post

#badgelife: Sharing art at DEF CON 26

The #badgelife scene that happens at DEFCON is a fascinating topic. Not officially sponsored by DEFCON, #badgelife is an arduous labor of passion for an ever-growing set of hackers. While I wrote about it last year (here) this year I was participating with it in a way which I did not before. I actually made a badge to get out there. It is incredible how many the number of work streams explodes out from just wanting to make a shiny little trinket.

There are many aspects to coming up with a badge. Sure there is a design of the badge, but also there is the production, the selling, the fundraising, distribution, troubleshooting, and repairing of the badge. It’s a small business, and it is tough to do all these things which require much more than just drawing up something with a significant amount of leds in Kicad.

As you can see from this photo by Mike Szczys in his article “All the Badges of DEF CON 26” there were tons of badges and add-ons created this year. How much went into making badges for 2018? Maybe a quarter million by the end of the day. That’s a crazy amount of money here for something so temporal.

However, maybe it’s not ludicrous if you consider all the other temporal art that is out there. It is also acceptable to have an 18-minute fireworks display costing around $270K, so maybe 3 days wearing a hunks of plastic isn’t so bad. Alternatively, maybe they start getting framed and mounted in a museum.

Nobody is getting rich from these. There is almost no way for most of the makers to break even to get these baubles into others hands. I enlisted the help of my family help pack/ship to save money. That isn’t even to take into account the number of hours spent working on them trying to come up with an idea and risking so much time and effort on them. At least 1 of the badges I was backing ran into significant production problems (through no fault of their own) preventing them from being distributed during the conference. Uber might be a way to make an easier buck.

So make no mistake, badges are gifts. They are a way to for others to share with you their love of technology and art. With that, here is my attempt to share a little more with you.

The Design

If there was ever a time to start making a badge, it was this year. While every year I wanted to create something, It always seemed just a little too daunting. However, this year the community put out the SAO connector.

Suddenly, I had a way to be simple, cheap, not worry about power, lanyard, and have a novel function. To fit in with my Houston theme, we came up with the snek. Whenever someone touched the throat of the snek, it would light up its eyes. Cool right? I even had something where I hoped it could take command from the “host” badge to light up as well.

Our local DC 713 group also had great ideas for improvements. First up, it should have a large capacitor to shock someone touching the fangs!

Quietly discarding this idea, we decided we also should have power and some connector since some of the host badges could cost upwards of $150. Then we needed to add an attachment mechanism to affix it somewhere.

Troubles

With all these changes the cost of the badge by quite a bit as a $10 badge suddenly needed $4 of accessories. The cost of this component creep is expensive when scaled out over 210 badges. Fortunately, the launched Kickstarter took this into account and with the help of cPanel as a sponsor we quickly reached our target goal. The influx of cash from the successful campaign allowed me to fund production and component costs.

Days before the con I started trying to use the SAO attached to the first badges that shipped. Slowly, I started seeing some problems with and that the orientation sometimes caused problems when the snek was used as an addon. For one badge the SAO caused a DDOS on the clock. It wrecked the badge for the rest of the conference for me. Ooooops.

Also, distribution was a conundrum due to shipments from people sending items to the wrong place, not reading the local pickup rules, or USPS losing packages.

But we persisted!

The response at DEF CON.

Everyone loved the look of the badges. It was even better since the DEF CON badge made by the Tymkrs also had included the SAO adapter. Hooray everyone could put a snek on the official badge!

Also, Twitter was abuzz with people taking their snek’s out on road trips and assembling at home. Hidden behind #snek tag on twitter you can see the excitement when people successfully solder the insanely small and annoying resisters. There was even a DC713 meet-up to solder these little guys together.

My biggest surprise, whenever I spoke with a fellow badge maker we were discussing two things.

  1. Things we didn’t see coming
  2. How we are going to make the next badge better

With all the time, difficulty, and headaches, my family certainly wondered why I went through the process of trying to build a badge. I may have lost some money, and I lost lots of sleep, but I was floored by how much people enjoyed my modest snek contribution and how it brought our local DEFCON 713 group closer together.

Big Thanks to:

  • cPanel for the great sponsorship!
  • Macrofab for great production
  • DJdead and DC713 for great ideas
  • Family for dealing with the sneks in-house
post

Harvard Business School’s 3 topics to round out my executive education

We did it! Despite a long journey with many twists and turns, I am now an alumnus at Harvard Business School. Made a ton of videos about the experience, the ride is done, school is out, time to sit back and watch Netflix as the sun sets in the background.

Not quite.

A significant section of this course was addressing possible gaps in being a better business leader as we continue to lead and drive change for the years ahead. Forged, focused, honed, sculpted, galvanized, reborn, etc. are all cliché descriptions of the grueling two-week process not just to be yourself, but more of yourself. The best self you can be.

That is the real value here. Harvard isn’t building us into the perfect business robots. The course helped all 140 of us chip away the pieces of us that obscured our true selves. In turn, this process allowed us to remain diverse, adjust our course, and determine where we would like to go.

Previously I discussed why I felt this education is better than more technical certifications (here) which still rings true and I would like to expand with what we covered in these latest classes.

Finance

Finance is a significant component of businesses performing well. These classes concentrated on how financial statements and strategy can help the company.

Having an understanding of these financial basics are very important for these finance courses, and frankly, it took me some time to get up to the baseline level. Unfortunately, we did not have some of the same basic training we got from previous courses. The HBX platform was excellent for getting me ready for classes in the earlier modules. Without the HBX courses in this module, I felt I was slogging through an arcane language until the 2nd week. (Some of my post-class homework involves rereading two finance books)

The best tactic was going right into the financial data and start parsing it out. Looking for apparent weirdness in the statement helped me find the problems and to ask our financial gurus for help.

Ratios are important here. We can all figure out what it means when costs are above revenue, but what are the other trends that look weird? The class covered some example on what would make sense to look at and where to begin. Two cases in particular pop out in my mind.

One case referred to the earnings per share and the company’s attempt to increase this. The ratio is right there, so how would we go about doing this? Growing earnings is essential, but why do we want to muck with shares? What is beneficial and can this cause unintended secondary effects? During the case, you see the increase in EPS but most of it is share buyback, and the financials let you keep asking more and more questions about it the company’s strategy.

Another good case was around the merger of two companies and the speculative synergies from combining the companies. A massive influx of value called synergies appeared as sensible as unicorns and fairy dust to throw into the equation. Having additional numbers backing them up and walking through the impacts on share prices were eye-opening. In the end, it seemed that the market agreed that the synergy logic was flimsy and it took some time to realize them.

All of these financial exercises don’t have a straightforward answer but instead allowed us to keep asking smart questions and keep looking at where we can find that data. The power of understanding financials is allowing us to ask, and determine if we are getting into a job or misjudging numbers.

Negotiation

The negotiation classes were my favorite part of the course. Each of them had a real negotiation where we were able to compete against each other in trying to get a more significant piece of the pie, argue for our position, and see what we got in the end.

It is ingenious because we all shared in the experience and was great to find out what everyone else had done while under the time crunch.

Universally my negotiations were horrible, and I was never close to the top of the class. My peers performed better, and it appears I do not understand the art of the deal. However, I always closed my deal. ALWAYS. Plus, everyone seemed to trust me, so that was nice.

Fortunately, that leaves me with the ability to improve! On some reflection, I did decide that for “real-life” negotiations my best alternatives (BATNAs) have been a pillar of strength. In real life, I have always had great options, and never need to accept if the terms were not favorable. It is my most fundamental strength going into a negotiation, and all it takes is some pre-work!

Lack of certainty also exacerbates a problem during a negotiation. In one scenario I was a consultant trying to help win a contract. However, I was going to make more money if I sank the deal and both parties drastically were underestimating the market. I spent most of my time wondering if I was on board, if I was striking up a deal with the buyer, or if I needed to torpedo the deal. That friction hurt the overall deal for everyone involved, and suddenly a $250K point made a huge problem for a $500 million market.

Overall, it seemed like increased transparency helped people find out the better deal for all involved. Increase the pie, but there is always the problem of the prisoner’s dilemma. Those who withheld information got a bigger slice from the deal. So I felt good that I was a pie increaser, even if my slice was a little smaller.

Leadership

The authentic leadership section was perfect in trying to make us more effective communicators and set a direction for our lives. There are many discussions regarding how what interests us, our motivations, and how we view success in our personal lives.

There seems to be a 70-20-10 model for leadership. Around 70% is experience, 20% is from mentors and the last 10% is from the classroom. So show up.

A key takeaway was how difficult conversations occur and how to have them. The most valuable advice being that you should come from a place of understanding. Instead of assuming the intentions of someone, you should ask. You will understand your bosses, peers, and directs much better. You provide a sense of autonomy and are more likely to come up with the best solution possible, especially with complex problems.

A peculiar discovery was regarding vulnerability and allowing others to see part of ourselves that usually is more private. For example, as a new officer, I didn’t make it through the Navy’s flight school. I still feel slightly ashamed about this, and for many years I have held it close until I got to know people better. While we fear that sharing these vulnerabilities they will be used against us, it short-circuits the resistance to building trust between the two parties. Sharing my failure with my group was uncomfortable, but they were more impressed that I even got that far and opened up a more substantial dialogue about my experience. That fear was holding me back, and I learned how we grossly overestimate the negativity in people.

A majority of the class completed the True North handbook before class started and the curriculum followed this very closely. I received insights regarding my work-life balance, possible traps I am flirting with, and corrective actions to better orient myself. The workbook prescriptively walks you through the journey on your own, and I highly recommend doing it.

Perhaps the book was too good, as for me, the classwork felt a little redundant afterward. Overall I was searching for more tools to empower individuals to be leaders. It is an essential skill for moving an organization forward and very difficult to execute effectively. The best example was to teach them the same parts that you find in the True North book, and this explanation feels like it needs to a bit more parsing.

Another consideration is how the course pulled lots of evidence from social science experiments. While many are exciting and uplifting, there has been a recent pushback by the scientific community regarding the difficulty to replicate these experiments. Given the pushback, we will need to carefully pay attention to using these studies as to know how to apply these insights appropriately.

What’s next?

Work, lots of work. As always this is just the first part of the journey. DEFCON is coming up in two weeks, and I am rapidly trying to get everything put together for that. Some ideas I have been kicking around regarding follow-up videos and discussions.

  • Financials for the snek badge I sold
  • Walking through the financials of a cyber company
  • Deep Learning and NLP

If you have any suggestion, please let me know and subscribe to my Youtube channel if you think some of my projects are interesting. Also a big thanks for my AIG work colleagues helping me pursue this opportunity and my family for helping take care of everything on the home front.

Links

Shutting it down

So you probably have noticed that I shut the threat intel feed down. Lots of other people are doing a great job in putting information out there, and I felt that my last minute attempts were not adding any additional value. Furthermore, I think I have the start of what I will need to go on with some machine learning.

So this is a holder for this project. I learned tons and thanks for swinging by.