Signs of Triviality

Opinions, mostly my own, on the importance of being and other things.
[homepage] [index] [jschauma@netmeister.org] [@jschauma] [RSS]

How to Seem Smart in Infosec Meetings

August 12th, 2015

Appearing smart in meetings isn't easy. Fortunately, this handy guide provides good guidance, but in infosec meetings you may have to turn it up a notch. Use these easy to remember rules to make sure to assert your superiority when meeting with Information Security, uhm, "professionals".

#1 Show everybody that you have multiple mobile devices

stack of mobile
phones "When you enter the room, pull at least two mobile devices out of your pockets and place them next to your laptop. Infosec nerds are big on inconvenience -- giving off the impression that you have a "personal" and a "business" phone will score big points. Consider adding an RSA token. It doesn't matter that most 2FA nowadays is tied to your mobile device: the more things you carry, the more serious you appear to take "security".

#2 Casually remove your laptop privacy screen at some point during the meeting

Before entering the meeting, add a privacy screen to your laptop. Then, at some point during the meeting, casually say "Here, let me show you something," and remove the privacy screen. (If nobody's paying attention, add: "Oh, right, you can't see anything. Let me take off my privacy screen real quick.")

Since nobody else in the meeting (or the company) is using a privacy screen, you have quickly established that you are quite concerned about people coming up right next to you without you noticing and peeking at your screen. Well done!

#3 Display a terminal with neon green fixed-width font

Hackers always use a green fixed-width font on a black terminal. This is known as the Matrix Rule. After you removed your privacy screen (see above), make sure that a large terminal window with lots of slick code is visible. Consider the use of http://hackertyper.net/. Depending on the audience, either a live attack map or a translucent terminal showing a mildly offensive desktop background can aide in bestowing sick hacker creds on you: after making sure everybody has seen the image/code, switch to another application.

Note: when emulating actual hackers, do not wear a ski mask. A hoody is entirely acceptable, however.

#4 Use the words "Threat Model". Repeatedly.

If you space out, arrived late (well done, but make sure to see #1 above), or are put on the spot, ask about the "Threat Model". This immediately shuts down any questions or concerns and establishes you as an Infosec Thought Leader. Other participants may nod in approval, while your opponent[1] will scramble to respond. Make sure to later on point out "this wasn't part of your threat model, though" (whatever "this" is).

[1] Meetings with infosec nerds are necessarily adversarial.

#5 Ridicule "APT", but consider the NSA a threat you want to defend against.

It's important to ridicule the term "APT" during any discussion with infosec nerds. Don't worry, nobody will ask what it actually means. Smugly note that whatever issue you're discussing would not help defend against "you know, APT", making it clear that you do not consider whatever that is a threat.

At the same time, do stress that you need to defend against the NSA and other "capable adversaries". Bonus points for throwing in the term "nation state actor". But be careful: you may be asked to outline your "Threat Model" (see above).

If somebody else either ridicules "APT" or points out that they need to defend against the NSA, ask them about their "Threat Model".

#6 Point out that "auth-enn" and "auth-zee" are different.

It doesn't matter what you're discussing, you can always show incredible subject matter expertise by noting that "auth-enn" and "auth-zee" are not to be conflated. You can quickly illustrate the point by drawing a Venn diagram, as explained here. Resist the temptation to add other words starting with "auth", unless you are certain that nobody else in the room knows either what "auth-enn" and "auth-zee" actually are or how they are different.

#7 Use the Mandiant APT Attack Lifecycle

This one's tricky, and needs to be handled carefully. If you are giving a presentation, make sure to include the Mandiant APT Attack Lifecycle graphic:

Mandiant APT
Attack Lifecycle

Make it clear that you assume everybody else has seen it and knows that everything it may possibly convey is self-evident. If you are not presenting, just reference it, drawing a simple circle on the whiteboard.

This is a good chance to ridicule "Mandiant" (and, implicitly, "APT"; see above), wisely noting that "on this one, though, they're actually right".

#8 Blame China / Ridicule blaming China

Attribution DieMake sure to derail the discussion towards who was behind the latest "hack". It doesn't matter which one, just say something like: "So, what do you think who's behind that hack today?"

If somebody suggests they think that maybe China was behind the "hack", ridicule them. (See "APT" above.). If nobody else mentions China, let everybody know that "there's credible evidence that China is behind" whatever is currently being discussed. If questioned/ridiculed for this response, note that "it sure would match their usual MO" or deflect by charging forward and blaming North Korea. If all else fails, say: "maybe the Zetas".


With apologies to @sarahcpr / The Cooper Review.


[Ethical Obligations in Internet Operations - Questionnaire] [Index] [If medical jobs were like tech jobs...]