Posted on

Drinking at Security Cons

A friend from the security community, Rob Fuller, has written a post about drinking at conferences. It’s an activity I engaged in with abandon until I decided to quit drinking on New Year’s Day 2010. His post reminds me of what the transition to sobriety was like in conference settings.

I drank my way through the first few RSA conferences to cope with nerves. You could drink all you want for free at the vendor parties, so it was an easy crutch to grab for. At RSA 2010, I was in hell. I stayed sober but didn’t know quite how to behave or deal with people who were drunk. I looked back at my posts from that week, and found this snapshot of what I was feeling:

So here I am in San Francisco for the RSA conference and Security B-Sides events. I’m at a lot of events that involve drinking and instead of wine I’m sucking down club sodas and Red Bull. And, truth be told, I still have trouble feeling at ease in the crowd without the wine buzzing beneath the skin of my forehead.

Fortunately,  each subsequent event got easier for me, and now I’m at ease in a crowd full of drinkers. I also realized from the beginning of sobriety that there is a support system. People have held AA meetings during RSA and ShmooCon. And when you let it known you are no longer drinking, there are people who look out for you. Getting that support from the outset definitely helped cement my affection for the security community.

I’ve been asked more than once if I ever get pressure to drink at these events.

Never.

In his post, Rob wrote that he believes there’s too much drinking going on and wants his peers to throttle back.

It’s certainly not an issue that’s unique to the security community. I know people from other industries who tell similar tales of drinking and debauchery at conferences they attend.

Do conference attendees drink too much? Do they need to get better control of themselves? I think it really depends on the individual. Most people handle their liquor just fine. I wish I had that ability. It really comes down to whether the individual feels they have it together.

If you feel like conferences are nothing but a blur of hangovers and you don’t like it anymore, you probably need to consider a modified lifestyle.

Of course, someone with a drinking problem can think they have it together but be a total wreck. If conferences are nothing but a drunken blur, whether you like it or not, you should sober up.

I’m just grateful I found a way through my own challenges.

men toasting each other

Posted on

It’s Not How Far You Have to Go, It’s How Far You’ve Come

No matter how much we’ve grown, no matter how far we’ve come, we insist on beating ourselves over the strides we have yet to achieve.

When it comes to self-loathing over one’s vulnerabilities, I’m about the best there is. But I’ve worked hard to break myself of that, because the truth is that I have come a long way since the days when I was owned by my OCD, anxiety, fears and dark impulses.

Do those things still get the better of me? Absolutely. But I’ve found that the more I dwell on it, the longer it takes me to grow into something better.

Mood music:

I used to let myself plunge into days of depression and self-hating every time I made a mistake at work. I binge-ate my way to 280 pounds, and I would let my brain spin for weeks over every possible worst-case scenario for the same reason.

As a kid, I bullied other kids even as I was getting bullied, because finding kids that were seemingly weaker made me feel better about myself.

Thankfully, I’m in better control of myself and my actions than I used to be, though the darker impulses still get the better of me occasionally. I still beat myself over mistakes, which makes the step forward slower. I still give in to laziness when life seems too hard. I still judge other people when I don’t really know them.

But I keep those impulses in check a lot more often than not. When I’m feeling down, I try to celebrate that fact.

Efforts at personal evolution are a life-long thing. The work doesn’t end until we’re dead.

Best to focus on living the best way we can.

baby elephant climbing a steep hill

Posted on

When We Err, We Learn. When They Err, They’re Idiots

A good friend from the security industry, Eric Cowperthwaite, recently caused some debate with a blog post about security breach victims getting demonized for failing to prevent break-ins. Other industry friends disagreed.

The truth, as usual, is somewhere in between.

Mood music:

Let’s start with Cowperthawaite’s key point:

In the information security community there is a tendency to blame the victim first, rather than the criminal. And as soon as that starts to work, much of the community begins to pile on like sharks smelling blood in the water.

I’m not even going to name all the times this has happened and give examples. We all know about the retail company, the coffee company, the software company …. the list goes on and on …. that didn’t have perfect security, got victimized by a criminal, and we tore into them for “the thing they didn’t do.” This is so wrong, I don’t know where to start.

Boris Sverdlik and George V. Hulme see things differently. Says Sverdlik:

Most orgs aren’t in the business of security, they are in the business to make money. If you believe most companies do their darnedest to protect their customers then you are living in some other world I wish I could be a part of. The truth is most companies don’t give a shit about security until they get popped and when they do they will do the bare minimum to keep appearances up because nobody holds them liable. My job as a security professional is to reduce the risk to an organization and if I can’t 100 percent say that I’ve done my best I deserve to be blamed.

Hulme adds:

I don’t think an organization like Target that had a puke IT culture and didn’t bother to have a CISO or a point person on consumer privacy gets a pass on anything. And that company DEMANDED to scan Driver’s Licenses to buy things like Nicorette gum. As I was a customer at Target for years, that’s the only justification I need for that opinion.

The discussion went back and forth several more times on Facebook, but I think those capture the prime points.

Once again, what’s true in the security industry is true in the rest of the world. Is how we treat people who fail right?

We have a tendency to blame the victims. It’s not a good practice in the first place, but what’s worse is that it’s hypocritical. We all make mistakes and get things wrong. When it happens to us, it’s a learning experience. When it happens to someone else, they’re idiots.

That said, Sverdlik and Hulme are right to point out that companies tend to not give a shit about security until they get hosed. To that end, ridicule is justified.

But I’ll tell you what matters to me: how honest the victim is.

When a retailer is the victim, its customers are victims too. When the retailer tries to gloss over its culpability, the pile-on is deserved. Not because it suffered a breach in the first place, but because it wasn’t honest about what it learned and what it were doing about it.

We need more compassion, but we need accountability and consequences, too.

swift kick in the balls

Posted on

“Why Are You Religious?”

A security industry friend and self-proclaimed atheist asked why I’m religious. She ‘s surprised that there are so many religious people in an industry built on a foundation of technology and truth, of only believing in what can be seen and proven.

Specifically, she asked:

I want to ask you why you’re religious. It’s odd. I’ve been in tech for almost 20 years, and infosec seems to have the highest concentration of religious people of any sub-section of technology. As an atheist, it’s hard for me to reconcile such diligent pursuit of truth and provable evidence as comes with technology and religion. It just doesn’t parse for me.

This is my attempt to answer her question.

Mood music:

History

I’ve always believed in God. As a kid hospitalized multiple times with dangerous Crohn’s Disease flare-ups, I asked God to make the pain stop. Whenever I got better, I did what a lot of people do and stopped praying. I was born Jewish, but mine was a fairly secular household. We celebrated Jewish and Christian holidays alike, but God had little to do with it.

A lot of people become religious after life-altering events like a heart attack or the death of a loved one. I know people who found religion after nearly getting killed on a battlefield. There’s also the belief in a higher power that’s central to 12-step programs like Alcoholics Anonymous.

I’ve been around the block, seeing the death of a sibling and a best friend to suicide. I’ve had scary medical problems. I’ve experienced deep, dark depression and addiction. I fell in love with a Catholic woman.

Those things shaped my faith, but there was no aha moment. My beliefs evolved over time. The more I experienced the Masses, the more I believed. So I converted.

What I Believe

That history led me to these beliefs:

  • I believe that Jesus came down here and sacrificed himself to give sinners like me a shot at redemption.
  • I believe in the Sacraments, and that through them, Christ lives in me. His teachings of kindness, charity and self-sacrifice  — the Golden Rule, if you will — are principles I try to live by. There have been times where I’ve failed miserably — lying, giving in to temptation and anger and letting fear keep me from doing the right things.
  • I’m a sinner who strives to turn away from sin, and I have a long way to go.
  • I believe Christ never gives up on me, or anyone else for that matter.

If that sounds crazy to you, so be it. Just as you don’t have to justify your atheism to me, I don’t have to justify my faith to you.

I don’t think it’s possible to give you a satisfactory answer, anyway. You’re set in you’re beliefs, as am I. We won’t change each other’s minds, nor should we.

Jerks in Every Belief System

What matters to me is that people accept each other’s differences.

I don’t like when people force their beliefs on others. Talking down to someone because they see things differently pisses me off. I’ve seen a lot of Catholics do that and I’ve called them on the carpet for it. I’ve seen atheists behave just as badly.

Some believe you can either be religious or be someone who, as you said, diligently pursues truth and provable evidence; that you can’t have it both ways.

I disagree.

I don’t see it as an either-or proposition. You can practice faith and still be a seeker of physical truth.

Sometimes, one pursuit helps the other. Sometimes not.

cross shadowed by rising sun

Posted on

6 Things Every Graduate Should Know

Graduation season means a rush of news articles about famous commencement speakers and their words of wisdom. US Secretary of State John Kerry just gave one, as did recently fired New York Times Executive Editor Jill Abramson.

David McCullough Jr., longtime Wellesley High School English teacher and son of one of my favorite authors, gave one of my favorite commencement speeches of all time last year when he told graduates they’re not special.

Much is made of these words of wisdom, but wisdom can come from the everyday, the hard knocks and the failures.

Here are six bits of advice from my own school of mediocrity.

Mood music:

  1. Your first three jobs will pay little. The really good jobs and pay must be earned for years after graduation. Employers will rarely give you a plum assignment right out of school. They want to see what you’re made of first. You’ll get the shittiest tasks and, as entry-level employees, you won’t make enough money to live independently. The key to the good stuff is to pay your dues with grace and good humor.
  2. Nobody likes whiners. Because of that first point, you’ll probably find yourself working more than 40 hours a week and seeing people who don’t work as hard as you getting ahead. Life’s unfair for most of us, and you have to make the best of what you have at the time. Life is a series of tests and the winners usually smile and bear the tough stuff. Also, fairness is hard to measure. For all you know, that colleague who doesn’t work as many hours simply learned through experience how to work more efficiently.
  3. Kindness beats ruthlessness every time. Some will disagree with me on this, especially those who find ruthlessness necessary to get ahead. But it’s been a simple fact that when I’ve been a cut-throat asshole, my work life has been miserable and innocents have been hurt. When I’ve been helpful and kind, I’ve always felt better for it. Too, the bosses I’ve learned the most from have been the compassionate ones. When you’re kind, colleagues want to work with you — and help you through the inevitable rough patches.
  4. If work becomes everything, you lose. I once put work so high above everything else in life that it nearly ate me alive. Remember that a job should be something you do to live, not the other way around. Jobs come and go. Sometimes it ends before you expect it to and it’s not on your terms. If you have a balanced life with other interests and friends outside office life, you’ll survive and probably thrive more than you had before. If not, it’ll feel like your life has ended with the job you just lost.
  5. Neglecting children for work is the biggest mistake you can make. Some of you will marry. Some of you will become parents. If so, don’t put work ahead of them. I know what it’s like and it sucks. I’ve also been guilty of doing it to my kids in the past. Your neglect will fill them with bitterness that causes them more pain in adulthood. Today, I rearrange my work schedule around my children’s needs. It’s not always easy and I don’t always do it well. But it’s the least I could do, since I helped bring them into this world.
  6. It’s never too late to renegotiate your life. Hate your career? Feel trapped by the choices you made? Start over. You may think you can’t. But people do it all the time, with spectacular results.

All of this isn’t meant to depress young adults heading out into the world. It’s meant to assure them that it’s within their power to learn, grow and thrive. It’s just not as easy as some are led to believe.

Good luck!

skull graduation cap and scrolls

Posted on

We Need Our Critics

A friend sent me a graphic that hits home, given that one of the realities of being a writer is that people will regularly disagree with you.

Mood music:

The Disagreement Pyramid, a play on the Food Pyramid, puts the most constructive criticism at the top of the pyramid, illustrating its rarity. The most common type of comments fall to the the bottom of the pyramid — the destructive, useless comments. Created by Loudacris, the pyramid is based on an article by Paul Graham.

disagreement hierarchy

To make sense of this masterpiece, I turned to Dave Marcus — a friend from the security industry who tends to disagree with more than half of what I write in this blog.

I’ve always viewed my friendship with Dave as an example of how you can disagree and debate in gentlemanly fashion. We don’t call each other names or accuse each other of attacks, except for when we’re kidding around. But it’s not always easy. Dave once condemned one of my posts as “escapism and blame.”

More recently, he expressed frustration with my posts about burnout in our industry and suggested I was simply projecting my issues onto everyone else.

So I asked him which category we fall under on this Disagreement Pyramid.

“All of them, actually,” he said.

People often hate to be criticized. We like to think we’re special and that our words are gold. But, really, we’re usually expressing ourselves in a moment of time — which means we don’t always have all the necessary evidence at the time we’re making an argument.

I’m certainly guilty of that, though not as much as Dave might think.

That’s why we writers need our critics: They keep us honest and make us better.

I’m less likely to listen to people who use the tactics at the bottom of the pyramid, but I’ll always have an ear for folks like Dave.

And when we’re old men and I’m wearing a hearing aid from all those years of loud music, I’ll simply switch it off when I think he’s going too far.

I’d like to think he’d do the same to me.

Posted on

Binge Eating, Heroin Overdoses and Suicide

My first full-time reporting gig was for The Stoneham Sun newspaper, part of what was then Community Newspaper Company. (It’s now Gatehouse Media.) It was a fun job, giving me a priceless education in local politics, public safety and criminal court proceedings. But in some ways, it was the darkest year of my 20s.

Mood music:

http://youtu.be/1e3m_T-NMOs

It was a year of vicious binge eating, 80-hour workweeks for little money, depression, anxiety and the suicide of my best friend, who slowly fell into madness while I was too busy working to pay attention.

I remember feeling relieved on Fridays because it was the start of the weekend and depressed as hell on Sunday mornings because it meant I’d soon be diving back into late nights of selectmen meetings, ambulance chasing and writing deadlines. I comforted myself with multiple daily visits to the McDonald’s drive-through and the various gas stations along my driving routes where I could tank up on candy bars and Hostess products.

I wanted to show everyone how badass my work ethic was, and I never seemed to leave the newsroom, except for my forays into Stoneham to collect police and fire logs and find people to interview for stories important and insignificant.

I gained about 40 pounds in that one year alone.

That summer, my friend wound up in the mental hospital. I visited him once or twice, then got wrapped up in my work again. Through much of that year I took Sunday-morning walks with him and another friend. But I was so anxious over the next story that my head wasn’t really there. I usually walked a few steps behind them, lost in thought.

He got out of the hospital but never shook his depression. I knew it was there but figured it would pass. That November, he proved me wrong.

I only took a few days off before returning to work. My first assignment upon returning was to get to the bottom of a heroin death. It took a few years for police to figure out that the overdose was part of a larger plot by some thugs to silence a few kids who knew too much about their gun-running enterprise. They gave one boy a fatal overdose of smack and later murdered a girl whose remains eluded the authorities for years.

At the time, though, all I knew was that a seemingly all-American boy with everything going for him was dead. He wasn’t the type to try heroin. I interviewed his family and, with my friend’s suicide still eating at me, I decided to write about what I was feeling. Specifically, I tried to answer the question: Why do good people step down dark and deadly avenues? An editor wanted to publish it. I said OK. I put things in that column that never should have been revealed. It was deeply personal stuff that wounded a family already mired in grief. They won’t speak to me to this day. I don’t blame them.

By year’s end, I had proposed to Erin and by January 1997, I was on to a new post covering Lynn, Mass. But it would be another couple years before I pulled myself from the mental abyss. By the time that happened, I was 280 pounds.

It took another 15 years to fully make peace with that part of my past.

Lettin___It_Out___Ink_by_EddieTheYeti

“Lettin’ it Out,” by Eddie Mize. Go to his website to see more.

Posted on

Fire Drills Are Foolish

From a safety perspective, fire drills are important. If your building is on fire, you need to know how to escape safely. Then there’s the other kind of fire drill, where high-pressure managers project their stress onto others.

Mood music:

I worked for guys like that. I’ve been that guy, too. Nothing good comes from it, and good people get hurt.

Example: In 2000, I was assistant editor of The Eagle-Tribune‘s New Hampshire edition. My boss made my brand of control-freakism look like a champagne party. I was warned about him when I took the job. One editor said I’d have to play good cop to this guy’s bad cop. Good advice, but I lacked the balls to take it at the time.

Instead, I gave in to my instinct to please my masters. His attitude was that all the reporters were children who needed their ears slapped on a regular basis, and he expected me to carry out his will. When he told me to take a reporter to the woodshed, I did, no matter how small the infraction.

Once a reporter was working on a story that wasn’t time sensitive, but there was a hole in the paper to fill on deadline, and he decided it would be her responsibility to fill it. Never mind that her husband was having major surgery that morning. He ordered me to call her and be tough. I did.

An hour or so later, the paper’s top editor called me to his office. My boss was there. He asked me what happened, and I told him. The NH managing editor sat there red faced. It was always red, but it was particularly crimson in the big boss’s windowless office.

It turns out the reporter had called to complain. How dare an editor call her early in the morning to give her a hard time about something trivial on a day when her husband’s life was hanging in the balance.

The editor agreed with her, as he should have. He told me to ease up. He didn’t want reporters to see me as the newsroom asshole. I said I’d keep that in mind and left his office, feeling like I had just been simultaneously stabbed in the side of the head and slammed in the gut with a brick.

To this day, it’s one of my biggest regrets.

I’ve had some outstanding bosses since then, and they’ve taught me a lot.

Three bosses in particular — including the current one and the guy right before him — practiced kind, calm leadership. For them, the key to getting the best work from others is to treat them with compassion and give them the flexibility to deal with life’s curve balls. A kind boss who lets employees deal with their shit — as long as it doesn’t irreparably damage the work at hand — helps the employee grow in heart as well as skill.

These bosses will be the first to tell you that making people leap over every damned thing is stupid. Put people through enough fire drills and the chaos will break them.

A good person doesn’t break other people. It’s simple decency. It’s a lesson that has been one of my biggest blessings.

Um, Yeah, I'm going to need you to come in on Saturday. Office Space

Posted on

5 Reasons We Should Give Monica Lewinsky a Break

Monica Lewinsky is back in the news. Sixteen years after she became a household name for her relationship with then-President Bill Clinton, the former White House intern has decided to speak out in the latest issue of Vanity Fair.

Mood music:

You’ve heard about the blue dress, the oral sex in the Oval Office, the attempt by Republicans to impeach Clinton over the affair — specifically his attempts to cover it up. Lewinsky addresses those issues, writing:

Sure, my boss took advantage of me, but I will always remain firm on this point: it was a consensual relationship. Any “abuse” came in the aftermath, when I was made a scapegoat in order to protect his powerful position. … The Clinton administration, the special prosecutor’s minions, the political operatives on both sides of the aisle, and the media were able to brand me. And that brand stuck, in part because it was imbued with power.

With Lewinsky back in the spotlight, the jokes are sure to resume. She will once again be maligned for what she did. To those who will participate, I have a few words:

  • Sure, she was 24 at the time and maybe she was old enough to know better. But that’s still a young enough age to be intoxicated by presidential power. And not just any presidential power. Clinton’s a charming guy, and charm is sexual power.
  • Lewinsky is 40 now and has no doubt experienced a lot of growing up since 1998.
  • We’re all guilty of doing stupid things, and most of us get a chance to redeem ourselves. She deserves the same opportunity.
  • Sixteen years on, America has some serious problems resulting from two political parties hopelessly corrupted by money. We Americans have allowed it to get that way by our own apathy. Don’t you think there are more important things to worry about than what Lewinsky did as an impressionable, immature young woman?
  • If all your misdeeds — we all have them — became the stuff of public ridicule and press banter, you wouldn’t like it. In some cases, it would ruin you.

Move along, folks. Nothing more to see here.

Bill Clinton and Monica Lewinsky shake hands

Posted on

When Work Becomes Everything, This Happens

As someone who takes work very seriously, an article on LinkedIn by Jeff Haden really hit home. The man in his story had a life in which the personal and professional were so tightly wound that he lost all hope when the business ran into trouble.

For me, family and friends come first, and I know I’d have all the support in the world if I ever ran into trouble on the business side. But there was a time when all my self-worth was tied to work. That’s not good when you’re in an unstable industry like newspaper publishing.

This article captures the lesson I ultimately learned, with one caveat:  I never found myself in a situation as severe as what this unfortunate soul encountered.

 

Why You Need to Go Home Early Today

By Jeff Haden, ghostwriter, Speaker Inc., magazine columnist

woman crouched in depression