Phone Policy

[bkahl]

Quote:

Originally Posted by techhelpbb

If there was an irregularity at my former position federal agencies took notice fairly quickly.

((I hope his phone wasn't in his pocket))

[techhelpbb]

Quote:

Originally Posted by bkahl

((I hope his phone wasn't in his pocket))

That only actually happened once before I worked there.
It was, in part, the reason I was hired.
No, I am not kidding.

One of the best known hackers in history potentially endangered their systems.

Another reason I was hired was quite simple:
I used to build incredibly fault tolerant systems for the military.
The kinds of things where you can damage 66% of the thing and it still operates.

I used my knowledge of redundancy to my maximum advantage with public and private cloud computing as time went on.
Today I participate in standards committee work for financial systems on cloud and containerization services as well as my other work.

Just one example of the stuff I have interacted with:
http://www.newstarget.com/2016-03-28...nraveling.html

Wouldn't you send people with guns to secure a critical piece of that?
Wouldn't you take a monitoring alert on your phone if you touched a market with more money than the global GDP in it?

[bkahl]

Quote:

Originally Posted by techhelpbb

That only actually happened once before I worked there.
It was, in part, the reason I was hired.
No, I am not kidding.

One of the best known hackers in history potentially endangered their systems.

Another reason I was hired was quite simple:
I used to build incredibly fault tolerant systems for the military.
The kinds of things where you can damage 66% of the thing and it still operates.

I used my knowledge of redundancy to my maximum advantage with public and private cloud computing as time went on.
Today I participate in standards committee work for financial systems on cloud and containerization services as well as my other work.

Just one example of the stuff I have interacted with:
http://www.newstarget.com/2016-03-28...nraveling.html

Wouldn't you send people with guns to secure a critical piece of that?
Wouldn't you take a monitoring alert on your phone if you touched a market with more money than the global GDP in it?

Interesting stuff-

I just hope all of this information doesn't rely on a private, personal server, or your cell phone. Could get risky for those hackers.

Also- can you explain how a sum of money can be MORE than the World GDP?

[AdamHeard]

Quote:

Originally Posted by bkahl

((I hope his phone wasn't in his pocket))

A no phone policy would be tough on 973... Obama often calls me to consult for tough decisions he's facing. I am very important afterall.

Luckily we won't have that constraint to balance during the 2017 season!

[techhelpbb]

Quote:

Originally Posted by bkahl

Interesting stuff-

I just hope all of this information doesn't rely on a private, personal server, or your cell phone. Could get risky for those hackers.

Also- can you explain how a sum of money can be MORE than the World GDP?

One can always bet more than they have in their pockets.
Technically one can bet more than there are physical assets to secure considering the United States is a fiat currency not backed by the gold standard.

There's a lot of people that get alerts these days.
My systems meet the strictest levels of diligence by industry standards.
I have terminated relationships with groups who operate with standards I deem too inferior.
Sure someone could attack me, steal my phone: however in that case my crew would still respond and I would have done my best to do my part.

If you folks think it's a mystery to hackers where I work, how I likely do my job, you'd be extremely wrong. Social engineering is core tool of hackers. They know who I am. They could target me as a defender. It would never be enough for them to achieve their goals. Even my own access would be blocked the minute there was something irregular.

To put this in current perspective:
https://www.schneier.com/blog/archiv...e_is_lear.html

[Brandon Holley]

Quote:

Originally Posted by techhelpbb

One can always bet more than they have in their pockets.
Technically one can bet more than there are physical assets to secure considering the United States is a fiat currency not backed by the gold standard.

There's a lot of people that get alerts these days.
My systems meet the strictest levels of diligence by industry standards.
I have terminated relationships with groups who operate with standards I deem too inferior.
Sure someone could attack me, steal my phone: however in that case my crew would still respond and I would have done my best to do my part.

If you folks think it's a mystery to hackers where I work, how I likely do my job, you'd be extremely wrong. Social engineering is core tool of hackers. They know who I am. They could target me as a defender. It would never be enough for them to achieve their goals. Even my own access would be blocked the minute there was something irregular.

I feel like I'm reading an episode of Mr. Robot right now....

[techhelpbb]

Quote:

Originally Posted by Brandon Holley

I feel like I'm reading an episode of Mr. Robot right now....

“Fiction is the lie through which we tell the truth.”
― Albert Camus

[bkahl]

Quote:

Originally Posted by techhelpbb

“Fiction is the lie through which we tell the truth.”
― Albert Camus

[Andrew Schreiber]

Quote:

Originally Posted by techhelpbb

Thanks for your concern.
That's a quote from my original post.

You know what it takes to start a financial services company?
A lot of money so early in my career there were often sub-optimal staff for this duty.
It was compensated for with automation.
I wrote a lot of that automation with REST/SOAP, Bash/Ksh, Perl, Python, Ruby and even some VBA for reporting.

Would you seriously suggest I leave a script unattended merely to avoid my inconvenience?
Would you chance leaving your team's FRC robot running unattended and fully autonomous during a match?
Would you bet your retirement on a script that could be fingerprinted or fail to account for the nuances of a security issue?

Even if you answer yes to any of those queries I am afraid that you would be the minority.
People expect their money to stay where they put it and their financial transactions to operate as intended.

If there was an irregularity at my former position federal agencies took notice fairly quickly.
My obligation was stop anything that would cause anyone else to have to act.

I would say those automation skills served me very well considering it would now be considered: SecOps/DevOps
My work in that environment made it possible for us to achieve ISO27001 security certification with a very small number of issues to remediate.
So basically what this translates to is that our security was considered actually very good by some of the highest industry standards.

No. I would, and do, value my health and enjoyment of other activities well above that of my job. And before someone asks, yes I tell my management that. See, I work because I need to earn a living. I have a very strict policy of fire walling my time. I've found this is better for my health and productivity.

I commented that it's a bad policy because I think it causes unnecessary stress which can lead to health problems. I'm glad you draw pride in this but to me it is a sub par solution.

[techhelpbb]

Quote:

Originally Posted by bkahl

http://www.informationisbeautiful.ne...reaches-hacks/

Welcome to the world wide web. We know all about you.
There's no place to hide .

Maybe someone should have picked up their smartphones before they made this visualization?
Nah....

Quote:

Originally Posted by Andrew Schreiber

No. I would, and do, value my health and enjoyment of other activities well above that of my job. And before someone asks, yes I tell my management that. See, I work because I need to earn a living. I have a very strict policy of fire walling my time. I've found this is better for my health and productivity.

I commented that it's a bad policy because I think it causes unnecessary stress which can lead to health problems. I'm glad you draw pride in this but to me it is a sub par solution.

You are correct of course this has impacted my health.
It's not easy to have a life when you move at the pace I keep.
In fact people have actually died from health problems trying to keep up with me.

Hence I have consistently moved to make it possible for me to leave the grid more often and with greater independence.
It is still my responsibility to know what is going on in my scope of influence as much as possible.

The issue is really more of one in which the security market's threats are larger than the capacity of most markets to expend on adequate defense. So, for example, if I build something that depends on DynDns...not to long ago it would have been down for most of Friday.
https://dyn.com/blog/dyn-statement-o...6-ddos-attack/

Course now we even have people that want to pump code straight into production using DevOps automation.
So if it's not an external issue it is managing the internal risks created by increased production demands.

[frcguy]

Quote:

Originally Posted by bkahl

I'll throw in the obligatory

Quote:

You must spread some Reputation around before giving it to bkahl again.

[Cothron Theiss]

Apparently I'm inept at attaching gifs.

[marshall]

Quote:

Originally Posted by techhelpbb

In fact people have actually died from health problems trying to keep up with me.

I'm sorry for your loss.

[techhelpbb]

Quote:

Originally Posted by marshall

I'm sorry for your loss.

Thank you for respecting those that paid the highest price in exchange for what our technology has wrought.

[bkahl]

Quote:

Originally Posted by techhelpbb

Thank you for respecting those that paid the highest price in exchange for what our technology has wrought.

Ive changed my mind.

We should all ask our students to sacrifice their phones in memory of these beautiful souls.