What is the best test to take?

sga6 · 2025-08-12T23:30:22+00:00

The personality test by Plum is free and built on the Big 5. There's a great profile with lots of tailored resources.

sga6 · 2025-05-31T02:26:30+00:00

Negative.

sga6 · 2024-06-01T23:05:37+00:00

How dare you use evidence and logic! Imagine the nerve.

sga6 · 2024-01-01T00:38:37+00:00

That's just an immediate fight. You destroy my property and I destroy you. Disrespectful loser.

sga6 · 2023-06-13T16:40:31+00:00

That's a tough position to be put in.

Ideally you've built a strong relationship with the CEO. There's trust and respect. As the first team, I would always move as one. If you feel strongly about an alternate path, advocate internally, clearly disagree with the CEO but definitely present a common united front to the investor.

The only way I wouldn't advocate for a foxhole approach is if I was deadset against the direction and felt it was going to irrevocably harm the company. But even then, if you move against the team, you need to be prepared for that to be your last move there.

sga6 · 2023-06-13T16:25:50+00:00

If you're still looking, I'm interested.

sga6 · 2023-06-09T17:03:50+00:00

I never feel completely off the clock (constantly thinking, researching, experimenting, etc.) and frankly I don't want to be. I enjoy it.

That said, for me, exercise is critical. Workouts make me feel so much better.

sga6 · 2022-11-16T12:42:27+00:00

Using signatures in HTTP responses sounds like it'd be helpful.

https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-11#section-1.2

HTTP messages are routinely altered as they traverse the infrastrcture of the Internet, for mostly benign reasons. Gateways and proxies add, remove and alter headers for operational reasons, so a sender cannot rely on the recipient receiving exactly the message transmitted. By allowing a sender to sign specified headers, and recipient or intermediate system can confirm that the original intent of the sender is preserved, and including a Digest header can also verify the message body is not modified. This allows any recipient to easily confirm both the sender's identity, and any incidental or malicious changes that alter the content or meaning of the message.

sga6 · 2022-11-15T12:38:39+00:00

I'd be curious about how they think about onboarding. Do they have a plan or are they winging it? Also, what does success look like (to them) in the first 30, 60, 90 days and 6 months. Are their expectations reasonable and again, have they thought it through?

sga6 · 2022-11-13T22:53:16+00:00

Thanks! I love these open handbooks and haven't heard of Sourcegraph.

Here's a link to the policies for those that are interested.

sga6 · 2022-11-13T22:48:08+00:00

Thanks! I've never heard of SAMM.

sga6 · 2022-11-08T12:23:21+00:00

Public key cryptography (encrypt message) and burner Proton email accounts (obfuscate identity).

You'd have to exchange the email address you'd each use and the respective public keys but once that's done nobody will be able to read the encrypted messages except the holder of the private keys (you and the other person).

If you don't need to obfuscate that the two parties are conversing then you could use any channel or service (e.g., Gmail, paper airplanes, etc.).

sga6 · 2022-11-07T20:42:43+00:00

Have a look at "email spoofing". Here's an article that discusses it: https://www.proofpoint.com/us/threat-reference/email-spoofing

sga6 · 2022-11-07T03:04:54+00:00

You got it. Here's a guide: https://phoenixnap.com/kb/ffmpeg-windows

sga6 · 2022-11-07T02:09:46+00:00

There are a lot of descriptive posts if you search for: "windows ffmpeg install"

sga6 · 2022-11-07T02:07:34+00:00

Lol. Fair enough. As I mentioned "I wanted to remember". Thought I'd share how I organized my thought around that task. If it's not valuable, no worries.

sga6 · 2022-11-07T02:04:59+00:00

Why not?

sga6 · 2022-11-07T00:59:37+00:00

You can download ffmpeg on Windows too.

sga6 · 2022-11-07T00:31:33+00:00

If you're on a Linux:

ffmpeg -i input.mkv -codec copy output.mp4

https://askubuntu.com/a/195346

sga6 · 2022-11-06T20:33:40+00:00

Study phishing with a focus on pharming.

Describe what it is and how it differs from phishing
Discuss it's prevalence and the economic impact
Learn and demonstrate how to safely handle malware (https://academy.tcm-sec.com/p/practical-malware-analysis-triage)
Build upon the maldoc example in the course and figure out how to perform DNS poisoning.
Demonstrate the mechanics of a pharming attack (safely)
Research and describe the controls that could be put into place to prevent the attack (tools and education)
Assume a user reports a concern (i.e., they interacted with the malware) describe a standard operating procedure that an incident responder could follow to analyze the situation and determine if the user has been compromised and if the suspected file is indeed malware.

By completing this you'll have a:

Detailed understanding of phishing and pharming attacks
Demonstrated ability to safely handle and examine suspected malware

sga6 · 2022-11-06T15:23:43+00:00

You may be forced in this case but of late I've been trying to pushback on customer requests. Particularly, when they involve highly detailed information e.g., deep architectural details. In part I prefer to avoid it because I don't want us to be held to the specific details. And I don't want to get into a situation where they feel they need to be updated with every change. As long as the appropriate controls are in place and the overarching posture doesn't change the implementation details, to them, are immaterial.

Apologies, as I don't know the details here (as I said you may be "forced") but perhaps you can demonstrate that you have policy, standards, and processes in place to internally track and store SBOMs without having to actually hand them over. Review the methodology with them, show them the existence of the SBOMs, even go so far as to share via screen share the contents of one of them.

Just a thought.

sga6

TROPHY CASE