I was speaking with a friend, InfoSec peer, and former colleague/direct report today. He mentioned that he found my blog while looking for multi-head displays with Ubuntu info.

That made my day.

Thanks, Tom!

For those who don’t know, in mid-June I landed a new job. I’ll write later about my thoughts on the job hunt. There are several lessons learned and things I wish I could do over.

Thank you, friends and family and colleagues, for your help and support.

I’m excited by this new opportunity, the work, the team I’m working with, and what the future will bring.

I’m not sure how much I can write about the work, but I can write about the job. Here’s the tl;dr:

5 Ws

Who (with): Hewlett-Packard, Enterprise Security Services, Americas Security Consulting

What (as): Senior Security Architect

Where: Teleworker/Work-from-Home/the Americas

Why: Ultimately it came down to two factors: platform and place. It was not an easy choice; the other offers were strong.

How: Perseverance; a great outplacement consultant in Dean Morrow at hdmsi.com; made luck; networking; a lot of conversations with a lot of people I trust; family and friends; a lot of conversations with a lot of people I didn’t know.

Q & A

What do you mean by “platform”?

I like choosing the right tool for the job. I like platform agnosticism. I like security polycultures. I like defense-in-depth. I like HP’s security tools like ArcSight and TippingPoint, but I know they’re not universally applicable.

My interviews and conversations highlighted the platform agnostic aspect. The folks on my team come from a varied and diverse background, and leverages all of that experience.

 How are you adjusting to Teleworking?

The adjustment has been easy. Easy, except for moving my treadmill out of the basement to my new home office upstairs. I might need specially built robots to bring the hulking mass upstairs. I used a walking desk/treadputer before and want to again.

What do you miss?

I miss my old team and the great folks that worked with me. But I’m excited by the team I’m working with. They’re every bit as smart and capable, and I’m glad to work with them.

A Guide to What to do Before You (Are Asked to) Leave Your Job

My recent life change triggered a self review with deep introspection. I categorize my thoughts into two buckets: strategic planning and personality. I’m putting together this post to discuss the strategic planning I should have done while employed. This plan also prepares you for when you quit, get relocated, the business goes bankrupt, you earn promotion, or when the building burns down.

If you’re fired/reorganized out/downsized/laid off, the worst time for you to collect your stuff is in the narrow window HR and security grants after “the conversation”. Emotions will cloud your mind. Restrictions may prevent you getting at what you want. The realization that you need something three weeks later might be beyond possible.

Formal HR Documentation

I have copies of my performance reviews. I just can’t find them. Regardless of the weight you place on scripted annual surveys these are good things to keep around. Also save any letters or emails complimenting you on your work. I recommend printing emails to PDF and then uploading them to Evernote or Dropbox. Scan the paper documents into PDFs, too. You could even go so far as to keep them with things you keep for a long time like tax returns.

This is useful information, especially with interview questions like, “Tell me about a time where you overcame an obstacle” or “What are your weaknesses?”. You can use the information from your past reviews to craft an answer. Also they may help remind you about something significant you did that slipped your mind.

Education, Training, and Certification Records

If you’re like me you have to keep track of your training and education for your various technical certifications. If I hadn’t have used TripIt to help me manage my travel I would have had a heck of a time legitimizing some of my training in 2012. Set your various certification dates in your personal calendar: annual fees, anniversary, re-certification reminders before expiration. Make sure your profile for the certification authorities is your personal email, postal address, and phone number.

If you changed colleges and universities you will want to know when you attended which school. I’ve filled out several on-line forms that required a full academic listing.

Professional Accomplishments

Job hunting best practices includes being specific when talking about achievements. As a manager with a large budget I know I came it at or below budget for two separate departments for four years. I didn’t document the amounts or percentages. I cut a lot of costs. Only the most recent cost cutting projects are in my head.

My take away is that anything that is objectively measurable you should document. Everyone’s list will be different based on their position.

I struggle with doing periodic reviews in the GTD vein: weekly, monthly, quarterly, annual. These would be the ideal place to capture the information. A less cumbersome method involves creating a list that you add new accomplishments to the end.


Over the years my contact list became difficult to manage. Old information never seemed to die. New people were slow to add. My corporate email would corrupt, forcing a virgin instance from that point forward. Social networks like LinkedIn seem a tempting tool to fill in the gap but I’m finding only about 60% of my LinkedIn contacts have updated their profile lately. Managing international contacts in either solution can try one’s patience.

The contacts you will take for granted are the ones that you held in muscle memory. Make sure you keep your peers’ contact information updated. Hanging on to a copy of the latest org chart would be wise.

I don’t have a good solution for this, but people do seem to update their professional email signatures. I would probably highlight signature blocks of new people and clip them to Evernote. I would scan and save business cards to PDF and save in Evernote, too. Then weekly as part of the review I would add them into my main address book. In my case I would use Google Contacts, but YMMV. I would also connect with the new contacts on LinkedIn as part of my weekly review


A desk, a cubicle, an office can tend to collect things. Mine included magnetic poetry, juggling balls, family photos, food, and a bunch of other nicknacks.

If you want to keep a lot of things at your desk, keep bags and boxes around for packing up. This is a good idea anytime. I think my desk moved ten times in twelve years plus two more were added when I moved into management.

When it comes to photos, my iPad has much newer offerings. I can put it into slideshow mode on my desk. The other trinkets are nice to have but I could juggle office supplies.

Every so often, maybe at the quarterly review, see if you can fit your personal effects into one trips worth of boxes and/or bags. Try to keep them down to that. Don’t leave anything at the office you can’t live without.

Resume & LinkedIn

I let my resume languish. I was casually looking for a new job before I was let go, but my resume wasn’t up to date. I had old information that no one, even me, really cared about.

Taking all of the above into account I would make updating my resume part of my quarterly review. I would ask for family and friends to review it for me annually. This would hold true for my LinkedIn profile as well.

Electronic Devices

I keep a separate cell phone and laptop from my work gear. Stemming more from paranoia and convenience than anything, I even carried two phone and two laptops when I traveled for work. I traveled two out of every three weeks, so I was committed.

Finding a job in the modern era without these tools is tricky. You can use a personal tablet with WiFi/3G/4G and something like Skype or Google Voice to replace both a phone and a laptop, but I would still keep a personal phone. Prepaid phones are great options. The other thing to consider if your employer allows is to own your own phone and expense your business calls.

Email and Instant Messaging and Social Accounts

I know people who use their work email for EVERYTHING. I know people who use their corporate Instant Messenger (IM) for EVERYTHING. The same may hold true for social networking accounts like Twitter.

There are so many great free or inexpensive email options. Get your own, as well as the other accounts.

User Accounts and Bookmarks

User accounts are an interesting problem. Depending on your role you may have accounts that are critical to the business. If the company doesn’t have some kind of user account & password management system in place, your browser’s password cache might be it. There are problems with that.

1. Browser password storage is insecure
2. Browser password storage isn’t audit-able
3. isn’t sharable
4. isn’t backed up
5. might not be accessible by someone else depending on your setup

If your company has a central password management/escrow system, put your business accounts in there. If not, when the separation comes do the right thing and hand over your business credentials.

I recommend setting up LastPass. It’s free for the desktop, but I recommend paying for premium.

Final Thoughts

Invest in good text expanding software. I’m using TextExpander on the Mac and AutoHotKey in Windows. It amazes me how poor the on-line job application systems are. There are a few that will use your LinkedIn or Google profile, but many companies will ask you to essentially retype your resume into their form.

Occasionally look at job postings for your current role and the job you want to have. Use that as a guide to what skills and abilities you should work on acquiring.

I’ll update this with more information and ideas as they come to me. Please feel free to share your suggestions and stories in the comments.


Imagine what it would be like if you woke up one morning to find you’d been hacked.

Whether you were hacked, phished, had malware installed or just don’t know what the heck happened but there’s somebody all up in your e-mail, here are a few good first steps to take following an incident. This is by no means comprehensive, but it’s a good start.

via What To Do After You’ve Been Hacked | Gadget Lab | Wired.com.

Mat Honan knows better than most. You may recall he was infamously hacked last summer. His tips are solid. I’d add a few more.

Use a password management service

In the aftermath of Mat’s experience I reflected on my personal accounts and those I needed for work. If I had to remember everywhere I had an account – and forget about remembering what my login was – I’d have no way. I moved to LastPass a few years ago to help me wrangle them all. 1Password is also well-regarded. Make sure you have a strong password and Google Authenticator set up. I recommend paying the $12/year for the pro service.

Rebuild your PC

New hard drives are inexpensive for your computer. Buy a new one and an external hard drive enclosure. Install the new hard drive in your computer and the old one into the enclosure. If you have one of the Ultrabook style laptops you might need to hire someone to swap the hard drives for you.

Then reinstall the Operating System (OS) from your media backups. If you don’t have them contact the PC manufacturer’s technical support for help. Install your apps and the password management service.

Commit yourself to backups

Everyone should have a backup strategy that works for your needs, technical ability, and economic situation. I recommend starting off using an external hard drive with Windows 7 File Recovery (formerly known as Backup), Windows 8 File History, or Apple OS X Time Machine. I strongly suggest also using a cloud based service like CrashPlan as an extra level of protection. Read Lifehacker’s guide to setting up a solid backup plan for more details.

Also check out Lifehacker’s post to things to do post-hack here.

ISC Diary | Evernote Security Issue

Evernote reported a Security Incident. When there’s an event like this there are many ways a company can mishandle notification.

Scott Fendley, the ISC Handler who posted the note, did a nice job of speaking to the Incident Handling procedure Evernote employed:

From an incident response point of view, I will have to commend Evernote for how they are handling the situation.

It appears that their security operations was able to detect the incident in a reasonable period of time (within a day). In addition, their communications/PR arm responded with good initial recommendations in the news article. And while there is not much technical information yet, they were able to limit some of the questions about how they stored passwords (one way hash with salting). It is my guess that Evernote has been preparing for the eventuality that a security breach would occur, and prepared all of the appropriate parties to respond.

Protect, Detect, Respond, Recover. Remember to not just focus on one or two of these within the continuum.

The part I want to highlight is how the Evernote team and not just their Security Operations dealt with this. Too often companies will expect their InfoSec specialists to do it all: the normal Incident Handling cycle (identify, contain, eradicate, recover, and lessons learned) plus handle the notification and communications. When dealing with a Security Incident it is critically important that the InfoSec and other technical teams are focused on handling the event. Management, help desk, and in this case the PR team can best help by levering their skills communicating and running interference.

I look forward to Evernote proving us with a detailed report of what happened and how they handled things.

Of course, don’t forget:

And if you use Evernote, change your credentials soon to limit your personal exposure.

I’m a huge Evernote fan and user. This just reinforces for me why it’s a service I’ll continue to patronize.

More info:

via ISC Diary | Evernote Security Issue.