The Twelve Days of Work-Life Balance

12 tips for working at home over the holidays

Disclaimer: the author refuses to take any blame for any resulting disciplinary or legal action taken against readers who follow any of the suggestions in this article.

There’s a good chance that things slow down for the holiday season at your organisation or company[1], and as they do, there’s a corresponding[2] chance that you may end up not going into the office for some of the upcoming days.  Some workplaces expect you to turn up to work in the office unless you’re officially on holiday, while others allow or encourage workers to be based at home and perform their duties there for all or some of the period.  It’s those people who will be spending time at home who are targeted by this article.

Working from home is an opportunity to bunk off and is a complete wheeze a privilege and responsibility to be taken seriously.  There are, however, some important techniques that you should take on board to ensure not only that you continue to be productive but, even more important, that you continue to be seen to be productive.  I’ve split my tips up into helpful headings for your ease of use.

Video calls

Tip 1 (for those who shave): you don’t need to.  Yes, the resolution on webcams has increased significantly, but who’s going to care if it looks like you’ve just rolled out of bed?  The fact that you’ve even bothered shows your commitment to the meeting you’re attending.

Tip 2 (for those who wear make-up): far be it from me to dictate whether you wear make-up or not to meetings.  But if you choose to, there’s no need to refresh last night’s make-up in the morning.  If you’ve staggered home late, you may not have got round to removing your party lipstick and mascara, and it may even have smudged or run a bit: don’t worry.  It’ll look “festive” in the morning, and will encourage a relaxed atmosphere at the meeting.

Tip 3 (for coffee drinkers): you may need an extra cup of coffee in the afternoon, to get you through the day.  Who’s going to know if you add a shot to it?  It’ll keep you warm, and possibly upright.  My wife swears by Baileys.  Or Irish Whiskey.  Or gin.  Pretty much anything, in fact.

Tip 4 (for non-coffee drinkers): cocktails are a no-no for video conferences, unless approved by management (sorry).  However, there are a number of other options to explore.  A Long Island Iced Tea looks like, well, and iced tea.  Whisky (or whiskey) can look like normal tea, and my personal favourite, cherry brandy, looks like a child’s fruit cordial that you didn’t dilute sufficiently.  And tastes fairly similar.

Tip 5 (for clothes wearers): few organisations (of which I’m aware, anyway) have adopted a non-clothing policy for video-calls.  Clothes are required.  My favourite option is to wear a festive jumper, but this is only fun if it has woven-in flashing lights which can distract your fellow participants[3].  Coordinating the periodicity of the flashing with colleagues gets you bonus points.

Tip 6 (also for clothes wearers): wear something on your bottom half.  I know you think you may not be getting up during the call, but when a small child vomits in the background, the postal worker arrives at the door, or you just need another cup of coffee or “beverage” (see tips 3 & 4) to get you through the next two hours, you’ll be grateful for this advice.

Teleconferences (non-video)

Tip 7: use a chat channel to have a side conversation with your peers. You can have hilarious discussions about the intellectual capacity and likely parentage of your management, or even better, play a game of meeting bingo.

Tip 8: the mute button is for cowards.  Yes, wind can be a problem after an over-indulgence at the pub, club or party the night before, and microphones can be quite sensitive these days, but who’s to know it’s you[4]?

Emails

Tip 8: the best time to respond to an email is when you receive it, right?  This will show everybody how devoted you are to your job.  So if it arrives after you’ve already partaken of a brew or two down the pub, or sampled the herbal opportunities recently decriminalised in your state in your bedroom, then replying immediately will almost certainly be considered responsible and professional.  And auto-correct will almost certainly act in your favour: after all, your boss really is a complete duck, yes?

Tip 9: pepper your emails with poor festive puns[5].  It’s just what you do.

Family

Tip 10: you may have agreed to “work” over this period as an excuse to avoid spending too much time with the family[6], but there’s always the chance that they will barge into your office, throw up in the hall (see tip 6), or just fall asleep on your keyboard[7].  Invest in a lock on your office door, or work somewhere out of range[8].  Your work is important, and you must guard against unwanted interruptions, such as being awoken from an important doze.

Productivity

Tip 11: it’s your responsibility, when working from home, to ensure that you maintain your productivity.  But breaks are important.  There’s a tricky balance here between protecting your time from the family (you don’t want them to notice that you’re not online 100% of the time) and taking sensible amounts of breaks.  Assuming that you’ve taken my advice about locking your office door, then placing an XBox or similar gaming console on your desk next to your work computer is a great way of allowing yourself some downtime without risking the wrath of your family (assuming careful monitor placement and controller handling).

Tip 12: if you’re not careful, too much time hidden away from the family will get you in trouble.  My piece of advice here is to offer to help.  But on your own terms.  Rushing out of your office[9], looking harried and then announcing “I’ve got ten minutes until my next call, and I’m feeling guilty: is there anything I can do?” can gain you useful credit without the risk of your having to do anything too taxing.

Summary[10]

You can maintain a productive and professional workplace at home if called to do so by your organisation.  It is your responsibility to balance the needs of work with your needs and, of course, the needs of your family.

Have a Merry Christmas (or other festival) and a Happy New Year (whenever it falls for you)!


1 – this is generally a Judaeo-Christian set of holidays, but I hope that this article is relevant to most holidays: religious, national, regional or secular.

2 – and possibly correlateable, though check out one of my favourite XKCD comics: https://xkcd.com/552/.

3 – owners of luxuriant beards or heads of hair may prefer to weave flashing fairy lights into their hair for a similar effect.

4 – except for the small matter of the little indicator against each participant’s name which shows who’s “talking”.

5 – “Your presents is requested.”  “But wait—there’s myrrh.” You get the idea.

6 – “Sorry, darling, I know your parents are here, but a really critical bug came in, and I’m the only one who can look at it in time…”

7 – mainly a problem for owners of cats or teenagers.

8 – try searching for “Where’s a pub near me that’s open now?”.

9 – don’t forget to lock it again, in case a child notices and purloins that gaming console.

10 – in the Southern Hemisphere, at least.  Sorry: see [5].

 

16 ways in which users are(n’t) like kittens

I’m going to exploit you all with an article about kittens and security.

It’s summer[1], it’s hot[2], nobody wants to work[3].  What we all want to do is look at pictures of cute kittens[5] and go “ahhh”.  So I’m going to exploit you all with an article about kittens and (vaguely about) security.  It’s light-hearted, it’s fluffy[6], and it has a picture of two of our cats at the top of it.  What’s not to like?

Warning: this article includes extreme footnoting, and may not be suitable for all readers[7].

Now, don’t get me wrong: I like users. realise the importance of users, really I do.  They are the reason we have jobs.  Unluckily, they’re often the reason we wish we didn’t have the jobs we do.  I’m surprised that nobody has previously bothered to compile a list comparing them with kittens[7.5], so I’ve done it for you.   For ease of reading, I’ve grouped ways in which users are like kittens towards the top of the table, and ways in which they’re unlike kittens towards the bottom[7.8].

Please enjoy this post, share it inappropriately on social media and feel free to suggest other ways in which kittens and users are similar or dissimilar.

Research findings

Hastily compiled table

Property Users Kittens
Capable of circumventing elaborate security measures
Yes Yes
Take up all of your time Yes Yes
Do things they’re not supposed to
Yes Yes
Forget all training instantly
Yes Yes
Damage sensitive equipment Yes Yes
Can often be found on Facebook
Yes Yes
Constantly need cleaning up after
Yes Yes
Often seem quite stupid, but are capable of extreme cunning at inopportune moments Yes Yes
Can turn savage for no obvious reason Yes Yes
Can be difficult to tell apart[10] Yes Yes
Fluffy No[8] Yes
Fall asleep a lot No[8] Yes
Wake you up at night No[9] Yes
Like to have their tummy tickled
No[8] Yes
Generally fun to be around No[8] Yes
Generally lovable No[8] Yes

1 – at time of writing, in the Northern Hemisphere, where I’m currently located.  Apologies to all those readers for whom it is not summer.

2 – see 1.

3 – actually, I don’t think this needs a disclaimer[4].

4 – sorry for wasting your time[4].

5 – for younger readers, “kittehs”.

6 – like the kittens.

7 – particularly those who object to footnotes.  You know who you are.

7.5 – actually, they may well have done, but I couldn’t be bothered to look[7.7]

7.7 – yes, I wrote the rest of the article first and then realised that I needed another footnote (now two), but couldn’t be bothered to renumber them all.  I’m lazy.

7.8 – you’re welcome[7.9].

7.9 – you know, this reminds me of programming BASIC in the old days, when it wasn’t easy to renumber your program, and you’d start out numbering in 10s, and then fill in the blanks and hope you didn’t need too many extra lines[7.95].

7.95 – b*gger.

8 – with some exceptions.

9 – unless you’re on support duty.  Then you can be pretty sure that they will.

10 – see picture.

11 – unused.

12 – intentionally left blank.

13 – unintentionally left blank.

Happy 4th of July – from Europe

If I were going to launch a cyberattack on the US, I would do it on the 4th July.

There’s a piece of received wisdom from the years of the Cold War that if the Russians[1] had ever really wanted to start a land war in Europe, they would have done it on Christmas Day, when all of the US soldiers in Germany were partying and therefore unprepared for an attack.  I’m not sure if this is actually fair – I’m sure that US commanders had considered this eventuality – but it makes for a good story.

If I were going to launch a cyberattack on the US, I would do it on the 4thof  July.  Now, to be entirely clear, I have no intentions of performing any type of attack – cyber or not – on our great ally across the Pond[2]: not today (which is actually the 3rd July) or tomorrow.  Quite apart from anything else, I’m employed by[5] a US company, and I also need to travel to the US on business quite frequently.  I’d prefer to be able to continue both these activities without undue attention from the relevant security services.

The point, however, is that the 4th of July would be a good time to do it.  How do I know this?  I know it because it’s one of my favourite holidays.  This may sound strange to those of you who follow or regularly read this blog, who will know – from my spelling, grammar and occasional snide humour[6] – that I’m a Brit, live in the UK, and am proud of my Britishness.  The 4th of July is widely held, by residents and citizens of the USA, to be a US holiday, and, specifically, one where they get to cock a snook at the British[7].  But I know, and my European colleagues know – in fact, I suspect that the rest of the world outside the US knows – that if you are employed by, are partners of, or otherwise do business with the US, then the 4th of July is a holiday for you as well.

It’s the day when you don’t get emails.  Or phone calls.  There are no meetings arranged.

It’s the day when you can get some work done.  Sounds a bit odd for a holiday, but that’s what most of us do.

Now, I’m sure that, like the US military in the Cold War, some planning has taken place, and there is a phalanx of poor, benighted sysadmins ready to ssh into servers around the US in order to deal with any attacks that come in and battle with the unseen invaders.  But I wonder if there are enough of them, and I wonder whether the senior sysadmins, the really experienced ones who are most likely to be able to repulse the enemy, haven’t ensured that it’s their junior colleagues who are the ones on duty so that they – the senior ones – can get down to some serious barbecuing and craft beer consumption[8].  And I wonder what the chances are of getting hold of the CISO or CTO when urgent action is required.

I may be being harsh here: maybe everything’s completely under control across all organisations throughout the USA, and nobody will take an extra day or two of holiday this week.  In fact, I suspect that many sensible global organisations – even those based in the US – have ensured that they’ve readied Canadian, Latin American, Asian or European colleagues to deal with any urgent issues that come up.  I really, really hope so.  For now, though, I’m going to keep my head down and hope that the servers I need to get all that work done on my favourite holiday stay up and responsive.

Oh, and roll on Thanksgiving.


1 – I suppose it should really be “the Soviet Union”, but it was also “the Russians”: go figure.

2 – the Atlantic ocean – this is British litotes[3].

3 – which is, like, a million times better than hyperbole[4].

4 – look them up.

5 – saying “I work for” sets such a dangerous precendent, don’t you think?

6 – litotes again.

7 – the probably don’t cock a snook, actually, as that’s quite a British phrase.

8 – I’m assuming UNIX or Linux sysadmins: therefore most likely bearded, and most likely craft beer drinkers.  Your stereotypes may vary.

 

Security at conferences – a semi-humorous view

Next week, I’ll be attending and speaking at Red Hat Summit in San Francisco.   I’ve written before about how annoying I find it when people don’t stay on topic at conferences, so rest assured that I won’t be making any product pitches: in fact, I plan to hold a vote during the session to determine some of what I talk about, so if you’re attending, too, please come along and help choose.

In anticipation of the event and associated travel, I thought I’d compile a semi-humorous list of tangentially-security-related advice for anyone planning on attending a conference or associated exhibition/expo in the near future.  I’ve been to way too many in my *cough* 20+ years in the industry: here are some tips for conferences.

Oh, and before we start, if you’re at DEFCON, be more paranoid even than this, or even more paranoid than you think you need to be.  At most conferences, you don’t need to worry too much that someone might be spoofing the cell towers, for instance.  At DEFCON, well…

  • wifi – if you’re going to use wifi, use official hotel / conferences access points, rather than random ones which have names like “useme” or “theNSA” or “notRussianSpies” or “dataCollectionforFB”.  And even when you’re using the official ones, don’t trust them: use HTTPS and/or a VPN.  You know this: don’t forget it just because you’re at a conference.
  • what happens in Vegas makes it back to your boss – maybe not your family members, but definitely your boss.  I’ve been to conferences in Vegas.  I’ve seen … things.
  • bluetooth – your safest option?  Turn off bluetooth, particularly on your phone.  If you must leave it on (so that you can use your watch/headphones/other cool accessories), then never accept unsolicited pairing requests.
  • conversations – do you want to be talked to by random strangers?  Some people prefer to be left alone, and a growing number of conferences allow you to put a sticker onto your badge which will tell other attendees whether or not you’re happy to be addressed.   These are typically:
    • green: I’m so gregarious I’m probably not in a technical job, and am more likely to be in marketing
    • red: please, please don’t talk to me, or even glance in my direction
    • yellow: I’m in two minds about it.  If you’re going to offer me a job, make a pass at me or we’ve already met, then it’s probably OK.
    • (I have a serious question about this, by the way: what if you’re red/green colourblind and either very shy or very gregarious?  This approach seems seriously flawed.)
  • don’t leave your phone on the booth table – unless you want it to be stolen.  I’m always astonished by this, but see it all the time.
  • decide whether you’re going to give out your email address – for most shows, you give your email address out whenever you have your badge scanned.  So you need to decide whether you want to be scanned.  There are lots of other ways of giving out your email address, of course, and one is to drop your business card into those little glass bowls in the hopes of winning a prize.  That you never win[1].
  • getting pwned by booth staff – how do you get enough information about a company to decide whether actually to visit the booth and maybe talk to the staff?  Well, you’re going to need to approach it, and you may have to slow down in order to read the marketing messages.  There’s a set of rules that you need to be aware of around this behaviour, and it’s that staff on the booth can engage you in conversation if they catch you doing any of the following:
    • stepping on the coloured carpet tiles around the booth;
    • making eye contact[2];
    • dawdling[3].
  • languages – if you’re attending a conference in a foreign environment, you may wish to include a sticker on your badge to let people know in which languages you’re conversant.  US English is standard, but other favourites include Java, Python, UML and, in some circles, COBOL[4].
  • beware too much swag – I’ve only had to do it once, but I did once buy an extra case to take swag back in.  This was foolish.  There really is such a thing as too much swag, and as we all know, once you have more than three vaguely humorous techie t-shirts, you can rotate them through the washing[6] until you get the chance to visit another conference and pick up some new ones.
  • useful phrases – not even vaguely security-related, and this really relates to the languages point, but I was told a long time ago by a wise person[7] that you only need five phrases in the language of any foreign country[8] that you’re visiting:
    • yes;
    • no;
    • please;
    • thank you;
    • I’ll have five beers, and my colleague’s paying.

1 – except once, when I won a large drone which was really, really difficult to get home from the US and then turned out to be almost impossible to control in the windy part of the UK in which I live.

2 – do you know nothing?

3 – this is the tricky one: I reckon anything over half a second is fair game, but exact timing is culturally-specific, based on my observations.

4 – if you find yourself at a conference where lots of people are going around with stickers saying “COBOL” on them, or, more dangerous still, wearing t-shirts with “I know COBOL, and I’m not ashamed”, you have two options: a) run, fast; b) stick around, learn to converse with the natives and end up with a job for life making shockingly large amounts of money maintaining legacy banking code[5].

5 – but getting invited to a vanishingly small number of dinner parties or other social engagements.

6 – if you don’t wash your t-shirts, you’re not going to need to worry to much about [5] becoming a problem for you.

7 – I can’t remember when, exactly, or by whom, in fact, but they must have been pretty wise: it’s good advice.

8 – I include the North of England in the “foreign countries” category.

Changing the demographic in IT security: a radical proposal

If we rule out a change in age demographic, gender, race or ethnicity, what options do we have left?

This is a guest post by Sherlock.

We have known for a while now that we as an industry don’t have enough security specialists to manage the tide of malware and attacks that threaten to overwhelm not just the IT sector but also all those other areas where software and hardware security play a vital part in our way of life.  This is everything from the food supply chain to the exercise industry, from pharmaceuticals to wildlife management.  The security sphere is currently dominated by men – and the majority of them are white men.  There is a significant – and welcome – move towards encouraging women into STEM subjects, and improving the chances for those from other ethnic groups, but I believe that we need to go further: much, much further.

There is also an argument that the age demographic of workers is much too skewed towards the older range of the employment market, and there is clear evidence to show that humans’ mental acuity tends to decrease with age.  This, in a field where the ability to think quickly and react to threats is a key success metric.  The obvious place to start would be by recruiting a younger workforce, but this faces problems.  Labour laws in most countries restrict the age at which significant work can be done by children*, so one alternative is to take the next age demographic: millennials.  Here, however, we run into the ongoing debate about whether this group is lazy and entitled***.  If we rule out a change in age demographic, gender, race or ethnicity, what options do we have left?

It seems to me that the obvious solution is to re- or up-skill a part of the existing security workforce and bring them into the IT security market.  This group is intelligent*****, loyal******, fast-moving [I’m done with the asterisks – you get the picture], quick-thinking [see earlier parenthetical comment], and easily rewarded [this bit really is universally true].  In short, the canine workforce is currently under-represented except in the physical security space, but there seems to be excellent opportunity to up-skill a large part of this demographic and bring them into positions of responsibility within the IT security space.  So, next time you’re looking to recruit into a key IT security role, look no further than your faithful hound.  Who’s a good boy?  Who’s a good boy?  You‘re a good boy.


*this is a Good Thing[tm] – nobody**’s complaining about this

**apart from some annoying kids, and well, who cares?

***I could have spent more time researching this: am I being ignorant or apathetic?****

****I don’t know, and I don’t care.

*****mostly

******again, mostly