Read Time: 6 minutes

Howdy Vulnerable Ones! - Hope you’re having a great week. We made it to double digits here with our 10th letter. Thanks for all you early adopters, you mean more to me than I can express. In today’s issue:

• The problem with isolation: The challenges of working in infosec and how they contribute to loneliness.

• Shocking stats: The Surgeon General's report on the dire health consequences of loneliness

• You get a ransomware: Everyone gets a ransomware. No seriously, so much ransomware this week.

Have feedback for us? Just hit reply — we'd love to hear from you!

Lets get vulnerable.

This week has been a bit rough for me coming back to earth from RSA. I’m writing this late Thursday night when I’m most often done by Wednesday. Thursdays are usually reserved for final edits and sifting through all the website links I’ve saved throughout the week. Depression really gets in the way sometimes. IYKYK. Well, I kicked my way out of that funk (see more on mental health survival tips here) so let’s PARTY! And what better party topic to follow a depressive episode than… THE LONELINESS EPIDEMIC.

::sad trombone noises:: 

This story inundated my inbox this week and I’m absolutely fascinated by the stats coming out of the Surgeon General’s report.

🤯 Those numbers are absolutely bonkers. Not socializing seems worse than a pack a day smoking habit!

Get to the point, Matt. How does this relate to Vulnerable U readers?

Along with it being an important humanity issue, infosec tends to be a majorly self isolating industry. Heck, the whole point of this newsletter is to surface us basement dwellers and start sharing openly in the spirit of greater group resilience. But while alone time is important and often times (especially for us parents out there) hard to come by, we need to watch out for that line when alone time becomes seclusion. Our industry makes it easy to detach.

👥 Self-Isolation in Infosec

A few things here:

1. As an industry of techies, we tend to skew introverted. My childhood was equal parts AIM/IRC and outside/school yard. Some folks just avoid that second half entirely because the world is too mean to young nerds and internet friends are more welcoming.

2. Our paranoia in infosec is kind of baked into the job description. We play things close to the chest. Most of the time this is warranted.

3. WFH isn’t just a pandemic thing. My job was remote before that was cool. Way before covid many of us worked from home and now that’s trending toward the norm.

4. Suburban sprawl has killed the concept of “the third place” and in infosec we’ve replaced the corner pub with Twitter and 1 million security conferences. Work from home in suburbia and you’re even less likely to interact with a non-relative everyday.

💪 Building Resilience

The Surgeon General is calling for a nationwide culture shift. I’m calling for one in infosec. Let’s build stronger connections with our colleagues and fellow professionals, share knowledge, and support each other through challenges.

Here’s how you can start.

1. Share your struggles

   When we talk about hard things publicly and ask for help when needed, we give permission for others to do the same.

2. Practice active listening

   Get off your soap box from time to time (he said in his email newsletter) and show genuine interest in what others have to say.

3. Build meaningful connections

   I’ve talked about the power of community in past editions. Get out there. I’m not exaggerating when I call community our superpower.

4. Encourage others to be vulnerable

   Create safe spaces where people can share their experiences without fear of judgment. (Or tell them to subscribe to Vulnerable U for all their encouraging vulnerability needs! 😉)

Elective Reading

Here are some things I’m reading right now and some cliff notes or thoughts:

Absolutely massive cyber security insurance payout for Merck who got hit with NotPetya years ago. Insurer was arguing it was an act of war and thus they didn’t need to pay. Courts said nope, pay up.

The Padlock is dead. Long live the padlock. - HTTPS has become such table stakes of the internet that the lock has been deemed unfitting anymore. There is more to a secure and private connection than a TLS cert. I’m a fan of this move.

Thanks to Clint for getting this one on my feed. Good primer on scanning GCP. Basic enumeration and scanning tips but a great starting place for those who aren’t as familiar with Google’s Cloud and want to kick the tires.

The beginning of the end for passwords? Idk about all that, but huge step. Passkeys help you auth to web services with a file tied to your device instead of password or mfa. I also noticed Twitter has this and iOS has a neat way to store this on your keychain so ease of use is getting there. I’m interested to see where this goes. (More coverage on this from WIRED here)

I’ve not seen an emergency alert system used to demand ransom before. But here we are.

Another new one for me. A former contractor left behind a “ransomware time bomb” in some headset firmware and detonated it last week to extract more money from the company.

So. Much. Ransomware. - Seriously I almost didn’t link these all but they were all pretty spicy so I wanted to include. City of Dallas seems to be fighting off a gnarly one.

Chris is a great security researcher and has worked at some of the biggest companies on the planet. He’s now at Material and unsurprisingly to me found a spicy bug in Gmail.

Shodan is a superpower not enough people use. NahamSec does a great run down of how to use it to find all sorts of stuff that’s connected to the internet and probably shouldn’t be.

Phillip Wylie is a legend and is kicking off his new personal podcast. Looking forward to this new adventure by him.

Uber CISO avoided jail. (Washington Post story if you have a subscription: here)

Bounty hunting anyone? This is more than just a bug bounty…

Community Spotlight:

Earlier I linked one of my favorite YouTube Channels - Not Just Bikes - when talking about the concept of “the third place”. It only made sense this week to highlight a Twitter friend who does a lot for the urbanist movement.

Kelsey Huse! If you scroll her page for a moment, you’ll see she’s very passionate about living in cities that are friendly to people and not cars.

She is one of the folks who put me onto this topic and I’ve fallen into the rabbit hole hard. I’ve since watched countless videos on urbanism and how walkable/bikeable cities are not just better for the environment, but our mental health, the economy, our children, our local businesses, and the list goes on.

Kelsey has had a few viral moments videoing her existence here in Austin, Texas as a pedestrian or a cyclist and how comical some of her required routes are.

Give her a follow if you’re into this topic and interested in being more politically active with a focus on urbanism and not adding just one more lane to traffic.

Big Salute to my YIMBY sister. Bump into you on the bus soon!

Please write to me and share stories or anecdotes for this section. It goes very well with the theme of being vulnerable together to share stories. I’d especially love to hear about your failures. What is a time you failed? What did you learn? How did it change your life?

Extra Credit:

Help Us Grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them! As of now, spread will just be by word of mouth.

Parting Thoughts:

Let me know how I can help as always.. If there's a topic you'd like to see covered in a future edition of the newsletter, or if you have any questions or concerns, please don't hesitate to reach out to us. I’m always happy to hear from our readers and help in any way I can.

Stay safe, Matt Johansen
@mattjay

Read Time: 6 minutes

Howdy Vulnerable Ones! - Hope you’re having a great week. We made it to double digits here with our 10th letter. Thanks for all you early adopters, you mean more to me than I can express. In today’s issue:

• The problem with isolation: The challenges of working in infosec and how they contribute to loneliness.

• Shocking stats: The Surgeon General's report on the dire health consequences of loneliness

• You get a ransomware: Everyone gets a ransomware. No seriously, so much ransomware this week.

Have feedback for us? Just hit reply — we'd love to hear from you!

Lets get vulnerable.

This week has been a bit rough for me coming back to earth from RSA. I’m writing this late Thursday night when I’m most often done by Wednesday. Thursdays are usually reserved for final edits and sifting through all the website links I’ve saved throughout the week. Depression really gets in the way sometimes. IYKYK. Well, I kicked my way out of that funk (see more on mental health survival tips here) so let’s PARTY! And what better party topic to follow a depressive episode than… THE LONELINESS EPIDEMIC.

::sad trombone noises:: 

This story inundated my inbox this week and I’m absolutely fascinated by the stats coming out of the Surgeon General’s report.

🤯 Those numbers are absolutely bonkers. Not socializing seems worse than a pack a day smoking habit!

Get to the point, Matt. How does this relate to Vulnerable U readers?

Along with it being an important humanity issue, infosec tends to be a majorly self isolating industry. Heck, the whole point of this newsletter is to surface us basement dwellers and start sharing openly in the spirit of greater group resilience. But while alone time is important and often times (especially for us parents out there) hard to come by, we need to watch out for that line when alone time becomes seclusion. Our industry makes it easy to detach.

👥 Self-Isolation in Infosec

A few things here:

1. As an industry of techies, we tend to skew introverted. My childhood was equal parts AIM/IRC and outside/school yard. Some folks just avoid that second half entirely because the world is too mean to young nerds and internet friends are more welcoming.

2. Our paranoia in infosec is kind of baked into the job description. We play things close to the chest. Most of the time this is warranted.

3. WFH isn’t just a pandemic thing. My job was remote before that was cool. Way before covid many of us worked from home and now that’s trending toward the norm.

4. Suburban sprawl has killed the concept of “the third place” and in infosec we’ve replaced the corner pub with Twitter and 1 million security conferences. Work from home in suburbia and you’re even less likely to interact with a non-relative everyday.

💪 Building Resilience

The Surgeon General is calling for a nationwide culture shift. I’m calling for one in infosec. Let’s build stronger connections with our colleagues and fellow professionals, share knowledge, and support each other through challenges.

Here’s how you can start.

1. Share your struggles

   When we talk about hard things publicly and ask for help when needed, we give permission for others to do the same.

2. Practice active listening

   Get off your soap box from time to time (he said in his email newsletter) and show genuine interest in what others have to say.

3. Build meaningful connections

   I’ve talked about the power of community in past editions. Get out there. I’m not exaggerating when I call community our superpower.

4. Encourage others to be vulnerable

   Create safe spaces where people can share their experiences without fear of judgment. (Or tell them to subscribe to Vulnerable U for all their encouraging vulnerability needs! 😉)

Elective Reading

Here are some things I’m reading right now and some cliff notes or thoughts:

Absolutely massive cyber security insurance payout for Merck who got hit with NotPetya years ago. Insurer was arguing it was an act of war and thus they didn’t need to pay. Courts said nope, pay up.

The Padlock is dead. Long live the padlock. - HTTPS has become such table stakes of the internet that the lock has been deemed unfitting anymore. There is more to a secure and private connection than a TLS cert. I’m a fan of this move.

Thanks to Clint for getting this one on my feed. Good primer on scanning GCP. Basic enumeration and scanning tips but a great starting place for those who aren’t as familiar with Google’s Cloud and want to kick the tires.

The beginning of the end for passwords? Idk about all that, but huge step. Passkeys help you auth to web services with a file tied to your device instead of password or mfa. I also noticed Twitter has this and iOS has a neat way to store this on your keychain so ease of use is getting there. I’m interested to see where this goes. (More coverage on this from WIRED here)

I’ve not seen an emergency alert system used to demand ransom before. But here we are.

Another new one for me. A former contractor left behind a “ransomware time bomb” in some headset firmware and detonated it last week to extract more money from the company.

So. Much. Ransomware. - Seriously I almost didn’t link these all but they were all pretty spicy so I wanted to include. City of Dallas seems to be fighting off a gnarly one.

Chris is a great security researcher and has worked at some of the biggest companies on the planet. He’s now at Material and unsurprisingly to me found a spicy bug in Gmail.

Shodan is a superpower not enough people use. NahamSec does a great run down of how to use it to find all sorts of stuff that’s connected to the internet and probably shouldn’t be.

Phillip Wylie is a legend and is kicking off his new personal podcast. Looking forward to this new adventure by him.

Uber CISO avoided jail. (Washington Post story if you have a subscription: here)

Bounty hunting anyone? This is more than just a bug bounty…

Community Spotlight:

Earlier I linked one of my favorite YouTube Channels - Not Just Bikes - when talking about the concept of “the third place”. It only made sense this week to highlight a Twitter friend who does a lot for the urbanist movement.

Kelsey Huse! If you scroll her page for a moment, you’ll see she’s very passionate about living in cities that are friendly to people and not cars.

She is one of the folks who put me onto this topic and I’ve fallen into the rabbit hole hard. I’ve since watched countless videos on urbanism and how walkable/bikeable cities are not just better for the environment, but our mental health, the economy, our children, our local businesses, and the list goes on.

Kelsey has had a few viral moments videoing her existence here in Austin, Texas as a pedestrian or a cyclist and how comical some of her required routes are.

Give her a follow if you’re into this topic and interested in being more politically active with a focus on urbanism and not adding just one more lane to traffic.

Big Salute to my YIMBY sister. Bump into you on the bus soon!

Please write to me and share stories or anecdotes for this section. It goes very well with the theme of being vulnerable together to share stories. I’d especially love to hear about your failures. What is a time you failed? What did you learn? How did it change your life?

Extra Credit:

Help Us Grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them! As of now, spread will just be by word of mouth.

Parting Thoughts:

Let me know how I can help as always.. If there's a topic you'd like to see covered in a future edition of the newsletter, or if you have any questions or concerns, please don't hesitate to reach out to us. I’m always happy to hear from our readers and help in any way I can.

Stay safe, Matt Johansen
@mattjay