Posted on

Thought I Was a Security Rockstar. Was Just Stupid

In pretty much every industry of late, people of great talent, drive and achievement are being labeled rock stars. I certainly see it as I work in the information security industry.

Those who get the label tend to deserve it. But there’s a dangerous side-effect: The term rock star can bloat the egos of those it’s bestowed upon. It leads to big heads and bad attitudes. I’ve watched many handle it with humble grace. And I’ve watched a few fall into the trap.

Exhibit A: me.

Mood music:

As a security journalist who posted new content almost daily, I got a lot of praise and, yes, some called me a rock star. This snowballed when I started The OCD Diaries.

I found myself on more than one “security influencers to follow” list. People kept praising me for my supposed raw honesty. So I did what any good addict does: I drank it up, tied all my self worth into it and started to believe it all.

Don’t get me wrong. I think I’ve accomplished a lot of good stuff, and I’ve certainly been lucky in my career. But a rock star? Looking back on it now, I don’t think so.

I believed it when people told me, though. My head grew larger, while my brain went stale. I stopped trying. I truly believed I could pull off anything with little effort.

Of course, the real world doesn’t work that way.

I eventually found myself growing snobby, moldy and stagnant. Somewhere along the way as I bought into my own hype, I started to fail.

I lapsed into old habits. I began dialing in my work. The praise became chains, weighing me down like Scrooge’s old business partner in A Christmas Carol.

Sometime last fall, I went from being a rock star to the office jerk. It left me off balance and in a depression that deepened over the winter. I started to worry about being found out as an impostor. Worse, I found myself losing my usefulness.

Since then, I’ve been working hard to return to my roots. I feel like I’m starting to make real progress, but I still have a ways to go.

As for those in my industry who remain honest and humble, I aspire to be more like them. And I don’t fault those who are kind enough to put the rock star mantle on others. I simply see as lessons for all of us:

Never stop working your asses off.
Never stop seeking truth.
Don’t be like me — not too much, anyway.

 

 

Posted on

Schooled By a 14-Year-Old on Good (and Bad) Passwords

This is about an information security practitioner getting schooled by a 14-year-old about something as basic as an iPhone PIN number.

Mood music:

https://youtu.be/Lj3bCXViNNM

Since I work in information security, family expects me to be THE expert. And sometimes I ask for trouble when I try to teach people a lesson — like grabbing phones and writing on the owners’ Facebook walls to demonstrate the value of having a security PIN on the phone.

One day my oldest son decided to give me a taste of my own medicine.

He had been watching me punch in my PIN for some time, and when the opportunity arose, he grabbed my phone, correctly entered the PIN and wrote on my Facebook wall.

“You should be ashamed of yourself,” my son said. “You’re Mr. Security in the family, but you let yourself get hacked by someone who can’t even drive a car.”

Fair enough.

The lesson: No matter how much experience you have in security, you’re still an easy target if you get lazy. In my case, I was lazy about regularly changing my PIN.

I don’t think he’ll guess what it is now. But I’ll change it again soon, just to be safe.

iPhone-passcode

Posted on

This #BSidesLV 2015 Panel Captures How I Feel

While I was away on vacation last week, some of my good friends in the InfoSec community did this panel at BSidesLV 2015. They discussed the importance of doing over talking, and captured the problem of trash talking in the community more eloquently than I have up to this point. The problems they touched upon are some of the things I found in myself when I wrote this post about the “InfoSec Rock Star” complex.

Please watch the whole thing:

Thanks, friends.

t-shirt