Posted on

The Military Has Given Me a New Coping Tool

Through my work in the information security industry, I’ve come to appreciate a decision-making cycle created by military strategist and U.S. Air Force Colonel John Boyd called the OODA Loop (observe–orient–decide–act).

Mood Music:

It was designed as a combat operations process but has become more widely applied to commercial operations and learning processes. The basic idea is to use agility to overcome the raw power of opponents.

I’ve been fortunate in getting to know some super-smart people who use it for cyber security and, in the current environment, operations in a pandemic. The OODA Loop site, operated by OODA LLC founders Matt Devost and Bob Gourley, has become daily reading for me.

Lately, I’ve been taking this to the meta-personal level, trying to apply it to how I conduct myself daily and keep steady as a guy living in uncertain times with a mind sometimes hobbled by OCD, anxiety and depression.

I’m not sure if this is even a logical path. I’m hoping my friends in the OODA Loop realm will have comments about it after reading.

I’m using it against the raw power of the depressive and anxious effects of the current lockdown, which has fueled the potentially destructive side of my OCD and threatened to cripple me within the mental battlefield.

Observe: Since early January, I’ve kept a daily eye on the infection, recovery and death rates, as well as geographic spread. I’ve opted for emotionless data points from the likes of Worldometers. As the data has painted a picture of trajectory, my feelings have ranged from disbelief and denial to fear and uncertainty. Along with the useful data points are myriad articles that make predictions based on information that varies widely in levels of emotion and accuracy. This makes useful observation tricky.

Orient: By late February, as the data points showed a clearer picture of what by then was, to me, an inevitable pandemic, I started to work on adapting my brain to the idea that this would be a daily reality and that I’d have to keep being my best self as the world spiraled out of control. I doubled down on my exercise and food regimen, went from an originally planned 60-pound weight loss to 75 pounds (just about there now), and started to shift my daily research efforts to anything that would help clients stay running amid lockdowns and mass working from home (WFH).

Decide: About two days before my company moved to full WFH mode, I decided to quarantine from the office, at least. I had been to the RSA Conference in San Francisco a couple weeks before and news had just arrived that a couple attendees had contracted the virus, one of whom was gravely ill (he has since recovered, thank God). I was just shy of the two-week mark of returning home but didn’t want to chance becoming a risk to co-workers. In doing so, I was making a choice to hunker down for the long haul.

Act: Since then, I’ve done my damndest to stay healthy physically and mentally. I walk each morning and take afternoon drives. I’ve strived to do my job in the best ways possible, focusing on clear, step-by-step guidance to help clients protect the platforms and tools they currently rely on as everyone works from home — VPNs, videoconferencing, messaging — and I’ve used this blog to help keep the public discourse rational and hopeful while making note of coping mechanisms for those predisposed to mental disorders. I’ve stayed connected to friends through Zoom “happy hours.” I wear a mask and gloves when I have to go out.

When the constraints of being homebound make my temper boil over (I’m ashamed to admit I yelled and angrily slammed my iPhone down one night because a restaurant left something out of our takeout order — not my finest hour when dealing with a trivial, first-world problem) I’ve sought ways to release the pressure.

I’ve always favored hard rock music but in recent weeks my choices have veered to the heaviest end of the spectrum — including battle music from different TV shows and films. Today’s mood music is one example.

And I’ve found a simple, fun way to grind out feelings of angst. Erin got me a manual coffee bean grinder for Easter and I’ve found it’s good, aggressive fun to pace around the house while grinding beans.

I guess we’re never too old to learn new coping mechanisms, especially when sanity depends upon it.

Though I’m not at all certain I’m using the OODA Loop as intended, it has at least given me another way to keep fighting. I’m grateful.

Posted on

3 Chilling Books to Help Us Face COVID-19

In my cybersecurity career, I’ve learned it’s best to prepare for any scenario, no matter how scary or improbable. The current pandemic is certainly the former and was considered the latter by many people even a few short weeks ago.

I’m no fan of needless alarm and believe fear is an inconsistent teacher. But to truly prepare for whatever may come, one must peer into uncomfortable truths. Then we can adapt and, from there, thrive.

Recently I’ve read three books that present stark, sobering scenarios and offer lessons to help us face down COVID-19.

The Great Influenza: The Story of the Deadliest Pandemic in History
by John M. Barry

This first book is all about the science and politics of a pandemic. Barry paints a terrifying picture of the 1918–1920 Spanish Flu pandemic. He digs into the history of medicine itself, explores the myriad ways governments and communities failed to take the proper steps to contain the contagion and, most importantly, explores the heroes and medical advancements that came about during and after the event.

I see us making a lot of the same mistakes amid COVID-19 — mixed messages from government officials, lack of preparedness and people who waited too long to take it seriously. But I also see us doing a lot of things better, particularly in the social distancing department.

Warnings: Finding Cassandras to Stop Catastrophes
by Richard A. Clarke  and R.P. Eddy

Warnings covers pandemics and other potentially unthinkable events involving terrorism, AI run afoul and cyber warfare.

As the authors write:

In Greek mythology Cassandra foresaw calamities, but was cursed by the gods to be ignored. Modern-day Cassandras clearly predicted the disasters of Katrina, Fukushima, the Great Recession, the rise of ISIS, and many more. Like the mythological Cassandra, they were ignored. There are others right now warning of impending disasters, but how do we know which warnings are likely to be right?

The book starts by outlining a method to separate the real Cassandras from tin-hat hyperbole. It then spotlights experts who, at the time the book was written, had warned of future disasters involving everything from artificial intelligence to bio-hacking and, yes, deadly contagions and crippling economic contractions.

None of the people in this book fit the crazy alarmist criteria. All were highly experienced in their fields with rational reputations. We ignore the Cassandras at our peril.

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age
by David E. Sanger

The Perfect Weapon covers cyber warfare, including the Stuxnet malware used to sabotage Iran’s nuclear program, North Korea’s attack against Sony over a Seth Rogan movie and Russia’s interference in the 2016 presidential election. It’s a favorite because I remember writing about these events as a journalist; now they’re part of an epic history.

Since Sanger writes for The New York Times, its review of the book is pretty self-serving. But having read the book, I find it aligns with what’s delivered:

The great value of The Perfect Weapon is less in its specific policy prescriptions than in its being the most comprehensive, readable source of information and insight about the policy quandaries that modern information technology and its destructive potential have spawned.

One thing I can tell you from my day job: Some of the bad guys outlined in this book are currently taking advantage of COVID-19 — targeting the VPNs, videoconferencing platforms like Zoom and messaging applications companies now rely on.

Business leaders can ground themselves in facts to steer their companies with using the publicly available content my company has been producing on the subject.

Posted on

Zoom: Security Problem or Social Lifeline?

One thing I’ve learned from a career in the information security industry is that any big global event has security implications — elections, hurricanes, earthquakes, matters of war and peace, you name it.

The dots that connect infosec to COVID-19 were apparent from the beginning. I saw the virus becoming the main preoccupation among attendees at the RSA Conference — the last in-person event I attended before all hell broke loose.

Since then, it’s been the main concern among clients my company serves. (It bears repeating that I’m grateful to be doing work that matters during this crisis.)

As we all hunker down and work from home, videoconferencing has become a front-and-center security challenge. Malicious hackers have set their sights on these platforms to cause disruption and steal our personal data.

Amid this, Zoom has become the poster child for the technology’s security holes. Zoom CEO Eric Yuan has addressed the problems — vulnerabilities that enable such things as “Zoombombing,” when intruders hijack video calls and post hate speech and pornography.

“‘If we mess up again, it’s done,’ I thought a lot last night,” he told The Wall Street Journal.

There has been a rising chorus of security professionals warning people not to use Zoom, especially for business meetings. There are many other, more secure options for videoconferencing, they say. There’s some validity in that. I’ve also seen reports of similar security holes in other video platforms. That’s a vulnerability management issue corporate security teams must stay on top of.

But for the larger population, I don’t see Zoom going away, nor should it. Yuan is right — his company needs to get a handle on this. But there will never be 100 percent security. There never is with anything.

I also don’t believe the security challenges should diminish our gratitude for what has become a critical lifeline during the pandemic.

Personally, Zoom has allowed me to stay connected to friends, family and industry peers. Without it, I can’t say for certain that I’d be managing my emotions as well as I have. I’ve even made new connections that I’ll be learning from long after this crisis passes.

I suspect many of you could say the same.

My takeaway: Keep using Zoom. Just be mindful of the security risks and take the necessary precautions. Some people I collaborate with in my day job have offered some useful advice.

It’s also worth noting that some of the smartest security minds on Earth continue to use Zoom for things like virtual happy hours. If they still feel safe using it, so do I.

I’ll end with some perspective from my friend Dave Kennedy, founder of Binary Defense and TrustedSec, along with Amit Serper, VP of security strategy and principal security researcher at Cybereason, and Russ Handorf, Ph.D., principal threat intelligence hacker at White Ops.

Together they have written about concrete security steps all users can take. I recommend you read it all. As they note in the article:

The Internet, and especially infosec twitter is full of hot takes and attempts to generate sensational headlines and alarmist news items. It’s important to remember that “not all that glitters is gold”. Vulnerabilities exist in many programs and no piece of code is immune to such issues. Not every vulnerability or exposure is critical and creates an unmitigated or dangerous risk. Knowing what your threat is and applying careful thought to threat modeling is a crucial part of understanding the problem and determining its true effects.

Posted on

Day 23: How I Try to Stay Sane

It has now been three solid weeks since I’ve been in my office. I miss:

  • Leaving the house every day to go somewhere before dawn
  • Walking Boston’s North End, wharves, markets and common
  • Having face-to-face interaction with colleagues

But I’m fighting the good fight. Here are some things getting me through the doldrums.

Mood Music (in memory of Adam Schlesinger, dead of COVID-19):

  • Keeping my health program going, maintaining weight loss and taking daily walks around the neighborhood and wooded hills behind our house.
  • Drinking lots of coffee to stay alert (the house is well stocked with my beloved Death Wish blend).
  • Reading print and audio books. In a possibly ill-advised move, I spent a free Audible credit on John Barry’s The Great Influenza. I’m trying to learn ways forward by studying our history.
  • Taking naps, which has become an important tool for breaking up the days, which can get intense between work and the claustrophobic feelings that come with distancing.
  • Keeping in touch with friends via video hangouts, including last weekend’s session with these nutjobs:
  • Being with my family. Though we frequently drive each other crazy, I’m grateful to be together with Erin and the kids and am amazed at how the boys have been able to keep up with their classwork by video.
  • Streaming services like Netflix, Amazon Prime and BritBox have been a godsend. We’re watching a lot of Star Trek, Battlestar Gallactica, Call the Midwife and Midsommer Murders.
  • Sleeping more. Though I continue to be an early riser, I’m taking advantage of the lack of commute to sleep an extra hour each night.

What are you doing to stave off the crazies?

Posted on

3 Thoughts for 30 Days

The past three weeks have been surreal, like existing inside Salvadore Dali’s “The Persistence of Memory” painting. If the U.S. government’s plan holds, we’ll live in this world for another 30 days at least.

How do we get through it?

I have three thoughts on that.

Mood Music:

1. Leave Predictions to the Experts

Peruse Facebook and you’ll see a lot of people clutching straws, slicing and dicing numbers for signs that the COVID-19 death rate will be low, and sharing charts that predict when cases will peak and drop. I’ve done it, too. It’s not helpful.

All we can control is the present. All we can do is be there for family and friends, get some exercise and do our work (if we can). To do that, we have to…

2. Accept Reality and Adapt

The government estimates that 100,000–240,000 people will die. The lower number happens only if we do everything perfectly, but either way there will be many deaths. We don’t know who will die. We don’t know how long we’ll shelter in place. If we fixate on how unreal all this seems, our despair will build.

My approach is admittedly fatalistic on the surface: I’m just assuming we’ll be in this fight for a long time. I take nothing for granted — my job, my health, my ability to avoid episodes of depression. Losing ground in these areas is all within the realm of possibility.

That sounds bleak, but there is a positive: By accepting that things are and will remain bad for some time and that anything can happen, I can adapt and focus on what’s in front of me — and what’s in front of me is pretty good.

In the face of the current crisis, we are already seeing humanity’s ability to adapt: we’re keeping business and learning running remotely, repurposing plant operations to churn out medical gear and moving from lost hospitality jobs to those that are in demand — grocery stores and medical facilities, for example.

To adapt is to survive and thrive.

3. Learn from History

This is the craziest thing many of us have experienced in our lifetimes, and the memes telling us that we have it easy — that all we have to do is sit on the couch and watch TV — ring hollow. We have to keep our families, jobs and finances going, after all. But there are shreds of truth in those memes, particularly on two points:

  • Our parents and grandparents lived through The Great Depression and WWII. They emerged stronger.
  • People survived the Spanish Flu a hundred years ago, at a time when there were no antibiotics, no 24-hour news to keep us informed and none of the comforts we take for granted today.

History gives us perspective. In fact, we’re already drawing on what our elders did to get through the present.

As we stock our pantries with enough food to last a few months, it’s hard not to think about our grandparents and how they struggled to keep well stocked.

It’s hard to look around us and not think of black-and-white images from the Spanish Flu — people in masks, keeping their distance.

This will only get harder as the weeks pass. We’re going to hear a lot of bad news along the way.

What we do now can make us stronger and heal some older societal wounds. Call me a naive optimist, but I believe it because I’m a history buff who has studied the past.

I’ll end with this wisdom from CNBC’s Ron Insana:

It seems extremely important to remember that there are things that are truly unprecedented and new and those that are, however tragically, new to us.

Yes, of course, there are elements of this tragedy, now playing out, that are truly unprecedented. The speed of the economic shutdown, the emptiness of major cities and a few other realities with which we must come to terms.

Other aspects are just new to us. The 1918 flu required “social distancing”…. 

For our parents, or grandparents, World War II, by itself, raged on for four long years.

We haven’t yet sat still for four weeks.

We’re being asked to sit on a couch and watch TV. Come on America. We got this.

Posted on

5 Positive COVID-19 Developments

Today, five news items to boost hope out there.

The Coronavirus Is Mutating Relatively Slowly

Some viruses, like flu, change quickly, making them harder to prevent through vaccines. So far, though, the coronavirus seems to be picking up only about two mutations each month. Flu makes changes about two or three times faster. This bodes well for efforts to make a vaccine that will be effective.

NPR

Coronavirus Slowdown in Seattle Suggests Restrictions Are Working

The coronavirus first appeared in the United States in the Seattle area and claimed 37 of its first 50 victims. But Seattle’s strict containment strategies, which put in place almost immediately, are having an effect. “Hospitals have so far not been overwhelmed. And preliminary statistical models provided to public officials in Washington State suggest that the spread of the virus has slowed in the Seattle area in recent days,” the New York Times reported.

NYT

Some Insurers Waive Patients’ Share Of Costs For COVID-19 Treatment

According to NPR, “insurers Cigna and Humana announced Monday that they would waive consumer costs associated with COVID-19 treatment. Last week, CVS Health announced a more limited change — that Aetna would waive costs to patients for hospital admissions related to the coronavirus.”

NPR

In Under a Week, Formula One Created a Breathing Aid That Can Help Keep Coronavirus Patients Out of ICU

University College London and Mercedes F1 have made a breathing aid for coronavirus patients that sends oxygen to the lungs, reducing the need for a ventilator. It was created in less than a week, and 40 of them have already been delivered to several London hospitals. Other companies, including Rolls-Royce, BAE systems and Ford, have pledged to produce ventilators for the UK’s NHS.

BBC

Wuhan Partly Reopens After Lockdown

“The city in China where the coronavirus pandemic began, Wuhan, has partially re-opened after more than two months of isolation,” said the BBC.

“Crowds of passengers were pictured arriving at Wuhan train station on Saturday.

“People are being allowed to enter but not leave, according to reports.

“Wuhan, the capital of Hubei province, saw more than 50,000 coronavirus cases. At least 3,000 people in Hubei died from the disease.

“But numbers have fallen dramatically, according to China’s figures.”

I’ll post more stories like these as I find them.

BBC
Posted on

A Useful Bout of Depression

This weekend the depression finally arrived. Given the scale of the crisis we’re all traveling through, I’m surprised it took this long. But it may have been exactly what I needed.

Mood Music:

Depression is often thought of as varying levels of sadness and feelings of emptiness. Those are certainly real and I’ve experienced it all. But what I went through this weekend wasn’t in that range. This was the tired variety of depression.

I’ve described this before as “happy depression” — your sense of purpose is intact and you remain fully aware of the good things around you. But you’re exhausted from the fight and a cloud descends over the mind.

In a weird way, I’ve come to see this type of depression as a defense mechanism, forcing me into low-power mode to recharge for the longer fight ahead.

That defense mechanism kicked in yesterday. I dozed a lot and watched a lot of TV. I allowed myself a few extra calories but remained within my Noom calorie budget. Overnight I slept harder than usual.

Now it’s Monday and I’m expecting another intense work week. The sky is overcast, which always dampens my spirits. Using the 5-stage depression scale I devised a few years ago by ripping off the 5 Stages of Grief, I figure I’m at 5 (acceptance), though I don’t know if I really experienced 1–4. It’s possible I have and it was mild enough in intensity that I didn’t notice.

I’m grateful that this is only a happy depression and not the crippling, empty variety of depression. I’m going to use my tools and try hard to keep it that way.

One impossible day at a time.

Posted on

When the Best OCD Management Tools Fail (and What to Do About It)

Admission: Despite all the training and tools I’ve accumulated to manage clinical OCD over the years, the demons still run over me in spectacular ways on occasion. Yesterday was one of those days.

Mood Music:

Things I’ve learned about OCD management:

  • Practice mindfulness through meditation
  • Push back thought distortions — the kind associated with something like impostor syndrome.
  • Take walks
  • Prayer (as part of that first one)

Sometimes, though, my passions run so hot that I flat-out forget to pick up those tools.

In recent weeks, my work has involved producing a lot of written guidance for businesses trying to maintain security as workforces go remote. I’ve taken the task close to heart because it’s one small way I can do my part to get society through this, aside from the physical distancing. Also: It’s my job.

But when my OCD runs hot, my patience grows threadbare. I want to get content out quickly. It’s the old newsman in me. Which can be at odds with another truth: When dealing with technological guidance, the more painfully rigorous the process, the better.

Yesterday, I realized that my obsessive-compulsive nature was trying to circumvent that process, and I suspect it made life difficult for a couple of my colleagues. To them, I apologize.

The good news: I caught myself, with gentle pushback from a couple people. Now I’m going to step back a little today and pick those tools back up.

This isn’t meant as a public self-flaying exercise. It’s a message for everyone working through these times with OCD, anxiety, depression and other mental disorders:

  • You’re not alone.
  • You’re not stupid or weak.
  • Health management of any kind is a titanic task in times like these.
  • Yes, past generations have weathered trying times (The Great Depression and WWII come to mind), but individuals who did great things along the way still failed from time to time.
  • Beating ourselves up — something I excel at — is worse than useless.

When we have bad moments, let’s take a breath, step back, dust off and get back to work.

That’s what I’m going to do.

But first, a nap. That’s a good OCD management tool, too.

Posted on

COVID-19 Gratitude 3: Seeing My InfoSec Friends Fight the Bad Guys

The pandemic has kept me and a lot of friends in the information security industry busy, as attackers try to cash in on the hysteria over COVID-19. Watching friends in the industry come together to do their part has been a powerful shot in the arm for me.

We are truly in this together.

Mood Music:

A couple quick examples.

The COVID-19 CTI League, for cyber threat intelligence. This group spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft and Amazon:

One of four initial managers of the effort, Marc Rogers, said the top priority would be working to combat hacks against medical facilities and other frontline responders to the pandemic. It is already working on hacks of health organizations.

Also key is the defense of communication networks and services that have become essential as more people work from home, said Rogers, head of security at the long-running hacking conference Def Con and a vice president at security company Okta Inc.

—Joseph Menn, writing for Reuters

Cyber Volunteers 19 (CV19). This group formed specifically to target threats to healthcare facilities:

Cybercriminals are doing all they can to exploit the fear and confusion that the COVID-19 pandemic has brought with it. This exploitation does not stop at the hospital, medical facility, or healthcare service entrance. Staying on top of their cybersecurity game might not be the highest priority within those organizations right now, but it is nonetheless vital. It only takes one successful ransomware attack to have a life and death impact on patient care potentially….

One newly formed group of information security professionals, including company CISOs, penetration testers, security researchers, and more, have vowed to do all they can to help provide cybersecurity support to healthcare services across the U.K. and Europe.

—Davey Winder, writing for Forbes

These efforts are additional examples of how the current crisis has brought out the best in humanity.

When my spirits dim and waves of anxiety wash over me in these difficult days, seeing things like this give me the strength to keep showing up.

Rock on, friends.

Posted on

Those Walls Closing In? You’re Not Crazy

For all my writing about being positive, throwing myself into work and taking care of myself, I’d be lying if I told you I had it together all day, every day. Being stuck inside — even when breaking it up with walks and hikes — is taking a toll. And we’re only a couple weeks into this.

Mood Music:

The last three days I’ve experienced frequent waves of crankiness. I get more impatient with my family, scowl whenever blue skies give way to overcast ones and feel like my skeleton is trying to rip itself out from beneath skin that doesn’t seem to fit quite right.

The waves pass and then I’m fine, but it makes me wonder what I’ll be like after another two, three or five weeks of this.

I’m not depressed. Depression is unmistakable to me, removing most of my motivation and filling my skull with fog that leaves me unable to connect the dots. Instead I remain focused and driven. That’s despite being on a much lower dosage of antidepressants than I’ve had in years.

No, in a world that’s now anything but normal, I think what I’m feeling is … normal.

I mention this because some of you may also feel the walls closing in. Surely some of you are feeling grim. All the Facebook memes about how our grandparents suffered worse in the Great Depression and WWII won’t change what we feel.

And that’s OK. When the unease overtakes you, allow it. Then keep showing up — for family and friends, for work, for community.

Even if much of that has to be on a video screen or chat window for now.