Layer 2 person spoofing
and impostor syndrome
% sudo ifconfig en0 ether 78:4f:43:69:1b:10 \
&& ifconfig en0 | head -3
en0: flags=8863 mtu 1500
ether 78:4f:43:69:1b:10
inet 10.100.1.219 netmask 0xfffffc00 broadcast 10.100.3.255
Thanks hotspot.nzwireless.co.nz
@benjammingh for BsidesNZ 1
Slide 2
Slide 2 text
Who's this clown? (1/2) 2
• Security Engineer at Stripe.
• Infrastructure security at Etsy.
• Opera5ons engineer at Puppet.
• Two 5me sponsor of Wrong Island Con.
2 h$ps:/
/twi$er.com/skullmandible/status/411281851131523072
@benjammingh for BsidesNZ 2
Slide 3
Slide 3 text
Who's this whingeing pom? (2/2)
• Knows how to pronounce "router".
• Is delighted to be back here enjoying the 300/400ms latency on
everything.
• Has had his Instagramme stuck giving him NZ ads for the past 3
months. (if you know how to fix this, please help me!)
@benjammingh for BsidesNZ 3
Slide 4
Slide 4 text
is heaps be)er than
Obviously.
@benjammingh for BsidesNZ 4
Slide 5
Slide 5 text
is also be)er than both
@benjammingh for BsidesNZ 5
Slide 6
Slide 6 text
But first!
@benjammingh for BsidesNZ 6
Slide 7
Slide 7 text
A trigger warning
@benjammingh for BsidesNZ 7
Slide 8
Slide 8 text
This talk is about
Vulnerabili*es
@benjammingh for BsidesNZ 8
Slide 9
Slide 9 text
vulnerability |vʌln(ə)rəˈbɪlɪ4|
noun (plural vulnerabili*es) [mass noun]
the quality or state of being exposed to the possibility of being
a5acked or harmed, either physically or emo:onally: conserva:on
authori:es have realized the vulnerability of the local popula:on
@benjammingh for BsidesNZ 9
Slide 10
Slide 10 text
the quality or state of being exposed
to the possibility of being a5acked
or harmed, either physically or
emo$onally
@benjammingh for BsidesNZ 10
Slide 11
Slide 11 text
So if you're looking for 0-day, you
may be in the wrong room.
@benjammingh for BsidesNZ 11
Slide 12
Slide 12 text
Impostor syndrome!
@benjammingh for BsidesNZ 12
Slide 13
Slide 13 text
Impostor syndrome is when high-
achieving individuals are marked by
an inability to internalise their
accomplishments & a persistent fear
of being exposed as a "fraud"
— clinical psychologists Dr. Pauline R. Clance & Suzanne A. Imes
@benjammingh for BsidesNZ 13
Slide 14
Slide 14 text
"Am I even qualified to give this
talk?"
— Me, earlier today, proving that I probably am.
@benjammingh for BsidesNZ 14
Slide 15
Slide 15 text
"But everyone has this, no?"
@benjammingh for BsidesNZ 15
Slide 16
Slide 16 text
OCD
vs.
Actually liking things to be 2dy
@benjammingh for BsidesNZ 16
Slide 17
Slide 17 text
Exemplum!
@benjammingh for BsidesNZ 17
Slide 18
Slide 18 text
@benjammingh for BsidesNZ 18
Slide 19
Slide 19 text
"I am going to be discovered and
fired..."
— Me, then.
@benjammingh for BsidesNZ 19
Slide 20
Slide 20 text
THIS IS DUCKING DEPRESSING
@benjammingh for BsidesNZ 20
Slide 21
Slide 21 text
It makes it real hard to do good work
@benjammingh for BsidesNZ 21
Slide 22
Slide 22 text
Which then just perpetuates itself
@benjammingh for BsidesNZ 22
Slide 23
Slide 23 text
Which leads to burnout...
@benjammingh for BsidesNZ 23
Slide 24
Slide 24 text
@benjammingh for BsidesNZ 24
Slide 25
Slide 25 text
@benjammingh for BsidesNZ 25
Slide 26
Slide 26 text
Reality vs. Percep0on of others
From h'ps:/
/billwa'.org/the-imposter-syndrome/
@benjammingh for BsidesNZ 26
Slide 27
Slide 27 text
@benjammingh for BsidesNZ 27
Slide 28
Slide 28 text
STORY TIME 2
@benjammingh for BsidesNZ 28
Slide 29
Slide 29 text
@benjammingh for BsidesNZ 29
Slide 30
Slide 30 text
HOLY SHIT WE HAVE DIFFERENCE
EXPERIENCES
@benjammingh for BsidesNZ 30
Slide 31
Slide 31 text
(Best (worst) stock photo ever?)
@benjammingh for BsidesNZ 31
Slide 32
Slide 32 text
Impostor syndrome can be a sign
that you're about to learn awesome
things.
@benjammingh for BsidesNZ 32
Slide 33
Slide 33 text
It can be a sign you have a lot of
knowledge to share too!
@benjammingh for BsidesNZ 33
Slide 34
Slide 34 text
Straw poll
How many people have you heard of ge3ng
fired due to knowing nothing?
How many people have you heard of having
impostor syndrome?
@benjammingh for BsidesNZ 34
Slide 35
Slide 35 text
So why do our brains make this
trade off?
@benjammingh for BsidesNZ 35
Slide 36
Slide 36 text
Ego?
@benjammingh for BsidesNZ 36
Slide 37
Slide 37 text
Did I men)on I work in security?
@benjammingh for BsidesNZ 37
Slide 38
Slide 38 text
Infosec problems (including but not limited to)
• Has a&ackers. Coders have bugs, ops people have well the world.
There are real humans a&acking you trying to break your shit.*
• There is very clear win/lose stakes.
• Especially in the con scene, a lot of posturing.
• DefCon sCll exists (;
* Assume blue team here, I know...
@benjammingh for BsidesNZ 38
Slide 39
Slide 39 text
...which leads to
• people not showing their vulnerabili3es (not that kind).
• people not admi:ng they don't know something out of fear.
• people burning out and leaving the industry.
• Infosec not being the most diverse and inclusive industry.
@benjammingh for BsidesNZ 39
Slide 40
Slide 40 text
"well don't think of yourself as an
imposter, think of yourself as not a
psychopath."
— Sco& Roberts
@benjammingh for BsidesNZ 40
Slide 41
Slide 41 text
"One of the best things I've done for
myself lately: created a doc where I
copy-paste compliments I've go
Slide 42
Slide 42 text
"For passphrases, make them
something posi2ve and encouraging,
so every 2me you have to type them
in, you feel a li:le be:er about the
world."
— paraphrased from an Anonymous Canadian
@benjammingh for BsidesNZ 42
Slide 43
Slide 43 text
Brains!
@benjammingh for BsidesNZ 43
Slide 44
Slide 44 text
Aside: cogni,ve dissonance
@benjammingh for BsidesNZ 44
Slide 45
Slide 45 text
@benjammingh for BsidesNZ 45
Slide 46
Slide 46 text
What can you do as an organisa0on?
@benjammingh for BsidesNZ 46
Slide 47
Slide 47 text
Acknowledge it!
@benjammingh for BsidesNZ 47
Slide 48
Slide 48 text
It's okay to say what's okay
@benjammingh for BsidesNZ 48
Slide 49
Slide 49 text
From The Recurse Center
@benjammingh for BsidesNZ 49
Slide 50
Slide 50 text
Obligatory reference to blameless
postmortems as I'm contractually
bound to by Etsy
@benjammingh for BsidesNZ 50
Slide 51
Slide 51 text
Praise others, because they may feel
this too.
@benjammingh for BsidesNZ 51
Slide 52
Slide 52 text
Tip for praise: Don't personalize. For
the same reason you wouldn't say
"You're a dumbass," don't just say
"You're a genius."
— @candor 5
5 Blameless praise! from Slack's great ar5cle on giving feedback
@benjammingh for BsidesNZ 52
Slide 53
Slide 53 text
Stop the nerd snipe, even if it's good
inten2oned
@benjammingh for BsidesNZ 53
Slide 54
Slide 54 text
Your culture o*en affects people in
seemingly invisible ways
@benjammingh for BsidesNZ 54
Slide 55
Slide 55 text
Just don't go too far (;
Dunning–Kruger effect
@benjammingh for BsidesNZ 55
Slide 56
Slide 56 text
Let's hope I'm on track for 2me!
• be understand to people, this is hard.
• be kind to yourself, even if you're a jerk like me.
• seek help if you can (friends, therapists, coworkers)
@benjammingh for BsidesNZ 56
Slide 57
Slide 57 text
This affects people differently
• Confidence sadly o.en comes with privilege.
• As does arrogance.
@benjammingh for BsidesNZ 57
Slide 58
Slide 58 text
Mess of links that will be useful when I tweet the URL to this
slidedeck
• Impostor Syndrome in DFIR - Sco5 Roberts fantas9c piece on
the topic.
• Allowed To Apply - blog on telling yourself you can do this.
• How to get a promo9on
• Blue Hackers - site on mental health in the tech community and
how to help.
@benjammingh for BsidesNZ 58
Slide 59
Slide 59 text
If this sounds like an environment
you'd like to work in, come talk to
me about
Jobs at Stripe
@benjammingh for BsidesNZ 59
Slide 60
Slide 60 text
Ta
• My blog post on the subject
• Fax: +1 (415) 484-7239
• Twidder: @benjammingh
• SpeakerDeck: speakerdeck.com/barnbarn
@benjammingh for BsidesNZ 60