Well, what a year it has been. I won’t waste your time by recapping the many, many difficulties that 2020 has offered us, and instead, I will try to take a slightly different tack. While it has been a challenging (for some, truly hellacious) year, as we close it out, I’ve been trying out a little “Life of Brian” thinking and “looking on the bright side of life.”
I’m fortunate to be able to say that for me, 2020 was not all bad, in part due to the security community with whom I work every day and who have inspired me throughout the year. I’m lucky to be in a position to hear about many of the amazing things this community does, and in particular, I am grateful that I get to interview people for the Security Nation podcast, hearing about and helping share their amazing stories. In reflection of this, I’d like to share some of my own 2020 highlights and thank the community behind them. I’ve also invited some of our 2020 Security Nation guests to also share their highlights from the year.
This is my blog post, so I’m going to share my highlights first :) As I mentioned above, it all kind of comes down to the security community for me.
I’ll start with the security community’s response to the pandemic. We quickly saw the emergence of various volunteer efforts—for example, the CTI League and Cyber Threat Coalition formed in response to COVID-themed attacks. The people participating in these efforts mostly did so on their own time and dime to try to keep others safe during a truly difficult time. As has been much commented on, never has cybersecurity been more important than during a time when both critical health services and the economy at large were suddenly extremely reliant on the internet to function. To those security volunteers that helped make this increased reliance on the internet safer, thank you for everything you did and continue to do!
This volunteering spirit was reflected in our first Security Nation podcast episode of the year, which featured an interview with the amazing Chris Hadnagy, who shares his year’s highlights below. Chris joined us to talk about the Innocent Lives foundation, the nonprofit he founded to help tackle the issue of child exploitation on the internet. Hearing Chris talk about ILF and the work they are doing was incredibly moving and inspiring. If you haven’t done so, I encourage you to check out both the interview and the ILF website.
And speaking of Security Nation, the final 2020 highlight I will share with you is that being the host of this podcast is truly a privilege. Not because I get to inflict my questionable sense of humor and lack of articulation on unwitting listeners (that’s just a side perk), but because every episode we interview “someone cool doing something interesting to advance security.” Or some episodes, it’s someone interesting doing something cool to advance security. There may be some recurring themes here.
The point is that these people are amazing (wow, I found another adjective) and they are doing inspirational things. And there are a LOT of them. In fact, there’s kind of a whole Nation of them <cough cough>. The work they are doing differs depending on their role and area of focus, but their dedication and passion unites them and inspires me. Having the chance to learn from them and help them share their stories is truly something for which I am grateful.
The Security Nation podcast was started by my friend and former Rapid7er, Kyle Flaherty. When, some time after Kyle had moved on, I first started talking about hosting a podcast to showcase the huge diversity of effort and evolution being made in security, we searched for a new name to differentiate ourselves, but I couldn’t get away from this idea that we are all a nation—diverse in so many ways, but unified by a desire to drive security forward and protect others. We kept the name, I owe Kyle some drinks, and it has been my great honor to get to meet and interview the various members of this great Security Nation since.
So, as I look back on a stressful year, I am so grateful to all the amazing people working tirelessly to move security forward, and even more so, to have been able to share the stories and successes of some small number of them. A few of this year’s Security Nation guests have also shared their 2020 highlights below. Here’s to hoping 2021 will be an improvement and offer even more highlights!
Tod Beardsley, Security Nation Co-Host
Tod is Rapid7’s director of research and also my co-host for Security Nation. Importantly, he is The One That Actually Knows Things, which balances me out quite nicely. As well as keeping me on the straightish and narrowish in interviews, he also leads the “Rapid Rundown” section, where he provides his point of view on the main security news of the time.In sharing his highlights, Tod shamelessly hijacked this blog to promote his other podcasts:
Not to play me-too too much, but hosting Security Nation through 2020 has been a real career highlight for me—while we've been technically producing this podcast since the summer of 2019, I feel like it was this year we really hit our groove, thanks in large part to the Herculean (or Amazonian?) efforts of Bri Hand, our producer, and of course my co-host, Jen Ellis.
In fact, I've had so much fun working on this podcast, I've gotten myself in two others! Starting in 2021, I'll be a regular on a brand-new podcast from the CVE Project, called "We Speak CVE," wherein we talk about all sorts of issues and topics around vulnerability disclosure and enumeration and assignments of IDs and all that super deep-in-the-weeds technocratic stuff about CVE. We've got one or two episodes in the can right now, but no link for public downloads yet, so keep an eye out for that.
Almost wholly unrelated is another podcast that I started in the spring of 2020, mostly as a pandemic isolation hobby. It's called "Podsothoth: A Lovecraft Book Club," and in it, I read-slash-perform horror and science fiction stories written a hundred years ago by H.P. Lovecraft, and also talk about things related to those stories with my lovely and insightful wife, Claire Reynolds. You should listen to it. It's so very gothnerdy and a nice break from the current state of affairs.
In other, non-podcast-related news, I got myself even more involved in election security, which is both personally and professionally important to me. That kicked off in earnest at my first-ever speaking engagement at ShmooCon, along with Casey Ellis, Kimber Dowsett, Amélie E. Koran, and Jack Cable, which was super fun and hopefully enlightening. There was a lot of doom considered, but also a lot of positivity and real-talk about the state of affairs in election-land. This ended up being so well-received that we revisited the topics at DEF CON's Voting Village, which you can watch here (my part was recorded in my then-new isolation office in my garage), and we four still chat among ourselves and help keep each other sane through the news cycles.
Through these and other efforts through the year, I like to think that I helped a little bit (along with thousands of other election workers across the country) to make the Nov. 3, 2020 election "the most secure in American history," to quote Chris Krebs at CISA.
Bri Hand, Security Nation Producer
Bri is the great unsung hero of the podcast, as she is the one that actually makes it happen and puts all the work in. She’s not as loud and opinionated as Tod and me (mostly me), but without her, there really would be no episodes making it to the internet.
I am the type of person who measures my success at work in how much I’ve learned and grown—and I have done a lot of both this year! After realizing that my current approach of learning about cybersecurity through blog-editing osmosis wasn’t quite cutting it, I signed up for an introductory course with IBM to experience the space in more of a classroom setting. The result was surprising. I realized simultaneously that I knew a lot more than I was giving myself credit for and that I would never know everything there is to know about the space—and that’s okay! Take that, imposter syndrome!
I also added “animated video” to my repertoire of content types, since shooting anything in person this year was obviously off the table. Writing and producing our “This One Time on a Pen Test” series and “Elf on the Stealth” HaXmas video was an absolute blast!
As always, I’m also so grateful to be able to work across Rapid7 and beyond to compile and share information out with the security community. Whether it was copyediting all 150 pages of our NICER report, publishing important news content about critical vulnerabilities, helping our Security Nation guests share their inspiring stories, or editing COVID cybersecurity safety blogs from the Orlando Airport on March 15 as I fled my ill-timed vacation, I feel especially privileged in my role here.
And while I won’t pretend that 2020 wasn’t the weirdest year of my life, on a personal level I have greatly appreciated the opportunity to slow down a bit and take stock of what really matters. It’s cheesy, but it’s true. Ditching my daily two-hour commute in favor of a much more manageable five-second one has freed me up to focus on activities that make me an all-around happier and better person—going on walks with my dog, flinging my limbs around in virtual Zumba, cooking, reading, and writing. This joy has easily bled into my work life, and I am now more of an advocate than ever on having work-life balance and not wearing burnout as a badge of honor.
Chris Hadnagy, Chief Human Hacker, Social-Engineer.com
As well as running Social-Engineer.com, Chris is also the founder of the Social Engineering Village and various conferences, author of numerous books, an adjunct professor at the University of Arizona, and founder and CEO of the Innocent Lives Foundation. Like many of the folks that come on Security Nation, I have no idea how Chris fits everything in—I’m tired just writing it all out!
Chris’ interview was published on Jan. 27, 2020, kicking off the year for Security Nation. He came on to tell us about the amazing work that he and many other security professionals are doing at Innocent Lives Foundation, working to combat online child exploitation.
In reflecting on 2020, Chris shared the following:
2020 was a year of personal and professional growth for me and my company. We grew more in 2020 than any previous year and we developed new and innovative ways to help secure our clients. I was also about to transfer a class I never thought could be taught online to a fully digital format and got great reviews on it. Overall, I am leaving 2020 with many things learned and new appreciation for the wonderful relationships that have helped me through the year.
Stephanie Helm, Director, MassCyberCenter
Stephanie runs the MassCyberCenter, which is tasked with building cyber resilience for Massachusetts, and establishing Massachusetts as a center for cybersecurity talent and development.
She joined us on the podcast—published on April 16, 2020—to share with us the progress her team has been making in building cybersecurity capabilities in municipalities across Massachusetts. When we recorded the interview, it was just starting to be clear that telehealth and remote working would be super important in 2020, and local government would play a critical role.
Stephanie and the MassCyberCenter had a number of impressive highlights to call out for the year:
‘Tis the week before Christmas and MassCyberCenter is counting a surprising number of blessings, despite all the craziness in the world. Building on our partnership with the Cyber Resilient Massachusetts Working Group, this summer we virtually held a series of workshops on Cyber Incident Response Planning. We transitioned the Massachusetts Cybersecurity Month to a virtual extravaganza of cybersecurity education events plus a campaign of awareness addressing Life’s Work at Home! Finally, we established a Cybersecurity Mentorship Program, focusing on matching diverse cybersecurity college students with cybersecurity professionals. The pilot program wrapped up on Dec. 14 with an announcement that we will be able to continue an expanded version of the program in the spring. A very exciting achievement to promote an inclusive and talented cybersecurity workforce in Massachusetts. With our partners in cybersecurity, we hope 2021 will demonstrate improved resiliency within the state! Best wishes for a Happy New Year!
Katie Moussouris, CEO, Luta Security
2020 was a big year for Katie. Not only did her company, Luta Security, grow hugely, but Katie was also able to spend time raising awareness of, and support for, the need for equality in pay and better hiring and employment practices. Katie has been vocal about practicing what she preaches, sharing a number of the policies Luta has to build employee satisfaction and wellness.
Katie is a world-renowned expert on vulnerability disclosure, and she shared some of this incredible expertise with us during her interview, which was published on June 9, 2020. She also touched on the impact of the pandemic on security and her plans to tackle pay inequality. As you can see from her 2020 highlights, she made some serious strides in the latter.
This year has been full of surprises. A highlight for me was bringing my attempted class action gender discrimination lawsuit against Microsoft to an end in favor of starting the Pay Equity Now Foundation and the law center named after my late mother. This pandemic has revealed the truly insidious disparity between classes. It’s had a disproportionate effect on women and people of color, both health-wise and economically. We can choose to continue the current trajectory of pay equity for women in 50–205 years, depending on race, or we can decide together to fix it. Those on the right side of history are taking action and taking the Pay Equity Now Pledge. If 2020 taught us anything, it’s that we’re all in this together, and that massive changes can happen in the workplace overnight. Let’s prioritize pay equity as one of them.
Christian Wentz, CEO, CTO and Founder, Gradient
Christian is another one of those guests that makes me feel like I have done nothing with my life —a serial entrepreneur that made the transition from from an electrical-engineering-applied-to-neuroscience background to founding Gradient Technologies, a company that is “building a trust fabric for the connected world.” So he’s tackling the small stuff, then.
During his interview—published on Sept. 25, 2020—Christian talked about his approach to building technology solutions that support a zero-trust approach. It sounds like 2020 has been a decent year for them, despite all the challenges.
In 2020, we grew our Boston office and expanded west with a beautiful San Francisco office, only to have a global pandemic push us to remote work. So, we’ve decided to turn this dumpster fire of a year into a 900-degree inferno for late-night rooftop pizzas to welcome our customers, partners, and Rapid7 friends in person. See you all in 2021!
So, this just leaves me to make an awkward sign-off, much as I do on every episode of the podcast. As usual, I will end with thanks, this time to all our wonderful 2020 guests and lovely listeners. If you are interested in subscribing to the podcast, you can do it here. If you would like to share your own 2020 highlights, please add a comment to the blog. Happy holidays!
More HaXmas blogs
- Help Others Be "Cyber Aware" This Festive Season—And All Year Round!
- UPnP With a Holiday Cheer
- Metasploit Tips and Tricks for HaXmas 2020
- Top Security Recommendations for 2021
- Rapid7 Labs’ 2020 Naughty List Summary Report to Santa
- Metasploit 2020 Wrap-Up
- Predicting the Unpredictable: What Will the Cybersecurity Space Look Like in 2021?
- HaXmas Hardware Hacking