Tuesday, December 19, 2017

Top 50 Women Shaping the Future of Information Security


Thursday, June 15, 2017

Know Thy Audience: A Guide to Sounding Professional (or not)

      I recently had a discussion with some friends about conduct in and out of the workplace, which led to a larger discussion that how someone speaks in different situations has an impact on the general perception of their knowledge and competency. A couple days after this I thought I'd compile a list of words that shouldn't be used if you want to be taken seriously. I already knew a couple of the words/phrases that were like nails on a chalkboard to me (no matter the situation really), but I wanted to get your input as well. (See tweet here). I originally thought this list could be used for almost any setting, but then thought I should break it down a little further. In a world where memes have broken into every day life by being on the news, in advertisements, and even at work it's sometimes hard for some to make a distinction as to when certain behaviors and phrases are acceptable. It's not only wording that we should worry about either. It's the entirety of your being. Yes you should be happy being yourself and shouldn't bow down to please the entire world. That being said, you should always still remain clean cut, take showers, apply deodorant, wear clean clothes, and not punch people in the face as they walk by.
     We should first break social and professional settings up into different categories. Each of these categories are going to have different sub-levels as well.

  1. Home - This is where you reside or spend time with close friends. Out on the patio grilling and drinking beer, playing video games, or binging on Netflix. You are free to act as asinine as you want with little to no repercussions to your actions. Of course there are rules of conduct at home, just like anywhere else. You don't wear your shoes on the carpet, you need to rinse your dishes, but you can still lounge around in your underwear with your hands down your pants with no judgement or impact to your overall path in life.
  2. General Public -  Obviously a step above the home life. You wear respectable clothing depending on where you're headed. A 5 star restaurant will demand different attire and attitude then waltzing into Walmart at 3a.m., but they are still in view of strangers of different backgrounds and situations. You'll speak with a little more clarity, as inside jokes and rules from home aren't widely known to the rest of the masses.
  3. Professional Event - There are so many different sub-levels of professional events. You may be an industry leader at a very formal suit & tie event, or it could just be a local meetup of peers. At any level there is a certain amount of professionalism and tact that others will associate with you based on your words, how you dress, your demeanor, and actions. I've had soooo many conversations with people and with people in the same room as me that were insanely smart and helpful. How you act could be the difference in them blowing you off or offering you a job, book deal, or other opportunity.
  4. Workplace - Again, so may different sub-levels depending on the industry you work in, your role, and the company you work for. Over the last several jobs I've had there are vastly different rules as to what is and isn't appropriate. Sometimes I've had to cover up my tattoos, in other positions I could have had a face tattoo and bright pink hair with not even a second glance. So many decisions are based on how you read the situation. While I believe the majority of at least the USA is becoming more liberal in regards to judging people based on how they look, how you act and speak is still going to be a reflection of your persona overall. If the same person walked in to talk to an executive, to apply for a job, to sell a widget, or time wearing a well fit suit and tie & speaking intelligently and the next time came in wearing last night's clothes and talking like a hoodrat, who makes the better first impression? I don't give two shits if they can accomplish the exact same thing, because perception matters!!
  5. Social Media - Now Social Media is where it can get super fuzzy. There are a million different types of platforms for different reasons. While there are still private groups and direct messages you should always be aware that no matter how private it is, there is always the possibility of what has been written or shared to be shown publicly at any point in time. Whatever is on the internet stays there forever. You can actually break up social media into the 4 categories above. However it still all depends on context. I personally have a fairly open Facebook account, filled with a lot of different infosec people. Additionally I have security groups setup according to levels of trust. While this helps to a certain point, there's nothing stopping someone from taking a screenshot of anything that I might post and sharing it publicly or privately without me knowing. I have a public Twitter account as well, composed of a majority of information security professionals at different levels. I expect everything that I tweet to be seen by my employer, future employer, friends, family, and obviously the NSA. I personally try to keep it a good balance of quality content mixed with my own ranting and raving. However there are industry leaders that may only post on their infosec specialty. They are a higher content to crap ratio and will end up with a higher following and potentially better business and opportunities because of it.
Below is a list compiled from Twitter and Facebook of almost everything I've been sent. I've broken it up into "slang" and "industry annoyances". Either list should be used sparingly unless you're at home, at that point I don't really care what you say or how you say it. Slang is best suited for at home or depending on your end goal or personal situation could be used in the workplace or social media (again, in moderation). The industry annoyances come from the repetitive sales meetings, conference calls, and overall professional bullshit that most of us have to deal with daily. I personally think the terms listed here can have their place (in moderation....repeat much?) in making thoughts and strategy well articulated.

  • Slang

    • AF
    • Amazeballs
    • Bad boy
    • Bae
    • Bigly
    • Boi
    • Boo
    • Buh
    • Cray
    • Dope
    • Ehrmagerd
    • Fam
    • Fleek
    • For realz
    • Gucci
    • Hashtag
    • IKR?!
    • Ktksbai
    • Like a boss
    • Lit
    • Literally can't even
    • Make some noise
    • Mos def
    • Please 1) check yourself before you 2) wreck yourself
    • Rekt
    • Right?!
    • Salty
    • Savage
    • Swag
    • Thic
    • Thot
    • Totes
    • Triggered
    • Turnt
    • Woke (in any form)
    • Yo
    • Yolo

  • Industry Annoyances

    • "50 shades of X" (Play off of 50 Shades of Gray)
    • "Make $noun $adjective again" (Play off of Make America Great Again)
    • "training" as a countable noun
    • Actually
    • All intensive purpose
    • And that being said
    • Any form of "splaining"
    • At the end of the day
    • Basically
    • But do you?
    • Circle back down the drain
    • Cyber
    • For fun and profit
    • Gartner
    • Having said that
    • If you will
    • Irregardless
    • Just so you know
    • Obviously
    • Per se
    • Please advise
    • Simply
    • Sun Tzu quotes
    • To be honest
    • To your point
    • Touch base

A special thanks to @haydnjohson for the insight

Other stuff from my amazingly stylish friend @Cyb3r_Assassin

Wednesday, January 18, 2017

Credit Card Skimmers and Your Security

Recently an article was published in the News Messenger titled “Credit card skimmer found at a gas station in Bellevue” highlighting a recent sweep for these devices covering 60 of the 88 counties in Ohio. So what are credit card skimmers? Skimming is an electronic method of capturing a victim's personal information used by identity thieves. The skimmer is a small device that scans a credit card and stores the information contained in the magnetic strip. Many times this device is placed over top or within the original credit card processing machine and can be difficult to detect at first glance.

Skimmers can be placed pretty much everywhere that credit card transactions take place. Gas pumps, ATMs, and lottery machines all being good examples. They can be bought up front for several hundred dollars online, and then have the added cost of the electronic components used to store or transmit the stolen credit card data. Data can be stored locally to the skimmer or some newer models have been known to transmit the data over Bluetooth. Criminals will also add or have built-in pinhole cameras or add another PIN pad over the original to capture the PIN being used.

So what can you do to protect yourself against these types of devices?
Be vigilant and aware of the devices you are putting your credit cards through. 

  • Try not to use ATMs that are not located in publicly visible and well-lit areas.
  • Whenever you enter your debit card's PIN, Just assume there is someone looking. Maybe it's over your shoulder or through a hidden camera. Cover the keypad with your hand when you enter your PIN.
  • Stop and consider the safety of the ATM before you use it. The ATM inside a grocery store or restaurant is generally safer than the one that is outside on the sidewalk. 
Check for tampering.
  • Look for odd protrusion or off-color components on a card reader.
  • Check for some obvious signs of tampering at the top, near the speakers, the side of the screen, the card reader itself, and the keyboard.
  • If something looks different, such as a different color or material, graphics that aren't aligned correctly, or anything else that doesn't look right, don't use it.
  • If you're at the bank, it's a good idea to quickly take a look at the ATM next to yours and compare them both. If there are any obvious differences, don't use either one, and report the suspicious tampering to your bank.
  • Even if you can't see any visual differences, push at everything. ATMs are solidly constructed and generally don't have any jiggling or loose parts. 
  • Most skimmers are glued on top of the existing reader, they will obscure the flashing indicator.

Work with your bank.

  • If you haven’t already, you should switch to a chip-enabled credit or debit card. New MasterCard and Visa rules that went into effect Oct. 1, 2015, put merchants on the hook to absorb all costs of fraud associated with transactions in which the customer presented a chip-based card yet was able to take advantage of it. The chip cards encrypt the cardholder data and are far more expensive and difficult for card thieves to clone.
  • Timely reporting is very important in cases of fraud, so be sure to keep an eye on your debit and credit card transactions. Personal finance apps like can help ease the task of sorting through all your transactions. 
  • Try to use a credit card whenever possible. A debit transaction is an immediate cash transfer and requires making a FDIC claim which can take weeks to be processed.
  • Pay attention to your phone. Banks and credit card companies generally have very active fraud detection policies and will immediately reach out to you, usually by phone or SMS, if they notice something suspicious. Responding quickly can mean stopping attacks before they can affect you, so keep your phone handy.

For additional information as well as more in-depth guides for detecting skimmers you can visit this collection of blog posts