Here is a repeat post from what was once my "Sports" Blog, but as my last post says...I'm combining them. So its a little outdated by a few months...I think we can all get over it :). Plus...I feel like I need to find a way to incorporate Doug Funny in all my posts now...that would be pathetic and epic all at the same time.
Here's my first post on my sports blog. I've only had about 3 posts
on blogs at all in my life...all being on my other blog here which is
information security related.
I may combine the two...but for now I'll try this. (Update: I did combine the too...that sure didn't take long haha)
My sports blogs won't usually be real indepth, or even relevant...more of a stream of consciousnesses depending on whats on my mind.
Quick
disclaimer...I love all football. I'm a big Steelers fan, but I'm also
an equal opportunity fan except for Ravens, Bengals, Browns, and
Patriots. I'm not saying I hate them or won't watch them...I respect
them (especially ravens and pats) but I just can't root for them...for
obvious reasons.
Watching the Lakers vs. Mavs game yesterday afternoon here are some of my thoughts.
#1-
Kobe looks damn good in a suit. He also looks like a natural
coach...he was coaching up everyone on the team individually at some
point. He even was coaching up Mike Brown, which personally worries me
for the strength of the team...he can't coach and play when he comes
back.
#2- Dirk is one of the best shooters in the game
when he is on, which is more often than not. However...he never does
anything half-assed. If he is playing well, then he is playing lights
out amazing. If he is playing bad, he is playing lights out terrible.
That was the case during most of this game.
#3-Bynum
has been getting a lot of negative (and positive) attention this year.
All of a sudden it seems like he's the hot topic cause he's playing so
well, and so now everyone is hating on him for different reasons. If it
was that much of an issue, they should have been talking about it the
past few years...why wait until he starts playing the best basketball of
his career to bring up the negative side? I know this is how sports
media works and I hate it...but it is a business too.
#4-I still don't know for sure whether Kobe actually jumped over this Aston Martin
or not. There's tons of people that say no, tons of people that say
yes. Personally...it looks to me like he is closer to the camera than
the car is, so he's jumping on the side of it...not actually over it.
However, he does clear it either way...so I say it counts.
#5-Did anyone watch Doug? The cartoon on Nick? Doug had one outfit that he always wore:
In
a few episodes he opens his closet and there's about 9 sets of this
exact same outfit. I feel like if I looked in Mark Cuban's closet it
would be the same thing:
He
would have 50 pairs of those jeans, and like 60 Mavs shirts. The shirt
isn't always the exact same, except that its always a mavs shirt, and it
always shows his gut when he stands up.
Lastly...if he
had a closet full of "faces", the one in this picture would be 95% of
them. He always looks a little confused/angry. Hard to
tell...constipated maybe.
I'm almost done with Mark...I
just have to add that I rarely see him with people. Maybe he wants to
keep the spotlight to himself, maybe he doesn't want his friends in the
public eye...but at games he always seems to be by himself. I think he
needs a friend that will go to games with him.
InfoSec N00b
Wednesday, June 20, 2012
Blogomorph!
Though I've only had about 4 posts between my two new blogs (created in April I believe) I think I'm going to combine them. I sometimes feel the urge to blog about my life, sports, work...and instead of having a sports blog and an information security blog (with nothing for random life posts) I think I'll combine them all. Maybe someone coming here because of some information security buzzword will stumble across a funny life moment of mine, or an interesting sports opinion...who knows. I honestly don't even know that anyone will ever read any of these :), but I'll put them out there regardless. Though, as I said, I haven't done much since I started my first blog a few months ago, it is kind of a nice release to put things out there, whether anyone reads or responds.
However, comments, positive or negative, are encouraged. If I can't take the bad, I don't deserve the good! :)
So anywho...this is just a post saying I'm combining everything. More posts to come for sure, now that I don't feel the need to categorize everything quite as much.
By the way...I named this post Blogomorph...and being a kid of the 90's, I can't help but think about Animorphs. Modern day, I'm a True Blood fan...so technically Sam would be an "Animorph" or as they say a "Shape Shifter". Is shape shifter the politically correct term, and animorph is derogatory? hmmm...
What about Manimal? Did anyone watch that show? I wasn't even born yet...but somehow I've seen it.
I'm starting to digress...next post :)
However, comments, positive or negative, are encouraged. If I can't take the bad, I don't deserve the good! :)
So anywho...this is just a post saying I'm combining everything. More posts to come for sure, now that I don't feel the need to categorize everything quite as much.
By the way...I named this post Blogomorph...and being a kid of the 90's, I can't help but think about Animorphs. Modern day, I'm a True Blood fan...so technically Sam would be an "Animorph" or as they say a "Shape Shifter". Is shape shifter the politically correct term, and animorph is derogatory? hmmm...
What about Manimal? Did anyone watch that show? I wasn't even born yet...but somehow I've seen it.
I'm starting to digress...next post :)
Monday, April 16, 2012
Security as a social issue
Last week, the amazing Bruce Schneier talked about the bomb threats at Pittsburgh as a denial of service (DOS) attack. You can find that entry here. (Anyone who ends up reading my blog and doesn't know about Bruce Schneier, check him out. He's a sort of rockstar in the security world, but whether you're in security or not he is very intelligent, and always has an interesting view on issues.)
Articles like this, linking social issues, or social situations directly to information security is very interesting to me. Obviously the weakest link is humans ourselves, not the technology. Its the same issue as cryptography. We have algorithms that probably won't be broken in our lifetimes, however many encryption systems are easily broken because they don't implement the algorithms correctly, hence a human failure not a technical failure. Back to the point, bomb threats as a form of denial of service attack is almost brilliant. As Bruce says, the payoff is tremendous.
My girlfriend is going to graduate with a Social Work degree in about a month. When her and I discuss our careers, they're obviously extremely different. Mine is quite technical, while hers is all about social issues. When she tells me about her classes, or some discussion they are having however, I can't help but think of security. Almost any social situation can be paralleled with a technical issue, especially in the security field. It goes the other way too, almost any technical issue can be paralleled with a social situation.
Here's one example (though its not my best). She deals with clients who are drug addicts, prostitutes, violent criminals...etc. They come to her for help, and she is obligated to help them. They may steal from her, they may stay clean for a week then disappear and never come back...they may be violent or mean towards her and still ask for help...and no matter what she has to keep trying. This could mean a few things in my line of work. This could be applications, and operating systems. They're made insecurely, and I sure as hell wasn't consulted when they were being made...yet I have to figure how to secure them. Not just one, but ALL of them. If there's a critical Adobe vulnerability (which there usually is) and someone gets into one of our servers because of it, its my fault for not stopping them...it isn't Adobe's fault for not making their own product secure. If my girlfriend is helping someone get over a drug addiction, she fails if they can't stay clean...however its truthfully up to them to fix it...and only they can truly fix it. I'm not saying to blame drug addicts or Adobe, or make them deal with it themselves...but sometimes the originator of a problem needs to held accountable for that problem.
I kind of get off on tangents...This didn't exactly tie back up to the bomb threats article. It did spark my thought process though. .
I'll attempt to tie it back...though don't judge me on how poor it will be :). In keeping with the DOS attack idea...My girlfriend could DOS her clients by either refusing help (which would be a LITERAL denial of service) or referring them to someone or something else. In the same way, her clients could DOS her by coming for help twice a week for a month, then disappearing, or relapsing.
There's even bigger social issues when it comes to security if we get into cyberwarfare, hacking into machines in other countries...things of that nature. I'll save my thoughts on that though.
Any ideas, thoughts?
Thanks for reading...and don't forget to get your taxes done...like, right now! :)
Articles like this, linking social issues, or social situations directly to information security is very interesting to me. Obviously the weakest link is humans ourselves, not the technology. Its the same issue as cryptography. We have algorithms that probably won't be broken in our lifetimes, however many encryption systems are easily broken because they don't implement the algorithms correctly, hence a human failure not a technical failure. Back to the point, bomb threats as a form of denial of service attack is almost brilliant. As Bruce says, the payoff is tremendous.
My girlfriend is going to graduate with a Social Work degree in about a month. When her and I discuss our careers, they're obviously extremely different. Mine is quite technical, while hers is all about social issues. When she tells me about her classes, or some discussion they are having however, I can't help but think of security. Almost any social situation can be paralleled with a technical issue, especially in the security field. It goes the other way too, almost any technical issue can be paralleled with a social situation.
Here's one example (though its not my best). She deals with clients who are drug addicts, prostitutes, violent criminals...etc. They come to her for help, and she is obligated to help them. They may steal from her, they may stay clean for a week then disappear and never come back...they may be violent or mean towards her and still ask for help...and no matter what she has to keep trying. This could mean a few things in my line of work. This could be applications, and operating systems. They're made insecurely, and I sure as hell wasn't consulted when they were being made...yet I have to figure how to secure them. Not just one, but ALL of them. If there's a critical Adobe vulnerability (which there usually is) and someone gets into one of our servers because of it, its my fault for not stopping them...it isn't Adobe's fault for not making their own product secure. If my girlfriend is helping someone get over a drug addiction, she fails if they can't stay clean...however its truthfully up to them to fix it...and only they can truly fix it. I'm not saying to blame drug addicts or Adobe, or make them deal with it themselves...but sometimes the originator of a problem needs to held accountable for that problem.
I kind of get off on tangents...This didn't exactly tie back up to the bomb threats article. It did spark my thought process though. .
I'll attempt to tie it back...though don't judge me on how poor it will be :). In keeping with the DOS attack idea...My girlfriend could DOS her clients by either refusing help (which would be a LITERAL denial of service) or referring them to someone or something else. In the same way, her clients could DOS her by coming for help twice a week for a month, then disappearing, or relapsing.
There's even bigger social issues when it comes to security if we get into cyberwarfare, hacking into machines in other countries...things of that nature. I'll save my thoughts on that though.
Any ideas, thoughts?
Thanks for reading...and don't forget to get your taxes done...like, right now! :)
Sunday, April 15, 2012
How to improve my security skills after college?
As stated in my first post, I graduated from college with an Information Assurance degree in May 2011. I promptly got hired on full-time at the job I had been interning with. It's a good job, but a small company so I'm the only "security" person. This can be good, being thrown into the fire and learning on the go...however, it can also be bad. Sometimes I wish I was on a team of security professionals, or had a sort of mentor to pick their brain and learn from their experiences.
One difficult spot I've found myself in, is how to transfer all my knowledge from college into my job. As colleges do, I was made to be "well-rounded". This means I was given lots of theoretical knowledge on information security, and lots of history. However, there just isn't time to get into too much technical detail. This leaves me trying to play catch-up, and learn that on my own while attempting to also do it at work. I was not the kid that spend all his time on my computer honing my skills when I was in college, which may have put me behind to begin with. I was heavily involved in the music program, as well as worked 30 hours per week to be able to pay rent. I've never had the free time to hone my skills like I would like, until now, when I'm out of college.
With security, theres SOOO much information that I'm really just struggling at getting myself organized and where to start. There's tons of books, tons of online articles, tons of videos...theres almost too much information. I don't know whether I should try to go through and learn a little bit about everything, such as learn a little about web app security, sql injection, perimeter defense, firewalls, database security, linux security, windows security, forensics, programming...etc. Another approach is that I could focus on an area for awhile...so, I could learn and practice SQL injection for a month...then move on to the next topic. Lastly, I could go about it by the tools I use...for instance I could learn as much as I could about Metasploit...then move to the next tool.
Knowing how to organize my "professional studying" to truly improve my value and move up in my career has proven to be quite difficult. I spend so much time trying to decide what to do, that I never get anything done. I'll start reading a book, get through about 50 pages, then switch to something else thinking it will help more.
If anyone reads this and has any good ideas or experiences, please let me know. I'd love any feedback!
One thing I can personally relate this to is drumming. I've been playing drums most of my life. I had my "woodshedding" years, in high school and college, where I worked on technique so much that now its second nature and I can essentially perform whatever I can come up with. This is where I want to be with security...its just a bit more of an abstract art.
One difficult spot I've found myself in, is how to transfer all my knowledge from college into my job. As colleges do, I was made to be "well-rounded". This means I was given lots of theoretical knowledge on information security, and lots of history. However, there just isn't time to get into too much technical detail. This leaves me trying to play catch-up, and learn that on my own while attempting to also do it at work. I was not the kid that spend all his time on my computer honing my skills when I was in college, which may have put me behind to begin with. I was heavily involved in the music program, as well as worked 30 hours per week to be able to pay rent. I've never had the free time to hone my skills like I would like, until now, when I'm out of college.
With security, theres SOOO much information that I'm really just struggling at getting myself organized and where to start. There's tons of books, tons of online articles, tons of videos...theres almost too much information. I don't know whether I should try to go through and learn a little bit about everything, such as learn a little about web app security, sql injection, perimeter defense, firewalls, database security, linux security, windows security, forensics, programming...etc. Another approach is that I could focus on an area for awhile...so, I could learn and practice SQL injection for a month...then move on to the next topic. Lastly, I could go about it by the tools I use...for instance I could learn as much as I could about Metasploit...then move to the next tool.
Knowing how to organize my "professional studying" to truly improve my value and move up in my career has proven to be quite difficult. I spend so much time trying to decide what to do, that I never get anything done. I'll start reading a book, get through about 50 pages, then switch to something else thinking it will help more.
If anyone reads this and has any good ideas or experiences, please let me know. I'd love any feedback!
One thing I can personally relate this to is drumming. I've been playing drums most of my life. I had my "woodshedding" years, in high school and college, where I worked on technique so much that now its second nature and I can essentially perform whatever I can come up with. This is where I want to be with security...its just a bit more of an abstract art.
Monday, February 20, 2012
Introduction
Hey everyone in the Blogosphere! I am a young twenty-something male who is blogging for the first time. I graduated about 9 months ago with my bachelors degree in Information Assurance, and am now working full-time in the field. I thought I'd start to document what I've learned along the way...good, bad, and indifferent. I'm not afraid to be wrong, so I hope this can be an avenue for me to meet people with similar interests and we can hopefully learn from each others experiences.
I am also a big sports fan, I like to read, and of course like to do things anyone would do in their younger 20's. I may blog about these things from time to time as well.
Thanks for reading!
I am also a big sports fan, I like to read, and of course like to do things anyone would do in their younger 20's. I may blog about these things from time to time as well.
Thanks for reading!
Subscribe to:
Posts (Atom)