JerryGamblin.com.

What is your time worth? 

That is the question that started my lunch with a mentor last week. I thought for a second and did some quick math and then pulled $300 an hour number out of the air.  He laughed and gave me these two quotes:

The price of anything is the amount of life you exchange for it.
– Henry David Thoreau

“My favorite things in life don’t cost any money. It’s really clear that the most precious resource we all have is time.”
– Steve Jobs

He went on to explain “If You Can’t Measure It, You Can’t Improve It“ (a running topic in our conversations).  So I sat down this weekend to figure out what my time is worth.

With the help of this life expectancy calculator I found out that I have 47 years of life left.   Using a date duration calculator that is 17,176 days (or 412,244 hours).  That makes every hour 0.0002% of my life. 

So here are some basic break downs:

Work:
A 40 hour work week is .008% of my life.
A work year is .416% of my life. 
A 5 day business trip is .024% of my life.
20 more years of work is 8.320% of my life. 

Sleep:
9 hours of sleep is 0.001% of my life.
A year of sleep is 0.655% of my life.
Sleep will take up 30.790% of the rest of my life. 

Miscellaneous: 
Watching a season of a TV show would be 0.005% of my life. 
Watching 10 football games a year would 0.006% of my life. 
Hitting the gym 5 hours a week would be 0.047% of my life.
Taking my son to swim lessons would be 0.020% of my life. 

The numbers are interesting but the more important lesson for me is to realize and treat my time like a valuable non-renewable commodity.  I need to give it freely to my family and friends while using it wisely for professional purposes and guarding it from time sinks.

What is your time worth?

Information Security is an occupation filled with professional cynics, curmudgeons and defeatist who are often proud of that role and at the same time do not understand while they are not included in decision making in their companies. 

I think some security professionals think that Mordac is a role model:

A mentor of mine who is a CISO for a large organization has this quote hanging in his office: 

Successful people find a solution for every problem and unsuccessful people find a problem in every solution. 

We ended up having a fairly long discussion around this quote and he walked me through his basic rules of saying no.

Never Say “No” when you mean “I don’t know”.
If you are in a place to help make a decision an acceptable answer is always “I don’t know, I need to think about it”.   If it isn’t you aren’t being asked you are being told what is going to happen.

No isn’t a solution. 
You are being paid to provide solutions to help your company become more secure. Saying no makes other employees find reasons to work around you. No one wants to be insecure they just want to be productive. 

Saying “No” make you a target.
Saying no means you are not helping. You are leaving someone else without a solution for their problem and giving them someone to blame.

Say No.

Sometimes there isn’t a good solution to a problem an you just have to tell people no.  You are now not acting as a problem solver but as a sanity check. If you get too many of these types of questions it probably time to brush up your resume. 

Using the time-lapse feature in iOS8 to capture some quick snow shoveling. 

Today is “Safer Internet Day” and I couldn’t let such an amazing made up holiday go by without giving you some of my favorite personal security
tips. 

Enable Two Factor Authentication.
Google, Facebook, Twitter and hopefully your bank all offer two
factor authentication.  Enabling it adds an extra layer of security to
help protect your accounts. 

Be Smarter About Your Passwords.
A personal password manager (I like LastPass) is a must.  They help ensure you have
amazingly complex and basically uncrackable passwords and helps you to not
commit the security sin of password reuse.

If you dont use a password manager you should follow the 3 basic rules of good passwords: 

15 characters or more. 
Mixture of uppercase, lowercase and special characters. 
Unique for each site you visit. 

Change Your Passwords Often.
No matter how complex your password is it is necessary to change it
regularly. I suggest changing all your passwords at least two
times a year.

“If it isn’t documented it cant be a procedure” is what I told a coworker in the meeting before I went to have lunch with a mentor I have had since I was in high school.  

Today he shared with me his completed “Mission, Roles and Goals” worksheet.  I was impressed with his and I was a little embarrassed that I hadn’t spent the necessary time to write down my personal mission statement or goals. 

I will be spending the time to do so tonight but I wanted to share with you the outline he used in hope that you might spend the time to do so also: 

MRG Worksheet Blank.pptx
MRG Worksheet Blank.pdf

How long have you done your job?  
How much does that experience mean to your career?

I saw this old Dilbert comic this week and it reminded me that I have been doing network security for about 20 years and cut my teeth securing NT 4 and NetWare servers. 

I know that if I don’t make a concerted effort to stop experience blindness I quickly become the old guy in the comic.  

To do this I try to do the following things:

I read. 
I read /netsec, twitter, Russian hacker blogs, linkedin, mailing lists, white papers, bathroom stalls and anything else I can find about information security. 

I go to conferences and skip the keynotes. 
90% of the conferences I attend have keynotes given by people who make (part) of their living giving keynotes at conferences.  I have heard what they have said, bought their books and dont need to see the same talk they gave last year with new pictures.  I want to be in the room of the kid who has never spoke at a conference before and is likely to throw up and then give the best talk at the conference. 

I make friends with new people in security.
If you are new in the security industry I want to be hear your thoughts before someone who has been doing it as long as I have tells you that you are wrong and you need to be quite. 

I retool ever year. 
If it was up to me I would never sign a contract for a tool over a year in length.  I like to know that the tools I am using are the right tools.  I know people who spend a ridiculous amount of money on the wrong tools because it is easier to keep the tool they have then to go through the pain of retooling. 

What do you do to fight experience blindness?

If you didn’t have an account hacked in 2014 (you probably did) you will in 2015. 

Here are my best tips to help protect yourself online in 2015:

Enable Two Factor Authentication
One of the smartest things you can do to protect yourself online is to enable 2FA on all your accounts that offer it.  I wrote about how to enable it here.   

Be Smarter About Your Passwords
A Password manager (I like LastPass) is a must in 2015.  They help ensure you have amazingly complex and basically uncrackable passwords and helps you to not commit the security sin of password reuse.

Have Good Backups
Do you have good backups?  If someone stole your laptop how much stuff would you lose?

For about $200 you can buy all the tools you need to have great backups.

Buy a 1TB+ USB Drive for local backup (I like this WD Drive).
Signup for a Cloud backup service (I like Dropbox Pro).

Then you have to actually make sure you are backing up to the drive and syncing to the cloud for this to be a good strategy.  I have seen a lot of people buy a backup drive and then never back up to it.

Encrypt Your Important Files
You know those important files you have that you dont want anyone else to see? No, not those pictures… the PDFs of your tax returns… how are you protecting them?

You need to encrypt them (and those pictures) so that if someone does steal your computer they don’t have access.  There are a lot of tools both free (I like Ciphershed) and paid you can pick from and use. 

If you follow these 4 tips your information and accounts will be a lot safer in 2015.