Trying Something New

2 minutes read
all
blog zate industry
Cool Story Bro

I’ve decided to take some of my own advice. I tell interns and people trying to break into infosec that they should write. Write about your interests, write about your successes and your failures. Write about what you are learning, write about what you want to teach. Write about anything you are passionate about.

So here I am, getting started on communicating about my ideas, experiences, and learning path. I write a blog post in my head on the way to work most mornings. I have those great shower thoughts we all get, those same sparks of creativity, and yet, I just never seem to get them written down.

Lately I have been getting varied questions as part of mentoring/coaching people and I think where the questions are reasonably suited, I am going to answer them as a blog post. That way the person asking gets their information, and maybe it’s useful to someone else.

  • I have an updated version of a blog post I wrote about 10 years ago called “Secure All The Things”, a simple list of 5 (now 6) practices every org should be doing.
  • A series of blog posts on Security Management and Security Leadership. Building teams, leading teams, what our actual job is in security, the pitfalls of burnout and mental health in our field. I’ve gotten a few DM’s on Twitter asking how I build teams, hire people etc.
  • A few posts on building defensible customer facing authentication systems. Not so much a discussion on what tech to use, but a discussion on the risks involved, and implementing the right countermeasures to reduce them.
  • Even a post on buying cars. Something I actually really enjoy doing. A small list of the tips I’ve picked up over the years buying far too many new cars.
  • I’ve had a question about security concerns for game studios. What are some ways fraud/cheating in gaming can be detected ? What security concerns are typical with bringing an online game from dev to being released and making money?
  • My version of “how do I get into infosec?” and likely some version of what I look for in fresh talent when I have those kinds of positions available.