41
1

So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

1

Page 2: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Because you’re here I’m guessing you work in infosec or a closely related

field and this is an introduction to the massive opportunities we have.

There is no question that the bad guys have been massively capitalizing on

opportunities and I’m sure many have made millions. Of course we have lots

of opportunities too.

Have you noticed that some of us simply have more success in infosec than

others, however you may define success? Some people are simply more

listened too, more prominent, make more of a difference, and yes, make more

money. They are not just lucky. They make their luck.

To be an Infosec Rock Star, you need to be good, very very good, at what you

do whether it’s forensics or packet analysis or pentesting or whatever, but it’s

not just the geek skills. Great technical geek skills are essential, but they are

not everything.

Geek will only get you so far . . . And we’ll get back to that soon.

First let’s talk about why this is a tipping point.

2

Page 3: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

So, leaving the world of Rock and Roll, what is a “Rock Star.” We need some sort of a working definition.

Wiktionary defines a Rock Star as “A person who is renowned or revered in his or her field of accomplishment.”

Renowned means widely known, perhaps even a celebrity. This may mean world famous, industry famous, all the way down to widely known in their company or department. Plenty of Rock Stars are locally or niche specifically renown. Sorry, but “Legend in you own mind” doesn’t cut it.

Revered means “respected” and unless you are scamming people you need to be damn good at what you do, as well as effective at getting things done!

We are substituting “Successful” for “Rich” from our “Whaddayathink when you think “Rock Star” ??” slide. Success means different things to different people. It often includes a component of lots of money as well as more, but quite honestly, many people do not care about lots of money (hard to believe for some of us).

“Success” is something one defines personally.

I’ve also added “unique” as you do not become renowned or revered by being like everyone else. Rock Stars are unique. There is only one Mick Jagger, one Bill Gates, one Bruce Schneier, one Steve Jobs.

3

Page 4: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

If you are the best guitar player in the world, but only play in your parent’s

basement where you live, then who cares? You are not being effective at

bringing the joy of your music to the world.

And obviously you need more than just raw guitar playing (yes, I know he’s

playing a bass) or technical computer skills. The dude in the picture for

example has a bit of stage presence, hopefully can get along with his band

members, enjoys playing the guitar, plays/practices often, and more.

A Rock Star is “Extremely good at what they do” - in bold. But that’s not all.

What a Rock Star is extremely good at is more than just their core skill. If the

dude in the picture could just play well but not much more, he could be a killer

studio musician perhaps, but would NOT be Rock Star material!

4

Page 5: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

These are absolutely not just my ideas. I’ve gathering input from a lot of sources. I’d love your input too.

Not only is much on this based on scientific research and what some of the brightest minds have written or said, but I interviewed many of the brightest minds out there.

In other words, I wrote this with a little help from my friends . . . Including lots of people I’ve forgotten or haven’t added yet or haven't got permission to use their names. . . .

One thing that surprised me is how often the same ideas kept coming up. I knew there would be a lot of alignment in thoughts and advice, but there was even more than I was expecting.

Typos courtesy of me, Ted Demopoulos.

5

Page 6: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

We exist to support our organization, and doing good for your organization is

doing good for yourself.

As Stephen Northcutt, former CEO of The SANS Institute, puts it, “We are the

tail, not the dog.”

A Rock Star understands their organization. If a consultant, you have several

organizations to understand!

Every organization exists for a reason. Why does yours? What does it do:

products, services, etc.

EVERY organization has customers – who are they what are their concerns,

and more.

“Corporate Culture” is the set of written and unwritten rules on how things are

done. If you want to be effective, you need to understand the corporate culture.

You learn the corporate culture over time.

6

Page 7: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

You must be at least capable of (fundamental) competence, which is a fair bet

if you are reading this. Geeks regularly underestimate their competence in my

experience. Fundamental competence includes the core innate ability to “get

it.” Look, some people are just not designed for security, just like I’m not

designed for music (I’m pretty tone deaf and that just is not going to change).

You need basic aptitude and ability and knowledge.

I can bang on my piano playing old time jazz and blues forever, but I’m never

going to do much more than have a lot of fun (a most honorable goal in itself)

and perhaps annoy my neighbors!

You’ve got to be (or become) damn good at what you do. Yes, being great isn’t

enough, just like passion alone isn’t enough. I know enough passionate

musicians who just ain’t got the talent. I have also met some technically extra

competent, perhaps gifted, musicians who would rather do something else.

7

Page 8: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

8

Page 9: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

When communicating technical information to non technical people, be

patient. Use analogies, simple language, and if one explanation doesn't work,

try changing it slightly.

It’s very likely the person you are trying to communicate with is intelligent;

lacking technical skills does not make one stupid. There are many types of

intelligence.

In general, if not communicating within your peer group (which often means

non-technical people), you want to explain things at perhaps a 12 year old

level, and you want them to explain things to you at a 12 year old level.

If you don’t understand something, it doesn’t make you stupid. Ask for

clarification. What seems trivial to someone else (perhaps business or

management concepts?) may be complex to you initially, just as technical

information may seem complex initially to non technical people.

And remember, often non-technical people are afraid of technology, and hence

may even be somewhat afraid of you. This includes management, because

although they have a lot of power over us, we also have a lot of power and

they may fear that!

9

Page 10: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

As a group, we are not great at finishing things. Yes, this is a stereotype but

generally true of technical people and many others too.

We all know Rock Stars and bands that spend 10, 15 and more years finishing

their “next” album, trying to make it perfect.

There is no such thing as perfect. Good enough is good enough (and should

usually be great but never perfect).

Managing and fiercely protecting your time is part of finishing things, as is

project management, whether formal (for bigger projects) or informal (for

smaller things).

10

Page 11: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Once again, there is no such thing as perfect. Good enough is good enough

(and should usually be great but never perfect).

There is zero value to something you never finish!

Author Seth Godin uses the term “shipping” for releasing things to the world.

Of course you may not actually physically ship anything and usually don’t, but

“shipping” involves releasing whatever you’ve created to the world, regardless

of what it is.

For example, I could work on this “Rock Star Guide” forever – there is so

much I want to add. I could work for the next year extending, refining,

correcting, and more. However I’ll finish this tonight, give a final (and

imperfect) proofread tomorrow, and then release it. It has little to no value if I

keep it to myself and never “ship” it.

11

Page 12: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

So many of us seem to have ADD or ADHD or whatever it’s called (or at least

some symptoms – I cannot diagnose as I have no medical expertise) that it is

worth spending some time talking about time management.

Hopefully obviously Rock Star is not 9 to 5.

You want to make efficient use of your time. This includes doing the right

things, not doing some things (which perhaps you used to do), and doing what

you do efficiently.

Of course down time is important too! No one is telling you to be a

workaholic, although there will be time crunches and missed sleep

occasionally! You’ll also need time to rest and recover and time to do

something fun (although being a Rock Star or working towards Rock Star

status IS fun).

I often get some of my best ideas during downtime. A lot of brilliant ideas

have arisen while “wasting” time singing during unusually long showers. I also

often stop during bike rides to jot down ideas.

12

Page 13: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

It would be great to be more productive. In fact we will discuss being more

productive. However that alone will absolutely not get you “caught up.”

Getting “caught up” is a quaint notion, but it is not going to happen.

It’s not like our work is all physical today and we can see it and once we finish

what we see, whether its harvesting crops, or packing boxes, or whatever, we

are done.

There is never enough time to do everything you want. Conversely, there is

exactly enough time for what you do get done.

For example, I have piles of books, PDFs, articles and more I would love to

read, but I’m never going to read them all. There are emails I would like to

answer but I’m never going to answer them all. At any time, I have multiple

projects going and some could absolutely use more of my time. I have some

incredibly cool projects I’d love to start and hopefully finish. There are people

I should reach out to, but I’ll never reach out to them all.

And of course there are non-work related things too.

• It would be nice if I could exercise more

• I ’d love to go hiking and fly fishing in New Zealand again

• I love the idea of Tango lessons in Argentina

• Maybe I’ll fish more this coming summer

• I should make more of my kid’s events

13

Page 14: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Since there is never enough time to do everything, what you choose to do and

what you choose not to do are equally important. Of course with some things

you will have no choice; you need to do them. It doesn’t matter of you a full

time employee, minion, or self employed, some things just need to be done.

With others, regardless of your role, you will have choices. I often think, “what

if I never did this – would it matter?” Some seemingly important things may in

fact not be important. Perhaps they were very important at some time. Maybe

you can just skip them or perhaps delegate them elsewhere.

Sometimes you have to say “no” – you simply cannot say “yes” to everything

and actually do everything.

Of course the order you do things also matters. It almost seems to be human

nature to procrastinate. Don’t procrastinate on the most important things! You

can put off the less important & not currently time sensitive items instead.

It is worth analyzing some things with “Zero Based Thinking” (and for some

this may not apply). If you weren’t already doing it, would you start doing it

today?

14

Page 15: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

From the highly recommended classic, “Positioning, The Battle for your

Mind” by Al Ries and Jack Trout (a fun and easy read, despite being a slightly

but amusingly dated book). In particular Chapters 1-8 and 23-25 are most

applicable, but the entire book is fascinating, fun, and easy to read.

Let’s say Volvo came out with an absolutely kick butt sports car. People are

not going to abandon their Ferraris or Lamborghinis for a Volvo. It may

perform better, but it just ain’t happening. OK, maybe in a couple of

generations, but I doubt it. Volvo means “safe family car” in our minds.

Keith Richards is one of the best rock and roll guitar players ever and hasn’t

had a drug arrest since the 70s (1970s, not 1870s, although he does look like

perhaps he may have been around in the 1800s). Still, he is stuck with the

“drug” moniker. Think Keith Richards, think drugs and rock and roll. Maybe

he’s been clean since the late 70s? I doubt it, but it doesn’t matter.

“I’ve never had a problem with drugs. I’ve had problems with the police” –

Keith Richards.

What people think about you (and Security) matters

If people think you suck, well, “perception is reality” – or at least limited

reality.

15

Page 16: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

If you have already developed an amazing personal brand, like much less than 0.1% of

the population ever will, these issues do not matter. But for most of us they do.

For example, I saw the less than great movie “Men Who Stare at Goats” with George

Clooney. George Clooney has such a strong brand, people went to the movie despite

the horrible reviews and knowing it was a silly movie. By the way, I greatly enjoyed

the movie, perhaps in part because I went with someone inappropriate and brought

plenty of Jack Daniels along.

If Clooney wasn’t already a Rock Star, he would have been some guy who was in a

bad movie. Critics would have declared his career on the skids. But instead, it’s

“George Clooney decided to do a silly movie.”

Hopefully you are growing and gaining valuable skills where you work (both non-

technical AND technical), and that is important. Longer term however, most of us are

in part who we work for.

Is our company (and industry) on the upward curve or downward curve? Is it

respected or considered a laughing stock?

Do you work for an idiot who makes the pointy haired boss in Dilbert seem profound?

If you hire people, do you have the guts to hire people smarter than you? Many bosses

do not.

I like to be the stupidest person in the room. That’s why I love working with SANS.

Yes, I know things and have skills that perhaps no one else at SANS does, but

everyone I’ve worked with at SANS has skills I can barely comprehend. I learn from

them. I’m inspired by them. I do not want to be surrounded by bozos, even if I’m

highly paid.

16

Page 17: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Of course if you ask people in person they might feel like they need to give an

immediate answer and might feel awkward. You might word it differently than

“What do you think of me?” which can make people uncomfortable.

I’ll also suggest you ask people who know you well, and do it via email so

they can think a few minutes.

I emailed a few people who have known me a while, both professionally and

personally, by sending an email asking “What do you think my top personality

quirks or traits are?”

Here is what I got:

Old grad school friend: eccentric, brilliant, genuine, ridiculous, kind.

Old friend who I briefly worked for: generous, humorous, devoted, intelligent,

excessive

Female friend from college: whimsical, hilarious, whacky, charming, brilliant

Old girlfriend (well, she’s not THAT old): humorous, smart, extroverted,

quirky, daring

Previous boss: hard working, educator, fun, technical, interesting.

Looking at commonalities, apparently I am an intelligent, outgoing, and fun

eccentric. I did think I would get more “hard working” and “technical” type

responses, but I was prepared to be surprised.

Fortunately, as a technical person you are given a lot of latitude as we are

expected to be somewhat strange or “eccentric” by society, just as we expect

Rock Stars to be “out there.” 17

Page 18: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Changing what people think of you, or security, or anything else, may be

possible in your organization, but it requires consistency and time.

You need patience, but not too much patience. It sometimes is impossible to

change the position something or someone holds in people’s minds. Just like a

baby duck may imprint on a dog and decide it is its mother, a position in one’s

mind may be near impossible to change.

For example, I’m a consultant and I know if I go into a company working for

human resources or training, I will never work directly with executives. It’s

just not going to practically happen. If however I start working at the higher

levels of an organization, my position in the executives minds is that I’m a

smart guy on par with them. If I start as a “training guy” or with HR (everyone

hates HR, especially executives in my experience), I stay there in their minds.

Sometimes it maybe time to move on to where you can form a new “first

opinion” or perhaps where security is respected or maybe just hated less.

If Volvo started building amazing sports cars that blew away Porsches,

Ferraris, and Lamborghinis, would they sell?

If Coco Cola started making kickass whiskey, would people buy it? 18

Page 19: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

There are organizations I consulted with where I could do no wrong. If

anything went wrong, it was assumed to be because of the conditions or

someone else, never me. There was also an organizations where I was

originally associated with a “very troubled project,” and that troubled project

haunted me well after it was over. If a project had problems, people thought,

“Well, Ted’s projects always screw up.” Forget logic here: I was thrown at

failing projects, that was my role, so of course some projects had failures (as

well as successes).

Imagine taking a piece of art from a famous artist, and slapping a “Smith” or

“Jones” on it. Most people won’t like it as much if “Smith or “Jones” painted it

than if a famous artist like Picasso or Monet did.

There are lots of phenomenal Champagnes available, and many have very

different tastes – personal preferences matter a lot!

Still, to someone that knows nothing about Champagne, a famous brand like

Dom Perignon or Cristal impresses. They are much more likely to like it than

some equally good or better Champagne that they have never heard of (for

some great Champagne advice, check out ChampagnePoodle.com).

People do get what they expect – this makes positioning so hard to change.

19

Page 20: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Here are the six principles briefly. We’ll dive into much more detail on the

following pages.

As we go through these six principles in detail, think about how you may be

using them or may be able to use them professionally going forward.

20

Page 21: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Ever see someone in a horrible situation they won’t leave? It may be a horrible

job for them, a miserable relationship, etc. Humans are consistent. Once they

have made a commitment, regardless of how small, they tend to stick with it.

Once we have people doing the right thing, it is much easier to keep them

doing the right thing, whether that is using good passwords, not letting people

“tailgate” in the doors, doing source code reviews, following change control

procedures, etc. Paying or somehow bribing them to do the right thing does not

work; they know why they are doing it

Also, small commitments can lead to bigger commitments (the “foot in the

door” principle). Can you get someone to make a small commitment to

security, and then leverage that?

When it come to commitment and consistency, writing things done has

enormous power. That is one reason I asked you all to write down the answers

to your homework, not just think about it!

21

Page 22: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

If you do something nice for someone they are more likely to do something

nice for you. Anthropologists claim this pervades all human societies and

permeates exchanges of all kinds.

This is why male chimpanzees and other apes buy dinner, flowers, and open

doors for female chimpanzees they are sexually interested in. As other

example, President Lyndon Johnson was incredibly effective: he got members

of Congress, even those strongly opposed to various bills, to vote for and ratify

them. How did he do this? He had done many favors for members of Congress

during his many years in powerful positions in the house and senate!

Even something unwanted or uninvited can trigger the power of reciprocation.

Those return address labels you do not want that come in the mail from people

requesting donations definitely increase the amount of donations for example –

trust me, direct mail practitioners (i.e. junk mail pros) test these things

extensively. They have metrics up the wazoo!

Do you think there might be something we can learn from this that might help

us be effective in our jobs? Are there ways you or your security program can

add value to people and help them out? Maybe you can even experiment with

giving them things they may or may not want like mouse pads with security

slogans, posters on security awareness, or free beer?

22

Page 23: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Ever notice that some people are popular just because they are popular (think

back to high school if you have to), and some things are popular just because

they are? If you have a beautiful boyfriend, girlfriend, etc. people are more

likely to think you are attractive. If a place is popular, it must be good? And if

McDonalds has sold 77 gadzillion hamburgers they must be good? These are

all examples of social proof.

And if people seem to be complying with your security program, those that

aren’t or aren’t sure about it are more likely to in the future.

23

Page 24: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

In ISO 27002 (formerly ISO17799 formerly BS 7799), The ISMS (Information

Security Management System) statement is very effective. It is a statement by senior

executives (the CEO works very very well) basically saying security is important, or

more formally that security is important to business operations and senior management

supports a culture of security. Why? An authority, hopefully the CEO (THE authority)

is suggesting you comply!

Get buy in for security and your programs and initiatives from someone with authority

if you can. If can be positional authority (e.g. the boss, the program manager) or

personal authority (e.g. the person really in charge, the very likable and influential

person in no official position of authority, the popular person everyone follows, etc.).

This type of authority can be conveyed by positional authority, personal authority,

title, the clothes someone wears, and more.

24

Page 25: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

If people like you, they are more likely to do what you want them to. We prefer to say yes to people we like. Research shows we tend to like people like us. Any similarity will do. It could be a common background, sport, hobby, favorite food, where we originally came from, etc. Sales people often look for similarities and so can you. Research also shows attractive people are more likeable. While there is absolutely a genetic component to attractive as well as a “physical” component (for example, not being 500 pounds overweight), much of how physical attractiveness is perceived is based on how we dress and groom ourselves. This is true for both men and women, although men consider raw physical attractiveness somewhat more. We also like people we eat with. A lot of business discussions and negotiations are carried out over food for example, because it makes it easier to reach an agreement as we grow to like the people we are eating with. Compliments (as long as they are not obviously shallow or vapid, in other words real compliments) increase liking. We also like people connected with good news. Some cultures actually killed messengers who brought good news and rewarded messengers who brought good news.

Be nice. Be likeable. Look for commonalities with others. Compliment were appropriate. Try to connect yourself with good.

25

Page 26: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Order before midnight tonite. Supplies are limited! The restaurant that is

difficult to get a reservation at must be better than the one you can easily get

into. Really? No, but that’s how the human mind works.

When I was selling an educational program online, sometimes after a

teleseminar or other presentation, I’d bundle an hour of “free” coaching for the

first few people to buy my program. Obviously, my time is limited – it is

reasonable I only offer a free hour to a limited number of people. It increased

sales significantly.

This Workshop only had a few spots available, which helped make in seem

more valuable. In fact it DID make it more valuable; several of you have

expressed surprise I’m responding to all person emails – obviously that kind of

personal attention would be much tougher if there were 100 instead of 20

participants!

How do you use scarcity in infosec? The answer as always is “it depends” and

it does depend on the organization. As an independent consultant, it is easy for

me. I have limited time. For example, sometimes I can start a project for a

client now or in a few weeks, but after that I may not be available for a while.

26

Page 27: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

As technical “professionals” we are given wide latitude when it comes to this

“professional thing,” certainly far more than accountants or lawyers.

Although this is certainly a good thing, we should act AND look professional,

as much as I like working in ratty old jeans and worn out t shirts. When in

front of people, I dress far more professionally. No, you do not need to wear a

suit many places today.

I never used to until a very few years ago, and was surprised how much a

difference being decently groomed and dressed makes, whether at the office, at

Starbucks, or the grocery store. You’ll get better service for example! People

initially have very little to judge you on, and your appearance is an enormous

factor.

Also, whether someone sees you for the first time or they are someone you

regularly see or interact with, being decently dressed and groomed (I even

shave most days!) sends a subconscious message that “you are worth it.” That

you are a valuable person. That you are worth taking great care of.

Ignore this at your own peril!

Guys, most women also judge men attractiveness and desirability as much in

appearance, meaning dress, grooming, and body language, as on raw physical

appearance. Hard to believe for many male geeks, but women tend to think far

differently than men.

27

Page 28: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

If you are just hiding in your parents basement or your cubicle, well, you are

not going to have much influence, make much of a difference, or be anything

other than a cog in the machine.

Cogs are invisible. Rock Stars are not.

28

Page 29: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

If you google someone and can’t find them, there is an excellent chance

something is wrong!

And if you google someone and can’t find them, you might rightfully be

suspicious.

Above are all cheap and free ideas.

29

Page 30: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Remember most offline events are now also online. You give a local talk for a

group (we all have info to share, even if we are a newbie and present a case

study: “this is what I did and what worked and what didn’t” – people love case

studies) and it will be online and googleable.

I’ve gotten lots of press using an inexpensive service that connects reporters

and “Rock Stars” like you called PrLeads.com run by Dan Janal, who has

become a personal friend. I’ve been featured or quoted in hundreds of articles

including in The Wall Street Journal, CNN Money, Investors Business Daily,

USA Today, United Press International, The Chicago Tribune, The Los

Angeles Times, The Boston Globe, The Boston Herald, The Sacramento Bee,

CIO Today, Information Week, and even Pizza Marketplace News! This

doesn’t mean I’m smart, but it impresses potential clients and employers for

sure. Cute women not so much . . .

There is also the free but very competitive HARO, Help a reporter out, at

http://www.helpareporter.com

It’s not rocket science.

30

Page 31: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Take care of yourself!

Try to eat healthily, exercise, and get enough sleep. Peak performance,

certainly long term, depends on it.

I try, which is much better than not trying at all. I exercise, usually eat

healthily, and am a pretty fit and healthy for a somewhat fat middle aged dude!

None of us are perfect.

Society has advanced to where we can be damn unhealthy and survive.

Medicine and social services, among other things, keep people alive that

would have certainly perished in the wild, and mostly perished in earlier

societies. There was no blood pressure medicine, high cholesterol medicine,

heart bypasses, antibiotics, and social services depended on friends and family

– you pretty much had to take care of yourself. Not that long ago, for example

when my father was in medical school, we didn’t even have antibiotics! My

father remembers that well.

I propose that people who are relatively healthy and productive are happier

people. I know I certainly am. And Rock Stars absolutely tend to be relatively

healthy (see my list of dead and alive in a few slides) and productive!

31

Page 32: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

What things in life make you happy? This is fairly personal and individual.

You might not like visiting foreign lands, learning new languages, lifting

weights, fly fishing, fine wines, public speaking, cooking, noisy children,

cycling, or the beach like I do. These make me happy. What makes you happy

is no doubt not exactly the same and may be very different.

Certainly a positive attitude can help. Of course life always has its ups and

downs – it’s supposed to.

The most common questions I get in my live events are always on “Sex and

Drugs” – maybe that shouldn’t be a surprise but it has been to me. Certainly

sex and drugs are mentally associated with rock and roll, and can also make

people very happy or very unhappy, so read on . . .

32

Page 33: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

33

Page 34: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

If you are with someone that drags you constantly down, that is a total

mismatch, or even worse, it is going to be next to impossible to do great things

in your life.

Most humans are monogamous or at least mostly monogamous. I’m not going

into a discussion of polyamory here.

Most of us end up with a long term mate, whether we use the term partner,

significant other, spouse, husband, wife, or whatever.

(Note: The following is from a Western viewpoint. There are many different

cultures in the world.)

Yet most of us do not choose. We might think we do, but at some point in our

lives our brains decide we should settle down, and we end up stuck with

whoever we happened to be with at the time. And they end up stuck with us.

That’s what seems to happen most likely (in my far less than expert opinion).

This isn’t necessarily bad, but it isn’t necessarily great.

Dating skills are important. No one probably ever taught you how. It is not

hard to learn. Most of us need to sort through a lot of people to find someone

suitable. Not everyone is as lucky as a couple of my friends who are still

happily married to their first ever boyfriend/girlfriend.

And similarly, being in a relationship, even the best possible, requires work.

Amazing how humans will put lots of time into hobbies and interests but close

to zero into their relationships after the beginning . . .

34

Page 35: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

To rock long term, to use the vernacular, you need to “have your shit

together!”

And I mean that on all fronts, including consumption.

BTW, the first “dead” list, Jimi Hendrix to Bon Scott, is from alcohol. Yes, my

second favorite drug can kill if not handled with care and respect.

35

Page 36: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

As previously mentioned, most of the questions I’ve gotten in my talks (yes,

most) have been on sex and drugs, so I added this.

I’m drinking 3 vintages of Krug (perhaps the best Champagne in the world) on

my 50th birthday in the picture above.

50???!!! I’m almost as old as Mick Jagger!

And you may want to look at http://infosecrockstar.com/attract-women-like-a-

rock-star-made-easy/ because sometimes geeks need help.

36

Page 37: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Well, every Troop of Baboons has exactly one alpha male, The Rolling Stones has one front man (Mick Jagger), a company has one CEO, North Korea has one “The Great Leader (위대한 수령), etc.

In any one of these groups however there can be multiple Rock Stars. Every member of the Rolling Stones is a true Rock Star in their own right. Within any company, there are usually multiple Rock Stars – in fact it’s even slightly possible the CEO is a bozo instead of a Rock Star! And North Korea? Ehhh, no comment, although I almost visited in 1997.

There are lots of Rock Stars. Can you join their ranks? Maybe! We will explore what it takes. What is true is that anyone can MOVE towards Rock Star. Everyone can get better.

As a group, Geeks do not tend to know Peter Drucker, but they should (in contrast, anyone in management who does not know him should be shot!). He is the author of 39 books, coined the term “knowledge worker,” and is an all around brilliant dude who has a lasting and profound effect on how things are done in business. He was an amazingly effective Rock Star! As he says, “Effectiveness” can be learned. Rock Stars are effective. Rock Stars are so effective they get “Extraordinary Results.” And yes, I do have a lot of nerve listing one of my quotes after the great Peter Drucker!

37

Page 38: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Just like the 7 OSI networking layers, where 7 isn’t magical; they could have

picked 5 or 8 or 10 layers and subdivided the functionality differently, 5 levels

are not magical either. They are just a convenient framework for discussion.

Notice as you go up the levels, you go from generalist to specialist. If you are

right out of school and need a job or just lost your job and need to pay the

mortgage and feed your kids, you will take almost any job. If you are a Rock

Star, for example Madonna, you do your own music plus anything else you

want – you’re a Rock Star and can do what you want within reason.

Survive – You need a job! If you have a job, it doesn’t rock.

Stable – You’ve got a good job. If you lose it, there may be a lot of effort to

find another good one.

Expert - You’ve have developed Expertise and Expert Status, and have more

work choices and flexibility.

Authority – You are a widely regarded and respected expert, distinguished by

some combination of: innovative ideas, opinions, intellectual property.

Rock Star: In addition to being an authority, you have more

visibility/celebrity, and professional non-geek skills: self direction, 38

Page 39: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

Most successful Infosec Rock Stars also have great personal lives as well.

Yes, they probably have enormous ups and downs like just about everyone

else worthwhile.

Hopefully you’ve been able to read this with an open mind! Much if this

would have seemed very strange to me just a few years ago, yet would have

propelled me towards “Rock Star” status much faster.

39

Page 40: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

40

Page 41: So, leaving the world of Rock and Roll, what is a “Rock ...infosecrockstar.com/wp-content/uploads/2016/09/... · We exist to support our organization, and doing good for your organization

41