Read Time: 6 minutes

Howdy Vulnerable Ones! - Writing this week’s newsletter from San Francisco where I’m just wrapping up my week at RSA Conference and BSidesSF. I’m exhausted, it was an absolute marathon out there. My current mental state is the inspiration for this week’s topic:

• The Aftermath of Overstimulation: Coping with the emotional and physical challenges of a hectic week.

• Finding Balance: The importance of self-care and reestablishing routines after a disruptive event.

• Moving Forward: Strategies for implementing the insights and connections gained from the conference in a sustainable way.

Have feedback for us? Just hit reply — we'd love to hear from you!

Lets get vulnerable

Topic of the Week:

🌟 Beyond the Swag 🌟

Tech conferences are a whirlwind of social stimulation, travel, meals, and lack of sleep that can be overwhelming for even the most seasoned infosec professionals. But when the conference ends, the real work begins, as practitioners attempt to reintegrate into their normal lives.

Remember that scene in Lord of the Rings where Frodo chooses to sail to the Undying Lands because after what he just went through, normal Shire life seemed impossible to come back down to? Yeah that, minus the wound from a Nazgûl's Morgul blade.

🚶 The non-stop social activity, being on your feet all day, walking miles around the city and show floor, and lack of your regular exercise routine - all of it can be daunting. It's crucial to recognize the impact that these factors can have on your mental health and well-being. Once we realize it, name it, we can interact with this feeling differently.

🧘‍♀️ Nurturing Your Mental Health 🧘‍♂️

I think a lot of my readers can relate to how I feel like an introverted extrovert in these situations. I crave to connect with all of my people at these events. Most of which I only see at these things a few times a year, if that.

🦥 But my human suit begins to feel heavy and my batteries drained. The imposter syndrome battles when meeting people at various stages of their career and playing comparison games with how far we’ve gotten or how fast. It all adds up.

Taking care of your mental health is just as important as the tech skills or the meeting grind on these trips. Here are some tips to help you maintain your well-being at tech conferences, or really anywhere:

1️⃣ Prioritize sleep: We joke about the 3-2-1 rule at DEFCON. 3 hours of sleep, 2 meals, 1 shower per day. It's tempting to stay up late networking or attending after-parties, but lack of sleep can take a toll on your mental health. Make sleep a priority, both quality and quantity.

2️⃣ Make time for physical activity: Walking miles around a conference can be exhausting, but it's important to make time for dedicated physical activity. Pick your poison here - I like to lift weights and do a fair bit of research before I show up if the hotel gym or a gym nearby will be an easy part of my day. Find a yoga class, go for a run, find a local hike, or whatever it is that gets your blood pumping. This is just cheat codes for your energy reserves throughout the day.

3️⃣ Eat healthy-ish: I’m a chronic “eat what you can, when you can” person when I’m traveling. It tends to sit pretty heavy and not make me feel great throughout the day. Sluggish. Trust is built around the meals you’ll have with folks though, so don’t stress but just try to do yourself a favor. I try to have some protein shakes in my room, also need to focus on drinking a ton of water.

4️⃣ Take breaks: Don't feel guilty about taking breaks to recharge your batteries. Schedule some time each day to rest, read a book, or just take a walk to clear your mind. I’m a HUGE fan of the dip back to the room post lunch pre dinner for a quick lie down, phone charge, zone out. Only way I can not be completely zonked by dinner.

🏃‍♀️ Moving Forward 🏃‍♂️

Attending a tech conference can be overwhelming, and it's easy to feel lost in the madness. However, by prioritizing your mental and physical health, you'll be better equipped to handle the stress and make the most of your experience. Remember the tips we've shared above and take care of yourself.

But attending a conference isn't just about surviving - it's also about learning, networking, and gaining valuable insights. Here are some strategies for implementing what you've learned and the connections you've made:

1️⃣ Review and organize: Take some time to go through your notes, business cards, and any other materials you collected. Organize them into actionable items and follow up on them as soon as possible.

2️⃣ Share: Whether through a blog post, social media, or a presentation at work, share what you've learned with your community. This not only helps solidify your own understanding but also contributes to the industry's collective knowledge.

3️⃣ Connect with new contacts: Reach out to the people you met at the conference, follow them on social media, and continue building those relationships. You never know where a new connection might lead.

4️⃣ Take action: Identify specific actions you can take based on what you've learned. Set goals for yourself and create a plan to implement them. I know I’ve got a list after this week.

Remember, the key to implementing what you've learned is to do so in a sustainable way. Don't try to do everything at once, take small steps and build on your successes.

🚀 Go forth and be awesome, and don't forget to take care of yourself along the way.

Elective Reading

Here are some things I’m reading right now and some cliff notes or thoughts:

“A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites”

Thanks to Adrian for having me on the Enterprise Security Weekly podcast this week. Got to talk about the infosec trends at large, and this newsletter! - Had a great time chatting.

Got to watch a talk at BSidesSF by Sal Olivares on protecting API keys - here is the blog post about it with some really easy and high value take aways.

Two that I loved: 1) Append an easy to search for string at the front of your keys. So finding them where they shouldn’t be is easy. 2) Have metrics on key usage and track when they were last used. Useful to kill orphaned keys and in other situations too.

If you’re not playing with LangChain yet, you should be. This is closer to the tip of the AI spear than ChatGPT is at this point.

As if attriubution nicknames weren’t hard enough to follow - Microsoft has switched em up on us.

“The new scheme will separate actors into categories — nation-state, financially motivated, private sector cyber-mercenaries, influence operations or groups in development — and pinpoint specific countries linked to malware operations. “Simply put, security professionals will instantly have an idea of the type of threat actor they are up against, just by reading the name,” (Thanks Ryan for the Writeup)

Got to run into some bug bounty and open ai folk this week so needed to remind you bug hunters out there that OpenAI is open for hacking.

Jhaddix is opening up his training course again. So speaking of bug hunting on Open AI - go learn from one of the best on how to best bounty hunt.

And one more from another bug bounty GOAT, NahamSec.

Extra Credit:

Help Us Grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them! As of now, spread will just be by word of mouth.

Parting Thoughts:

Let me know how I can help as always.. If there's a topic you'd like to see covered in a future edition of the newsletter, or if you have any questions or concerns, please don't hesitate to reach out to us. I’m always happy to hear from our readers and help in any way I can.

Stay safe, Matt Johansen
@mattjay