• Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact

Security explorer heading into the security awareness field - Created by ChatGPT

Charting a New Course in Security Awareness at Acadia Healthcare

March 6, 2024

I have started a position as a Senior Specialist, Security Awareness and Training at Acadia Healthcare. I’m excited for this opportunity because it’s a role that’s only more recently started to get some traction. I’ve been doing security awareness activities at previous organizations as a part-time thing. I’m excited to get the opportunity to really focus on security awareness training. It’s something that has been seen as a checkbox for a lot of organizations. I think it can be more than that. I think it can help build a security culture and foster a security mindset at an organization which result in a more secure organization.

I’ve been in a bit of a career transition the last 2-3 years. I’m not looking to get super technical. I’ve been in management and would probably be okay going back but I don’t play the political game as well as other. Reflecting over these last few years, I discovered that I enjoyed educating others. It’s actually something I wanted to do since high school but the only path I saw then was a high school teacher and I wasn’t really interested in leaving high school only to return shortly thereafter.

In the Navy I got the opportunity to go through instructor training and do some training while being an electronics technician. That led to me getting into the information technology field and eventually into security. At previous roles I’ve always either created content for distribution or presented internally. This past fall, I started looking for security awareness roles and found that several organizations were hiring for security awareness roles. This fit well with my desire to educate and where I was at in my career. I have a generalist background so I can speak to a variety of different fields within security.

I want to make security awareness interesting and impactful for an organization. Not just a checkbox. In my view I am here to foster and improve the security culture at the organization. To do that I’ll have to be creative and identify what engages people to think more about security. I’m excited for this challenge. I see people as the most complex systems in an organization.

I am going to continue to run Exploring Information Security (EIS) with a focus on security awareness. I believe this new role and EIS will compliment each other well. Next week I am planning to post my job search log. As part of the job search I decided to put in entries documenting my progress and thoughts during the hiring process. I wanted to show others that the hiring process is stressful, even for someone with 22+ years of IT experience. It’s also changed significantly since I first got in the job market and I wanted to highlight some of those changes as well.

In Experiences Tags Career
Comment

ChatGPT V4 - Image by D koi

Leveraging AI to Ace Your Next Job Interview

February 29, 2024

In today's rapidly evolving job market, Artificial Intelligence (AI) has become more than just a buzzword—it's a tool that can provide a competitive edge in various aspects of life, including job hunting and interview preparation. As interviews become increasingly sophisticated, candidates are seeking innovative ways to prepare and stand out. I’ve recently gone through a few different interview processes and as part of that I leveraged AI to help do research and prepare for my interviews. Here's how AI can be your ally in acing your next job interview.

Understand the Role and Company

Before you even start preparing for the questions, it's crucial to have a deep understanding of the role you're applying for and the company behind it. AI-powered tools can analyze job descriptions, company websites, and news articles to provide a comprehensive overview of what the company values in its employees and what skills and experiences are critical for the role. This information can help tailor your interview responses to align with the company's culture and needs.

Personalized Practice Sessions

AI-driven interview preparation tools can simulate realistic interview scenarios tailored to the job you're applying for. These platforms use natural language processing to evaluate your answers, providing feedback on content, tone, clarity, and even body language in video-based practice sessions. This personalized feedback can help identify strengths to highlight and weaknesses to improve upon, making your preparation more focused and efficient.

I’ve taken the job description and my resume and put them into ChatGPT to help identify how my experience aligns with the role. I’ve also taken the job description and any other information about the interview I’ve been provided and asked ChatGPT to create practice questions. I then take those questions and practice saying out loud my responses. I found the interview questions to be pretty close to the real questions I got asked. The questions allowed me to think through how I would answer questions and lean on past experiences. While not an exact match it did afford me an opportunity to think through my experiences and apply those to similar questions.

If there is a technical aspect to the interview AI can be used to prepare by getting quizzed on technical questions. Unfortunately, I didn’t think of this use case until after I had already gone through an interview that had technical questions in it. I struggled through those questions and did not move one. Had I prepared using AI I would have been better prepared to answer those questions and a better shot at moving on.

Enhancing Your Answers

AI doesn't just stop at practice; it can also help refine your answers. Tools like GPT (Generative Pre-trained Transformer) can suggest ways to structure your responses more effectively or creatively. Input your basic answer, and AI can enhance it, ensuring you communicate your thoughts coherently and compellingly. However, it's essential to keep your answers authentic to your experiences and voice; use AI as a tool for improvement, not a crutch. It’s also very important to say the responses out loud to understand how the responses will come off. Sometimes what’s in our head doesn’t sound as good when it’s said out loud.

Final Thoughts

As AI continues to transform the job market, its role in interview preparation is undeniable. By offering personalized feedback, and enhancing response, AI can be a valuable asset in your job search toolkit. However, it's important to remember that AI is a supplement, not a substitute, for genuine preparation. The goal is to use AI to enhance your authentic self, showcasing your skills, experiences, and personality in the best possible light.

Embrace AI as part of your interview preparation strategy, but keep the focus on your unique contributions and how you can add value to the company. With the right preparation and mindset, you can use AI not just to prepare for interviews but to excel in them.

This blog post created with the help of ChatGPT

In Experiences, Advice Tags Career, interviewing
Comment

Tips to help build strong relationships inside and outside of work

December 21, 2023

I love the saying from Manager Tools.

“There are three types of power? Technical power, role power, and relationship power. Relationship power is 75% of the power in an organization”

I quote it a lot to people when I’m having discussions about organizations.

Building relationships with people internally is what has allowed me to be successful in my career. We cannot do it all on our own. The techniques for building relationships apply both internally to a company as well as outside of the company at networking events. Her are some of the things I have done to build strong relationships inside and outside an organization.


How to build relationships

Ask questions

The number one thing I use to build relationships is ask questions. Then I follow that up by actively listening to the answer and asking more questions.

People’s favorite subject is themselves. Getting them to talk about themselves makes them feel good. If you are asking the questions you are the reason for that feeling. People will pick up if you’re being inauthentic, so it really helps if the questions are coming from a genuine curiosity. Look at them and hear what they’re saying and ask follow up questions to what they have just said.

When I first started doing this it was pretty hard. I liked to interject my own commentary. As I worked on it it eventually became easier. It is okay to interject here and there but talking less and listening more overall will help endear you to people quicker.

This was the tool I found most effective working with developers. Code is a developer’s baby. They create it. They nurture it. They get frustrated when it doesn’t pass tests. They may have dropped it once or twice. It’s their baby though and coming in and calling it ugly (even if it is ugly) isn’t going to make many friends.

This is where questions help. Developers lit up when you show an interest in their code (baby) and they will tell you everything about it. This helped me understand the code better. Why it was written the way it was written and allowed me to have tough conversations with them when it was causing problems. I had built that trust and they knew I was only trying to help them make the best code possible.


Spend time together

When you spend time together there’s a bonding that occurs. This builds trust and allows for people to get to know each other better. I’ll go to lunch with people if asked or I’ll ask others if they are interested in going to lunch. It’s a great way to just have a normal conversation outside of work. Asking questions gives insight into the person.

If money is tight, this can be done at work. If there’s an open spot a table ask to join (asking questions again ;). If it isn’t often people will tell you to pull up a chair and join them anyway. Worst case look for someone else to sit with. People that are sitting by themselves usually won’t mind company.


stay in touch

Make sure to stay in contact with people. This became harder with the pandemic and everyone working from home. Often I would reach out to them if we hadn’t chatted in a while and I was in a meeting with them. I’d shoot them a quick IM saying hi and asking how they were doing.

The Allen Curve is a study from the 1970s that described as distance increased between engineers communication became less frequent. If you are wondering why CEOs want people in the office it’s because of The Allen Curve (a future blog post).

Image courtesy Clutch.co

I’m surprised at how many people are not familiar with this idea. Regardless, as distance increase communication decreases. It makes sense. When you were in school you stayed in contact with your classmates more often. As people moved the communication between people became less frequent. You may have experienced this during the pandemic with coworkers. The person you got coffee with every morning and chatted about work or real world events you no longer communicate with on a regular basis. I’ve seen this apply with people just switching floors or moving to a different part of the building. The distance doesn’t need to be far for communication to drastically decrease.

If you are back in the office walking around can be a good way to stay in touch, as well as get a little exercise and a break from the computer. Working remotely is tougher. That’s why I set up reminders to connect with people every so often. This can be a week, month, months, or several months.

Reciprocity

Give without expecting something in return. First, this is a great feeling to just give without expecting something in return. Letting go of the return also helps with any frustration or anger that might occur from not getting something back. This can feel difficult because we all would like to think people will return the favor but it is something that can be practiced. Most people will want to return the favor. It might not be immediate but it will come at some point. Some people won’t return the favor. Either way we learn something about that person. Be careful to identify what people consider a favor because we’ll all have different ideas.

The five love languages is a great resource to read and understand. Some people just want help with their work. Others will want gifts or money compensation. Others will want praise. Understanding what drives people will help better understand what they may give in return.

I enjoy helping others and would rather someone help me than give me a gift. I would often look into help desk tickets for others and try to push them along if I could. This was a small effort for me but paid off when I needed something from these same people. Often, because I had helped them they would return the favor.

Be yourself

Be genuine and authentic. People can tell if you’re just there to get something out of them. If someone determines another person has or is trying to manipulate them the relationship is toast. Be who you are and don’t try to be someone else. You can work to make positive changes in your behavior and habits but ultimately we’re all who we are. I’ve struggled with being myself. I want everyone to like me but that just isn’t possible. I’ve tried being someone else for people and it doesn’t work. I have improved how I interact with people but ultimately I have to still be true to myself and accept that I won’t connect with everyone.

Easy to start habits

Two techniques I like to tell people to start with is using people’s name and saying thank you. Again, people are their favorite subject and hearing there name is a good feeling. You’ll have to identify what and how people liked to be called. Don’t just shorten people’s names because some people like being called by their first name. Some people like using their middle name or nickname. It is also a great way to start a conversation.

Say, “Thank you!” This is so easy to do and one of the least used techniques in the workplace. Say thank you to people for their work. Say thank you for getting you something. Say thank you for sharing their insights. It’s so easy to do and something people don’t hear enough.

Summary

Relationships are a very powerful thing. They can help advance a career and they can help get a job. To build a strong relationship, make it about the other person. Ask questions and spend time with them. Give without expecting something in return. This can feel very difficult because we are very transactional and want to get what’s rightfully ours. Most people will return the favor. The ones that don’t you will still learning something about them.

Finally, Be yourself and start small. Be who you are but realize you can make improvements to your behavior and habits. One of those can be by using people’s name and saying “Thank you!” for something they’ve done. Gratitude is a powerful thing and makes you and the other person feel good.

How do you go about building good relationships with people? Leave a comment below.

Resources

If you want to learn more about social engineering check out my GitHub page, Social Engineering for the Blue Team. You can also click on Social Engineering page or reach out to me directly with any questions you may have.

Social Engineering - Deep Dive
image-asset.jpg
Contact

This blog post first appeared on Exploring Information Security.

Subscribe

Sign up with your email address to receive news and updates.

We respect your privacy.

Thank you!


In Experiences, Advice Tags relationship, social engineering, advice, Career
Comment

Why Taking a Break is Important

November 29, 2023

Because we all need opportunities to recharge our brain. Even Bill Gates took a week off twice a year to recharge. I like to take a week in the spring and one in the fall just for myself to recharge. I usually play golf and video games during that week. I’ve found I’m stressed leading up to that week and recharged after the week. This is outside of family trips and vacations which can add a crinkle to taking time off if paid leave is limited. I’ve been fortunate to work at companies where I have quite a bit of time off and I can work from anywhere so I can maximize the time-off when I get there.

At one point I thought some friends and other people I knew who seemed to work all the time were different but eventually they burned out too. I do think tolerances are different and some people need less time away from others but we all eventually do need some time to unplug. And this isn’t going on vacation and answering emails or responding to alerts. It’s getting away completely. This was recently reaffirmed to me in my current role at an incident response company.

Notifications are the devil. Leaving notifications on is very much death by a thousand notifications. In my current role I’ve had email and multiple IMs on at the start. I’ve since reeled that in to just IM notifications and direct mentions specifically because no time of day or weekend was safe. Each notifications requires brain energy. It’s like running a car if you leave it on even in park it will run out of gas. That’s why turning off the car and in this case notification saves some of that energy for when I need to make a trip.

As a leader I need to be conscious of it because I impact a lot more people at work. I remember delivering a performance review to someone in January and they were a little surprised at the exceeding expectations review I gave them. They told me that at the end of the year they were wondering what they had done wrong to tick me off. As I reflected I realized I was burnt out during that time. While I tried to put on a nothing wrong is face and I don’t yell at people it was still pretty clear to the people that reported to me (and probably those that didn’t) that I was in a fowl mood.

I also need to be watching out for my directs and ensuring they’re in the best state mentally. Again, some people are better at it than others, so identifying the people that need to be told to go on paid leave is important. People earlier in their career are usually the ones that will work until they have some sort of breakdown. I know I was and to a certain point I still am based on what happened as a manager. Coming from a military background and getting into the private sector I expected to be told when to go home sick and when to go on leave. By the way if you’re sick go away and if you’re in an office go home.

I had 60 days of leave available when I left the Navy. Now I did take that as terminal leave and enjoyed my last two months of service playing World of Warcraft: The Burning Crusade but it highlights that I really wasn’t taking time for myself. As we get older there are more and more stresses added to our life and career. Starting a family or having family members to take care of takes it’s toll. As we advance in our careers we get better at what we do and gain wisdom from our experiences but new problems like politics and health problems start to creep into our world. It’s more important than ever to make sure we are taking breaks to ensure we’re performing at our best.

This blog post first appear on Exploring Information Security.

In Experiences, Advice Tags taking a break, Career, advice
Comment
Photo by Hunters Race on Unsplash

Photo by Hunters Race on Unsplash

Management is a shift in mindset

April 23, 2019

If you ever go into management in the infosec field (or really any field) get ready for a huge shift in mindset.

Finishing the Exploring Information Security podcasts was a great decision for me. I would love to still be doing it, however, it’s just not valuable for me as a manager right now. I am no longer thinking about the latest happenings in infosec. I am still paying attention to what’s going. It’s just that my performance is largely reliant on the people that report to me. That means managing workloads, removing blockers, providing feedback, making decisions, and metrics.

It’s been a shift for me, even though I knew it was coming. I have to delegate or else I get to caught in the day-to-day operations. It’s not efficient for me as a manager. I’ve seen others get promoted into management and struggle. Largely because they still wanted to do the technical things and get paid as a manager. That’s just not possible based on the role. I’ve always wanted to go into management. I find the challenge in how do I get the most of the people that report to me. How do you make someone as productive as possible.

Oh, it’s also about politics. If you can’t, “play” the political game you will struggle as a manager. To get things done as security professionals requires building relationships with other departments. We in security have a big stick. Using that stick to get things done has the effect of making people not like you. Instead I like to build relationships using the techniques of social engineering. It’s much more effective and people tend to like you afterwards.

A resource that helped me prepare for a management role is Manager Tools. It’s a great tool for figuring out how to be an effective management. They’ve been around for several years with lots of topics to dive into. Even if you’re not interested in management they have the Career Tools podcast, which focuses on career advice. There’s resume, interviewing, how to ask for a raise, and much more. The hosts are very direct and to the points, which will rub some people the wrong way. They have data to back up their recommendations, though. I can confirm that using their techniques has helped me shift into management and become a better professional. The most beneficial being how to write a resume and interviewing.

Prior to listening to the Career Tools podcast, I struggled writing resumes and interview. This despite going to seminars and reading books on how to do both. At one point it took me 15 months to find a new opportunity. After listening to the podcast I increased my job offers dramatically and eventually found my current opportunity that I hope to retire from.

I’m hoping to document my experiences in future blog posts. While I’m not as focused on the technical infosec things, maybe I can contribute from the career advice of things.

this blog post first appear on Exploring Information Security

In Experiences Tags Career, Resources
Comment
img_3063.jpg

Pen and paper are your most important tools in IT

August 30, 2018

I put out a tweet earlier today that seems to have resonated with people.

Pro tip for those in a junior IT position: Have a notepad and pen ready for notes during meetings and when someone is showing you how to do something.

— Timothy De Block (@TimothyDeBlock) August 30, 2018

The tweet was a result from a conversation I had with someone in IT. They were asking me about a decision made in a meeting they were not only in, but also setup. I was a little flabbergasted that he was asking me about what decision was made. "You didn't take notes?" was my first thought.

One of the best (if not the best) tips I've been given in IT, is to bring pen and paper. The idea being to write down instructions or jot ideas or action items or decisions in meetings.

Many years ago, shortly after landing my network administrator gig, I was being shown how to administer one of the many tools we have. As we started going through the tool, the senior in the room asked me why I didn't have a pen and paper. I didn't have an answer. I was then asked how I was expected to remember the instructions. Since then I've gone through hundreds of notebooks. At one point I had them categorized between instructions, troubleshooting, investigations, and a variety of other topics. I don't think there's a true way to take notes. Whatever is found to be the most effective.

For me, it's about step-by-step instructions, follow-up questions, and action items. For follow-up questions, I circle them so I need to go back. For action items, I use a rectangle. Step-by-step instructions are transferred to our documentation repository. Everything else is for remembering context or decisions later.

I take a notepad and two pens to every meeting. I leave my laptop at my desk unless I need to run a meeting. This is two-fold. I don't want to be distracted by the computer and writing things down is more effective for memory retention than typing. I bring two pens in case someone forgot their pen (makes a good impression) or one of mine explodes or stops working.

It's one of the most effective things you can do on a daily basis. If you want to dive into why it's important I recommend Career Tools A Notebook And A Pen episode. They also have several other's on how to take notes. It's what helped me refine my approach.

 This blog post first appear on Exploring Information Security

In Experiences Tags Career, Work Habits, Pro Tips
Comment
BSides Augusta 2015

BSides Augusta 2015

The 7 Habits of Highly Effective People

February 10, 2016

I just finished the book The 7 Habits of Highly Effective People by Stephen R. Covey. What a fantastic book. I've heard of the book before but never took the time to actually read through the 380 pages or so. The book really helped me reflect and understand what I'm doing right and what I can approve upon in life.

The book deals in seven habits that fit into three different different areas of our live. Being proactive, beginning with the end in mind, and first things first fit into our independence. Essentially, what we can control in our own life. Then thinking about win-win, seeking to understand, and synergizing all fit into the interdependence of building relationships. Finally, there's sharpening the saw in the continuous improvement section. The final habit has four personal areas of renewal: physical, spiritual, mental, and social/emotional.

As I read through the book here are some of quotes that resonated with me:

Really seeking to understand another person is probably one of the most important deposits you can make, and it is the key to every other deposit. You simply don't know what constitutes a deposit to another person until you understand that individual

I've seen success with this approach in implementing security.

Integrity also means avoiding any communication that is deceptive, full of guile, or beneath the dignity of people. "A lie is any communication with intent to deceive," according to one definition of the world. Whether we communicate with words or behavior, if we have integrity, our intent cannot be to deceive.

I have a pair of sunglasses that I had etched with the word "integrity." It's a word that I've always believed in and try to practice in my daily life.

So I recommend reading literature, such as the inspiring biography of Anwar Sadat, In Search of Identity, and seeing movies like Chariot of Fire or plays like Les Misérables that exposes you to models of Win/Win.

Win/Win is something that I've practiced before but never realized I was actually doing it. Win/Lose, Lose/Win, and Lose/Lose are the other variations that I've practiced and never realized. I intend to continue to study Win/Win scenarios and applying it more in my daily life.

Apparent learner disability was nothing more or less than teacher inflexibility.

I've always wanted to teach. I thought it would be High School history or something, but now I realize teaching is something we do daily with the people we interact with. As teachers we need to find more creative and interesting ways to get our message or teachings across. If students aren't picking up on it, that's on us. Not them.

Final thoughts

One of the things I loved about this book is that Covey focused on some of his own failings. In self-help books, authors often focus on successes in implementing self-help advice or strategies. Which of course makes trying to apply those practices frustrating when they fail. Reading about the failures and the lessons learned from helped me to understand that application will take time and that it's a continuous process.

This post first appeared on Exploring Information Security.

In Media Tags Books, Career, Self-help
Comment

Latest PoDCASTS

Featured
Jul 15, 2025
[RERELEASE] What are BEC attacks?
Jul 15, 2025
Jul 15, 2025
Jul 8, 2025
[RERELEASE] How to crack passwords
Jul 8, 2025
Jul 8, 2025
Jul 2, 2025
[RERELEASE] How to find vulnerabilites
Jul 2, 2025
Jul 2, 2025
Jun 24, 2025
[RERELEASE] What is data driven security?
Jun 24, 2025
Jun 24, 2025
Jun 17, 2025
[RERELEASE] What is a CISSP?
Jun 17, 2025
Jun 17, 2025
Jun 10, 2025
[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security
Jun 10, 2025
Jun 10, 2025
Jun 4, 2025
How to Perform Incident Response and Forensics on Drones with Wayne Burke
Jun 4, 2025
Jun 4, 2025
Jun 3, 2025
That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet
Jun 3, 2025
Jun 3, 2025
May 28, 2025
when machines take over the world with Jeff Man
May 28, 2025
May 28, 2025
May 20, 2025
How to Disconnect From Cybersecurity
May 20, 2025
May 20, 2025

Powered by Squarespace