Not long ago I did one of those “Strengths Finder” assessments put out by the folks at gallupstrengthscenter.com. At the top of my “strengths” list was the designation “Learner”. It essentially confirmed what I already almost knew — that I enjoy learning or getting to a point of understanding on a variety of topics.
Recently a colleague at work recommended that I consider taking at look at the 2600 Magazine. So I did. I read the Kindle version of the most recent edition. What I really enjoy about reading the Hacker Quarterly is that it is filled with articles written by people who love to learn and understand things, specifically related to computers and technology.
Also, as someone who works in cyber security, it is exceedingly helpful for me to understand the types of vulnerabilities that are written about in Hacker Quarterly articles. For example, I read an article by an individual who was able to ‘investigate’ a very larger number of routers in Malaysia. Initially, he had resource constraints, but discovered that by using a Spot Instance at AWS he could considerably broaden his reach at a very low cost: ten dollars. I’ll be seeking to understand these AWS Spot Instances and the impact they may have on the security of organizations in the future.
By and large the spirit of the “Hacker Quarterly” is centered around learning and understanding. And the culture of the group is such that criminal activity is frowned upon, though they do skirt the edges of legality from time to time. To have a window into this world is marvelous. I’m now reading through a whole ‘digest’ of issues from the past year. And if you’re a “Learner” like me, I suggest you do the same. Here’s their website: https://www.2600.com/
This morning I read an article in the Economist magazine January 12, 2019 edition titled, “Shopping for a Caesarean”. This article summarizes the challenges that we face in the US around pricing for medical procedures. The true cost of medical procedures is lost in reams of arbitrary pricing algorithms.
In an era of “big data” convoluted pricing presents a great irony. We have data that corresponds to nearly every other facet of our lives. This data helps businesses predict consumer behavior in order to market the right product to consumers at the right time.
In the health care industry, hospitals don’t have to predict consumer needs. Rather, consumers will purchase a procedure when they are sick and/or under “duress” (the word used in the Economist article). They aren’t likely to shop around. This “duress” allows hospitals to use creative pricing, make deals with insurers, and do all sorts of tricks that conceal the true cost of healthcare.
The Economist article argues that price transparency is the first step, but that it won’t solve the problem because of the “duress” faced by those in need of care. What is needed is a big picture look at pricing for all of us to see when we are not in duress. This way we can identify who exactly is benefiting from these gross inefficiencies. We need “big data” for the masses. We need “big data” that will improve the standard of living for average folks just like we have “big data” that helps businesses market products. However, as long as the medical industry profits greatly from hidden pricing algorithms, they have little incentive to share their secrets and drive more efficiency into the marketplace.
Originally, this lack of transparency was probably not intentional, but now that it generates so much profit for the healthcare industry there is very little incentive to do anything about it. We need more than transparency around pricing for each procedure; we need “big data” algorithms that will allow us to untangle our current pricing mess.
Perpetual learning is paramount for folks in any profession, but I’ve found that for individuals who work in cyber security it is absolutely critical. A significant part of the work I do involves knowing what risks lurk both in the wild (and internally) that can stand in the way of an organization’s future success. Staying up with these risks, mitigation techniques, and controls is vital.
There are all types of learning that help new concepts find a home in my brain. One comprehensive learning experience that I recommend for anyone in cyber security is an event put out each year by SANS, which is an organization that trains cyber security professionals. The event is called the SANS Holiday Hack Challenge.
This year 9-year-old son helped me in ways that blew my mind. His little mind went after small details that I thought were insignificant that turned out to be a pretty big deal. He was very excited by what he was able to uncover…and so was I.
The SANS Holiday Hack challenge introduces cyber security professionals and pen-testers to new technologies and opens their minds to risks and mitigation techniques that they had not previously considered. I greatly enjoy their ‘terminal challenges’ which provide hints toward solving objectives. Never before had I decrypted http2 traffic using Wireshark and SSL keys. So awesome! Here’s the link for this years’ challenge which has been a wild ride for me, to say the least: https://www.holidayhackchallenge.com/2018/.
Stop in and poke around. Solve a terminal challenge or two then put it on your holiday to-do list for next year. You won’t regret it!
For Christmas we got our son an Arduino Uno starter kit. It’s not officially and Arduino, though. The hardware specifications are the same, but it is made by a company called Elegoo. What we purchased was the “Complete Starter Kit”. I highly recommend it. So far we’ve made prototypes for the following: 1) blinking LED lights, 2) joystick controlling a servo motor, and 3) an ultrasonic sensor that tells us how far objects are from it. There have been a few other things, but those are what come to mind as I write.
Besides being extremely fun an interesting, these prototypes foster a new understanding about all the electronic things we use and how they may be wired. We could have gotten a kit for a robot or a remote controlled car, but testing out a range of sensors seems to broaden our view of what’s possible. If we decide on a full project, we’ll have a much better idea of what we’ll need and whether it will work.
Also, as a side note, since I’m using my Chromebook for these project I’m not using a locally installed IDE. Instead, I’m paying $1 a month to use the cloud service provided by Arduino for building sketches. So far it has worked flawlessly. Though ChromeOS does have a linux sandbox now. I’m going to see if I can install it that way, too.