Posts

Joining AWS!

I've decided to accept a position as a Cloud Infrastructure Architect at AWS Professional Services! This next week will be my last at Citi. I'm excited to start the new gig, but sad to leave the friends I've made.  It's weird, since I always take an opportunity with the assumption that I'll work on it until I feel it's reached it's logical conclusion, and I can no longer contribute the same amount of value. But this time it's bittersweet; I know how much more I had to give at Citi. There are a ton of projects (almost endless) that I would have enjoyed. In my short tenure at Citi, I accomplished a good amount, but nowhere near what I expected when I started. But sometimes, the pull of another opportunity is too strong. I couldn't turn down the chance to work inside the same (metaphorical) building as the product teams for AWS. After spending the last year building guardrails and incident response tools in AWS, I can see the clear benefit to having the...

Don't keep your value a secret

      It wasn't too long ago that I started at Citi. Now, just a few months in, I'm on the other side of things, recruiting and interviewing for open spots on my team. Since this is the first time I've had real influence on the hiring process, I'm just now seeing how candidates present themselves.     Technology recruiting is weird. Both sides of it try to express what they're really looking for, but it ends up in a state of ambiguity. Job descriptions with a nauseating laundry list of technology acronyms and jargon compel the creation of resumes with a similarly long list. And resumes that have stuff like "used AWS S3, EC2, STS, RDS" don't give me much information about what you really do, or the value you bring.     It seems to be a problem in IT and technology in general. A lot of emerging technologies or even small changes don't clearly articulate their value. The same issues seem to plague a lot of technical resumes. I can decipher what tools ...

5 Tips to Lose Less Betting Sports

    I think we all love betting sports. Maybe that's an exaggeration, but if baseball is America's pastime and football is a religion, sports wagering is the glue that holds it all together. And of course, we all want to win when we bet sports.     This post is written with the assumption that you understand how American odds work, the concept of vig/juice, and the basic kinds of bets available in most sportsbooks. I plan to have a later blog post detailing how to calculate some useful values, but we aren't there yet.     I can't tell you how to win. Especially in the major sports. NFL/NBA/MLB markets are pretty efficient. But there are some simple steps you can take to give yourself a fighting chance. 1. Take advantage of sign up bonuses and promotions     Almost every retail sportsbook (and some sharp ones too) offer a big bonus for signing up. It's a good bet for them that you'll lose it back. Most of these offers require some form of rollover ...

My Vaccine Experience

      Two days ago, I got my second shot of the Pfizer Covid vaccine. So, how did a healthy 27 year old who works from home get the vaccine so early? Well, back in August, I signed up for the Phase 3 clinical trial, knowing there was a risk of potential harm, but also feeling optimistic about the published results from the Phase 1/2 trials. I got my first trial shot in September, with the second in early October.     Shortly after the vaccine was granted an EUA, I got a call offering to unblind my participation to determine if I was given the placebo vaccine or the real one. Of course I accepted, but I was 99% sure I got placebo after having no side effects from the first two shots (not even a sore arm). Sure enough, a few days later, they called me to let me know I received the placebo and schedule a time to come back and get the real vaccine.     My first shot left me with a sore arm, but little other side effects. Maybe some fatigue, but it's hard t...

Should I call myself a developer?

      One of my coworkers today, when asked if he had a lot of Python experience, hesitated and said "well, I'm not really a developer like you guys, but I've written a lot of Python." I thought this was interesting; I'd seen his work, and I would definitely vouch for it's quality. Not everything is state of the art best practice code, but his work is well thought out and it works.  Definitely one of the sharper guys I've gotten to work with in my relatively short career. But his answer managed to describe exactly how I feel about calling myself a developer, or saying I "know" a language. Because I know what he's saying- "yeah sure, I program as part of my job, I'm good with computers... but I know there's a lot I don't know."     I've never felt comfortable describing myself as a developer because it feels like there's an endless well of stuff I haven't learned yet. I don't know sorting algorithms, I...

2020: A (Tough) Year in Review

       It's become a cliché now: 2020 sucks, worst year ever, whatever. And I definitely didn't escape unscathed. But through it all, we (you know, Stef, June and me) became wiser as a result. I think we'll probably spend the rest of our lives laughing (and crying) about this year. We've been incredibly lucky though, and I'm thankful for that. However, this blog post is going to be pretty negative at times, and that's just honesty. It's been a tough year for us, and it would be disingenuous to act otherwise.     January and February were characterized by a growing stress and excitement about our April wedding. I also agreed to take point on almost everything endpoint security policy/compliance related at USAA, which turned out to be less fun and much more arduous than expected.     And then March hit- Stef said in late December 2019 that the novel coronavirus would ruin our wedding. Not gonna lie, I thought she was being a little overdramatic. You...

COVID is weakening your security posture

 It started out innocuous enough- one of your employees was scheduled to go to a conference in late March, but due to the pandemic the whole thing was moved online. Instead of in a convention center, the conference is being hosted on an online meeting/webinar hosting site, that prior to 2020 was a footnote on the bottom of an article about collaboration tools.  The day the conference started, you (in your infosec role) get a call that "Security" is blocking it. So you dig into it, and the site needs to open some web sockets and for whatever reason, some of your security controls are breaking it. No big deal, you want to help enable your customers, so you go ahead and disable the rules for this domain, maybe even temporarily if the whole thing seems a bit sketchy.  Now, that's not a big deal. Not really anyway. It probably won't be the threat vector that sinks your organization. Until you repeat this process on a near daily basis for the next 7 months. Some vendors don...