvanced Pdf Tricks
Advanced Pdf Tricks
 
Funky file formats - 31c3
Funky file formats - 31c3Funky file formats - 31c3
Funky file formats - 31c3
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 

Infosec & failures

  • 1. Infosec & failures Ange Ąż杏 Albertini Hack.Lu - October 2017 *new slides
  • 2. This talk is not about "funny" failures . ...not about making fun of people failing to understand or unable to take measures. That's patronizing at best, and often bullying. http://gunshowcomic.com/648
  • 3. Same old song. I me mine. See? I told you! They suck. *
  • 4. Infosec is typically about winning A series of "Success stories" to impress/motivate you. They present their wins, but you don’t see their numerous failures. Stars waste their energy to become big and create hot air, black holes naturally attract others.
  • 5. There's a lot to learn from others' failures - tune down your impostor syndrome. - the grass is not that green on the other side…
  • 6. the presenter Instructions to manually remove a boot sector virus With a hex editor In a french magazine in 1989. - Interested in Infosec since 1989 - Video games preservation since 1999 - Drawing since 2012 All opinions expressed during this presentation are mine and not of my employer(s), present or past. http://fr.1001mags.com/parution/svm/numero-66-novembre-1989/page-146-147-texte-integral
  • 7. As you probably just noticed, I'm not a psychologist. No complex concepts, no latin words. I can't parse their format anyway. *
  • 8. the talk - another enumeration of <worked for me>? - I've been already told that I'm "successful". But according to what? - behind each of my "successes", so many failures my head hurts. - There's plenty of stuff I'd like to have been told before. So here they are - they might sound obvious, or not. http://owlturd.com/post/166478439794
  • 9. Personal Group This is a 2 part talk, about 2 kinds of failures...
  • 10. I keep seeing the same repeated recipe with the same baseless hope for change. You can't find anything new if you keep trying the same way. I've seen too many people burning out. And many people don't understand the difficulties of infosec.
  • 12. Infosec feels like an oral tradition. To study a new topic, you have to jump from talks to article to blog posts. It looks ok, but nothing happens when a link dies.
  • 13. Share differently? Too many conferences. Conferences -> paper -> 1 URL -> single point of failure?
  • 14. Preserve knowledge Just rely on the Internet Archive and VirusTotal ? Knowledge preservation is about content preservation, not file structure - actual PoC crafting
  • 15. We can't even replay old exploits and learn from them. Retrogaming was weird/awesome when it started, now it's mainstream. How long before RetroPwning is a thing? How long before we store a Vm snapshot - not just a PoC - per working exploit?
  • 16. We can't even re-use our own knowledge. Yet we blame others for 'not knowing' or not listening to us. So many… conferences, talks, FUD, snake oil, buzzwords… So much noise…
  • 17. So many talks, then what...? Too much noise! Up to each of us to sort everything ourselves… (and it's tiring)
  • 18. There's no trail of knowledge to follow. Too few experts. too few milestones to refer to. And many broken links. Only Academia preserves. Is the model of free slides bound to fail?
  • 19. Books I'd buy. Best of Hack.lu
  • 20. Conference talksCurse or blessing? * https://www.tomgauld.com/
  • 21. ...is overrated! It's not because you can't present that you can't be amazing. (and too often, a presentation is not the most useful way to share your findings) Presenting is full of arbitrary standards - "5 ideas per slides. 1 min per idea. 15 secs between slides" - which can be a huge waste of energy. PRESENTING *
  • 22. You were selected! Ask how many talks were rejected! You know your topic, and you even improved since you submitted! Be honest, be yourself, use your style: Infosec needs moar diversity. Worried about your talk? *
  • 23. It's just normal! It's just that you're focused on the important things. It won't disappear with experience, you'll just get used to it. It just helps you to tone down little disturbing things - such as lack of sleep, hunger... - before your talk. Pre-talk anxiety *
  • 24. Just be careful of Q&A! The bigger the crowd, the more stupid the questions, (shameless people can hide more easily) => Politely redirect them to /dev/null Speaking in front of a bigger crowd is easier ! *
  • 25. Imagine speaking in front of: your employer, your parents [in laws], your banker, the top 10 experts in the industry, and your worst enemy… OMG my life is doomed! Now imagine if they're all hidden in a huge crowd! Pfew! Now they're much less likely to even reach the mike :) *
  • 26. A shot of non-fuzzy alcohol, Strike a victory pose, your favorite music - YMMV! It could improve your mood, and consequently the whole talk. Give yourself one last push before the talk *
  • 27. More efficient than your next talk? - Gather materials. - Write notes. - Prettify (optional) - share / sell You can even do it for someone else's content. => https://archive.org/details/4amthology
  • 28. Infosec jumping the shark Infosec jumping the shark https://twitter.com/MalwareTechBlog/status/920017904359186432
  • 29. Not enough responsibility? Laws to back your claims? Branded vulnerability? Crappy specs? Snake oil? We know they're wrong, But the culprits are still at large!
  • 30. The Infosec crash is coming. Like the video game crash of 1983? Too much noise and hype => loss of trust/interest
  • 31. Short-sighted goals are addictive. Wait for measurable badness, fix, show impact. Prevent an entire attack class… no measurable impact. Guess which ones make your shareholders happy?
  • 32. Short-sighted goals are here to stay. Even breaches don’t make so much financial impact. Nothing will change until a breakpoint hits. Insurances will eventually make a difference? (they associate money with restrictions)
  • 33. We’re just at the start of a cycle... Computer infosec is still very new. I'm just trying to be realist, but please prove me wrong :D
  • 34. Personal failure Nothing matters if You’re broken inside.
  • 35. You are the most important person in infosec. Because nothing will matter anymore if you’re broken/burnt out.
  • 36. Infosec makes it easy to burn out. Bullsh*t bingo, Snake oil, drama… It's seen as a gold mine by many opportunists.
  • 37. listen! Since broken people can't easily speak anymore. If you're fine people often look happy right before taking action: they have already taken their decision, so they feel "relieved".
  • 38. Fix yourself... ...and then you can help and fix others later. If you're broken
  • 39. Infosec is about failure. Accepting, embracing, avoiding… It doesn’t mean we want to fail! But we need to accept the state of failure. The knowledge will come. The more the better. My most important advice
  • 40. You can't know the path if there is no map.
  • 41. The Shadoks mentality: 1 chance in a million? Fail 999,999 times ASAP! My motto: let's fail! And learn why! https://en.wikipedia.org/wiki/Les_Shadoks
  • 42. A single success is a long line of failures.
  • 44. It's ok to... - Have no idea what do to next - To have taken the "wrong" path - To have taken "too much" time
  • 45. Loosing hope? Find yourself a sub-quest: - to keep the engine running. - to bring extra knowledge, in a playful way. Letting the dough rest is not a cooking failure. Keep that fidget spinning around your fingers. Can’t beat the stage boss? Get more XP in side quests!
  • 46. How good you think you are How good you are Impostor syndrome (conscientious expert) Dunning-Kruger effect (shameless ignorant) Which one is the best? PS: I have 2 I.S. feeding each other (for reversing and for drawing). http://chainsawsuit.com/comic/archive/2014/09/02/impostors-revealed/
  • 47. What I know What I think other people know. What I know What other people know.
  • 48. All you need is the right challenge. Turn your daily routine in fun challenges. InfoSec can be veeeery boring... Start Playful path BOOORING TASK FUN GOAL
  • 50. What doesn't kill you make you stronger: choose your archenemy wisely. Don't spend too much energy with the minions.
  • 51. Blame the game, not the players! Be careful of power dissipators!http://dilbert.com/strip/2017-10-02
  • 52. Forgive You'll spare some energy for yourself. Try walking in their shoes before blaming. Do not forget That's nitro for your willpower. *
  • 53. TBH you don’t need an archenemy. Finding a mentor / soulmate Can change your world. anyway, just ignore the players. Most of them don't deserve to be your enemy.
  • 54. Diversity is good! For your brain, for your skills. People outside your speciality or even infosec can really make a difference in your work/life. Go and speak to people. Outside your team, outside your comfort zone.
  • 55. Out of fuel? Take a break! (I know, it’s hard sometimes) Your friend can't take a break? Insist! "Force them"! Break their phone! Kidnap them (j/k)
  • 56. Ultimately… you don't owe Infosec anything! Feel free to leave (some awesome people in Infosec are "just" hobbyists) Come back if you wish, as you are.
  • 57. Others can't always share your perspective. No, not even your closest friends. Follow your convictions - and try! time critics Progress "Weird" "New"
  • 58. if I'd listened everything that they said to me, I wouldn't be here! and if I took the time to bleed from all the tiny little arrows shot my way, I wouldn't be here! the ones who don't do anything are always the ones who try to put you down and you could spend your entire life walking around in the nowhere land of self doubt Henry Rollins - Shine
  • 59. Can’t make big plans? Just be a lemming! just one. single. tiny. step at a time. repeat
  • 60. There's no useless step. A tiny weird gear now could be the missing piece in a whole engine later. *
  • 61. Can’t get motivated? Set a deadline w/ a 3rd party Just make a tiny bet with a friend, And imagine their grin if you fail. Deadline as a Service ? :)
  • 62. It has to start somewhere It has to start sometime What better place than here, What better time than now? RATM - Guerilla Radio If we don’t take action now, We settle for nothing later RATM - Settle for Nothing
  • 63. Cherish your little flame Keep some daily time for yourself To do your own personal stuff. Maybe do it right at the start of the day! Whatever rocks your boat, really! Your shadow is for Plato's cave - keep the flame for yourself!
  • 64. You can't take care of anything/-one if you can't take care of yourself first! And your body too, there's no health credit!
  • 65. You're not ugly, You're just not your type. You were born with a specific body, but your brain later decided to prefer a different kind. * Appreciate your body, it's your best supporter.
  • 66. Data is addictive: we can't help judging arbitrarily. => Drop some tables and give people more air. Linux/Windows, IDA/Radare, Vi/Emacs, Tab/Spaces, Intel/At&t, Certifications... Diploms? Where we're going, We don't need diploms.
  • 67. Don’t worship Everyone makes mistake, (and everyone eventually gets replaced) so anyone could be proved wrong. Listen, but also try. Best answer to feedback: “what did you try?”
  • 68. Need ideas? You probably have great ideas - There’s no jungle in Finland ;) Disconnect: all devices off, out of reach, out of view. Isolate: noise cancelling, background noise, shower, bar... Pen & paper: to not forget without being disturbed. Or a laptop with a single open editor window at best. Speak out loud: put your brain at rest. 10 mins of purge your daily misery, 10 mins of cold boot. Uninteresting people makes excellent whitenoise generator :p
  • 69. Keeping ideas They go away too fast, really! Keep a notebook with you, next to your bed. And yes, wake up at night to write them down. You'll be grateful the next day. *
  • 70. If you don’t even try, your idea is worth nothing. If you don’t try your own idea, you can’t convince anyone else to. Your ideas are born in their most favorable ecosystem: you.
  • 71. If you feel out of place in this world, then you were born to create your own. *
  • 72. Death(can't be more gloomy, can we?) Don't take it like this...
  • 73. Death is just the last action in your own game. What will you do before? BPX ExitProcess. Run. Break. What’s on your memory dump?
  • 75. (Wow, that was gloomy) Don’t take all this too seriously, I’m only sharing opinions! I even fail at writing proper conclusions. Don't mind me, I'm just an impostor ;)
  • 76. Fixing the world's systems starts by fixing infosec. Fixing infosec starts by taking care of yourself. Iwishyouhappywins... ...andmanyconstructivefails;)
  • 77. Reminder: It's about using your energy wisely. Not an excuse to be a @!#?@!: A @!#?@! stays a @!#?@!.
  • 78. * "Cry me a river" ? No privilege prevents your brain to mess you up. (color, religion, gender, orientation, health, wealth...) Yes, I probably have it easy.
  • 79. Acknowledgments: NewSoft, Gynvael, Doegox, Halvar Joachim, Bruno, Claudio, Barbie, Paul. Thanks! Feedback?