Sienna
siennabates.com ∙ github ∙ mastodon ∙ twittersecurity and privacy enthusiast, researcher, AMC A-lister
Thotcon 2023
This was the second time I have had the opportunity to attend Thotcon which took place May 19-20, 2023. I really enjoyed getting to go again as it is a great opportunity to see some of my friends who live in the Midwest again now that I have moved to California. On Thursday we arrived late afternoon after a fairly early morning and we met our friends Aaron and G. We got a late lunch before our friends headed off to the speaker dinner ahead of the conference while we took a short nap. Later that night we met up with some more of our friends at their residence near the conference. It was nice to catch up with people I have not seen in a while. ...Academia to Industry
Background I have been thinking a lot about my experience transitioning from academia to the tech industry and my misconceptions of how prepared I actually was. I realize now, that I was prepared in all the wrong ways and what I would do if I could go back and do things differently. Writing - From minimum word counts to being as concise as possible. - The corporate dialect - I understand but can’t quite speak or replicate myself. - convey thoughts directly and efficiently. - To leave feelings at the door. Deliverables - There is rarely a template. - Many tasks do require some bit of magic to pull answers out of a hat. - Make sure to clarify what is internal vs external deadlines. - How many revisions are needed. - Some companies prefer deliverables in a certain format - pptx. - Some companies prefer text heavy vs not slides. Communication - Everyone is different. - Coming in it was typical to be expected to bend your preferences in favor of others. - It is okay to speak up if you feel someone is not respecting your time. - Learning everyone’s communication styles is hard. - You may not always work with someone who matches your work/communication style. - Don’t be afraid to suggest things that might improve processes. - For the love of god document the things you would need to inform someone about if they came in the middle of a project. - You probably cannot be yourself. - Professionalism is still necessary even if you think something is stupid. Overall things that helped - Finding a mentor to trust. - Befriending people around the same age. - You can be social even if just with those you think you’ll like. - You dont have to make small talk with everyone. - Find someone who you can ask all your dumb questions to. - Be honest with your manager about the things you’re struggling with, self awareness shows you’re trying to make an improvement. - Find someone who is in the same position but higher up that can validate your thoughts, feelings, and intuition about a topic or process. - I still believe the corp world would be better if people were just real about things.Shmoocon 2023
This was my second time visiting Washington D.C. for Shmoocon, my first being back in 2022. First thing I was excited about was the theme of this year, which was Broadway. The year prior was picnic. I was pretty excited when I saw the booklet that usually contains the schedule and talks with speakers, as well as some challenges and puzzles was made to look like a playbill. Also, there were three different attendee badges were made to represent three different Broadway theaters. Mine was shaped like the New Amsterdam theater, there was also one that represented the Richard Rodgers theater, as well as one other which I cannot remember. Each badge also had a portion of a QR code on the back which if put together correctly could help you embark on the remainder of the badge challenge. The bag with all the promotional swag was pretty cool this year too, it was a collapsible backpack that folds up really nice and is good for travel. I usually don’t use the given bag during the conference, but I liked this one so much I used it the whole tine. Also, coolest swag was definitely the tech deck. ...CISSP First Attempt Preparation and Afterthoughts
Preparation There are 8 domains that the CISSP tests on: security and risk management asset security security architecture and engineering communication and network security identity and access management security assessment and testing security operations software development security" Favorite way to study is use study mode and go through practice exams (Boson) and make my best guess at the right answer and then check if im right and if not I read the description as to why. I go through every single question that way and it takes a while but it helps reassuring myself especially when or if I was not confident in my guess. ...Security Plus Preparation
Background I graduated in May 2020 with my BS in Cybersecurity from Purdue University. I also recently completed my MS in Cyber Forensics in August 2022 after defending my thesis, which was titled “Cybersecurity Industry Needs and the CSEC ABET curriculum analysis”. I also completed/passed EcCouncil’s Certified Ethical Hacker (CEH) in Summer of 2021. I currently work as a security researcher at a small security consulting company. Now, I do NOT believe you need to have this background in order to pass and complete the Security+ certification, so do not let my experience discourage you from taking it. I know of many people who have obtained it without having any college experience nor any formal technical background. My reasoning for taking this certification was to be more confident in the application of my security knowledge. ...