What have I been doing?

Posted on by

Call me lazy – it’s been a while since I’ve maintained this site, nor arguably even formed thoughts fit for placement on screen with WordPress. Almost as if the effort involved in so doing should vary in some way inversely with my motivation. Not, yet … In fleshly life I haven’t been fully dormant.

Summer 2013 wafted me along in a warm breeze. During the excitement of preparations for the 3rd National Heirloom Expo, I received an offer I couldn’t refuse: learning some .NET web application and T-SQL backend programming, and helping out with a data migration effort. That project lasted 8 months in the company of some truly fine people. The work itself was as fun and interesting as any I’ve found; the abstract art on the walls there is, I trust, still fantabulous. I continued to contribute a bit with the Expo as well, editing content up through opening day in early September.

I kept up occasional work for existing clients, into Summer 2014. That’s when health concerns arose in crescendo. Wrapped boxes were adorned with bows; those unwrapped or not filled were passed along to other hands. I took it easy at home, doing nearly nothing for several weeks. I began feeling better slowly, seeking some light-duty occupation that could profit without leaving me worn and winded.

Ever a techno-dilettante perceiving the internet as hinting some salutary premise of eventual growing-up-to-be, I perused tutorials on topics I’d earlier found interesting but resembling unpaid work in their deeper consideration. Dimly aware that watershed moments may bear cruel significance – doers and dreamers struck by Determination’s parting might – I geared up my desktop for … well, doing something.

Unfinished course materials of A+ and CCNA tracks were among the many boxes of books I’d hoarded for years. Somewhat newer and unopened was a complete set of Cisco network security training manuals. I ignored those, along with dozens of awesome, expensive, mostly half-read books I’d collected while attending school. I browsed. I dabbled in data science, some web technology stacks and frameworks, topics relating to cryptography and information security. I was wary of cryptography. I hadn’t taken number theory in college, due to scheduling conflicts. I’d suffered gruesome humiliation in upper division linear algebra. As a math major, I was a Chihuahua attempting to mate with a Great Dane. The torment of this for me was compounded by the thrilling, haunting, siren beauty of abstract algebra, real analysis, topology …

I decided to apply myself to a sequence of structured tutorials organized by University of Maryland Cybersecurity Center. Not only was I attracted by the format and syllabus, but there were some coincidental associations from my earlier life. As an at-risk youth and aspiring high-school dropout contemptuous of all ambition, I lived with my family in Glen Burnie for a time. My father dragged me along to explore the campus at College Park. That day I added ivy to my contempt-list.

Not many years later, I was serving as a recon Marine stationed at a remote beach on the western coast of Okinawa. I found that I had some time to take a college course that met at a base some 20 kilometers south – University of Maryland, Far East Division. The course was “Introduction to Philosophy”. That experience has not ended. It slowly – during and afterward – transformed and shaped my view of the world, perhaps in a direction of increasing stability and confidence. Upon reflection, I now feel it’s remarkable that such an institution, to whose distinction I’d never have aspired, would reach so far to offer someone like me, at that moment in my life, something so valuable.

I began the Cybersecurity sequence in September, with its introductory module on Usable Security. Technology users may feel that security is an enemy of “user-friendly” operation. When security is not a feature added on, but is a fundamental concern of user-involved design, the usability and security characteristics of a product or service become unified with its functionality. In many real-world instances, security and usability are implemented as precisely the same characteristics or features.

Software Security introduced me to common attack surfaces and countermeasures; principles like Favor Simplicity, Trust With Reluctance, Defense In Depth; practices of secure design, coding, and verification. This was an amazing experience that included valuable hands-on work with virtual machine setups, “real” exploits, static analysis, penetration testing, and more. Too much paranoia, it turns out, is rarely enough.

Hardware Security focuses on vulnerabilities and countermeasures in digital VLSI design, fabrication, and testing. The “Made In USA” paradigm of the late 20th century is history. In its place, a complex yet surprisingly manageable system of in-house design and testing couples with outsourcing of mostly everything else involved. Even design tools can be untrusted but used to good effect, if certain sound practices are in place. “Spy vs. Spy” is not just coming to your living room – it’s been there. At this moment, I’m working on the 6th of 6 units in this module.

The Cryptography module can be started before or after Hardware Security. I saved it for last. It’s Math. As with Hardware Security, the instructional designer literally wrote the book in this academic field.

After the regular modules are completed, there is another module called Capstone Project. From what I gather, it’s a massively cooperative “cradle to landfill” paradigm for product design, development and manufacture, with all aspects of security baked in early. Looking forward to that!

This brings me up to today. I’ve moved about 5 blocks from where I lived for over a decade. That was a one-bedroom apartment; this is a large house shared with friends. We’re starting an organic garden. I’m excited about that and more!