I had a college professor, Dr David Bernstein, once talk about recommendations and referrals. The line he said has stuck with me for near 20 years since I heard it:
“Don’t give a reference for someone if you can’t, by all good faith, make them sound like they walk on water.” – Dr David Bernstein
Over the past 20 years of my career, I’ve had dozens, if not hundreds of people ask me for a recommendation. Whether they’re going for a new job, a security clearance or some sort of promotion, it’s the first thing they need to iron out. They need solid references so there is more trust built around their case.
This seems to make a lot of sense, but, it’s really hard to tell someone no. You can wuss out and say “oh, my company policy won’t allow me to provide a referral”. Ok, that really may be the case, but, your integrity is important. Sometimes, we need to tell people the truth in order to help them grow.
If you have to say no, let them know why. No need to be mean, but be constructive. If they push you for “why” you can’t give a recommendation, talk to them about specific incidents or habits that they could improve upon.
If they have done something in the past to break your trust, and they still ask you, then you can laugh at them. That’s a no go. Protect your integrity at all costs.
Ever find an eye-opening new source of information? Not technical information, like javadocs (are they still a thing?), but personal growth information.
in the old days, we had technical sources like slashdot, freshmeat, digg etc.. but, times have gone on, and now we have other places we can read regularly to keep up… here are some links and reasons why I love them:
Over the next few months, I plan on doing a big podcast binge on cybersecurity careers and will continue my focus on technology.
This week’s episode, John Lockie and I talk about his background and how it’s not the traditional path into cybersecurity if there really is one. He affirms my beliefs in regards to CISOs with music degrees. You’ll never guess what he says!
I’ve regularly blogged about Suricata, Logstash and Elasticsearch. Shoot, I’ve built multiple successful commercial tools using that technical stack. The thing that made us successful wasn’t the tech, but it was how we used the tech to solve a problem that our customers had at that moment in time.
Now it’s time for me to share the secret on how to do it.
Ok, not a secret at all. If you google, you can figure it out.
With this podcast, I want to introduce the topic to put some context around why those tools are the right tools.
I want to evangelize the idea of EVERYONE monitoring your home or work network with basic rules from places like Emerging Threats. It’s free, and it’s invaluable to finding/stopping malware/viruses on your network. Do it now!