JohnsNotHere @JohnsNotHere@infosec.exchange

Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.

https://elitesec.io/blog/scanning-smb-networks-during-covid-19/

Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.

Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:

1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.

Check it out:

https://github.com/EliteSec-io/vagrant-sonarqube

May the next decade treat you better than the last one. May the best of your past be the worst of your future. May intelligence and compassion guide you, and may the voice of reason temper your emotions. You are capable of anything - don't waste the opportunity.

Incorporation is complete, I can start making noise about https://elitesec.io

For those who are looking for #pentesting #vulnerabilityassessments or just #infosec help, make sure to consider us. We're based in Canada, but happy to help whomever we can reach. Many thanks!

So let me get this straight - Oracle has purchased a minority share in TikTok, which is getting a US entity that contains no real IP and is likely going to be a shell company for Byte Dance to get around Trump's latest blustering?

In other words, a US corp just gave a bunch of money to a Chinese firm for very little in return because Trump wants to look like he's tough on China?

I don't care anymore. I'm calling it Cyber Security since that's the only damn thing that resonates with people outside of our field. I'm tired of sounding like a pretentious prick by trying to correct people. I'll wear the damn badge with pride.

Well that was much ado about nothing, but I'm not going to poke the bear. Time to expedite the plan.

Singing bowls of Tibet is a great way to unwind. Always a great go-to.

Nothing serious/life threatening, but career defining.

Heavy day today. Tomorrow will be interesting to see what my future will be like.

Why is marketing so f'ing HARD?!?!?!

Time to start writing up my next blog entry for EliteSec. I'm thinking this one should be aimed at the executives rather than the technical folks, i.e. the success of your security program starts at the top.

Morning walk versus evening walk? Discuss.

Hey all, I'm trying to whip up a whitepaper for my org and one of the sections is a "prep list" for a pentest. What I'm looking for are examples from others on things that clients have done wrong, that have interfered with your engagement. Examples would include: changing admin passwords mid-way through the engagement, taking down the test environment, actively sniping connections (i.e. enabling firewall rules, blacklisting your IP, etc.) . TIA!

Wow! I was apparently just selected to represent Canada in the AMEA Entrepreneur magazine for their "Upcoming Entrepreneurs to Watch for 2020"! So exciting!

Oh wait, there's a $2,500 fee to cover publishing, editing, and related fees? That and I'm just a consultant trying to make a buck and not a traditional "entrepreneur" that would be featured?

None of you are going to help us move forward, or more importantly, going to get us to be recognized as a key component in organizations moving forward.

I say it's time to grow the fuck up and start helping one another out. Change the focus of our message to be more broadly accepted.

I love a good technical talk as well, but when only 1% of those listening can understand, it's a wasted message. There's time and place for everything, but not the same audience all the time.

I'm trying to branch out and do my own thing. It's slow, hard, and frustrating. Multiply that by 100 given the current environment with the pandemic, but I've never backed down from a challenge.

But things like podcasts, speaking engagements, cons, and even these endless CTFs aren't helping me find new customers. I shout into the echo chamber of others who say the same damn thing over and over again, or are hostile to those with different opinions. WTF?!

Right now my goal is not to impress my peers, but rather share what I know on my own terms. I want to change my focus and look at impressing those who need to know more about security and help them.

We have some amazing folks in the industry: John Strand, Ed Skoudis, Mick Douglas, and a bunch of others I'm not listing. They share what they know without seeking fame or fortune in return. It's the others that irk me.

I was a software developer for 15 years, and a damn good one at that. I didn't write papers, I didn't speak at conferences, and I didn't need to get validation from my peers to get a job. I did good work and could prove my worth with my passion. Shouldn't that suffice in #infosec as well?

I see us being nothing more than a high school in terms of maturity as an industry. We have our cliques and such, and it sucks.

But there are more than a few that do not. And they are often the loudest. And it creates this echo chamber.

Yet we often hear that you need to be "well recognized", or publishing works or some other BS in order to be "known" within the industry. "Go network with peers, it's how to get a job!" "Make sure you submit a talk, you'll get recognition that way!"

Bullshit. You just end up in the echo chamber.

It's funny what goes through my mind when I'm trying to take a break from things.

Possible rant, so bear with me. When I first started in #infosec, I was in awe of all the wonderful, smart, talented folks out there. So many followers on Twitter, such advice being dispensed, and speaking at so many cons, how could I not be in awe?!

As I've come to realize, a majority of them are not that great. There are a few that are, but most are not. Those that are acknowledge their faults.