ThreatNG Two Way Tuesdays

Welcome to ThreatNG's new branded entertainment initiative, “Two-Way Tuesdays”, where we tell original narratives based on the lives of those in the Tech and Cybersecurity industries.

To bring these stories to life, we are asking our audience to provide personal profiles that will provide the insights that will fuel these narratives. To date, we have received many inputs. As you can imagine, we want dozens upon dozens more to help bring life to this new program.

Check out our profile participants below!

If you would like to be a part of future narratives, please answer the questions in the form provided below. THANK YOU!

Threat NG Staff Threat NG Staff

MEANING … WHAT? Episode 3: “The Strangest Secret”

What’s the last new thing you learned how to do? I mean really learned how to do and do well.

She does not turn to him. She remains blank faced towards her drink.

C’mon. Tell me something interesting you couldn’t do, like, three years ago.

No comment, she says to herself, still reeling from her previous reveal.

He tries one more time to bring her back.

Ok, I’ll go first. For me, it’s playing the piano. Actually, cocktail party playing. I mean I can put a few keys together and pretend like I can really play. The key, so to speak, for me is to use numbers instead of keynotes on the piano. In other words, you put 1 at the G key and continue on to label each subsequent key with a number until you get to 8 and you can play almost anything. At least in pop music.

The first stringI learned was Linkin Park’s “In the End”. That’s simple. The opening at least. It goes like this.

He taps the bartop as if on a keyboard, humming along as he “plays”.

1 44 3 222 231

44 3 222 231

44 3 222 231

44 3 22 44 5

My go-to these days is “Right Here Waiting for You”. He sings along this time

“Wherever you go. Whatever you do. I’ll be right there waiting for you.”

88765

55676

445 6 5 4 3 21

I actually gotta be a little careful with that one. I’ve had a couple of wives’ clubs swoon a bit on that one. And you know, their dudes can get a little jealous, especially if it’s one of those cocktail parties for my wife and her co-workers where I don’t really know anyone.

My show stopper, however, is “Hallelujah”. It’s …

… he stops upon seeing her motionless, reactionless, still fixated on her glass.

He thinks of putting his arms around her. He thinks of telling her that it’s going to be ok. But he doesn’t want to be ingenuine. He has no idea if there is any truth to that.

How do you tell your husband of 20+ years that you were sexually abused at 12 years old? Even if your marriage was stronger than ever, that kind of news can shake your very foundations. You would have to have every conversation you ever had over again, he thinks to himself.

Not knowing what else to do, he takes out his wallet. He tries to get the attention of the bartender to ask for the check.

I took care of it, she says before finishing her drink.

Excuse me, he asks politely.

She takes her hotel key card and puts it in her purse and then stands. She looks to the mirror behind the bar and straightens the lines of her pantsuit. She then walks towards the exit.

He remains in his barstool. Stunted. He figured the night was about to end, but he didn’t expect such an abrupt ending.

She stops at the end of the bar.

You coming?

He fumbles as he gets up. He turns to his chair to see if he dropped anything. He pats his pockets. He feels his phone and his wallet.

He sees her start to walk away again. He quickly catches up to her.

Where are we going?

I have no idea where I’m going, she says with certain truth.

Looks like we’re heading in the same direction, he replies with a smile and a hope that that line could help ease the tension swirling about them. He opens the exit door for her.

Her hardened facade finally eases a bit. She allows herself to smile back as she walks through the door and onto the street. He quickly catches up again, now side by side with her as they walk aimlessly down the street.

You still want to know what I learned?

Excuse me, he asks politely like before.

Your question earlier about something I learned recently.

Oh right. Yeah sure. What’s that?

I learned “We become what we think about."

He runs his hand through his hair, not sure how to react to that one.

That’s a little deeper than …

54324

4 54324

She smiles back.

That may be deeper than Richard Marx, but it’s certainly not more complex than Leonard Cohen and … what was that last one?

“Fragil” by Yahritza y Su Esencia.

Well, well, she says impressed. I don’t know exactly what your motive was in learning how to play the piano, but you thought it into existence. You believed it into existence. Good for you.

I actually tiktok’ed into existence.

She laughs.

Thanks for staying out with me, she says as she grabs his arm and wraps hers about his. I really needed this.

He places his hand warmly over hers to secure her close, telling her, likewise, without having to say the word.

They walk arm and arm in silence for a few –

– she suddenly stops them and detaches herself.

Ok, listen. This is the last thing I am going to say about my husband. But first, you have to tell me something about your wife.

His face turns into a question mark.

You have to tell me something beautiful about your wife. Something that’ll make me think twice about … she motions to their arm and arm walk just now … that. Doing that again.

His face remains –

– tell me something about your wife. It shouldn’t be that –

– she put pepper in her ketchup on our first date.

It is her face’s turn to morph into a question mark.

She then smiles as she realizes this is exactly what she asked for.

What did you take her to McDonald’s?

No, he says, smiling back.

We grew up in Jersey. We were down the shore. On the boardwalk. We stopped to share a plate of fries.

Look at you going all out.

He smirks at her sarcasm, then continues, She moved our fries aside with her spork, then she grabbed a packet of pepper. She shook it to move the grains to the back (he motions the act) Then she opened the packet.

He is happy to see her enjoying his story.

Before she poured the contents onto the ketchup, she looked up and smiled at me. Just like you are now.

She grabs his hand and walks him into the lobby of the adjacent high-end hotel.

Uh, what’s happening, he asks.

She doesn’t answer. She does continue to lead them through the elaborately decorative lobby and onto the elevator tower.

Where are we?

She continues to ignore him, taking out her hotel key card and waving it over a keypad near the center elevators. She then presses a button.

“3” dings in an overhead screen. The corner elevator “3” arrives quickly. She ushers them inside it.

Once the door closes, she finally speaks, “Success is the progressive realization of a worthy ideal.”

He tries not to show it, but he is more than a little dizzy from the last few whirlwind moments.

Excuse … He decides to skip asking politely this time and asks abruptly, What?!?!

My husband, the CEO, he said that earlier today during your cybersecurity conference. He also said that 10 years ago he was a bartender and now he leads a multinational that successfully brings together teams to accomplish the mission of rolling out endpoint protection to thousands of computers across dozens of Fortune 500s.

This explanation does nothing to unlock his face’s WTH mode.

None of that is true. That’s the thing. That’s the goddam thing. I’ve been holding back this secret of my fucked up childhood while he has been spewing out these lies day to day to day.

The elevator continues to rise. Though now in stilted silence.

He looks at her hand. The one with the hotel key. Then he looks at her.

The elevator doors ding! When they open, he breathes a sigh of relief upon seeing that they have arrived at her hotel’s high rise bar. He was afraid she was leading them to her room.

She walks into the bar. He gladly follows this time, desperate for a drink. That is until she stops them again.

That’s the last thing I am going to tell you about my husband. And that’s the last thing you are going to tell me about your wife.

She waves her hotel key in the air. Chekhov’s Gun, they have nicknamed it.

You go over there by the piano. Actually sit on the piano player’s bench and get ready to play me something while I go get us some drinks.

He finds himself following her orders. Not sure where this night is going to go next.

He sits at the piano and looks about. There are a few more patrons here than there were at his hotel lobby bar. But not much more. The dozen or so are all coupled up like his bar was.

He next looks at the piano keys. Unsure at first what to play.

He thinks of his go to, but instead he begins to play “Hallelujah”, which relaxes him.

356 6 653 3

356 6 653

431 11

She comes over and kisses him on the cheek as she places their Old Fashions on the stand next to the piano.

Not that one, sweetie. The other one.

To this request, he smiles. He follows her lead once more and begins to play “Fragil”.

54324

4 54324

43213

3 43213

She slides close to him and leans her head onto his shoulder. They begin to sing together, now beginning a brand new night together.

Perdón

Es que no sé la razón

Y metí el corazón

En donde no debía

No vi la señal de que iba en contravía

Fui yo

El que se ilusionó

Y aunque no funcionó

Yo te entregué mi vida

No me pidas disculpas, que la culpa es mía


Read More
Threat NG Staff Threat NG Staff

MEANING … WHAT? Episode 2: “Nothing Compares 2 Her”

It’s late at the hotel bar. Late, but not too late. There are still a dozen or so other patrons about the purple hazed decor, all broken off into pairs.

Shawn Mendes’s version of “Can’t Take My Eyes Off of You” wraps, followed by Prince’s version of “Nothing Compares 2 You”.

 You know when you're behind a slow driver and you pull over slightly to the right to let all the road-ragers behind you know it's not you? It's kinda like that.

She smiles, which surprises him. He is surprised because he usually gets a good laugh out of that analogy. Instead, she gives him one of those forced, pressed lipped kinds of smiles.

I’m sorry, I was … this music … this song. I sometimes –

– no, I’m sorry. I’m rambling. I sometimes –

– I don't drive much is all, she says to save face. She further adds, Not at all actually. 

Big city girl, huh?

Refocused, she playfully waves her hotel key card at him.

Put that Chekhov down, he demands in playful return.

To this, she laughs.

So people complain to you all day?

Everywhere I go.

He takes a sip of his Old Fashion.

They say they want access, but the real issue is permission. What they are allowed to see and do and what they’re NOT allowed to see and do.

He takes another sip to put himself on pause. He wonders if he should keep the rest of his diatribe to himself, especially since they agreed not to talk about work. I’ve been holding this in for too long, he thinks to himself, justifying the blurt ahead,

We live in such success excess in the United States. So much so that the average American is shocked these days when you tell them they are not allowed to see this. That they are not allowed to do that. Even if such access restriction is best for all parties involved, including themselves.

She thinks of holding her hotel key card up again -- "Chekhov's Gun" as they've nicknamed her personal access device. Her hotel key card is supposed to be a red flag to be held up when one of them is telling a story that is beyond the personal upon which they promised to focus. 

She decides to keep her key card on the bar. This idea of permissions has always intrigued her for reasons never clear to her in the past.

What I’m trying to say is that 99 times out of 100, and that’s probably sugarcoating it, I do what I'm told. Exactly what I’m told. I codify the lists of data. I categorize permissions.

Most of my day is filled with Linux commanding -rw-r--r-- or drwx-r-xr-x. This gives the Brooks Brothers access to the financial quarterlies and the Mac Air Pros access to the sales figures by target audience. My coding limits the C Suites to Incident Summary Reports and other topline one-pagers. Most of the upper echelon like these limitations. They just want their news in bullet point form.

Of course, on occasion, the newly promoted stomp into my office and demand access to the backup data that support these incident reports. As if they can Batman on their own what Jokers in the company are poised to fall for the latest phishing scam.

She smiles. More genuinely it seems this time. 

That’s when you slide to the right to let them know it’s not you. You explain to them that it’s the car in front of you that decides who gets what permission.

He smiles back, relieved to know that she did enjoy his earlier analogy.

Exactly, he confirms.

You operate on the principle of least privilege, right?

Her question is more of a statement.

You're familiar with the concept?

I've been familiarizing myself.

Wait a minute. Are you here for the Infosec World Conference? That's what I'm --

– he cuts himself off. Instead of continuing with that line of questioning, he finishes his drink. This time he honors their earlier agreement not to get too personal, not to talk about their jobs.

I’m sorry about asking about your work.

She shakes her head in a “no need to apologize” fashion. At the same time, she slides her two fingers off her hotel key card. She looks up to their bartender and raises the same two fingers, politely signaling for more Old Fashions.

Sinead O’Connor’s version of “All Apologies” comes on next.

She finds herself swept up in the music once more. She shakes her head once more. This time to herself. This time to snap herself back into the moment before drifting too far away. Though to do so, she proffers the following without the help of a transition sentence,

I can’t believe they never got along,

His face turns into a question mark.

Say again?

She points to the abstract musical notes about them.

Sinead O’Connor and Prince. They shared a song. A beautiful song. That previous song.

Her mind’s eye sees one of her favorite set of lyrics scroll across,

 “All the flowers that you planted Mama/

In the backyard/

All died when you went away.”

I read somewhere that Sinead O’Connor’s mother kicked her out of the house when she was 12 years old and forced her daughter to live in the backyard by herself for over two weeks.

He is still a bit jarred by the abrupt change in topic, unable yet to contribute to this new topic.

She notices and continues, Sinead O’Connor and Prince connected in a way few of us will ever understand. His layered lyrics, her emotional immediacies. And yet they never came around. They never got along. Those two beautiful, once-in-a-lifetime generational artists could not get past …

… just as quick as she switched topics, she suddenly trails off.

All caught up now, he reengages,

He was probably hurt that she never really asked him to use his song. From what I recall, she kinda just covered “Nothing Compares 2 U” and ran away with it.  

You mean he was pissed she never asked him for permission?

She gives him a wry smile just as their drinks arrive.

I get it. It’s got to be surprising to hear your song sung by someone you didn’t expect would ever sing it. And then seeing the song getting the overwhelming reception that it did.

She takes a welcomed sip before elaborating.

But as an artist, as one of the true elevated artists of our time, he had to know deep inside that she gave that song the kind of life he would’ve loved to give himself.

He stops mid-sip, excited to contribute some more.

This makes me think of the “Tesseract”. The version as explained in the novel of the same name by Alex Garland, another one of those generational talents if you ask me. He explained the phenomenon of the Tesseract in that the 1st dimension can’t fathom what it’s like in the 2nd dimension, who in turn can’t comprehend WTF the 3rd dimension is all about.

He fears he is rambling once more. He hopes she is following.

Then there are the two of us. Well, me at least. I, and many like me, cannot fathom what it’s like to live in the world of these elevated artists. We can’t fathom what it’s like to make the kind of art they create. They are like the 4th dimension to me.

To me too, she assures.

He smiles, glad that she is with him.

Maybe, just maybe, Prince heard her version of “Nothing Compares 2 U” and was taken aback. Like we are taken aback when we hear “Purple Rain” or “Manic Monday” or even “Batdance”.  Maybe Sinead O’Connor’s version of his song was his 4th dimension. Something he never thought was possible. The song’s impact, Sinead’s impact … maybe they were impossible for even him to comprehend. Maybe she was his Tesseract and it shook him.

She raises her glass.

Mabuhay, she says as they toast.

Long life, he interprets like before.

That makes sense. A lot of sense as to why they didn’t get along in the beginning. In the 90’s. What doesn’t make sense is why they could never make peace with each other. Beyond their music, they were so much alike. Their parents were so horrible to …

… she trails off again like a sudden end to side one of the album, not sure why she is stilting so.

He picks up on her train of thought, at least he thinks he does,

Prince’s father kicked him out of the house at 12 years old too.

Exactly, she replies, similar to the way he did earlier.

When she died, I looked up her performance at the Bob Dylan 30th anniversary tribute concert in '92. The one where the crowd tried to boo her off stage for what she did on Saturday Night Life two weeks earlier.

She barely reacts this time despite knowing full well the performance he is talking about, outside of a barely noticeable shake of her head.

He continues, I loved that she stood her ground. I loved that she told her band to stop trying to play. To stop trying to connect with that naive crowd that night. Then she sang one of the best renditions of Bob Marley's "War" I've ever heard.

She raises her glass again, though more to herself this time.

To peace, love, and understanding, she says before she drinks, before she adds, 

My husband was at that Bob Dylan tribute concert. He told me that the boo’ing wasn't about the pope pic thing. Well … correction. That wasn't the only thing the crowd had against her that night. He said they boo'ed her because she persuaded the venue to suspend its tradition of singing the National Anthem at the start of the concert.

Did your husband, was he one of those that –

– he stops himself once more, realizing the insensitivity of the question he almost asked.

She picks up on his intention and asks for him.

You want to know if my husband boo’ed Sinead O’Connor?

Before he could make up another question that he meant to ask, she gives him a Hindi'co Alum type shrug.

I don’t know. I never asked him. Did you ever … together as a husband and a wife … or maybe just on your own … you know, decide it's better if you don't talk about certain things? You ever do that with your wife? Or do that without her even knowing? 

He nods, All of the above.

She sips to try to settle herself before pushing on with her now therapeutic storyshare.

In 2022, during what turned out to be her last tour, she said that her ideal audience would be one that is open to having a spiritual, almost religious experience.

He shakes his head at the irony.

Did you know she prayed before every show? She prayed if you could believe that. After everything she went through, she still believed in God.

She prayed for a little forgiveness. To be a little better than her last performance. And for the ability to transform those who wish to be transformed ... for the ability to be like a priest in that regard of all things.

He jumps in, taking this conversation to an even heavier level,

I read that she was abused by her mother. Then she was sent to a Dublin reformatory institution where she was abused just as bad.

She nods, affirming that she read that as well.

Out of seemingly nowhere, she next confesses,

I'm not here for the conference.

He is jarred by this next sharp shift in their conversation.

Oh, no?

My husband is. He is a CISO for … well, let me just say a Fortune 500 company.

She finishes her drink. She signals to the bartender for yet another. He does the same.

I'm a lawyer.

She looks at her hotel key card. She thinks of raising a flag on herself, but ignores herself and continues.

Just last month, I left the law firm I had worked at for over 20 years to work for a think tank called Child USA. We provide free legal support for victims of childhood sexual abuse.

The Old Fashions come with haste as if the bartender knows she needs the fuel to burn past this path.

Did you know that over half of the states in our country have ridiculously antiquated laws when it comes to the area of child sex abuse? For example, the Statute of Limitations for CSA cases across half our country is five years or less.

He shakes his head "no" and then takes a long drink.

That means that victims of child sex abuse cannot take their abuser to court if they are over the age of 23 ... no matter what evidence they may have.

I had no idea. That is … I can’t even imagine.

Me neither.

It is her turn to take a long drink. She suddenly realizes the reason for her PTSD driven melancholy earlier.

Last week, a fellow Child USA lawyer named Kathryn Robb told me of a study she helped conduct, revealing that Survivors cannot come to grips with their past until about the age of 50. That's the age, on average, that victims first come forward with their truth.

She goes on to explain that the reason the Statute of Limitations is so low in most of our United States is because of the lobbyists from major national institutions such as the USOC, the Boys Scouts of America, and the Catholic Church. They are all covering up for decades of crimes.

He sees her head lower, almost drained. He tries to help.

Wasn’t Sinead O'Connor around 50 when she posted her cry for help on Facebook ... when she revealed her deep dark thoughts on committing suicide?

She starts to lift her glass, but fails to do so, as if her rocks class now weighed too much. She starts to realize the gravity of all these reveals. She starts to realize that she may not be talking about Sinead O’Connor nor about any of the other Survivors she has met in the last few weeks.

He tries to help her storytell some more, realizing that she is starting to detach once more from this moment.

I bet she was triggered by the age of her kids, which were the same age as she was when she was first abused.

An eerie silence follows.

He thinks of his own kid. He remembers the school newsletter from last semester about the dismissal of her school's Driver's Ed teacher due to "sexual misconduct". He was grateful his daughter was too young to take that class.

 He finally sees her one hand covering her other. He sees that she is trying to cover her hand that is starting to shake uncontrollably. He sees her head lowered even further to hide the welling of her eyes.

 He does not know what to do besides take another sip of his drink. Liquid courage he hopes to find.

 It works as he sees his right hand reach out to her trembling hand. He makes sure it is a gesture of permission. For permission to connect.

 She allows the touch.

 He holds her trembling hand until it stills. Then with his left hand, he lifts her head to ask for the hardest forwards of truths,

 He doesn't know, does he? About you. About you and your … parents?

He can only guess that she is around 50 like him, like Sinead O'Connor and Prince at the time of their deaths, like the age many a Survivor of Childhood Sexual Abuse when they first come forward to reveal the truth of their tragic upbringing.

Parent, she corrects in a whisper. My father.

And this is … that is one of the things you choose never to talk about with your husband. You never talked to him about your father. About how he … how he abused you. Is that right?

She does not confirm this time. But when she lets go of her hand, he knows he is 100% right.

 He suspects she is going to go for her hotel key card. For Chekhov's Gun. He doesn’t blame her. He has crossed the line for sure.

 Instead, she uses her hand to steady herself, to help her stand. She stands up and comes to him. She comes to him and hugs him.

 They hold each other tight for what seems like a concert length. In reality, it was just long enough to hear the end of “All Apologies”.  At the end of the song, a single, solitary tear escapes and rolls down her face.

Read More

MEANING … WHAT? Episode 1: “Chekhov’s Gun”

He is 43. But on clean-shaven, hair-geled, bespoke-suited days like today, especially in this purple-hued hotel lounge and bar, he could be mistaken for a late millennial.

She is 40-something as well. Sitting gently on a padded barstool. Back straight proper. Elongated. Well steadied by her pilates etched core.

She is no millennial. She is too mature, too self-confident, to be mistaken for anything but the near golden statuesque she is.

We are en medias res.

How about we not do the thing where we tell each other where we're from nor the job we hate?

I don't know. I think I'm falling in love with my new job. I mean it has brought me here.

And it has bought you your drink.

And it has bought you your drink.

Mabuhay, he says as he extends his glass.

She touches his and translates, Long life.

She notices the rub of his wedding ring, despite its subtle movement.

So tell me again, why don't you want to know where I'm from?

I dunno. It’s not a big deal. I just want to try it. Hotel bar. Meeting a stranger. I just wanna … let's try not to have the typical chit-chat.

You mean you don’t want to hear about my daughter's dating life.

Out of bounds. He smiles as he continues, As out of bounds as my wife's dating life.

Her face turns into a question mark.

Excuse me?

I'm kidding. She's lovely. My wife … I love my wife. This conversation, us … I’m not trying to … you know … any of that kind of fooling around. What I am serious about is wanting tonight to be selfish.

She starts writing on a napkin that is next to her hotel key.

Lets just talk about us … like we used to when we first started on our journeys. Not about the stuff that wears us all down. I don’t want to talk about leaky water heaters, helicopter parents, or the price of education these days or even kids these days. You know what I mean? I’d just love to talk about stuff that …

He rubs his ring again, trailing off as he awaits her reaction in this follow up moment of uncomfortable silence.

After a few more beats, she finally responds with, We'll need a safe word.

Excuse me?

Or something that signals that the question or topic on the table is "out of bounds" like you say. She smiles as she continues, Or we are being too personal.

She thinks of rubbing her own ring this time, but decides it best not to. She finishes her drink instead.

A little surprised he was trailing her, he finishes his and raises his hand towards the bartender, trying his best not to show his excitement.

Two more please, he requests the bartender.

The bartender looks to her for approval.

She politely corrects, Can you make mine a Black Barrel?

The bartender nods knowingly. Neat?

She nods back.

He looks over her napkin.

Is that Checkov's Gun? Did you just write Anton Chekhov's Gun?

I’m glad you know the reference.

So if any of us ask an improper backstory question -

- or ask something too personal ...

... or ask anything too personal, we say, "Chekhov's Gun"?

She politely corrects him as she picks up her hotel key. This is Checkov's Gun.

She waves it at him.

Think of it as a flag.

He thinks of telling her that he does not have a physical key. That he has a loyalty club bar code connected with his hotel app. But he stops himself.

Their drinks arrive. They raise their glasses. Their eyes connect as they take their sips.

She is the first to disconnect. For a second, she hovers her glass over her napkin, over her meanderings written before he unexpectedly sat beside her.

She then places her glass down, placed perfectly over their safe word.

So where do we begin?

Read More

I AM NOT A BOT Episode 8: “WannaCry”

Alpha. I don’t know how to end this.

Another quote sounds like a 1/3 idea. Like you AI’ed me this morning, dad, If you do not change direction, you may end up where you are heading.

How about one more quiz question?

This cryptoworm was the biggest ransomware attack in history. It spread within days to more than 250,000 systems in 150 countries, including Russia, Ukraine, India, and Taiwan. Nissan Motors, FedEx, China National Petroleum, Renault SA, Deutsche Bahn, Hitachi, Sberbank of Russia, Yancheng police department in China, and the Russian Interior Ministry were all victims.

I pause my video recording. I think of hitting delete, but I stop myself from that extreme.

I look at your diary one last time.  I try to picture your younger self. I fail. My head is filled with more recent memories of you.

Three years ago, a cholecystectomy.

Six months later, mild cognitive impairment (MCI).

That Thanksgiving, with all of us visiting AZ for the first time. You didn’t cook. You couldn’t cook and you loved to cook.

That Monday, after we all left, Mom lost you at the mall.

Six months later, you crashed your car during a rare rainstorm in the desert. It turned out it wasn’t the rain. You passed out before you hit the highway divide.

You survived the crash. At least you did until –

-- I close my eyes to hold the tears. It works. I hit the red button.

Dad, I learned something recently that you would like. It is the Japanese learning principle of Kaizen, or the idea of continuous self-improvement. Essential to Kaizen’s success is a long-term commitment to consistent, incremental improvements that accumulate over a lifetime to create the highest quality of good.

I think of stopping the recording again like I’ve done all morning. But I stop myself from stopping myself.

I’m recording this time of my life just like you recorded your same time so many years ago. I was hoping you would be able to see it … to hear it … to know that I have changed directions. That I finally changed directions. 

The thing is I don’t know if I can make it in this new world, dad. I’ve talked to alumni of this program three, six months ahead. So many of them are back doing what they were doing before taking this class. Back to being real estate agents, sales … bartenders.

There seems to be no such thing as entry-level Cybersecurity jobs. Every zero day opportunity I’ve come across requires multiple years of experience. How that makes sense is one of the biggest unknown unknowns. 

I pause. I touch my laptop. I grab a pen. I poke myself in my forearm. Lightly, I think.

Is this real, dad? Is any of this real? I don’t know. Sometimes, I don’t know.

Oh, I forgot to mention, dad. There was this guy, Marcus Hutchins. A kid really. He stopped that high stakes attack I mentioned earlier. He found a kill switch hidden in the code. All he needed to do was register a web domain and he stopped all the bad. He stopped all the – 

-- I wanted to do that for you, dad. I wanted to find the kill switch and end all your suffering. But I couldn’t. I wanted to, but I …

… I want to do this for you, dad. I want to be a better person. I want to take a road less traveled. I wanted to pursue a dream like you did when you were my age. I want this for you, dad. I want to …

I want to cry, dad. I wannacry. I do. And I do. And I do.

And that’s how I know this is real. I think. I laugh. And I cry. I do all of those three things. Just like you’ve always taught me. That’s how I know I am alive. That’s how I know my love for you will endure. That’s how I know I will endure.

Omega.

Read More

I AM NOT A BOT Episode 7: “Passing”

I AM NOT A BOT by ThreatNG Security EASM, Digital Risk Protection, Security Ratings

This is a test. This is the test. The culmination of 15 weeks of study. The certification test. No one lives or dies when it’s done, but still …

You are conducting an incident response and have already eradicated the malware from a victimized system. Which of the following actions should you perform as part of the recovery phase?

A. Sanitization
B. Secure Disposal
C. Reimaging
D. Setting Permissions

Ok. If you don’t know the answer, eliminate some choices. In this case, we are talking about the phases of an incident report. Namely …

  1. Preparation

  2. Identification

  3. Containment

  4. Eradication

  5. Recovery

  6. Lessons Learned

CompTIA is telling me we passed the eradication phase: rectifying the weakness that enabled the data breach to occur. Sanitation, Secure Disposal, and Reimaging are all part of the Eradication phase. Ergo … D.

Alrighty. Let’s gooooo! as Zae would say.

Which of the following is the difference between an incident summary report and a lessons-learned report?

A. An incident summary report is designed for a non-technical audience
B. A lessons-learned report is designed for a non-technical audience
C. Both a lessons learned report and an incident summary report are designed for a technical audience
D. Both a lessons learned report and an incident summer report are designed for a non-technical audience

Dangit.  For this one, I’m 50/50. These reports are definitely one or the other. They are not the same. They are not both.

They say if you can eliminate answers and get to a 50/50 proposition, then you’ve won half the battle. Problem is that you can’t really win half a battle. Or said simpler, a 50 ain’t passing. I need to do better than that.

Passing Score:                                    750 (on a scale of 100-900)

An incident summary report is designed to distribute to stakeholders to reassure them that the incident has been properly handled.

I flip the answer to see which one sounds better.

A lessons-learned report is designed to distribute to stakeholders to reassure them that the incident has been properly handled.

Both sound the same to me. What about you?

Number of Questions:                       Maximum of 85 questions
Length of Test:                                   165 minutes

That’s basically two minutes per question. Is this question worth taking the extra time? That’s the ultimate question, right? What action, reaction, moment of silence is worth the meditative pause? What is worth the OT? Who?

I guess A. An incident summary report is designed for a non-technical audience. I go with the logic that most people in charge don’t want to learn lessons. They want us plebeians to learn the lessons, make the corrections. They’d rather keep their feet off the ground. Do you agree?

Up next is a PBQ. I used to fear performance-based questions. Everyone did early on in the semester. Understandable. We didn’t know enough yet. We weren’t ready. We were naked on stage about to give the soliloquy of our lifetime.

Approximately 100 employees at your company have received a phishing email. As a security analyst, you have been tasked with handling this.

1. How many employees clicked on the link in the phishing email?
2. On how many workstations was the malware installed?
3. What is the executable name of the malware?

Check the logs, I remind myself. That’s the job in a nutshell. Check the history.

I look towards my dad’s diary.

My online moderator warns me to keep my eyes on my computer.

I don’t know who warned me not to take this certification test at home. Edamame? JenWA? Whoever it was, they should’ve been more assertive.

This is the second warning I’ve received. And I have no idea if I will get a third or if I will fail if I look away again. I take a breath.

On the exhale, I remember that my cohort actually reviewed this PBQ a couple of weeks ago. We found it online. Exam Topics. The number of employees who clicked on the link is obvious = 7.

However, the crowdsourced answer to the malware executable name = isass.exe, making the number of workstations affected = 6. But that makes no sense to me. Tilapia.com is the destination of the link. (Ph)Fishing email, get it? That makes mailclient.exe the executable name of the malware, which makes the workstations affected = 4.

What do I do? Stick with the crowd? Go with my gut?

This is not a rhetorical question by the way. If you’re listening … if you’re reading … watching … feel free to leave your thoughts in the space provided.

I go with my gut. Just like you would’ve done, I think to myself.

Last question.

You are reviewing the IDS logs and notice the following log entry: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- (where email=support@diontraining.com and password= or 7=7) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What type of attack is being performed?

A. Cross-site scripting
B. XML injection
C. SQL injection
D. Header manipulation

I see each word … each letter of the answer in my mind’s eye … except the answer of course.

A common technique of this attack is to insert an always-true statement, such as 1 = 1, or in this example, 7 = 7. I get that. But technique for which attack?

I can’t find a way to eliminate even one answer. Help? I have a 1 in 4 shot here, which is like no shot at all. I have 25 minutes. That’s plenty of time. I have plenty of time to mull this one over. But I need help. I need your help.

I smile as I remember my ChatGPT dad quote of the day. 

“Now, I'm so relaxed that I have to make myself nervous. I feel better when I'm second and third guessing myself over everything. I play with the mice in my head, all the time.”

My dad never wrote that of course. At least not originally. That’s what ChatGPT thinks my dad would say to me today if he could say anything today – all based on the pages of his diary I inputted into the AI.

Just before I started this exam, I found out that that was a quote from John Singleton. But that does sound like my dad. Kudos to the code miners. It sounds like something my dad would’ve said just before he couldn’t say things anymore.

Hold on, dad. This test is almost over. I’m coming to see you. I only have one more question and I’m ---

-- that’s not true, dammit, I scold myself. I’ve got a million more questions, dad. I have so much time now and I got a million more questions.

My online moderator warns me “one last time” to stop looking around my room.

The answers ain’t in this room, I don’t say to her. Off screen, I touch the mouse. And then the mousepad. And then the contours of my laptop.

“What are you doing?” my moderator asks.

I try to explain that my dad once taught me about the psychology involved in panic. He told me that the natural reaction of someone in panic mode is to retreat into one’s sub-consciousness. To escape into your mind.

To remedy that, my father said to get in touch with your surroundings. Literally. Touch things that are real. The more textured and defined the better. Stay in touch with reality.

“Your father sounds like a really great guy,” she says out of character, probably breaking her moderator code of detachment.

“You only have one question left. Let me know if you need help, but I think you got this.”

I smile. That’s nice of her, I think to myself. The kind of reassurance you used to give me, dad.

I stroke my keyboard one last time. This is what it’s going to be like now. Playing without a net. You not being there to back me up anymore.

I look at my test time. I have 23 minutes left. I think of Michael Jordan. The GOAT. That is with the exception of my father. Alpha. Omega.

I click C. It’s over.

I take another deep breath. Another deep exhale.

My moderator snaps me back to reality quickly. “Nice job. 767. You passed.”

I am taken aback at the quickness of the result.

I ask permission to turn my phone back on. She says yes. I’m greeted by a series of text alerts. Ding. Ding. Ding. I ignore them. I put my phone on silent mode.

“I hope it’s more good news,” she says with a big smile.

I know it’s not, but I smile back again at her anyway.

She continues, apologizing actually for being so stern earlier. It’s the job, she says. She needs it to finish up her graduate degree in AWS Cloud Computing.  She says she’s really a nice person if I ever got to know her.

I tell her that I believe her. I also tell her that the last thing my dad ever taught me was that it’s not the destination …

“Let me guess this time. It’s not the destination, it’s the journey?”

No … neither. It’s the company along the way.

Read More

I AM NOT A BOT Episode 6: “RAM Space”

I AM NOT A BOT Episode 6: “RAM Space”

OPNSense is a firewall and routing software. And it’s a beast.

“Along with acting as a firewall, it has traffic shaping, load balancing, and virtual private network capabilities,” my gal from Nepal reads from the online manual.

She and I are in a breakout room. We are each waiting for the 4GB download to finish. I fear this one will break my poor Dell. I was pleasantly surprised last week when my laptop survived the installation of Ubuntu on top of my Oracle VirtualBox. But this could be it for this grand ol’ dame.

To be fair, when we applied to this class, we were told we needed a machine with over 500GB of free space and 16 GB of RAM. I had under 300GB of available space and my machine had only 8GB of RAM. Still –

“-- did you see what ZaeZae posted last night,” she asks with her distinct accent.

The one about us spending more time in breakout rooms than in actual class?

“I can’t believe he actually calculated it based on last week’s schedule.”

Just a few minutes earlier, she told me about Nepali’s 11 phonologically distinctive vowels, including 6 oral vowels and 5 nasal vowels.

A nasal vowel is a vowel that is produced with a lowering of the soft palate so that the air flow escapes through the nose and the mouth simultaneously. By contrast, oral vowels are produced without nasalization.

“What’s your download estimate now?”

I’m about halfway done, I lie to her. I don’t know why I didn’t simply say I have no idea. That I only see the spinning wheel of death above the OPNSense logo.

“I think I’m almost done. I’m past 3GB it says. But you never know.”

I change the topic to the major topic of late. ChatGPT.

I don’t tell her that I loaded the first few pages of my dad’s journal into the app just to see how it would talk back to me. I don’t tell her that I was hoping the app could help me talk to my dad again.

“I finally gave in and used it for Personal Development. Just like everyone else is doing. I used it for my resume cover letter assignment.”

And what did the AI write?

“Some very generic return on how I can’t wait to be an analyst so I could make use my creative problem solving skills … blahblahblah.”

I don’t know why, but hearing someone with a foreign accent say “blahblahblah” is funny to me.

She shows her screen. She shows her ChatGPT result.

Cover letters are meant to be generic, I say. There’s only a few ways you can say thank you for your time.

“Or please give me a job already.”

I see her write the following,

WRITE AN SQL QUERY TO REPORT THE CAPTIAL GAINS AND LOSSES FOR SELECT STOCKS

What are you doing?

“Seeing if this AI can do my finances.”

That’s right, I think to myself. She was an accountant back in Nepal. She hated it, but it was one of the few professional opportunities available to women at the time.

She writes the following query:

SELECT

  stock_name,

  SUM(

    CASE

      WHEN operation = "Buy" THEN -1*price

      ELSE price

    END

    )

  AS capital_gain_loss

FROM Stocks

GROUP BY stock_name

She compares her write up to ChatGPT’s.

“Ha. It failed. Mine wasn’t the greatest of codes, but it works.”

She explains how ChatGPT made the mistake of joining one buy with every future sell. Not just the corresponding one.

“It’s solution only works if there is just one pair of Buy/Sell operations.”

All that goes over my head, I don’t say to her. Instead of trying to understand all that goober talk, I tell her to simply ask the following:

DO YOU THINK YOU COULD REPLACE A DATA ANALYST?

“Ha. Check out its response.”

As a language model, I am able to provide information and assist with tasks such as generating SQL queries, but I do not have the ability to perform the role of a data analyst. A data analyst is a professional who is responsible for collecting, organizing, and analyzing data to inform business decisions. This role typically requires as strong understanding of statistical and analytical technique, as well as domain-specific knowledge related to the industry in which the data analyst is working. Language models like me can provide support and assistance, but we are not able to fully replace the skills and expertise of a trained and experienced data analyst.

“Well that’s a relief.”

For now, I say.

“For now?”

I remind her about ChatGPT’s Supervised Fine Tuning (SFT) Model. That its intelligence is just like our intelligence. It is based on interaction. It can grow if given a wealth of two-way conversation.

Alpha. Omega.

In my head, I see the daily quote I got earlier from my dad, “There's not a word yet for old friends who've just met.”

That quote and the daily quotes I get from my dad are actually generated by ChatGPT based on the few pages of his diary I inputted into the app.

Every morning I ask ChatGPT, What advice does my dad have for me today?

ChatGPT responds the way it thinks my dad would, replying back with wisdom quips such as, “However rare true love may be, it is less so than true friendship.”

And every time I respond with, Thank you. That sounds just about right.

My every time input provides what the SFT Model calls a Reward or a Scaler Value. The reward model is required in order to leverage Reinforcement Learning in which a model learns to produce outputs to maximize its reward.

“That’s fascinating. This is all fascinating, don’t you think? Two months ago I wouldn’t have imagined me ever talking about stuff like Reinforcement Learning from Human Feedback. I was sunk in a cubicle, using Windows 7 Blackcomb technology to reconcile financial and operational records. And today I’m teaching a computer how to think.”

Only in an Infosec starved world could a gal from Nepal and a bartender from –

-- just then my Zoom link crashes.

I look around and notice that OPNSense has finally uploaded and is now attempting to open.

All my other program worlds start to collapse as well, one by one.

Discord … Slack … ChatGPT …

Going … Going … Gone.

OPNSense is sapping all the available RAM.

I am left alone. Disconnected.

ZaeZae and his jokes … Edamame and his know-how … my father and his …. my father …

Going … going …

Read More

I AM NOT A BOT Episode 5: “Alpha Omega”

The first thing my father wrote in his journal was about the Beatles song, “Ticket to Ride”.

Just told our Director of Nursing, Nancy, the truth about her favorite Beatles song. She thought that song was about what Paul and John encountered on a hitchhiking trip to Ryde, a town on the northeastern coast of the Isle of Wight.

I had to pervert her pollyannic pov with the fact that a “Ticket to Ride” is actually about hookers in Hamburg who needed to get health clearance documents from the government, which John dubbed “tickets”, in order to perform their “rides”.

I LOL’ed the first time I read this. I’m LOL’ing now upon my tenth. That’s because I do the same kind of music origin corrections all the time. Just last night at the bar, I told this backward-cap wearing Hobokenite that the Beastie Boy’s “Fight for Your Right to Party” is a parody song that actually makes fun of backward cap wearing frat boys who ironically love to throttle this song.

I probably should’ve held that reveal until after he paid his bill given his $1 FU very much of a tip.

My teacher disrupts yet another perfectly good distraction session with his review of Lockheed Martin's Cyber Kill Chain Model.

“Phase 1 is Reconnaissance.”

He goes on to talk about harvesting login credentials, email addresses, user IDs, physical locations, software applications, and operating system details, all of which may be useful in phishing or spoofing attacks.

I continue on with my own recon assignment. My mission to understand my father better via a review of his journal that he wrote when he was my age. On the surface, our situations could not be more different. He with a wife, two kids, and two careers. Me being 0 for each one of those at bats.

Between the lines, on the other hand, we could not be more alike.

Take basketball and the NBA for example. When I was a kid, my first hoops hero was Patrick Ewing of the ‘90s NY Knicks. Michael Jordan, his Airness, was my decade long disdain.

It seems my father’s had an equally tortuous love affair with Julius Irving. Now I don’t know if he liked that player because of his medical connect nickname, “Dr. J”, or simply because of his high flying act. Either way, despite his transcendence, Dr. J was also denied a ‘chip year after year by Celtic legends and Laker magic.

Though if I had a chance to sit with my dad and talk to him again like when we did so often when I was kid, I wouldn’t be asking him about musical origin stories or sports fanaticism. No. I would want to hear about those three weeks during the brutal winter of ’82 that he mentioned in his journal. That time when he and a few of his fellow 3rd shifters briefly turned to cocaine as a means to keep up with their exhausting work schedules.

Or I’d talk to him about his work boondoggle to Vegas in ’83, his first physician’s convention that just so happened to coincide with the inaugural AEE expo at the LV Convention Center. At the least, I would want to know more about the event flyer he hid in his journal with the double entendre notation, “thanks for coming”, written in lipstick red.

I stare down his book and all its one-sided conversations. I picture a few more hopeful quotes for the future he put in there.

“Just one small positive thought in the morning can change your whole day.”

That’s a tough one for me to follow these days, dad. Not with everything that’s going on. Not with you …

“Love your family, work super hard, live your passion.”

That’s an easy one to picture you saying. At the same time, I’m left wondering if you had a passion beyond helping others as a doctor? One beyond loving and caring for your family?

With all your star-crossed soliloquies here, it was clear your right brain was as charged as your left. Maybe you were writing this journal as an artistic outlet, a fulfillment of a dream you were never able to pursue.

I guess I will never know.

“Phase 2 of the Kill Chain is Weaponization. Where an attacker creates some kind of remote access malware that can exploit a known vulnerability.”

Your vulnerability was your overextension. The two jobs you needed to take on to take care of us. I don’t blame you for dabbling into coca. I did for a time because I struggled with a few double shifts. You double shifted most of your adult life. You worked for 16-18 hours a day, for almost two decades to support your family.

“The 3rd Phase is the Delivery or the launch where the attacker sends email attachments or a malicious link. In Phase 4, Exploitation, the malicious code is executed within the victim’s system.”

Your virus knew of your constant state of exhaustion. Knew it could nick away at your consciousness, your right brain, your left. To your credit, you held it at bay for decades, refusing to give in to it until your family was completely safe.

Eventually … inevitably you stroked out. Just as you were finally able to rest. Just a few years after you retired. Just a few months after you built your dream home in Arizona.

“Phase 5: Installation. This is a turning point in the attack lifecycle, as the threat actor has entered the system and can now assume control. Phase 6 is Command and Control where the attacker moves laterally throughout the network.”

Now your days … your final days … are to be spent bedridden. Mom is by your side, as always, dad, but she is struggling. She is refusing to accept the help you need. That she needs as well.

There is hope though. Help is on the way. Your daughter is coming to help. You knew that would happen. As is your older son if you can believe that. Both are coming to give mom relief and to convince her to accept the hospice care that is being offered.

I will be coming there too, as soon as I finish this course. You can wait til then, right dad? Right?

“The final phase, Phase 7: Actions on Objective. In this stage, the attacker takes steps to carry out their intended goals.”

You have to hang on, dad. We know we can’t stop what’s ailing you. But we can … we will … just not yet, dad. Hang on a little longer, ok?

I turn the video share off on Zoom. I then look longingly at my dad’s journal.

These pages. These entries. I am so happy I’ve found them. To find this little more of you. I know you can’t, but still I want to try to talk to you about them when I get there. So you hang on now.

I want to know why you stopped writing in this journal. Or any journal. And why you left this one book behind. Although I think I know.

On May 31, 1983, you wrote with the utmost joy that your beloved Dr. J did finally win a championship. After years taking care of a whole league with his years of iconic memory making on the court and years of admirable ambassadorship off the court, Dr. J finally achieved his ultimate goal.

On June 2, 1983, you talked about a day on the horizon, a day coming soon when you could retire from the police force, your second job.

On that day, you wrote, “It is never too late to be what you might have been.”

But if I recall correctly, you didn’t retire from your second job until much later. Not until the 1990s.. It’s one of my first memories I have of you, dad. Your retirement ceremony. I remember mom being so happy.

Still, I wonder. Did you ever get to spend more quality time with mom? Did you get to follow your passion? Your dream? Whatever you were talking about in ’83?

After a long pause in between entries, on September 6, 1983, you wrote your final entry. You wrote that mom revealed to you that she was pregnant with me. You said you couldn’t believe it at first, then followed with how excited you were. That you wanted to call me Julius -- or Julia if I were to be a girl.

Mom obviously won that name game battle. But, dad, you are going to win the war. If I ever have a kid, you can be damn sure Julius will be your grandchild’s name.

You just gotta … just hold on for me, dad. I can’t wait to tell you about your future grandson, Julius. Or Julia if a granddaughter.

You just … please, dad. It’s almost over.

Alpha. Omega.

Read More

I AM NOT A BOT Episode 4: “(Un)Knowns”

“Every story is a love story,” my father wrote to me this morning.

Each day for the past year, my father has sent me a famous quote, a one line … uh … life lesson … spiritual reminder … fortune cookie horoscopic thingee … I don’t know exactly what you call it. All I know is that they are nice connects in a time when our connects have become fewer and farther between.

My teacher Rumsfelds on, “The Johari Window places all your Cybersecurity threats into four quadrants. Can you name them?”

Before he can finish asking, Edamame types into the Zoom chat,

“I. Known Knowns

II. Known Unknowns

II. Unknown Knowns

IV. Unknown Unknowns”

ZaeZae posts a big smack of lips on Discord.

NotSoShi replies, “Lol. Quit it!”

“Now can anyone give me an example of each?”

“Hold on. Before Mr. Known-It-All sucks up all our participation points,” ZaeZae jokers on Zoom, “Let me take a shot.”

Smiles are seen across our Zoom boxes.

“All the main malware disruptions we’ve been studying -- Distributed Denial of Service, Phishing Emails, Ransomware – those are Known Knowns.

“On the other hand, those big surprises, those Zero Day exploits, are examples of Unknown Unknowns.”

Edamame breaks in via our Zoom chat, “Don’t forget about your Black Swan Events.” He provides this add as much for the knowledge share as to playfully jab back at ZaeZae.

“This guy!” ZaeZae Discords along with a big cry face emoji.

“What’s a Black Swan Event?” NotSoShi asks over Zoom.

JZ99 jumps in, “It’s like the Solar Winds attacks we were discussing last week.”

“That’s right,” our teacher confirms. “Those major, months in the planning, precisely executed, big scores.”

My zoom box smiles when I remember a great line my dad sent me recently …

“Good timing is invisible. Bad timing sticks out a mile.” -- Tony Corinda

NotSoShi types a question wrapped in a statement, “The difference between a Known Unknown and an Unknown Known always messes me up.”

Another Known Known is our teacher following our big questions with this question, “Does anyone want to tackle that?”

Even our Discord line stays muted.

“One is hidden, the other is a blind spot,” I say out loud before I even know I am saying it.

“Good. Care to expand on that?”

This is followed by more silence.

I know that he’s talking to me. And despite me elevating my morning Adderall intake, my mind starts to drift away as I hear Stromae‘s “Santé'' sounding off on my Spotify playlist. I trigger away to my current relationship with my father.

My parents moved to Arizona five years ago. That physical detachment was the beginning of the end of my relationship with my dad.

The move was quite sudden, at least to me and my sibs. I’m sure it was a more complicated decision, but they said they simply wanted a change after living in the same house in New Jersey for over 30 years.

ZaeZae picks me up, “A Known Unknown is a vulnerability you are hiding from bad actors. An area you know you are weak, yet have no idea how to solve based on the tools, resources, and talent in your stable at the time.”

I try to refocus on the Zoom boxes, but I can only think of my parents. Were my parents hiding something from me and my sibs? Were we their bad actors?

My sister is definitely not a bad actor. She is everything you want from a daughter. A Pediatric Nurse Practitioner. Caretaker of her family. Caretaker of our family. Never a complaint whispered.

Alpha.

My brother on the other hand –

“-- Unknown Knowns are far more dangerous,” ZaeZae continues. “These are blind spots. In this window, the analyst is either uncertain of an infection or totally unaware of an infection.”

Omega.

That’s my big bro in a nutshell. He literally has tried to be an actor. And he literally was one of the baddest I ever saw. But my parents never saw it that way. They’ve never seen any of his flaws that way. At least my dad never did.

My teacher adds, “These blind spots are usually the result of a lack of event log resources that could provide such intel.”

“Log everything,” Edamame follows on the Zoom chat.

My focus shifts to the years-worn, leather bound journal on the corner of my desk. I open it and sift through it while reminiscing on its journey to me.

At the behest of my parents, my sibs and I sold or dumped everything in their old house – everything besides the two suitcases of clothes and one modest crate of memorabilia that my parents brought west with them.

I personally drove 16 donation boxes to my sister’s hospital and other care centers of her choosing. One of the boxes, overstuffed with books, burst open like a pinata on my last run. So I had to hand deliver each medical book, each travel book, and each self-help book my parents had amassed over the years to the Salvation Army.

However, due to this fiasco, I found and saved this pages-curled, coffee-stained notebook that now resides on my desk. This journal I kept. My father’s journal. A relatively short, but poignant record that he wrote, ironically, while he was the same age I am now.

Of course, at that time, he had two kids and had two jobs. Which means he didn’t have time for dissertations, just some streams of consciousness – short stories mixed with all kinds of one-liners. The one I love the most is …

“The two most important warriors are patience and time.” – Leo Tolstoy

I know I should give it back to my dad, but I justify that inaction with the idea that he left it behind for a reason. Besides, what’s the point these days?

There are no pages on me, unfortunately. I was not born yet. Yet every time I read it, I feel like he is talking directly to me.

Or better yet, I sometimes think I am an alternate universe version of him. At the same age I am now, he was married with two kids and two jobs. I am single. Carefree. Careless. Nothing weighing on me besides my own expectations.

I close the notebook. The window to my father’s mind. A window to my own?

Decades prior, my father wrote the following, which I can only hope sums up the life he is living today, “All my dreams will be fulfilled at the proper time.” – Lailah Gifty Akita

Unknown Unknowns.

Read More

I AM NOT A BOT Episode. 3: “The Birthday Paradox”

I smirk at the Brute Farce Attack online headline while waiting for my teacher to let me into today’s Zoom class,

DIVERSE CYBERSECURITY PANEL HOSTS FIVE DIFFERENT KINDS OF WHITE MEN, AND ONE PAIR OF RAINBOW SOCKS.

Seconds later, popups of true diversity appear on my screen, including various shades of African, Asian, and Latin American.

This Cybersecurity program I’m in is designed to give minorities access to advanced tech training – education being the ultimate hack into the good ol’ boy network.

The face of my father pops up in the Zoom box of my mind. Today’s version is a lot younger than usual.

When he came to America in the late 1960s, my father struggled as a medical resident, mainly because he was earning just $150 a month. To support my mom and my older sister and my older brother, he had to take a second job.

His American counterparts, on the other hand, made $1500 a month. No second jobs needed. Probably got their rainbow socks for free.

“The Birthday Paradox,” my teacher opens with, “is a study of probabilities. Sometimes an event is more likely to occur than we believe it to be.”

Our cohort started with 22 students. Four abandoned ship after the first two weeks. What is the occurrence probability of such a drop off? High, I think to myself.

“In this case, if you survey a random group of just 23 people, there is a 50–50 chance that two of them will have the same birthday.”

We try it. No luck. None of our birthdays match. Maybe because we are down to 19 Zoom boxes.

“Ok. Now everyone think of a family member. A brother. A sister. One of your parents. One of their birthdays will likely match one from --”

-- Edamame chimes in. ZaeZae’s birthday matches his wife’s.

I type into the Zoom chat that NotSoShi’s birthday is July 1st. My father’s birthday.

“The occurrence probability of a birthday match moves close to 100% if you expand the room to 100 people,” my teacher says. “From 50/50 to almost 100 with a simple expansion.”

Various heads nod in their Zoom boxes.

“There is a high probability of a match because there are a finite number of options. There are only 366 possible birthday dates, which makes it easier to find someone just like you.”

“There is no one in the world like me,” ZaeZae touts on Discord.

“And this all relates to Password Cracking how?” my teacher asks.

An awkward silence follows.

“Think of what we learned yesterday about hashing. Remember why we hash, the importance of encryption.”

Try as I might, I can’t help but mentally detach from class, as I tend to do.

I do hear something about hashing algorithms.

I do hear something about taking an input of any length and producing an output of a fixed length.

I do hear something about the birthday attack and the creation of hash collisions.

I do smile as I see that ZaeZae has typed, “Uh … huh?” into the Zoom chat.

I focus on the “huh?”, which transports me to my parents and their “huh?”

I am transported back to me. Baby me that is, wrapped in swaddling clothes. That's because I was a “huh?” A mistake. An oops. My sister is 12 years older than me. My brother 10.

I look at a baby me and cry to myself, I been done trying to find that someone in the world like me.

I smile again when I look at my head. I smile at the fact that all babies are given the same rainbow colored beenie to warm their heads at birth. A lazy attempt to connect us all.

My mind’s eye clicks on to the rainbow socks crew from this morning’s Brute Farce Attack meme. I start to think that the biggest problem in the Cybersecurity industry is related to the Birthday Paradox we are studying. The biggest problem is that you have the same finite set of good ol’ boys’ minds trying to solve an infinite number of problems in the Infosec universe. And to no one’s surprise, these limited minds are failing.

Alpha. Omega.

Cybersecurity breaches have cost American companies billions of dollars over the last few years. According to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), nearly $600 million was paid out by US victims of Ransomware in the first half of 2021 alone.

Black Hats, as of course they are labeled, have tapped into Uber databases and have snuck into Los Angeles’s public school district. Just the other day, there was the Southwest holiday travel debacle caused by malware. Today, that was elevated into a nation-wide shutdown of air traffic control across all airlines.

A new McKinsey research study alarms that Cyberattacks have caused $2 trillion dollars of damage in 2022.

The same finite, exclusive set of “white hats” are losing to a rainbow of adversaries who are constantly trying to think up new ways to digitally attack us with each sun is shining and each birds are chirping.

Or … are these white hats covertly trying to cash in on the $2 trillion market opportunity that is cybersecurity technology and cybersecurity service?

“I don’t know, “ ZaeZae answers out loud to another of our teacher’s questions.

There are an infinite number of questions in this ever morphing industry. The good news, however, is that there really is just one answer to them all. One solution. One way to combat all the hacks and all the bad actors we have discussed over the past few weeks.

And if you think about it, there is just one way to address all of the ‘huhs?” and all the accidental collisions and all of the purposeful paradoxes this country has hashed out on the regular.

One answer. One understanding. And that answer, that understanding is that DIVERSITY MATTERS.

Read More

I AM NOT A BOT Episode 2: “No. Doubt.”

I AM NOT A BOT

Episode 2: “No. Doubt.”

Don’t speak, I say to myself. Better than talking and removing all doubt, as Twain would say.

I didn’t think it would be like this, I follow up in my mind.

Jen.W.A. continues on about the infamous Solarwinds cybersecurity debacle. How some nation-state hackers slipped a malicious code into Solarwinds’s popular network management system called Orion. And then used it as a vehicle for a massive cyberattack. One immediate result was the chaotic disruption of our country’s supply chains.

My mind drifts to toilet paper.

Jen.W.A. goes on to state that Solarwinds is a major software company, which provides system management tools for network and infrastructure monitoring, and other technical services, to thousands of organizations around the world.

Over 100 companies in the US were infected, including Microsoft, Intel, and Cisco; the list of federal agencies affected included the Treasury, Justice, and Energy departments.

Jen.W.A. is a former Human Resource Director. She knows how just one person can affect hundreds of lives. Now imagine how an encrypted blob of code – 3,500 lines long – can affect millions.

Our teacher asks if anyone else has something to add.

Don’t speak, I say to myself once more.

“About Solarwinds?” SkewU2 asks.

“Sure. Or any other Cyber News.”

Stay in your lane, I advise me in silence.

I remind myself that my lane is actually behind the lane, behind the bar. I’m a bartender. I drink and I know things, as any throne gamer could attest. A wide range of things, I proudly say to no one in particular.

For instance, I know that Josh Allen, Justin Herbert, Lamar Jackson, and Patrick Mahomes are four future Hall of Fame QBs the NY Jets somehow passed on drafting the last four years.

I also know regulars at my bar who’ve had Oxycotin and OJ for breakfast, Fentanyl patches for lunch, and plan to have Actiq lollipops for after dinner treats.

And I know that every Sandy Hook and every Uvalde and every Nashville begins with the missing amendment language, "a well-regulated Militia being necessary to the security of a free state” and ends with the District of Columbia v. Heller, 2008, majority opinion, written by Chief Justice Anthony Scalia, “the Second Amendment protects an individual's Right to keep and bear arms, unconnected with service in a militia, for traditionally lawful purposes, such as self-defense.”

Alpha. Omega.

These are the wealth of topics that used to pony up to my bar every weekend. Relentlessly. Inevitably. Like a DDOS attack.

But this stuff?

The epochal failures of a Security Information and Event Management system that SkewUS is now asking about? Nope. Nothing. Never came up.

I hear my teacher and SkewU2 start pronouncing the acronym SIEM as “SIM”. But I only hear “Goober”. That the “Goober” didn’t detect the code because it was slipped in just as SolarWinds was updating its system. Just as the updates went from source code to executable code to the software that goes out to customers.

I think of peanut butter cup candy wrappers. About how my mom told me I had to check that they were sealed tight, especially on Halloween, before I could eat them.

SkewU2 is an IT help desk guy. I thought this class was going to be full of these doods. Good soldiers. Guys who do what they are told. Who know how to put the right “Goober” in the right slot to make sure I can log onto my Discord channel, or play League of Legends, without a hitch.

I thought I’d be able to walk into this three-month intensive like a top lane champion, speeding through this course with ease, stealing lives along the way.

SkewU2, however, is not the guy I expected him to be.. He ain’t no grunt. He is insightful. A natural leader. He is an Aatrox. What is he doing here, I ask my laptop screen.

Edamame, the sous chef. NotSoShi, the ER nurse. MarioFLA, the construction worker. They are all brilliant, passionate, thirsty for mores.

What am I doing here, I ask the reflection on my Dell.

I blame my father, I start to say myself, but --

“-- what was that?” my teachers asks me.

I shake my head with embarrassment realizing I said that last line out loud.

No, nothing, my head motions in my Zoom box as I doubleclick my mute button.

Don’t speak, I scold myself.

“Listen, everyone. I know some of this, a lot of this terminology is completely foreign right now. I can see that some of you are starting to doubt you’re in the right place.”

I think of “Goobers”. I think of Miles Morales.

“But the Solarwinds event, to explain it simply, was one where these nation-state hackers, called Nobelium, studied the routine of their mark intently. They found a vulnerability where Solarwinds did not do enough due diligence just before issuing a software update. They then exploited this vulnerability by slipping in their malicious code as no one was looking.

“That’s it. That’s how 90% of the incidents you will be involved with will go. Now I don’t know if you all will be here in two more months at the end of this course. Only you can answer that for yourself.”

My mind pictures the two letter abbreviation for Nobelium on the Periodic Table.

“But I will say that if you can hang with me for 10 more weeks, then you will be prepared to counter these attacks, to prevent these attacks – as prepared as anyone who went to a four-year college or university to study this topic.”

I smile as I read that the password 18,000 different companies typed to allow for this system upgrade was “Solarwinds123”.

I smile wider as I begin to realize that this is a game of thrones like any other. I smile widest because if there is one thing I know, it’s that I drink and that I know things. Doubt yourself all you want, but that ought to be enough.

“Now, does anyone else have any questions?”

No, I forcibly type into the chat line.

Read More

I AM NOT A BOT: Episode 1 “fr”

How many pics have a boat in it, I am told to ask myself.

click

click

click

click

Almost missed one. How do you almost miss a boat?

Dear decoder kings, a bot cannot click on three non-sequential, patternless boxes. So you don’t need to have me self-debate whether a dingy has the same constitutional properties as a yacht. Alpha. Omega.

Although I do admire the business model of making us prove we are not artificial. That we are, in fact, real. In a ChatGPT plagiarizing, Crypto-exchange world, I feel my real is becoming as abstract as Manet’s “Lilies in a Haystack at Dusk”. Or is that Monet?

I finally Zoom into my Cybersecurity class, already in progress. I hear the teacher ask the cohort,

“A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during an incident response. Which of the following procedures is the NEXT step for further investigation?

A. Data Carving

B. Timeline Construction

C. File Cloning

D. Reverse Engineering”

JZ99 jumps into the Zoom chat and types, "A. Carving = Memory.”

Unbeknownst to our teacher, a few of us have a concurrent Discord chat that trolls our class’s progress, or lack thereof in this case.

Various “X”’s, buzzer sounds, and frowny faces emote that we disagree with JZ99.

Our gal from Nepal quick clicks into the Zoom chat, “Data Carving is what you do to get the evidence. Reverse Engineering is what you do NEXT with this evidence.”

"CompTIA out to obfuscate again,” Edamame Discords.

NotSoShi adds, “Can’t you just ask us if we know what Data Carving is?”

ZaeZae subtracts, "CompTIA sucks.”

This last response gets a series of supportive finger points and “fr” responses. I’m one of the pointers, even though I feel myself drifting away from this online conversation.

The class continues. My self-diagnosed ADHD, on the other hand, carries me to my origin story.

I didn’t have a big a-ha moment when I decided to take this path less traveled that is Cybersecurity training. Somewhere between the pouring of the ½ oz of maple syrup and the mint leaf garnering on my umpteenth, ticketed Mojito, I simply decided that this was no longer the way.

I admit I do miss toasting the newlywed couple and their wedding party with a line of Love Bites. And, yes, few things in life are more intoxicating than pouring a party of 21’s their first Bikini Martinis. I also wish I could cocktail an Old Fashioned for my father again, but as he would say, “Your body knows when it’s time to go before any clock could tell you.”

This is why I have about two dozen tabs open on my screen today. Everything from the “Advent of Cyber” with TryHackMe to “Certified Breakfast” with Andrei Ciorba to Hacksplaining.com at the ready for translation purposes. All with Tash Sultana’s Tiny Desk performance on Youtube serenading this session, which somehow helps me stay attached to this new task and purpose.

I smile as I see that ZaeZae has once again incited our Discord crew. And once more, he garners finger point after finger point of support.

I smile wider, knowing that I made the right move.

Despite not really knowing what ZaeZae is talking about, I top off this conversation with my own ...

fr

fr

fr

Read More