Slide 1

Slide 1 text

Layer 2 person spoofing and impostor syndrome % sudo ifconfig en0 ether 78:4f:43:69:1b:10 \ && ifconfig en0 | head -3 en0: flags=8863 mtu 1500 ether 78:4f:43:69:1b:10 inet 10.100.1.219 netmask 0xfffffc00 broadcast 10.100.3.255 Thanks hotspot.nzwireless.co.nz @benjammingh for BsidesNZ 1

Slide 2

Slide 2 text

Who's this clown? (1/2) 2 • Security Engineer at Stripe. • Infrastructure security at Etsy. • Opera5ons engineer at Puppet. • Two 5me sponsor of Wrong Island Con. 2 h$ps:/ /twi$er.com/skullmandible/status/411281851131523072 @benjammingh for BsidesNZ 2

Slide 3

Slide 3 text

Who's this whingeing pom? (2/2) • Knows how to pronounce "router". • Is delighted to be back here enjoying the 300/400ms latency on everything. • Has had his Instagramme stuck giving him NZ ads for the past 3 months. (if you know how to fix this, please help me!) @benjammingh for BsidesNZ 3

Slide 4

Slide 4 text

is heaps be)er than Obviously. @benjammingh for BsidesNZ 4

Slide 5

Slide 5 text

is also be)er than both @benjammingh for BsidesNZ 5

Slide 6

Slide 6 text

But first! @benjammingh for BsidesNZ 6

Slide 7

Slide 7 text

A trigger warning @benjammingh for BsidesNZ 7

Slide 8

Slide 8 text

This talk is about Vulnerabili*es @benjammingh for BsidesNZ 8

Slide 9

Slide 9 text

vulnerability |vʌln(ə)rəˈbɪlɪ4| noun (plural vulnerabili*es) [mass noun] the quality or state of being exposed to the possibility of being a5acked or harmed, either physically or emo:onally: conserva:on authori:es have realized the vulnerability of the local popula:on @benjammingh for BsidesNZ 9

Slide 10

Slide 10 text

the quality or state of being exposed to the possibility of being a5acked or harmed, either physically or emo$onally @benjammingh for BsidesNZ 10

Slide 11

Slide 11 text

So if you're looking for 0-day, you may be in the wrong room. @benjammingh for BsidesNZ 11

Slide 12

Slide 12 text

Impostor syndrome! @benjammingh for BsidesNZ 12

Slide 13

Slide 13 text

Impostor syndrome is when high- achieving individuals are marked by an inability to internalise their accomplishments & a persistent fear of being exposed as a "fraud" — clinical psychologists Dr. Pauline R. Clance & Suzanne A. Imes @benjammingh for BsidesNZ 13

Slide 14

Slide 14 text

"Am I even qualified to give this talk?" — Me, earlier today, proving that I probably am. @benjammingh for BsidesNZ 14

Slide 15

Slide 15 text

"But everyone has this, no?" @benjammingh for BsidesNZ 15

Slide 16

Slide 16 text

OCD vs. Actually liking things to be 2dy @benjammingh for BsidesNZ 16

Slide 17

Slide 17 text

Exemplum! @benjammingh for BsidesNZ 17

Slide 18

Slide 18 text

@benjammingh for BsidesNZ 18

Slide 19

Slide 19 text

"I am going to be discovered and fired..." — Me, then. @benjammingh for BsidesNZ 19

Slide 20

Slide 20 text

THIS IS DUCKING DEPRESSING @benjammingh for BsidesNZ 20

Slide 21

Slide 21 text

It makes it real hard to do good work @benjammingh for BsidesNZ 21

Slide 22

Slide 22 text

Which then just perpetuates itself @benjammingh for BsidesNZ 22

Slide 23

Slide 23 text

Which leads to burnout... @benjammingh for BsidesNZ 23

Slide 24

Slide 24 text

@benjammingh for BsidesNZ 24

Slide 25

Slide 25 text

@benjammingh for BsidesNZ 25

Slide 26

Slide 26 text

Reality vs. Percep0on of others From h'ps:/ /billwa'.org/the-imposter-syndrome/ @benjammingh for BsidesNZ 26

Slide 27

Slide 27 text

@benjammingh for BsidesNZ 27

Slide 28

Slide 28 text

STORY TIME 2 @benjammingh for BsidesNZ 28

Slide 29

Slide 29 text

@benjammingh for BsidesNZ 29

Slide 30

Slide 30 text

HOLY SHIT WE HAVE DIFFERENCE EXPERIENCES @benjammingh for BsidesNZ 30

Slide 31

Slide 31 text

(Best (worst) stock photo ever?) @benjammingh for BsidesNZ 31

Slide 32

Slide 32 text

Impostor syndrome can be a sign that you're about to learn awesome things. @benjammingh for BsidesNZ 32

Slide 33

Slide 33 text

It can be a sign you have a lot of knowledge to share too! @benjammingh for BsidesNZ 33

Slide 34

Slide 34 text

Straw poll How many people have you heard of ge3ng fired due to knowing nothing? How many people have you heard of having impostor syndrome? @benjammingh for BsidesNZ 34

Slide 35

Slide 35 text

So why do our brains make this trade off? @benjammingh for BsidesNZ 35

Slide 36

Slide 36 text

Ego? @benjammingh for BsidesNZ 36

Slide 37

Slide 37 text

Did I men)on I work in security? @benjammingh for BsidesNZ 37

Slide 38

Slide 38 text

Infosec problems (including but not limited to) • Has a&ackers. Coders have bugs, ops people have well the world. There are real humans a&acking you trying to break your shit.* • There is very clear win/lose stakes. • Especially in the con scene, a lot of posturing. • DefCon sCll exists (; * Assume blue team here, I know... @benjammingh for BsidesNZ 38

Slide 39

Slide 39 text

...which leads to • people not showing their vulnerabili3es (not that kind). • people not admi:ng they don't know something out of fear. • people burning out and leaving the industry. • Infosec not being the most diverse and inclusive industry. @benjammingh for BsidesNZ 39

Slide 40

Slide 40 text

"well don't think of yourself as an imposter, think of yourself as not a psychopath." — Sco& Roberts @benjammingh for BsidesNZ 40

Slide 41

Slide 41 text

"One of the best things I've done for myself lately: created a doc where I copy-paste compliments I've go

Slide 42

Slide 42 text

"For passphrases, make them something posi2ve and encouraging, so every 2me you have to type them in, you feel a li:le be:er about the world." — paraphrased from an Anonymous Canadian @benjammingh for BsidesNZ 42

Slide 43

Slide 43 text

Brains! @benjammingh for BsidesNZ 43

Slide 44

Slide 44 text

Aside: cogni,ve dissonance @benjammingh for BsidesNZ 44

Slide 45

Slide 45 text

@benjammingh for BsidesNZ 45

Slide 46

Slide 46 text

What can you do as an organisa0on? @benjammingh for BsidesNZ 46

Slide 47

Slide 47 text

Acknowledge it! @benjammingh for BsidesNZ 47

Slide 48

Slide 48 text

It's okay to say what's okay @benjammingh for BsidesNZ 48

Slide 49

Slide 49 text

From The Recurse Center @benjammingh for BsidesNZ 49

Slide 50

Slide 50 text

Obligatory reference to blameless postmortems as I'm contractually bound to by Etsy @benjammingh for BsidesNZ 50

Slide 51

Slide 51 text

Praise others, because they may feel this too. @benjammingh for BsidesNZ 51

Slide 52

Slide 52 text

Tip for praise: Don't personalize. For the same reason you wouldn't say "You're a dumbass," don't just say "You're a genius." — @candor 5 5 Blameless praise! from Slack's great ar5cle on giving feedback @benjammingh for BsidesNZ 52

Slide 53

Slide 53 text

Stop the nerd snipe, even if it's good inten2oned @benjammingh for BsidesNZ 53

Slide 54

Slide 54 text

Your culture o*en affects people in seemingly invisible ways @benjammingh for BsidesNZ 54

Slide 55

Slide 55 text

Just don't go too far (; Dunning–Kruger effect @benjammingh for BsidesNZ 55

Slide 56

Slide 56 text

Let's hope I'm on track for 2me! • be understand to people, this is hard. • be kind to yourself, even if you're a jerk like me. • seek help if you can (friends, therapists, coworkers) @benjammingh for BsidesNZ 56

Slide 57

Slide 57 text

This affects people differently • Confidence sadly o.en comes with privilege. • As does arrogance. @benjammingh for BsidesNZ 57

Slide 58

Slide 58 text

Mess of links that will be useful when I tweet the URL to this slidedeck • Impostor Syndrome in DFIR - Sco5 Roberts fantas9c piece on the topic. • Allowed To Apply - blog on telling yourself you can do this. • How to get a promo9on • Blue Hackers - site on mental health in the tech community and how to help. @benjammingh for BsidesNZ 58

Slide 59

Slide 59 text

If this sounds like an environment you'd like to work in, come talk to me about Jobs at Stripe @benjammingh for BsidesNZ 59

Slide 60

Slide 60 text

Ta • My blog post on the subject • Fax: +1 (415) 484-7239 • Twidder: @benjammingh • SpeakerDeck: speakerdeck.com/barnbarn @benjammingh for BsidesNZ 60