Thanks Interns! Three management lessons as temp workers transition


Businesses everywhere are seeing a large supply of cheap expendable labor depart as interns have headed back to school. Often the butt of jokes, undervalued interns are criticized for being inexperienced, undertrained, and very temporary. However, my personal experiences with interns have shown that they provide valuable contributions to the company if the manager is mindful of a few things.

The Interns value to the company

Interns provide the invaluable gift of work hours. Not free, but cheap. Interns are the most straightforward answer to getting items complete that you just need additional employees for tasks in some form of neglect. An influx on work hours can provide the momentum to push that project past the small hurdles and goals to something sustainable. With the right manager, a good intern can provide a fresh perspective and have a desire to complete their projects before they depart.

However, as with all cheap labor, there is often a trap of providing just additional “busy work” which can be spent or projects that just keep the interns producing something, anything besides just breathing. Instead of working efficiently they might be asked to continue a long drawn out procedure.

Equally wasteful, is putting interns on side-projects that are not important enough for your full-time employees. If it’s not important enough for a full-time employee, then my team is not doing it. It’s not going to be a burden for an intern.

In an unfortunate situation involving a bad intern, you can still get some value by pulling other work off your more productive employees. Don’t throw too much valuable time after the bad.

Management responsibilities to them

There are many diverse reasons why an intern would want to come and work with a company. Future career prospects, the type of work at a company, and hopefully the company’s reputation for running an excellent internship program but I never know what drove them until I ask them. It is one of the first things I should be asking when they show up.

What are they expecting and how can you help them get that.

On this latest batch, I mistakenly fell into the trap of being “too busy” and forgot to complete this step. While we were able to provide many learning experiences and let them provide tangible impact to the business, I might have been able to do a better job at aligning work with their interests if I had not slipped up.

Immediate feedback is also a key component. Professionals write scores about how feedback can be uncomfortable for both parties. I find keeping the tone straightforward and prompting leading questions for improvement helped us finish projects better. Also, the intern doesn’t revert just back to receive mode. These conversations should be modeled more like ping pong, both parties should be speaking.

I’m not the best at stepping back and allowing the process to occur. Often I just want to jump forward and drive. Like most people I know, we feel we are good at driving tasks, and we want to get there faster. However, when I allow myself to get trapped in directing instead of questioning, the results are not as good, I kill innovation, and underserve the intern by thinking for them.

I am also somewhat selfish about my interns succeeding in the program. These are people who have been vetted and groomed by the company and have a large potential for future growth. Having a good network of new up and comers is a future investment in myself and my career. One day, I will need either the intern or someone they know to help out with a project or idea.

The more knowledge and experience I provide to the trainees.
The more I support their pursuit of goals.
The more I will be able to draw from them in the future.

Management and Leadership Testbed

During my one on one sessions with employees upward mobility is a top concern. (If it is not you have other concerns). There is no question that the largest resume builders are high visibility pet projects of management and interns are a close 2nd. Interns allow my full-time employees that trial run in leadership.

The largest misconception about the military is being stuck with a Drill Sergeant barking and spitting in your face 24/7. That can’t be further from the truth. My Marine Corp “internship” was marching around with an infantry platoon. I saw that the marines were teaching leadership from the top officer to the lowest ranking enlisted. My manager was a lance corporal with two months experience making sure I didn’t mess up. He was the one grooming me. That decentralized leadership and autonomy being taught all the way to the ground is a core competitive advantage that both Sailors and Marines share.

In my biased opinion, you should follow this model.

While the military has a constant flow of people moving in and out on rotations, my corporate team doesn’t get that luxury. The more junior analysts do not have anyone to train or practice leadership with on a rotating basis.

Interns solve this.

Suddenly, there is a new, inexperienced team member ripe for training. The influx of temporary employees, allows a manager to put even those junior analysts, in a role that requires the management of the intern. It’s a fantastic testbed for your full-time employees to learn to teach. After all, the worst thing that could happen is the teaching of bad habits, which leave after summer! Even a complete failure, will inform an employee which of their leadership tools were more or less effective.

Ready for the next batch?

Sometimes interns are viewed as a bother, someone to babysit during the summer as you move through your typical workweek. Although I understand the concerns about their limited experience and short tenure, I have also grown to view them as an essential part of our growing and developing m team and would urge you to seek interns out the best you can.


My 3 favorite unofficial DefCon 25 badges

While DefCon has been known to have interesting conference badges, the 25th iteration had an unexpected explosion of intriguing unofficial electronic neck swag. The hunting for and gathering of coveted badges has become a new tradition and this year’s #badgelife built on that tradition. While unforeseen circumstances caused this year’s official badges to be rushed into production, attendees did have a nostalgic combination of throwback badges paying homage to conferences of the past. Fortunately, attendees had many choices to display custom badges that bling, communicate, and even fight from unofficial sources. Often these badges have secret competitions and groups to teach people how to deconstruct and find hidden achievements in their hardware. Although I was far from getting all of these unofficial badges at DefCon, there were three that caught my eye.

1. AND!XOR’s Bender badge

My favorite badge! Last year I fell in love with my little Bender badge after being a winner of the grand elevator rush of DC24. This year’s badge was a huge step up, and it features a full-color LCD screen, a host of LEDs and my favorite character from Futurama mixed with the cult classic Fear and Loathing in Las Vegas. This new badge was a huge step up from last year. The Bender badge has a host of unlocks available to get additional characters, screensavers and a wireless module to interact with other badge owners. They are also cross compatible with many other badges from the regional DefCon groups like DC801. If two compatible badges were near each other, they would flash each other’s logos back and forth between screens. How freaking cool!

A much more well-known feature on the badge was the “Botnet” which allowed badges to fight each other as you develop exploits, patch your badge’s services, and launch attacks. In particular, a successful attack would render the victim badge temporarily unusable as Clippy, BSOD, or a Rickrolling took over for a minute. Suddenly, badge owners were in a race condition with each person trying to hack the other guy first. The loser’s badge sadly broadcasting their shame. The truly devious would launch another attack as soon as the victim cleared the first one.

One hidden feature of the badge is an actual botnet feature that allows the AND!XOR creators to propagate commands across the badges. For example, maybe AND!XOR wanted to start off a Hypno-toad dance party or maybe Rickroll a room. The problem was that DC801 took advantage of this “feature” to hijack the command and control architecture. They were able to infect one badge, which would wirelessly reach out to attack another’s within range and so on. This cascading virus is exciting because there is an IOT mesh net architecture that a virus happily hopped along. Suddenly badges are attacked just by walking through the area! Even after reboot badges just started another iteration of the Matt Damon video clip disabling the user interface for a minute. I am seriously sick of him spinning around. Throughout the weekend AND!XOR and other groups dueled for the control of the botnet and our badges. Fortunately, this seems to have cleared as I got home.

Just take a minute to contemplate this. While users were busy trying to attack each other on an individual level, AND!XOR and DC801 were fighting to control the entire botnet infrastructure.

2. DC Darknet

The DC Darknet is a group of challenges based on the books Daemon and Freedom written by Daniel Suarez. At DefCon, agents of the Darknet fight to gain reputation points as they learn new topics and explore quests ranging from breaking ciphers to building simple exploits. The Darknet badge was one component of these quests.

This badge had a do-it-yourself element. The Darknet badges taught me how to solder, and now I bring a soldering kit to DefCon just to rapidly assemble the Darknet badge. There are a hundred stations in the Hardware Hacking Village but lines quickly form and who has time to wait for a soldering station? A quick 40 minutes after receiving mine it was assembled, flashed, and ready to start speaking with other agents.

A particularly interesting feature on the badges is the IR and RF pairing. After you built your badge, it could be pairing with IR to other agents which would allow for you to send RF messages to them wirelessly. You could state “I would like a taco, ” and that message would be relayed over to the agent of your choice(if they were within range). This feature adds a unique covert method to communicate with your new friends and fits in with the story extremely well.

The dialer aspect of the badge was a refreshing throwback. However, it was somewhat difficult in practice. I felt during one quest requiring a few key numbers (Emergency, Jenny) the touch capacitors would sometimes read incorrectly. Not having a backspace button can be incredibly frustrating when digits sometimes worked and didn’t work.

The team beyond the badge was equally as impressive. The Darknet staff table easily had ten staffers there at all times helping agents trying to complete quests, re-solder badges, or get points from the scavenger hunts. Another particularly nice touch was the rechargeable battery that helped me cut down on AA batteries and the need to charge them.

Although I did not have as much time to devote to the quests, I was able to participate in the boss fight. Working together with a group of people in a hotel room to go through quests was certainly one of the high points of this year’s experience.

3. Mr. Robot

DC Darknet and AND!XOR had both presented badges at DefCon, but the Mr. Robot badge was a cryptic newcomer. There were no official Kickstarter or starting quests to get the badge. Instead, you had to follow a minimalistic twitter page to find out where to purchase the badges and what they even did.

It was pretty amusing how they were handed out. The first batch was distributed out at skeeball which had a feeling that was similar to the show. However, I found out about the drop 4 hours later. I was luckily able to get a badge because I saw a tweet about a sale nearby Caesar’s when coming back from a party. The tweet only stated they were at the Spanish Steps and I stepped it out to get there as fast as I could without running. They were easy to spot because a woman with a large purse was looking around nervously while sitting with three other people. Nobody else had bags large enough to carry the badge. So in what only could have seemed like a drug deal, I approached her, slipped her cash and received my badge.

This badge has a beautiful mask and looks amazing. On the outside, it does not look to be as flashy with LEDs and only had two games (snake and Tetris) on it. Even then the up arrow froze the game. While there was additionally tweets for an ARG, I did not play with them much. Therefore, I was shocked when I suddenly saw a group of open wifi signals while connecting to the network. Later I went back and logged onto these signals to discover a wifi network with being the only host. When I unplugged the batteries, the wifi signal disappeared, and suddenly I understood it was coming from the badge!

So I did what anyone at DefCon would do. I logged back in and scanned the network for more devices and open ports. It bizarrely only had one open port UDP 4096 that was open. Despite trying to netcat and run commands against the port, I got nowhere. More discouraging was whenever I saw someone with the badge they knew nothing about the port or how they were carrying around a wireless access point.

Warning FUD and conjecture ahead! There are some rumors that the Mr. Robot badge also had a botnet component to it that would use this port. Once one received the code, it would look for other badges to trigger their code and then launch deauth attacks against other wireless devices in the area. The badge wearers, unaware of they were transmitting wirelessly, would walk around deauthing devices and could be spreading the virus across the conference. Right or not, it sounds like a fascinatingly devious scheme.

But these are just toys?! What does this have to do with security?

The great influx of badges added an interesting IOT component to DefCon. It is easy to forget that these badge designers were able to do amazing things on a tight timeline with relatively cheap devices. As businesses are exploring how they can do more things with the IOT, we will see more and more professionals coming up with outlandish ideas to do many more elaborate things. These are quickly built use cases of how the IOT is both incredibly easy to implement and how the best of intentions could create a raging multi headed botnet if you are not careful.

It was incredible to see the different layers of people coordinating across the country to pull this off, and I am very excited to see what they will put out next year. Who knows, maybe next year I can get a Texas badge put together!

If you want more articles on badges I suggest this one and if you are looking for an audio book I suggest checking my book on Effective Threat Intelligence.



My four leadership hacks as Harvard Business School get personal

As many of my classmates have already pointed out (here, here, here and here), our experiences at Harvard Business School during the second half of Professional Leadership Development program focused less on technical knowledge and more on the understanding of our personal attributes.

1. Lockpicking: Are you teaching criminals?

A major change in my attitude was to get out there and teach my fellow executives. What is something simple that I could uniquely offer? Lockpicking. I taught lockpicking with TOOOL for 3 years at DEFCON and have enough training tools that can fit into one of Emily’s old Clinique bags (people are less likely to walk off with an orange makeup bag). Everyone picked at least one lock with Nofi being a particular all-star that opened all the locks I had to offer.

Overall, lockpicking was a huge hit. I was able to host 3 different sessions and 40+ classmates learned something brand new. However, when posting on social media questions about teaching “criminality” arose. This seems bizarre since our lectures involve several in-depth discussions about fraud orders of magnitude above what anyone would ever see from home burglary. I think the critics miss how the takeaway for the students dovetails nicely with our studies. Locks provide a simple tangible process, which is much less abstract than financial fraud, which can be subverted to do something that wasn’t originally intended.

Another benefit was that after our short sessions and I was suddenly inundated by more complex security discussions. Topics were varied including advice for which security vendors to consider, the importance of password management, basic cyber hygiene, and even in one case advice on how to fight a phishing campaign. Without deciding to be a teacher on small things I wouldn’t have been able to drive a conversation on the tougher stuff.

2. Acting with the Ariel group

I never thought I would be taking an acting class. I was in small plays in High School but I never really felt it as a calling. However, on Saturday we all were sitting around being put on the spot for displaying emotions in improvisational scenarios and yelling “hah” at each other. I even told a story about my make-believe cat grooming salon. Most of it reminded me more when I sang in the Navy but we also learned an important framework for telling stories.

I don’t like telling stories and having something both relevant and impactful is tough. A framework was provided to keep things short, maybe ~2 minutes, and telling something visually interesting was a very good exercise. However, I didn’t really buy into it until I heard Noah from my live in group tell his childhood story. It was amazing and left us with goose bumps. As a Quaker, he spoke of fire, fear, and rebirth making me want to jump up and do something, anything, to help him out. His very personal story convinced me of the power of storytelling. Now I am looking at compiling a short set of stories to keep for leadership challenges.

3. Running a case study at AIG: Tunneling my inner Tushman

A very powerful thing we do at AIG is teach what we have learned from our professional development training. There are two benefits, obviously, our team can benefit from the information of an event. More importantly, the attendee is able to summarize what they have learned which galvanizes and better retains that information. So for my training, I purchased a few HBS cases, ordered pizza, and sat 20 people down in a room to go over a case.

It went amazingly well! Our diverse group argued and had healthy debates about the situation as I moderated frantically trying to keep up. I remembered the way the HBS professors would give equal time to both sides, raise pointed questions, and stop people from dominating the conversation. I didn’t even need to cold call anyone! There was always an opinion out there. By mimicking the behaviors of the professors I might not have been able to give a true experience but it got lots of people interested in taking HBS classes.

4. All the sports you could muster

At 3 am I woke up to watch a Rugby match of the AIG All-Blacks playing the Lions. I’m not really good at team sports. When I played soccer I would play with the grass and stare at the planes landing more than the ball. So waking up at 3 am to watch what my roommate Paul said was “a huge match that only happens once every 7 years” I wasn’t that excited but I knew he was I sent a message out to the 140 cohorts inviting us to join, set my alarm and went to bed.

When I woke up at 3 am the lights in the living space didn’t automatically turn on. Even the building knew that it was too early for anyone sane to be still up. Nobody else showed up, but Paul and I were there sitting in the dark, eating potato chips, and going over the finer points of rugby. While I was exhausted the next day, it was extremely fun to see how the match played out and see the AIG All-Blacks pull a huge win.

There was also a baseball game where we watched the Boston Red Socks and suddenly our roles were reversed. I was the sporting expeert and knew tons more about the game than many of our international cohorts. I spent time discussing how strikes, outs, and innings worked to people.

So why were sports important to my studies? I feel it goes back to how important it is to be willing to step into the roles of both a teacher and be a student in groups. Learning something from someone, even something very simple builds comradery, and trust. When a more complex topic comes up we have the tools and relationship to handle new challenges. Sports offered an easily useable stepping stone to deeper conversations.

So here about a month after I left Harvard I have been thinking more about my roles as a teacher, actor, and sports aficionado. Its been very bizarre and almost a completely different experience than the first segment at HBS.I find myself very appreciative to Harvard Business School for designing a program I never knew I needed and very curious on how the next module will transform me.