My boss and I had a heart-to-heart the other day concerning my response to someone about MD5 hashing webpages. I had based my response solely off the nature of dynamic webpages without taking into consideration the nature of many of the webpages on site; namely static content.
After a really heated discussion which left me silent with anger, I continued on through the day, wrapped up and went home.
He had asked me what I like, or want, to do at work. The question partially stemmed from the fact that we may be getting two new people in our group. My answer was rather lame though; "whatever needs to get done".
I don't answer questions like this well. Other forms of the question are
- what do you like to do for fun?</li>
- what are your goals in life?</li>
- what do you want to do when you retire?</li>
- what do you want to do for a living?</li>
- etc, etc, etc</li>
I truely do not know. It's pathetic on a grand scale, I realize that, but my answer to each of those right now, really is "nothing". It makes for a pretty empty sounding life doesn't it?
I know he reads this blog, so this is probably not the place to say it, but I kinda feel like the proverbial "new" big brother in a family that is about to have a new baby. With the new employees, what place do I have in the group with a lame response like "I'll do what needs to be done"? Sure, I guess that's valuable to the organization, but where is the ambition?
Maybe I'm just burned out; job, life, and everything. But if I were going to fix it, the first question I'd probably be asked is, "ok, what do you want to do instead?" Answer: I don't know.
Vacation doesn't fix it, toys don't fix it, friends don't fix it, and family doesn't fix it. So how would you recommend I fix it?
So I thought a bit more about things at work that keep me occupied or bring at least marginal enjoyment to the day to day stuff.
- I like new stuff; new technology, new software, new programming languages, etc</li>
- I like building things; tools for the group and for the unwashed masses</li>
- I like making information out of data</li>
This will probably get me fired, but I don't have the same level of interest in pentesting, hacking, vulnerability assessment, etc, as my boss does.
Security and I have an odd relationship. I don't like being told "no" and I don't like having to follow policy. I think that if you get offended by a person's words, then you'd better grow up; which is why I don't usually hesitate in calling someone a brainless idiot. Arrogance? Yeah, maybe. The difference here though is that when I act that way, I do it based upon my understanding of the topic. And I'll accept being wrong; that's not arrogance.
Maybe I have a fundamental disagreement with computer security. Or maybe I'm sick and tired of the FUD, lies, and complacency that the industry is built on. I like the technology that the industry has come up with though. I think packet capture, deep packet inspection, various scanner technologies, network detection technologies, etc, is all hella cool. I like reading about exploits and how they work. I don't really care in using them (as my boss would), I'm more interested in the "oh so that's how it works?" view of the exploit.
I figure I'm still young though, and maybe compsec, in the grand scheme of things, isn't my calling in life. Look at xorl, he/she has no interest in computer security, but he/she runs an awesome blog about dissecting software vulnerabilities.
So maybe, ultimately, my interests lie in technology; which field I apply it in is irrelevant. I just happen to be applying it in the computer security realm at the moment.