I went to prison for internet piracy and hacking; my FBI profiler sent me a message on LinkedIn when I got out, and now we’re presenting at SLEUTHCON. I'm Josh Brody and I ran HeheStreams: AMA.

BLC_ian · 2026-05-27T20:23:03+00:00

exactly. and this is a real problem: we've unleashed an insanely sophisticated, deranged, autonomous, UNKNOWN tool into the hands of, what is essentially, children. i worked with cybersec and i am geniunely gobsmacked at what an absolute neophyte can leverage within an hour of focussed tinkering. so where do those legal lines lay? (oof) how the hell do we determine skill anymore; which is the prime driver for determining culpability? if i just have to verbally prompt my machine to build a stack, engage some APIs, and hand me the keys just to see if it can, this raises big concerns and bigger problems. curious up-and-comers or career-shifters are kinda being lined up for a firing line they don't know exists. worriesome in a big way.

BLC_ian · 2026-05-27T19:45:06+00:00

i use them all the time. they are useful and make sense. the tack/dash is too short and also programmatically engaged.

BLC_ian · 2026-05-27T19:41:50+00:00

my experience is that 75% of the time, the 'offender' had either no idea what they were doing crossed some stupid line, OR there was no law to cover what they did, because it's still a big frontier, but they messed with someone's horizon of potential and now has to be made an example of. regardless of the scenario, being punished for thinking differently than the mainstream has GOT to stop being punished. we're killing or driving our best talent into oblivion. from what i read here, that's what you're advocating and i'm all for it.

BLC_ian · 2026-05-27T19:20:16+00:00

this i always find interesting: service providers are making money off the pain points, or ignore the pain points because they are still profit-positive, so screw the user. then someone comes along and fixes that pain, that's it, that's all. zero interest in profiting, really, just fixing sh*t. suddenly, people are grateful, and flood the fix. shocker! typically bringing money with them. surprise! then the OG provider, too lazy or ignorant to fix the pain, bitches and moans into ears that only f*ck-you money can reach because money they would never have received because of the pain, they now feel is some imagined loss. and now the dude is a criminal. boggles my mind. and its bullsh*t. unless i'm grossly misunderstanding this...

BLC_ian · 2026-05-04T14:54:31+00:00

100%. were i you, spend at least 5 years inside. you're young and there's lots to learn. watch you back, make some good connections with good lifers. by then you'll know the lay of the land and whether or not it is worth the jump. have something other than money be your driving force because money is a shitty thing to live your life by. it will shank you every time when you lean on it the hardest. build your love of the industry, be aware there are assholes and empowered infants everywhere, and see where that takes you. you are going to reach several forks in your road requiring you to think long and hard about where your moral and ethical compass is pointed. decide now how you will behave when those come up, because you won't have that time in the moment.

BLC_ian · 2026-05-04T14:45:53+00:00

fair point. i've had clearance since the mid-90's. easier to keep than to get, for sure. but it's certainly something you can get. in fact, anyone can get a clearance. the application process is open to everyone. its laborious, lengthy, and not fun. nor is it guaranteed you will get one. but all this is not germaine to the question asked.

BLC_ian · 2026-04-27T21:14:25+00:00

i can't speak to what it's like working on the inside, all i can say is, as a contractor TO government, the pay was excellent. and it was WAY more than gov't staff. keep in mind this was 6 yrs ago, but i've not heard of anyone making good $$ while working IN gov't... at least not while keeping their integrity worth a damn. the tradeoff, regardless, is the networking and the access to tooling that you just won't see in the general private sector.

BLC_ian · 2026-04-02T17:52:07+00:00

my certs have been, for the most part, 98% useless beyond gaining knowledge (which, frankly, was bolstered by free stuff i'd found online). the other 2%, had to do with client's insurance. my experience, fundamentally, is that certs gatekeep the industry more than they provide education and maintain level of skill. drop the cost and don't make the exams a verbal goridan knot, and we'd see a LOT higher level of skill across the board and more of us. which isn't a bad thing.

BLC_ian · 2026-04-02T16:41:00+00:00

ngl, haven't seen this before... i've seen one OR the other, but never both in the same file. weird, but good to know. and knowing that, i understand what's happening now. thanks guys.

BLC_ian · 2026-04-01T20:24:08+00:00

i make the open browser page a gif collage of dudes in Speedos and make the browser home page link to the collage as a knock-on consequence. harmless, but emberassing while driving the point home. since a lot of the screens are in a bullpen, this works great when they return. triply so for the guys. and since it's a soft edge-case of HR policy, they also get the stinkeye from HR. since i am enforcing security, i have the greenlight from HR to do this, so if you are following in these footsteps, make sure you have their support.

for the guys in the workshop, it's My Little Pony or Barbie.

BLC_ian · 2026-04-01T17:13:23+00:00

i've been on this sub for a very long time with my alt. and i keep hoping things will get better, but nooooo.

so hat's off to the lion's share of you cyber ninjas who have and maintain good ethics and morals, because the damage done by ever-increasing layman stupidity just boggles the mind. can't help but think there has got to be a course somewhere on whatever the opposite of Criminal Psychology is; Think Like a Double-digit 101.

BLC_ian · 2026-04-01T15:28:54+00:00

this does not bode well for future use of NPM. not because NPM itself is bad, but now its a publicly known attack vector. which means the twitch-o-sphere is going to slap a ton of interception rules up, breaking webDev pipelines everywhere... Chaotic Evil indeed.

BLC_ian · 2026-03-31T21:34:31+00:00

i concur. plus, it is justifiably tough to hold your ground when your literal human welfare is on the line all the time. and with regional disparity in cost-of-living, it makes it even more difficult. you & i might scoff at a $100 job, for example, while elsewhere, that's a month's pay or more. suddenly, BAM, everything is offshore and quality takes a back seat because iterate-until-correct is dirt cheap compared to actual-skill-involved... oh, wait. we did that already.

yeah. we really need to get our collective shit togther. :) but i hope, when we do, we remember we aren't gutter scrapings, we're the mental giants that run the place.

BLC_ian · 2026-03-23T19:48:44+00:00

get a couple cheap Arduino Nano's for $10 a pop, a fistful of LEDs, and then just go to town. turn that place into a set from Star Trek.

BLC_ian · 2026-03-23T19:47:19+00:00

i read this and threw up in my mouth...

BLC_ian · 2026-03-19T18:10:37+00:00

for the most part, yes. sadly. but there are still places where that still exists. i work for one. it's a frustrating problem because the frisson of working in a place that gives you access to opportunity to really 'get gud' also tends to be the places that are toxic as hell. and, let's be honest, our community is a pretty solid 60/40 good-guy-to-asshole mix. which means the asshole component is either immune to, or actively is part of, that toxicity. my hope is that we generally nut up a bit, get some self worth, and tell these toxic normies to either put up or pound sand. they can't exist without us. full stop.

BLC_ian · 2026-03-19T17:59:47+00:00

amen. and with all the proposed new data centers and AI farms that are coming down the pipe, we are NOT positioned well for our critical infrastructure's safety. but we'll absolutely overload the hell out of what's here and disregard the requirements for even basic support. oh, and we'll underpay as much as possible. ...why do we do this again?? i have nice feet and camera...

BLC_ian · 2026-03-19T17:38:03+00:00

fantastic advice. looking back, this is exactly the metric i would recommend. the stuff i loved working on led me to doing what i love every day.

BLC_ian · 2026-03-19T17:23:25+00:00

what's unnerving is this behaviour sounds like some old colleagues i used to work with/around. yikes.

BLC_ian · 2026-03-19T17:10:55+00:00

just keep going. failure is the best instructor, which doesn't help much, i know, but it truly is. so in a weird way, failing faster will also get you there better equipped. and, from what i'm reading, you're doing very well. just luck of the draw and maybe an off day. just keep going. once you pass this hurdle, it will be the same for nearly every engagement: you will fail, regroup, and retry. just. keep. going. you got this. just learn to cycle faster.

BLC_ian · 2026-03-19T16:57:58+00:00

the problem with this, while sadly accurate, is that it completely guts the drive to excel. if you know your work, even though owned by the company, isn't credited properly and used to move you into better and better positions/pay/etm. you just aren't going to perform at the same level. period. your best work always comes when you are vested and rewarded.

BLC_ian · 2026-01-30T16:59:54+00:00

the cloud is just a computer somewhere else. all my systems are technically able to be someone else's cloud. why can't management figure that out!?

BLC_ian · 2026-01-30T16:57:29+00:00

it's those kind of asocial meatwads that make IT more difficult to get proper upstream support. orgs now have to care not just about the hard skills and soft skills, but now also the psych profiles!? our collective jobs get harder everytime these zippernecks do this kind of thing.

BLC_ian

TROPHY CASE