Podcasts about where i've

Where I've been, what's new and what I'm excited to be pursuing right now. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app

Where I've been lately / Show plans and upgrades

Where I've been and what's been taking me away from podcasting these past few months.

In this episode, I give you guys a brief life update! Where I've been, what I've been doing, etc. The remainder of the episode is all about my fun-filled weekend at the Mala Luna music festival. I hope you enjoyed this episode! Thanks for listening. All episodes can be found on Soundcloud, Spotify, Apple Pod, Anchor, Google, etc. IG: LetsBHonestPod Personal IG & Twitter: GrlBehindTheMic

Where I've been the last few months.. & a reading from Rebecca Campbell's "Work Your Light" Oracle deck.   Facebook: @ Soul Curious Podcast Group Instagram: @sammybingg @soulcuriouspodcast Email: soulcuriouspodcast@outlook.com

Where I've been, hot girl summer, and a new series! Also the podcast I mentioned was Pep Talks & Fufu, so check them out wherever you listen! You can always find me on IG @hermuhlean and email me with questions you'd like answered on the podcast, comments or anything else at dispodcasttewmuch@gmail.com --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/dis-tew-much-the-podcast/support

Whats Up Folks! Welcome to The Podcast, on this episode of Speak On It I talk about: - The controversial comments of The wife of 2x NBA MVP, 2x NBA Champion Steph "Chef" Curry. Ayesha wouldn't mind some attention. - Gratitude, a moment I realized blessing and where I am at. Where I've come from and how cool it is to feel like its all good. When I landed my new Gig.

This podcast episode features Dr. Derrick Brooms, an associate professor in sociology at the University of Cincinnati. Dr. Brooms was the featured speaker of the Ohio Consortium of Men and Masculinities in Higher Education conference, which was held at BGSU in Fall 2018. He discusses his research on how to better support black male students on college campuses.   Transcript:     Jolie Sheffer:                          Welcome to the BG Ideas Podcast, a collaboration between The Institute for the Study of Culture & Society and the School of Media & Communication at Bowling Green State University. I'm Jolie Sheffer, an Associate Professor of English and American Culture Studies and the Director of ICS. Jolie Sheffer:                          In partnership with the Center for Women and Gender Equity and the Violence Prevention Center, ICS co-sponsored the Ohio Consortium for Men in Masculinities in Higher Education Annual Conference on September 14, 2018. The Conference featured workshops on mentoring, queer masculinties and violence prevention with a very special keynote address by Dr. Derrick Brooms. Jolie Sheffer:                          Today, we are joined by Dr. Brooms, an Associate Professor of Sociology and Faculty Affiliate in Africana Studies at the University of Cincinnati. Dr. Brooms earned his PhD in Sociology from Loyola University of Chicago and his research focuses on how to better support black male students on college campuses. Jolie Sheffer:                          Some of the topics he explores include campus climate, mentoring and student support initiatives. Jolie Sheffer:                          I'm very pleased to welcome Dr. Derrick Brooms to the program as the first speaker of ICS's 2018-2019 speaker series. Thanks for joining me, Derrick. Dr. Brooms:                           Thank you for having me. Jolie Sheffer:                          We're thrilled to have you here to discuss the important research you've been working on. Can you start us off by telling a little bit about what you're currently working on? Dr. Brooms:                           Right now, I'm continuing to work on research that looks at black male experiences in both secondary and higher education. I also have work that looks at black and Latino males and, in particular, their engagement in leadership on campus. Then across both of those projects, I'm really very much interested in sense of self, identity development and the ways in which identity, race, gender and other social identities matter to students' experiences. Dr. Brooms:                           I'm also looking at a project where people make sense memeing, and share about the killing of black men. Just looking at people from the range of Trayvon Martin to the more recent Freddie Gray and others. Just more recently we've had Botham Jean who was shot and killed in his home. Dr. Brooms:                           Part of it is to invite black men to make sense of the ways in which they experience racism, profiling, stereotyping and killing. Jolie Sheffer:                          Well, and it sounds like this project is like much of your other work, which is really foregrounding the knowledge that people of color have of their own lives and bringing that into academic discourse. Jolie Sheffer:                          Can you talk a little more, especially sociology, historically, doesn't have the greatest reputation for foregrounding the first person experiences and has often treated people of color as objects of study. So could you talk about how your work fits into challenging that history of sociology? Dr. Brooms:                           As you mentioned, there is this approach in sociology about the being objective. Ways in which the individual, that experiential knowledge, has in some ways been marginalized within the discipline. But what we know from lived experience and, in particular, some of my learning and lens is sharpened through black feminisms, so the work of Patricia Hill Collins, who really offered us some groundbreaking work on black women's epistomologies. Dr. Brooms:                           So my work is really building out of this kind of framework where, in my training in African and African-American studies and oral traditions and oral histories that were minimized and diminished because they weren't written histories. Part of it is to bring the I, the self, the voice, back into this kind of serious academic study to really have a better understanding of what it is that people are dealing with, experiencing, how they're making meaning and making sense of the things they've experienced in their lives. Dr. Brooms:                           For me, I see my work as really very much multi-disciplinary. So although I'm in sociology, I'm speaking to education, I'm speaking to Africana studies, I'm speaking to other disciplines. Because, as R.G. Lord says, we don't live single-issue lives. Therefore, when we're trying to do the work, we can't look at it in one only specific realm. Jolie Sheffer:                          Speaking of that idea of interdisplinarity, one of ICS's main goals is to foster collaboration across traditional academic disciplinary boundaries. Can you talk a little bit more about the significance of connecting sociology and education and that with the study of race? Dr. Brooms:                           Interestingly, there is a subfield, if you will, in sociology: the sociology of education. The thing that's really kind of fascinating, if we think about them as two separate disciplines, the sociological approach and the questions that we might generate and ask sometimes look a little bit different than the questions that we might ask within an education, even though we're trying to get at the same thing. Dr. Brooms:                           So for me, it's an opportunity to bring something a little bit different to both fields. Doing writing that gets published in education journals, the questions that I'm asking sometimes look different than some of the traditional questions. So trying to bridge that gap, the point is that it's already there in some ways with the subdiscipline. Dr. Brooms:                           But, when you start talking about the censoring race and bringing in an Africana studies or an Africana lens, that's where the work is really at its full thrust in trying to provide some insights on what is it that black men are thinking about their educational experiences? Not only in their current educational realm, but what is it that led them to this particular juncture? Dr. Brooms:                           A lot of what I'm doing is looking at their narratives. And how do they make sense of their experiences? What are the meanings that they extract and draw from those? Those are things that we absolutely need across all three fields, if we include Africana studies in that. Dr. Brooms:                           Because we know that within education, there is the popular discourse that sometimes dominates what it is that we are thinking about and doing in education. Or there's the political, in terms of neoliberalism or other kind of political climates that we're in. Dr. Brooms:                           Then within sociology, I mean, this is a discipline that is constrained by its own past where there were very intentional efforts to exclude. W.E.B. Du Bois, who is the founder of American sociology, when I think about some of his writings and the groundbreaking work that he did, with work such as Souls of Black Folks or Philadelphia Negro, we can name so many other books that he's authored, it was about giving voice to folks who might not have been given the attention and the resources that they need to improve their lives. Dr. Brooms:                           So part of what I see myself is in that long tradition of other people who have come before me and people who are contemporary and people who will come after me, about bringing those voices forward. Jolie Sheffer:                          In an interview with Inside Higher Ed, you stated that we must do more to understand how black students experience schools and how institutions act on them. Can you talk about some of the schools or initiatives that you think have been really innovative and successful, that could be an example for other institutions? To help counteract some of these forces you're talking about? Dr. Brooms:                           There's a lot of work being done by a lot of different institutions, so I'm going to reserve not naming some institutions so it doesn't seem like I'm privileging them over institutions that I don't know. I just don't want to give it as if these are the only ones. Dr. Brooms:                           There's the few institutions who've announced that they won't look at ACT scores anymore. I think that's quite significant because, again, ACT scores are not a reliable predictor of students' success in college. Dr. Brooms:                           We've seen some institutions who have guaranteed funding for students who come from families with a particular income level. So again, that's allowing those institutions to be a bit more accessible for students who might not, and families, who might not have been able to afford it in the past. Dr. Brooms:                           We've seen some institutions make very intentional partnerships with secondary schools, which, again, allows for the students to become aware of institutions and college-going at much earlier levels than maybe if they had not had those partnerships. And we've also seen higher education institutions make really significant partnerships with communities as well. Dr. Brooms:                           So offering things like summer bridge programs or college immersion programs. Doing things where they create volunteer opportunities for college students to go into communities to work with youth from various backgrounds. In that way, helping youth to connect with college-aged individuals, who might be able to offer some perspective and insight on their own experiences. Dr. Brooms:                           Across the landscape of higher education in the United States, various institutions, both public and private, have engaged in this work. In many ways, I think what's fascinating is that this is the work that many of our community colleges have been doing for a long time. So we see that some of our four-year institutions are picking up on some of the ways in which our community colleges and two-year institutions have invested in communities. Dr. Brooms:                           I think that's helping us make some ground in creating opportunities for higher education to be more accessible for students. Because, again, one of the things that we know is that some of our students who come from economically disadvantaged backgrounds, sticker shock is real. If I were to go home and tell my parents that this school costs $60,000, they will shut that conversation down: "There's no way you can go because we don't even make $60,000." Dr. Brooms:                           So some of our colleges and universities, if they really want to value diversity and inclusion and think critically about how can we make this possible, then they have to see that their tuition actually is a barrier for some students even applying. There's no way you can them to attend if they're not willing to apply because of the sticker shock. Dr. Brooms:                           Those are some of the things that I've seen across a number of colleges and universities. I think some of what we've seen at the secondary level is really putting a strong emphasis on college readiness, again to varying degrees of success. And that looks a little bit different depending on which state they were in, which school district they were in. That's intended to raise the college-going numbers of students. Dr. Brooms:                           So we've made some pathways and at the same time, there's still much more work needing to be done. Jolie Sheffer:                          Well, and much of your work is about what happens after recruitment, right? Dr. Brooms:                           Mm-hmm (affirmative). Jolie Sheffer:                          So it's a lot of effort is put into getting more students of color or under-represented groups into college, but then what happens once they get there? You work a lot on black male initiative programs. Could you explain to us what they are and how they add to the college experience? How they differ from maybe more familiar academic or even student affairs programs? Dr. Brooms:                           I'll give a general description. But we do know that, one thing I want to say up front, is that black male initiatives, they vary. They don't all look the same. These initiatives are geared towards enhancing and improving black men's college retention and graduation. So that when we look at when we look at the data across four-year institutions over a six-year period, black male graduation's about 34%. Dr. Brooms:                           That's a number that is easy for folks to say we've got to improve that number. Of course, that's the number nationwide and we know that there is some institutions who do much better. At the same time, we know that there's some institutions who do not do as well. Dr. Brooms:                           The way that these are structure in general, they usually have a staff member, at least one. In some cases, they have multiple staff members who are responsible for coordinating all facets of the program, which includes academic components and social components. Dr. Brooms:                           They are geared towards students who are currently registered students at that institution. Sometimes they even have kind of an alumni base, as well, so some students who've might've matriculated through the college or university. Dr. Brooms:                           Many of them have both an academic and a social component to it, so again, if we're talking about increasing retention and graduation, we've got to have an academic focus. But I think there's a realization that we also need to offer support for the holistic realms of who students are. Dr. Brooms:                           So that social component becomes really important, whereas opportunities to bond with their black male peers or other male peers of color, opportunities to partner with other organizations on campus, whether these be fraternities and sororities, student government, health and wellbeing and things of that nature. Dr. Brooms:                           Some of these black male initiative programs include some form of an outing of sorts. So they might attend the Black Male Summit, say, at the University of Akron here in Ohio. Some of them may go to the Black Male Retreat at the Ohio State University. So depending on what region they're in, what state they're in, there may be kind of a larger beyond-the-institution experience that they want to immerse their students in. Dr. Brooms:                           Some of that and many of these BMIs have a leadership component as well. For me, that's really important where we're empowering students through tangible skills that they can apply to other parts of their student experience, but then even once they leave the institution. Jolie Sheffer:                          In the past, you've said that you encourage college administrators to focus on inclusion instead of a diversity plan. Dr. Brooms:                           Mm-hmm (affirmative). Jolie Sheffer:                          And that colleges need to establish and intently pursue inclusion and equity plans. Can you talk about the difference that you see between a diversity plan and one focused on inclusion and equity? Dr. Brooms:                           Yeah. For the most part, when we think about diversity it's really about the demographics. We're going to look at demographics in a way to say and state that we're diverse because we had this number of students from racial and ethnic backgrounds. We might have this number of students from LGBTQ identities. So we can splice that diversity in a lot of different ways. Dr. Brooms:                           But that's really at the numerical and demographic bases. One of the things that I argue is that recruiting students and bringing them to campus to say we're diverse doesn't help students navigate and garner success at that institution. Dr. Brooms:                           So that brings to the point that you raise, and that is in what ways do our students feel like they belong? In what ways do they feel like they're valued and do they matter? In what ways do they feel like not only who they are, but the people that they are connected to are included in the experiences that they have on campus, both from an academic standpoint and from a social standpoint? Dr. Brooms:                           So academically, this work is important because what students want to know is I can see myself in these classrooms in the things that I'm reading, in the things that I'm studying. Or there's space for me to write about myself and my background and my community in some of the writing assignments that I'm required to do. That plays a big role in how students make sense of and feel satisfied about their collegiate experiences. Dr. Brooms:                           By the same token, that's also true in some of the programming that we do, whether it's student-centered, whether it's inviting speakers to campus. What are the messages and what are the things that are being said that are of value about the college experience? Then we have to think about the ways that students translate that to okay, how does this message resonate with me and who I am? Dr. Brooms:                           So inclusion and diversity, I think we can have a conversation about the schematics of those words. But at the heart of it is this notion of equity. At the heart of it is students feel like they belong and they're valued, not just in rhetoric but in the everyday work that people do on campus. Jolie Sheffer:                          You're doing great work and very important work for black men in higher education institutions. As you say, helping them navigate through a system that at best may be benignly neglectful and at times actually hostile to them. What happens to these students once they graduate from college? That's the success measure, right? Jolie Sheffer:                          What happens after that and they're looking to enter the workforce? What are the kinds of challenges they face? Are they similar ones? Are they different one? And how do these programs try and help students navigate that set of hurdles? Dr. Brooms:                           Another component of some black male initiative programs are their professionalization experiences. This is where an alumni base can play a really important part, where you've had some students who were engaged in a black male initiative, they graduated, they've gone off and begun a professional career. Then they come back and they share with students their experiences. Dr. Brooms:                           That really is incredibly important, because what it does for those current students, or many of them at least, is it provides a model and a roadmap. That wait a minute; this person was at this institution. They navigated similar experiences. They made it through and then they're out with a job that they seem to be happy with or engaged in work or in graduate school or whatever that might be. Dr. Brooms:                           So the professionalization is important. Some of this is really even beyond alums. Bringing in speakers who are in the community. They may be people who run or direct or coordinate a community-based organization. Some of them may be entrepreneurs, some of them may be small business owners, some of them may be from national chains and other businesses. Dr. Brooms:                           Having these kind of conversations that are tailored to black males, not necessarily that there's new or different information being told, but they can ask the questions that want to ask and feel like it's valid because I'm in a room with people who value my opinion and my experiences. I think that's incredibly important. Dr. Brooms:                           At the same time, as I mentioned, the leadership experiences are critical because that allows them to enhance their skillset. So you can think of things: cross-cultural communication, time management, working in a team setting. Dr. Brooms:                           All of those are things that many of our employers are looking for. I mean, they ask explicitly. They might ask in the application. They might ask recommenders, "Can you speak to this person's ability to work in a team, in a group?" Dr. Brooms:                           So when we are able to offer the students those types of experiences, I would argue that they are transferrable skills that they can take from those experience and apply it within a work setting. That becomes not only very attractive to employers, but also enhances the sense of self and sense of confidence that some of our students will walk into that job with. Feeling like, "Well, I've had some similar type of experiences and I believe I can accomplish the work that's set out before me." Jolie Sheffer:                          Well, so much of what you're talking about really is a reminder that in colleges and really in K-12 education too, that we're not just teaching subject matter expertise. Dr. Brooms:                           Yes. Jolie Sheffer:                          We're actually teaching people how to understand and navigate the world. Dr. Brooms:                           Mm-hmm (affirmative). Jolie Sheffer:                          But at the college level, that drops out of the official curriculum. Dr. Brooms:                           Yeah. Jolie Sheffer:                          Even though it is stuff we expect those students, if they're to be successful, to understand and be able to activate. Dr. Brooms:                           Mm-hmm (affirmative). Jolie Sheffer:                          What you're suggesting is that, especially when you're talking first generation potentially college students, that is not stuff that is necessarily already known and understood. Dr. Brooms:                           Absolutely. So to even begin the point that you make, makes me go back to W.E.B. Du Bois and one of my favorite quotes from Dr. Du Bois is that, "Education must not simply teach work. It must also teach life." So are we preparing young people to be successful in the lives that they choose beyond the educational realm? Dr. Brooms:                           One of the things that we know is that our students come from various backgrounds. Some of them have experiences that align well with what they're being asked to do in higher education. And some of our students come from backgrounds that do not align very well. So our students, once they enter our college campuses, some of them are having to learn what it means to be a student in higher education. Dr. Brooms:                           Unfortunately, there's ways in which we don't think about that within higher education. In terms of on the faculty side, where do students know what APA is? I'm being very rudimentary because until somebody explains it to students, they might not know what APA is. The unfortunate reality is that there is a lot of assumptions that it is very for faculty and staff to make about the skillsets and the experiences and exposures that our students should come to college with. Dr. Brooms:                           The reality is, and this is not just black males, this is students across racial and ethnic backgrounds, gender identities, et cetera, urban, rural, suburban. Maybe they're not exposed to those things. So we need to make sure that we're helping to close the gap in terms of language and expectations and the ways in which we think. Dr. Brooms:                           It's a little bit of a shift in terms of the unspoken expectations that we have with who students are and what skills they automatically ought to have: Well, you're in college. You should know. But I don't, so now where do I go? Because what you're telling me is I can't ask you. Jolie Sheffer:                          Right. And who's responsible for filling that gap in knowledge? I mean, higher education has really shifted so much where there's such anxiety because of the costs of higher ed, about ensuring students get jobs. Dr. Brooms:                           Mm-hmm (affirmative). Jolie Sheffer:                          That often translates into conversations about vocational training. Dr. Brooms:                           Yep. Jolie Sheffer:                          But what you're talking about is really that kind of success. We're not talking about those people should be groomed for the trades, but rather any kind of professional education has multiple dimensions. It has dimensions of academic or subject matter expertise, but it is also learning a new set of codes and practices. Dr. Brooms:                           Yes. Mm-hmm (affirmative). Jolie Sheffer:                          And not knowing those codes doesn't mean you can't do the academic work. It means you haven't yet learned that secret handshake. Dr. Brooms:                           That's right. So something people talk about this in terms of cultural capital, and again, that's privy to what are my background experiences? What have I been exposed to? What's my family background? As you mentioned, these are things that people can learn if we're willing to teach them. Dr. Brooms:                           So then the questions just becomes, well, do they not get it in your class because you're not willing to offer it to them in some form or capacity? And are you still willing to hold them accountable to this metric, knowing that they don't know? Dr. Brooms:                           This is really important, because it also speaks to how students feel like they belong. Where I've got these expectations placed on me and I don't know these things. I don't even know where to go and ask. You know what? Maybe college isn't for me. Jolie Sheffer:                          Does the faculty make them feel stupid for not knowing? Or does the faculty member step up and say, "Oh, let me explain what this is"? Those two things can make a dramatically different- Dr. Brooms:                           Absolutely. Especially when you're thinking about those- Jolie Sheffer:                          ... experience for the black male student. Dr. Brooms:                           ... early transitional experiences. We know that first-year to second-year retention is critical for student persistence in college. So what are those experiences that I'm having that first semester, that first year, that says to me there's people here at this institution that believe that I can do it. I might not be doing the best work that I can do right now, but they don't see that as a limitation in terms of what I'm able to accomplish. Dr. Brooms:                           Sometimes those early reads on folks, sometimes we write people off very early in those early interactions that don't allow them an opportunity to blossom and bloom into who they can be. So what type of environment are we creating where we are helping students pursue their goals and achieve the successes that they believe they can achieve? Or are we inherently closing doors and opportunities on them because we just don't believe that they're going to get there? Jolie Sheffer:                          Some researchers studying the intersection between race and education have observed that much of the scholarship revolving around the black male experience highlights the negatives and outlines what institutions are doing wrong. Some of those folks argue that scholars ought to instead focus on positive experiences and what institutions are doing right in order to create a framework for success. How does your work reflect one or both of those positions? Dr. Brooms:                           I would say it reflects both. It reflects both because my work comes out of student experiences. So if it's one or the other, in some instances it can be, depending on what the topic is. But in many ways it's both. But whatever it is, it is coming through student experiences. Dr. Brooms:                           So I don't approach it, my work, from a standpoint of what might be right or wrong. I approach it from what are your experiences? How do you make sense of that? If these things didn't work, then what did you do in response? Dr. Brooms:                           I'm trying to find out what are the ways in which students try to pursue accomplishing their goals. Invariably, what ends up coming up and coming out are some of the obstacles, roadblocks and challenges that they face. Dr. Brooms:                           Then what we see as we map those experiences into the larger student narratives across colleges within our society, that these are some actual impediments in higher education that doesn't serve, necessarily, some of our student population well. Or these are some of the things that are doing really well. Dr. Brooms:                           I mean, one of the things that students talk about that they have overwhelmingly identified as critical to their success is relationships. So some of these relationships are with their peers, in particular, their male peers who might be in these black male initiatives with them. But very often, it's also about faculty and staff. Dr. Brooms:                           So these students are able to name an individual or a number of individuals who have made a critical difference in their college experience. Sometimes it's intervention. Sometimes it's mentorship. Sometimes it's recommendation because they've been doing well. I don't want to suggest that all of the males are, they're struggling. Dr. Brooms:                           Some of it is informing them about opportunities, because they've been so stellar, academically: "You know what? You've been doing this really well. You might want to think about graduate school in these particular fields." But that's relational. So that relational capital becomes really, really important, because it can point students to resources and opportunities that really has a positive impact on their experiences. Dr. Brooms:                           I think that's critical and I think that's in place at every institution. I think we'd be hard pressed to find an institution where there's not somebody there that are making students feel like they're welcome. Dr. Brooms:                           The fascinating thing is that it's not always faculty and it's not always staff, in terms of people in student affairs. Sometimes it's a custodian. Sometimes it's someone working in the cafeteria. Sometimes it's a librarian whose, across these, through their main job isn't necessarily student success. Dr. Brooms:                           But they have engaged students in interactions that really spoke to the positive realm of making students feel like they belong. Making students feel like they're comfortable. Letting students know that they've got people supporting them, even though they might be in non-traditional spaces where we might look for support. Dr. Brooms:                           So in terms of what institutions are doing right, there's committed people. The hope is that there are more and more of those committed people. And that students kind of build relationship with these individuals early in their careers, so that they can help mitigate maybe some of the challenges and struggles that they might face later on. Jolie Sheffer:                          Well, what you're talking about is some of that mentorship or support right now is accidental or incidental. Dr. Brooms:                           Mm-hmm (affirmative). Mm-hmm (affirmative). Jolie Sheffer:                          And we in higher education have to work, when you get back to the idea of equity and inclusion, we have to make sure those things are built into our infrastructure, so that it isn't just a happy accident to get that support. Dr. Brooms:                           Yes. Jolie Sheffer:                          But that, hopefully, there are multiple people at multiple levels to building that. What are some of the ways institutions can help build that capacity? Dr. Brooms:                           Some of the BMI programs do these orientation events that are catered specifically to black students in general in some instances, or black males in particular. They also invite faculty and staff to those, so very early on in black male students' college careers they're able to meet people across the university. Dr. Brooms:                           I might not have Dr. Sheffer for class, but I met her and I felt like I had a good conversation with her. And that might be somebody that I reach out to later on down the line. I met people who might've been administrators. I met people who are other staff, whether it's in advising. This individual may not be my advisor, but I know there's a friendly face. Dr. Brooms:                           By introducing students to these individuals earlier, where they can potentially at least plant the seeds for a relationship to grow, is incredibly important early on because it helps neutralize. Some of our students have traveled very far to attend our institutions and so being homesick, being away from family, is a challenge for some of our students. Dr. Brooms:                           So what are the ways in which we can build family-like atmospheres for students very on in their college careers plays a big role. As you mentioned, I think that's really critically important is that our students need multiple ways and levels of support. Dr. Brooms:                           So when I talk to students, even students that I work with very closely, I tell them, "You should not have one mentor. You need a community of mentors. You need a community, period. You need a number of mentors because not one mentor can meet all of your needs." Dr. Brooms:                           So helping students really hear that message and understand that message, in some ways even brokering relationships on their behalf. Not in place of them, but saying, "You know what? You're going to go over to Dr. Sheffer's office. I'm going to walk with you." Dr. Brooms:                           So as opposed to sending a student to an office and hoping the student engages in the conversation, by walking with student, I think that shows a level of care and concern that the students really appreciate. I think it can help plant the seeds for that relationship to develop even further, quicker, which then means that our students have these strong positive relationships early on. Dr. Brooms:                           So that if there's a struggle in a particular class, I might not feel like I can go and talk to that instructor or faculty member, but I do have people on campus that I can go and talk to. And maybe they help me devise an email that I can send. Maybe they help me think through, like, "Oh, well, that might not be the best approach." Dr. Brooms:                           They can help channel those students to tapping into the resources that are available on campus: "Oh, you know what? Maybe you should go check out the writing center. They've got tutors there to help you with any class that you're taking. Oh, have you been to the math tutors?" Dr. Brooms:                           Again, these resources are available. There's stigmas attached to some of these where especially as I think about black males who some exhibit not the best help-seeking behaviors. So de-stigmatizing writing center or math tutors. Whereas like, "Well, you do realize that a lot of students go over there and it's not about you. It's about you getting better at what it is that you're trying to accomplish." Dr. Brooms:                           So helping demystify some of the resources, helping them literally, walking them to other resources, helping brokering meetings with them and other institutional agents, I think is all critical to building that community, to building that support network that can help them navigate the institution. Jolie Sheffer:                          Part of what you're saying makes me think that one of the messages we might want to get out is that while we acknowledge it's really important for students of color to find people on campus that they recognize as having experiences that might be like their own, for looking at people with similar identities, to really ensure a student's success, we need a web of ally-ship that isn't just with individuals who have been designated mentors, designated advisors on an issue. Jolie Sheffer:                          But that faculty, staff members, that sort of white ally-ship and just ally-ship, generally, being not a passive thing of "Well, if a student comes, I'll be helpful." But a sort of actively helping to set up structures and touchpoints to ensure a student's success. Dr. Brooms:                           I absolutely agree. I mean, even as I think about my own experiences when I was in college. We had an admissions personnel by the name of Andre Phillips. Mr. Phillips, I don't even know if he had an open-door policy. I mean, you hear people talk about open-door policies. Dr. Brooms:                           But I know when his door was open, I would knock and he'd let me come in and sit down. He would talk to me about my experiences or he would just let me sit down and read. I knew I had a space on campus that I could go, A. And B, I knew I had somebody I could talk to. My college experience would not have been the same if I didn't have that office. Dr. Brooms:                           It also allowed me to develop the confidence to build relationships with other people, so there are other ... As you can imagine, Andre Phillips was a black male. There were other people who worked in the Admissions Office who weren't black males. They were other people and I built relationships with multiple people in the office because, one, I was in there a lot. Dr. Brooms:                           But it also helped me see that there are many people at the institution who could be a supporter, who could help point me in a particular direction, who could help me better understand an experience that I had or help me pursue an opportunity that I might not have known about. Dr. Brooms:                           I think your point is critical, is that we need a web. I mentioned Andre Phillips in particular because to my knowledge, he never taught a class. So I wasn't going to him for necessarily academic advice, but it was more so in understanding what I was experiencing. And I had an advisor who was Maxine Proctor, who was phenomenal. Dr. Brooms:                           So as I think about people on the staff side, they helped me make sense of what I was experiencing on the academic side. They offered support that helped me believe that I can do this, because they could talk to me about other students who had come through that space. I was in their offices or in the vicinity of them when other students were talking to them. Dr. Brooms:                           I think about those two in particular that helped me see that if I'm going to make it through this place and be successful and accomplish what I want to accomplish, I need a team of folks. And we know that. Dr. Brooms:                           So to your point, it doesn't have to be formal. We can do better at surrounding our students with support and we can do these in very informal ways that allow for dynamism and fluidity for students to tap into it in their own ways. Dr. Brooms:                           But what it also does is allow us, in a sense, these kind of wraparound services where students don't feel like they have to compartmentalize what's academic, what's social, what's personal. But people are here for their kind of holistic development and their success. Jolie Sheffer:                          What's interesting is so much of what you're talking about, that these things that help students be successful, are really low-tech. And low investment in a lot of ways. Right? Dr. Brooms:                           Mm-hmm (affirmative). Jolie Sheffer:                          They're about the human touch. Dr. Brooms:                           Yep. Jolie Sheffer:                          And about personalizing what can feel like a very impersonal, bureaucratic system. Because universities are large, bureaucratic places and I think we forget sometimes that from a student point of view ... I mean, I've been at my institution here 12 years, so I know who to call if I have questions now. Right? Dr. Brooms:                           Right. Right. Jolie Sheffer:                          But students don't. Dr. Brooms:                           Yep. Jolie Sheffer:                          There's so much that can be done in a low-tech way just to make them feel like people again and not like they're a social security number or whatever their student ID number is. Dr. Brooms:                           Mm-hmm (affirmative). And that goes to this sense of belonging, sense of mattering and sense of value. When people know you by name, I mean, that makes a difference in what students experience. It's one of the guys that I work with said, "They notice when you're not there." That means that I'm looking for you to be there and I want you to be there. Dr. Brooms:                           As you mentioned, I mean, these are all from that point of humanity, that point of human touch, where being in proximity to others really does help feel like I'm supposed to be here. Whereas if I'm just trying to figure this all out by myself and I feel alone, I feel isolated, I feel alienated, that makes this work being a student that much harder. Dr. Brooms:                           That impacts students in very real ways. That not only impacts their academic work, it also impacts them personally and socially. It impacts their wellbeing. It impacts their social-emotional wellbeing. We know that college is a place where there's so many opportunities but also can be alienating and isolating. So that human touch is critical. Jolie Sheffer:                          At ICS, we are invested in fostering conversations outside of academia as well as within our campus and with other academics. How do you see your work influencing people outside of the academic world? Dr. Brooms:                           When I think about some of the service work that I engage in ... I'm heavily invested in numerous communities and some of that is through Boys and Girls Club. Some of that is through YMCA. Some of that is just through the neighborhood and some neighborhood organizations. Some of that is with families. Dr. Brooms:                           I think that engaging with these different communities and community members and organizations really keeps the work that I do very focused on individuals and families. So one of my tag lines is that I wouldn't be a professor if there were no students, period. Dr. Brooms:                           We know that our students come from families. They come from communities, so part of our work should be centered, I believe, and maybe that's kind of my Africana studies training coming out, where the community is important to what it is that, the work that we're doing when we talk about equity and social justice and things like that. Dr. Brooms:                           But I also know that our students have lives beyond the academy. Some of the students who I work with and connected with, they have graduated and they participate in things beyond their professional lives. Like flag football. I'll go to those games because I'm invested in them as people and not everybody's going to stay in higher education or the academy for their careers. Dr. Brooms:                           Obviously, as a student doesn't mean they're going to go back and work in those spaces. So showing up in other areas of people lives, really reveals to them, shows them and demonstrates that you do care about them beyond just what they do academically and how well they might perform in terms of a GPA and things of that nature. Jolie Sheffer:                          And only while they're your student. Right. Dr. Brooms:                           And only while they're on your campus. This goes to technology, where we can really take advantage of it. I have students that I have text conversations with that we set up phone calls, saying, "Hey, man, I haven't talked to you for a while. We need to check in on each other." Dr. Brooms:                           This is both men and women, even though most of my research is on black males. They are students who have moved to different parts of the country I've written recommendation letters for, but that's because they've asked me to. So there's something about the relationship that they value and they believe that I'm going to speak well in their behalf. Dr. Brooms:                           Some of them are working in their jobs and they just call me, reach out, talk to me about how it's going. But I think that's part of community, is that our work is not just confined to the walls of the institutions where we work. For me, it spills out into the communities and where our students and where people live and the families that they develop and engage in and the communities they build outside of that. Jolie Sheffer:                          Thank you so much, Derrick. Dr. Brooms:                           Thank you. Jolie Sheffer:                          It's been a pleasure talking with you. Dr. Brooms:                           Absolutely. Jolie Sheffer:                          Our producer today is Chris Cavera. A special thanks to the College of Arts and Sciences, The School of Media &           Communication, the Center for Women and Gender Equity and the Violence Prevention Center. Thanks so much. Dr. Brooms:                           Thank you.  

  Log-MD story     SeaSec East meetup     Gabe (county Infosec guy) https://www.sammamish.us/government/departments/information-technology/ransomware-attack-information-hub/ New Slack Moderator (@cherokeeJB) Shoutout to “Jerry G”   Mike P on Slack: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-april-2019-tickets-54735183407 www.Workshopcon.com/events and that we're looking for BlueTeam trainers please   Any chance you can tag @workshopcon. SpecterOps and lanmaster53 when you post on Twitter and we'll retweet   Noid - @_noid_ noid23@gmail.com   Bsides Talk (MP3) - https://github.com/noid23/Presentations/blob/master/BSides_2019/Noid_Seattle_Bsides.mp3 Slides (PDF) https://github.com/noid23/Presentations/blob/master/BSides_2019/Its%20Not%20a%20Bug%20Its%20a%20Feature%20-%20Seattle%20BSides%202019.pdf   Security view was a bit myopic? “What do we win by playing?” Cultivating relationships (buy lunch, donuts, etc) Writing reports Communicating findings that resonate with developers and management     Often pentest reports are seen by various facets of folks     Many levels of competency (incompetent -> super dev/sec) Communicating risk? Making bugs make sense to everyone… The three types of power: https://www.manager-tools.com/2018/03/three-types-power-and-one-rule-them-part-1 (yas!)   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec Transcription (courtesy of otter.ai, and modified for readability by Bryan Brake) Bryan Brake 0:13 Hello everybody this is Bryan from Brakeing Down Security this week you're gonna hear part two of our interview with Noid, we did a lot of interesting discussions with him and it went so well that we needed the second week so for those of you here just catching this now Part One was last week so you can just go back and download that one. We're going to start leading in with the "one of us" story because one of the one of the slides he talked about was how you know he you know learned how to be one with his dev team and one of the last topics we had was kind of personal to me I do a lot of pentest writing for reports and stuff at my organization "Leviathan" and and you know, we talked about you know What makes a good report how to write reports for all kinds of people, whether it be a manager that you're giving it to, from an engagement for a customer, or, you know, the technical people who might be fixing the bugs that an engagement person might find, or a pen tester might find in this case. So, yeah, we're we're going to go ahead and lead in with that. Before we go though, SpectreOps is looking for people to go to their classes. They're learning adversary tactics and red team Operations Training course in Tysons Corner, Virginia. It's currently $4,000 to us and it's from April 23, April 26 of this year 2019. That doesn't include also airfare and hotel, so you're gonna have to find your way to Tysons Corner the Hyatt Regency there's a link in the show notes of course to the to the class if you'd like to go You'll learn things like designing and deploying sophisticated resilient covert attack infrastructure, gaining initial access footholds on systems using client side attacks, and real world scenarios cutting edge lateral movement methods to move through the enterprise and a bunch of other cool things... so yeah if you're interested in and hooking that up you can you there's still you still got more than a month to sign up for it it looks like there might still be tickets so knock yourselves out they're also looking for blue team people. "Mike P" on our Slack channel, which will tell you about the end of the show here on how to join if you'd like, he said http://www.workshopcon.com/events they're looking for blue team trainers... you can hang out with folks like you know, SpecterOps and Tim Tomes (LanMaster53) as well there when you you know we can you sign up for the blue team stuff and yeah http://www.workshopcon.com/events and then you can you know learn to be a blue team trainer or actually give blue team training if you so choose. So that said it's pretty awesome. Alright, so without further ado, we're going to get started with part two of our interview with Noid here, hope you have a great week. And here we go. Okay. So I think we've gotten down to like the "one of us" story. So we're in our hero finally starts to get it and begins to bridge the gap. Some of the things some of the points are the lessons learned in this story. And you can tell us about story was that language makes all the difference in the world. This is what got me on to the part about the reporting, which we'll talk about a little while, but maybe you could fill us in on this discovery, this the story that got you to these points. Brian "Noid" Harden 3:37 Okay, so the team I'm working on I get asked the the thing in question is it was a pretty massive product and it had never had any threat modeling done, Bryan Brake 3:50 okay. Brian "Noid" Harden 3:51 So had never had any threat modeling done and this this particular product was made up of tons of little sub products. So what I did is I sat there first in a kind of a complete panic going, this is overwhelming. I don't have nearly enough time or resources to be able to do this. But you know how to eat the elephant, right? The small pieces and get at it. So I had one dev lead, who I know, had worked previously on a security product. And he was a nice guy. So I sat down with them and basically said, "Hey, could you walk me through visually diagramming how your service works, building that data flow diagram, and then we're going to talk about it from a security perspective". And he was sort of like, oh, that'd be fun. Yeah, let's do that. And so we sat there and he diagrammed and the whole time he's diagramming, he'd stop and erase things and go, Wait, no, no, we were going to do it that way. But we didn't. And then oh, and we stopped doing it this way, because we added this other thing and we had to be able to break communication out number channels and then he stopped at one point and was like, get a picture of this was like I think this is probably the most accurate diagram of our service we've ever had. And then when we started doing the threat modeling side of it, like, you know, talking about trust boundaries and you know, it's like all right, so what makes sure that you know data from point A to point B and it's not filled with that kind of thing? And I'm saying okay well, could you could you you know, do this over HTTPS rather than just regular HTTP Bryan Brake 5:29 right Brian "Noid" Harden 5:31 you know you get non repudiation you know, and it's like, not talking about even the security value of it, but talking more about the you know, you the integrity be there and then at one point, he stops and he looks at me and he says, Man, I never had a threat modeling would generate so much feature work. And in my mind, I was like, talking about feature work like, these are bugs you need to fix. Now, all of a sudden, it was like, Oh, crap, I've been approaching this entirely the wrong way my entire career. Devs look at things that have looked at depth look at things from bug fixing, and feature development. And as a security person, what i, every time I'd been bringing up stuff they needed to do in my mind, it was implied it was feature development. But they saw this bug fixing, because in the "dev world" security fixes or bug fixes. He saw the value here and went, Oh, this is going to generate a ton of feature work. And it's like, oh, so I gotta stop calling the security work. I've got to start calling this feature work. And sure enough, not only if you start calling it feature work. And of course now once you're talking about feature work, you can start talking about the drivers. Why are we building a feature because you know, you don't build features nobody wants. Unless you're certain software companies. But yeah, but you build.. you build features that come out of customer requests, you know, you get features that hey, you know, I look at things like say Microsoft Office, how that's evolved over the years. And that's because people who use Office come back and say, you know, this is really cool. But I'd really like it if when I'm giving my PowerPoint presentation, I had a timer on the screen. So I know I'm on mark, you know, and Okay, that's a feature requests. And so that's how these things evolve. And so once I started talking about security work from the perspective of feature development you know, we have existing features that need to be worked on to give them new functionality in order to be able to pick up new customers and we have new features that we need to build that will also help because the other thing too I also noticed is that well... well I care about things like confidentiality and integrity. Devs care about things like availability and performance, right, these two these two things can kind of be almost used interchangeably, depending on the circumstance, so when, when devs are talking about stability, I'm thinking about integrity. When I'm when I'm talking about availability, they're, they're thinking about performance. And so all of a sudden, I'm now giving them ideas for like new proof counters, basically, like new metrics to check the health of the thing that we're building. And the way I looked at it was almost... Yeah, this is what this is the business driver for the, you know, customer X wants it customer Y needs it, you know, and here's the benefit, you know, the product gets out of it. Here's the benefit that developers get out of it. And what a security get out of it? Hey, don't worry about it. Purely, purely any value I derived from this work is purely coincidental. Brian Boettcher 8:57 *Chuckles* Brian "Noid" Harden 9:00 And that, in turn, helps start driving the conversation a lot better. Because the other value I got out of it, too is by having somebody on the development side of the house who had a name and had some, you know, reputation behind him, he was able to go to his respective peers and say, Man, I did this thing with Noid and it was really valuable. And we got a lot of cool stuff out of it. So he's gonna hit you up about it. And I totally recommend doing Bryan Brake 9:27 right Brian "Noid" Harden 9:28 and at which point because because some of the folks I worked with were either indifferent towards me, they were just busy. I did have some folks that I work with, though, that were just flat out adversarial towards me. They frankly they didn't want me doing what I was doing. They didn't really want me parking and poking around like the dark corners of the product. You know, because it was going to make work, but having somebody on their side say, No, I actually got value out of this. Okay, well, I'll give it a try. Holy crap, I got value out of this, too. So that was that was where I suddenly realized that my languagein my mind, I'm not saying anything differently. But yet, it turns out that when it comes to the words coming out of my mouth and how they were being received, it radically changed how I was expressing myself to people. And it totally changed the response I got. Brian Boettcher 10:26 So maybe we need a new "CIA" triad that has the other words on it, you know, the, the translated words for development and product teams, Brian "Noid" Harden 10:35 possibly! Bryan Brake 10:36 performance... integrity is stability. Brian "Noid" Harden 10:43 Yeah, stability. availability... Bryan Brake 10:48 What's confidentiality then? what does the other bit that they talk about or worry about? Brian "Noid" Harden 10:52 I don't know if only we had a dev lead on this call. Brian Boettcher 10:55 *chuckles* Bryan Brake 10:56 Yeah. Do you know one? *laughs*. So, so the lessons learned, you said, language makes all the difference. You know the way you speak is like, you know, if you're, if you only know English, like most Americans and go over to France, speaking louder in English to somebody who only speaks French is not going to help here to help you so "look for the helpers" So let's say you don't, let's say we're not lucky enough to have somebody like the person you found in your organization is is it it's going to take a little bit longer maybe to get them onto your side to you know, poke at him like that or, you know, maybe grease the wheels with some donuts or you know, maybe take them to lunch or something. Would that be helpful at all? Brian "Noid" Harden 11:35 Well, first off Yes, you'd be amazed at how much showing up with donuts Bryan Brake 11:48 Oh, I know Brian "Noid" Harden 11:49 Oh yeah. No, actually actually it's funny too because I actually just a couple of weeks ago and other team at my company came over and gave my team donuts They gave my team the IT team and the tech team donuts because of all the work we've been putting in form... as far as I'm concerned. Yeah, I'll march directly into hell for those people right now, because they gave me donuts... Bryan Brake 11:56 niiiice. they better be Top Pot donuts or something legit not like... Brian "Noid" Harden 12:13 Oh, yeah, they were. They were Top Pot donuts. But yeah, so part of its that something else, too is doing some of the work yourself. So, in addition to all this work I'm doing I'm also managing the development of security features. And I had gone over the product spec for one of these security features. And I built a data flow diagram. And then during one of my little weekly Scrum meetings where I sit down with my devs. I showed it to them. and I remember one of them to and he immediately stopped and was like, "What is this?" He's like, "what is this doesn't make sense", Bryan Brake 12:53 This is forbidden knowledge This is your thing. Brian "Noid" Harden 12:56 Yeah, you wrote this. Okay, you wrote this, this is just a visual representation of the thing that you wrote. And once I explained it him, sort of the steps one through eleventy, you know, and showed him what had happened. He was sort of like a "Oh, that's interesting". Still somewhat dismissive of it, but it was still kind of a file. So in addition to, you know, buttering people up with donuts, and lunch and things like that, but also sometimes you gotta just buckle down and do it yourself, and then show the value. And I mean, I'll be blunt. That's how I've gone by through most of my career is when I can't get traction. I'll go do it. And then pop up and go. Hey, guys, check this thing out. Oh, wow. That's really neat. How do you do that? Where did you do that? It's like oh, you can do it too. Right now I can show you how I can work with you on it. I'm certainly not going to tell you to RTFM and walk out of the room. So part of it is it also shows a little bit of commitment on your part, sort of one of the things I've picked up that security, not even in the equation here. But just having worked in a lot of software development organizations with the devs and the PMs is the devs is frequently see the PM is not doing anything of value except for when you are. So when you are willing to put that kind of effort into deliver something like that, like, Hey, I thought modeled our service,it sort of shows this, "oh, I take it back. All those things I said about you know, you're not worthless after all." So there's definitely some value there too, because a lot of times too people are willing to say because it's easy to stand back and issue edicts, it's easy to stand back and just, you know, get up on your soapbox and tell everybody else what to do. But when you're when you show you're willing to eat your own dog food. That really gets people's attention because it's like, "Okay, this dude clearly cares about this a lot" And now that he's done it, I see what he's talking about. Yeah. You know, like we should do that there's value here. Bryan Brake 15:11 So very cool. Yeah. So when you on the last slide here, when you wrapped it all up, you said engage early and often... Does it have to be so when we're talking about communication, open communication, trying to, you know, some of its, you know, cultivating relationships. So, you kind of need to, you know, if you're introverted, you kind of need to step out of your shell a little bit and go and talk to people, get out of your cubes for once a while. Turn on the lights, that kind of thing. How often did you talk with these teams to help build this relationship after a while, because obviously there had to be some team building there? Brian "Noid" Harden 15:48 Yeah, so in my case, since I was in the team, we thought weekly, okay, weekly, and sometimes daily because they were literally down the hall from me, right, but in terms of where I've had to work in other organizations Where I've been in back in a centralized organization and having to work with remote teams or work with teams that I'm telling them to do things but I'm not in their org... like a weekly basis okay like we're going to meet up this weekbecause like for example like when I was a back when I was at Microsoft I worked in the MSRC before I left yeah and I was handling me and another guy we're handling all the (Internet Explorer)IE cases. Okay. That was a lot of cases because there's a lot of versions i right. So we would go meet with those cats once a week. And we would sit down with them and say, Okay, here's here's the queue. Here's what's new from last time. You know, here's sort of what we think is the priority for fixing things you know, what do you think about it, but it's it's that you always want them to know who you are, and you want them to know that you're just as busy as they are, and that you end that you're also respectful of their time, right? You know, so we'd make the meeting short... personal pet peeve of mine are people that set meetings deliberately long with the expectation of all just go ahead and give everybody 30 minutes. I'll give everybody 30 minutes back, right? Like, well thanks jerk. Like how about you could have just made a 30 minute meeting in the first place? You know it just tells that that that tells me you're not that doesn't tell me you're a magnanimous person that tells me you can't manage your time, you know. So I try to be really concise. Like, I'm going to set up a meeting with these devs. I'm going to include them agenda in the meeting invite. I'm going to set it for exactly how long I think it's like we're going to 30 minute meeting, you know, 30 minute meeting to go over the bugs that are in the queue. There's four new ones from last week one of them's really nasty, you know, that probably is probably going to be a non negotiable.. You know, but the other three are up for negotiation and you show up you sit down with them you know some pleasantries and then you just, you get to work and then you get them back out doing their thing and you get back to your thing. And that really flows well... It really flows well because, you know, none of us like meetings. And the closer you are to touching computers, the more meetings disrupt your flow the more they just disrupt your life and the thing that you're effectively getting usually paid a lot of money for.And so by kind of doing it that way, you keep that cadence up to keep that that sort of friendship and that that rapport up but the other thing too is a another point I wanted to make, but I'm getting tired... but yeah, but but along those lines to Yeah, yo get that rapport there. You're respectful of their time and then you... I can't remember what I was going to say next. Bryan Brake 19:20 So the last bit was, let's see, don't talk about securities, talk about feature development. We talked about that threat modeling your developers, you and Dr. Cowan, my, my car pool buddy, you and Crispin need to you know get get together and talk about the the threat modeling he's doing... he doesn't do trust boundaries so much, one of the talk he gave at SeaSec East was about how we do threat modeling in our organization but a lot of companies are starting to see value in that before we do engagements because we can prioritize what's the more important thing to test versus just testing all the things in the environment Brian "Noid" Harden 19:42 Threat modeling and software development is huge too, like that was one of the one of the things I think a lot of my developers I've done this with over the years have taken away from it is one you have to make it fun... You can't make a complete slog. But one of the nice things about threat modeling, is when you're visually looking at the thing you're going to build, that's when you make the realization that like, Oh, hey, my post office has no door... You know, and it's like the best time to figure that out. Then you always like, I always tell people that. Yeah, the best time to fix a bug is an alpha before you write anything... And the next best time to fix it is before it goes into production. And the worst possible time to fix a bug is after I've been in prod for 10 years, and it's a it's a load bearing bug at this point. It has dependencies on it Bryan Brake 20:30 you know what, it's funny you mentioned that I've been seeing some like Linux kernel bugs they said there was one in there for like 15 years old at affected all of like 2.6.x to up to the latest version. It was a use after free bug, you know that I don't know if they found the bug 15 years ago and just never fixed it but yeah, bugs like that sit in there because people don't don't check for that kind of stuff... Brian "Noid" Harden 20:51 that happens sometimes those the well I mean, God remember that. Remember the whole SYN flood thing in the 90s? Yeah, I mean it was it was it was in the RFC... One of those like, like, Oh, we found the bug. It's like what? You read the RFC. And just finally understood it. You know, so it's, it's that stuff. And there was an SSH bug that popped up recently. Yep. It was the same thing. It wasn't a terribly nasty critical bug. But it was, in a piece of code that had been in SSH for ever. Bryan Brake 21:26 Yeah. I seem to remember that one, too. Yeah. I'll have to find a link to that one. So I know you're getting tired. I have one other topic I'd like to discuss because I do a lot of report writing. Well, I I probably should do a lot of report writing but at Leviathan we you know we're the PM grease the wheels we you know, work with a relationship with the the status meetings, we do the executive summary and such and I could be better writing reports some of our testers are way better at it than I am... You know, taking the taking the whole idea of the language and where where things go with this, when we, when we put findings out, we've won, we call them bugs where we call them findings, not necessarily bugs. But what I'm trying to figure out is how we can better communicate our reporting, when we're doing things like readouts, to you know, kind of resonate with both developers and management because the idea is the executive summary is supposed to be for the "managers" or senior folk and then we have like, you know, components that drill down and talk about specifics and be more technical, but, you know, often we find ourselves and I find myself because I come from a more technical background writing more technical to the executives and my question was, Is there ways of communicating risk to both the developers and the managers in the, you know, using using somewhat the same language? Or should we call the bugnot bugs or not findings. We call them, you know, hey, here's a feature you guys should implement, which would be, you know, HTTP or, you know, you must have seen a few pen test reports in your time. And I mean, what is what is your opinion of pen test reports? Brian "Noid" Harden 23:13 So, my opinion, the most pen test reports, is that their garbage... Well, they're usually written to, they're usually written to one extreme or the other. So unfortunately, I have yet to find any really good language that appeases everybody. Brian Boettcher 23:30 So what's the one extreme or the other? Brian "Noid" Harden 23:32 What are the two extremes they're either hyper technical, the sort of stuff that like any of the three of us would probably look at and go, Okay, I get it, right. I understand the value here or there so high level that if I'm a business person, I might be sitting there going, Hey, okay, you know,you've you've reached out you've touched my heart. I understand that this this is a critical like this is a big issue we need to get fixed. But there's not enough meat there that if I took that report and handed it off to my dev lead and said, go fix this. The dev lead is going to sit there and go... Brian Boettcher 24:09 Are you kidding me? Brian "Noid" Harden 24:10 Yeah. Like, I don't know what to fix, according to this report says bad things can happen on the network. Are you telling me to go prevent bad things from happening on the network? So that's the thing. I find that Yeah, they either overwhelm you with details or there's not enough substance to them. Okay, so every once in a while, you get a really good one though, you get a you get a you get a really good one. If I could look at just a shout out to CoalFire actually, like their reports. Unknown 24:39 I mean, okay, So, What is a happy medium type report for you? One that would satisfy the manager folks but also get with, you know, be technical enough. What kind of things would you like to see in reports that you get from them and feel free to you know, talk about the Coalfire thing I guess Brian "Noid" Harden 25:02 *Chuckles* Bryan Brake 25:06 *Chuckles* We're always trying to improve our reports that Leviathan we've gone through and done things like test evaluations and you know things like that and no it's fine you know they're they're cool with me doing my podcast on the side so but if you had when you get reports... the good ones... What do they look like well I mean what what kind of things that you're looking for and and and in a pen a proper pentest report? Brian "Noid" Harden 25:30 Well for me being a technical person one of the things... the biggest thing I'm looking for in a report repro steps, right? If you haven't given me clear repo steps, then you have given me a useless report and that's the thing I've seen reports were basically it's... you know, hey man, we all we popped your domain controller you know, we did this we did that. Look at all freaking awesome we are... And you're like, Okay, I didn't hire you guys to be a circus sideshow. I hired you guys to show me where my risk is, and so I can focus my I know where to focus my efforts. And so those types of so those types of like, "look at how badass I am" reports don't do anything for me... what I do like there were reports that say hey you know we found a cross site scripting vulnerability on this particular product in this particular area. And here is not only screenshots of the cross site scripting vulnerability happening, but here's the repro steps because what's going to happen is, for example, you know, I see something like that and I go, Well, we got to fix that. I'm going to go to my developers. And the first thing my developers are going to ask me is, can you repro it? Can I read through it because one of the things they're going to do is after they fix it, they're going to validate the fix if they don't know how it was exploited in the first place. They're not going to know how to validate the fix. So being able to provide that information... down is is huge for me. Um, but then again, I'm also not, you know the business guy, I'm not the big money guy, I'm I want my report to be technical right so would the executives of my company get the same value out of the report? I probably not... you know when you're talking to the much higher level non technical people what you need to be doing is you need to be making sure you're talking in terms of risk. Sure, you know, you're talking in terms of risk and you're talking in terms of a not technical risk... You know, at the end of the day, the CEO of the company doesn't give a damn that SMBv1 is still on the network, right? They might not even know what that is, right? odds are I'm gonna I'm gonna go out and say they probably don't know what that is. Um, and even in that doesn't mean explain to them what it is because they're not going to care so first. We're going to go from not knowing what it is to not caring what it is. But if you express things in terms of risk of that, you know, the current network architecture, as it stands is very fragile and could be easily brought down, you know, through almost potentially accidental behavior, let alone. malicious behavior. You know, resulting in outages and SLA violations right now, you got their attention, because what they hear there is also if I don't fix this, it might cost me money. Brian Boettcher 28:36 profit loss. Brian "Noid" Harden 28:37 Yeah, and that's the thing. It's the, you know, depending on where they're at, in the org structure, you know, I've been in I've been in plenty of organizations before where downtime... downtime is bad... downtime is just, I mean, downtime is never good. But I mean, I've been in organizations where it's like, okay, so I just got promoted to like, super uber director guy. 48 hours into the gig. You know, we had like, a two hour outage,... I'm done. Bryan Brake 29:08 Busted that SLA, big money... Brian "Noid" Harden 29:10 even though even though I had nothing to do with it, I'm the accountable one. So, yeah, you have, you know, you need to be able to express things in terms that they translates to, you know, finding out like, like one of the things I back when I used to be a consultant, one of the things I always ask the executive types I'd meet on jobs is what keeps you up at night. You know, what keeps you up at night? Like what you know, don't don't worry about what I'm concerned about, what are you concerned about? Because they might be the same thing. I'm just going to talk to you about it using again, using the words that you care for and understand because I see a lot of technical people try to describe risk to non technical people and they do it by being highly technical and when it's not being understood. They fall back to being even more they take the approach of being in France... not speaking French. So I'm going to speak slower and louder, right? And, and at the end of the day, they're just going to keep shaking their heads going, Man, this guy really wants to express something to make. Bryan Brake 30:18 Yeah, something must be really important... Brian "Noid" Harden 30:20 ...to agitated by it. I don't know what it is... Bryan Brake 30:23 Great, now it's blue monkey poo. I don't know what's going on. Brian "Noid" Harden 30:26 Yeah, so that's, that's it. So yeah. When you're when you're talking to leadership, expressing things in terms of the contract violations, SLA violations, financial financial impact, right? You know, like, like, one of the things I liked when PCI came out and they had like these ridiculous up to $10,000 per bit of PII that gets disclosed and then you explain to a room full of high level people that and if blank were to happen 40,000 bits of PII .would be exposed a you knnow and I'm not so good at math but my calculator here tells me at $10,000 a pop and you watch people in the room real quiet... Bryan Brake 31:10 oh yeah no that now you know the thing is you just haven't seen a Leviathan one yet so you know if you want to you know reach out to us we'll do a pentest for you we when we don't mind coming out and hanging out doing pen tests for you so Brian "Noid" Harden 31:24 Frank's a good friend, solid solid human being Bryan Brake 31:26 no I mean will take your money and will give you a good will give you good drubbing. You will not get up and down left and right. You'll make it hurt. So anyway, actually, yeah, we we actually might need to talk about that a little bit later. I would not hate on that. I get money when people come in its new business. So yeah, I wouldn't hate on that at all. Brian Boettcher 31:47 I like in in your last phrase or last sentence in your presentation. If you can, avoid even using the word security. I think that's a good summary of what we talked about. Bryan Brake 32:00 Yeah, that got me too. I was like, Wow. Okay. So it's like, it's like the buzzword you're not supposed to say or, you know, like, you get a shock.. Brian "Noid" Harden 32:08 Treat it like a game. Yeah. Yeah, you got it like a game. But you you'd be amazed it works Bryan Brake 32:16 hundred percent of the time. It works every time? Brian "Noid" Harden 32:18 Yeah, hundred percent of the works every time. But, ya know, it it it definitely works because there are people too because there's conditioning, right. The history between security people and software developers is deep and it goes back Bryan Brake 32:33 it's contentious Brian "Noid" Harden 32:34 it's contentious at times. And, you know, obviously, you know, you try to try to try to be a good human being, trying to better the world around you. You know, try to,when you whenever you go somewhere, try to leave it in a better condition than you found it. But also understand that the person who may have been there for you may have just straight up just f the place up Brian Boettcher 32:58 scorched earth Brian "Noid" Harden 32:59 Yep, yeah. so and so. Yeah. And sometimes, because, I mean, I've got, I've rolled into organizations before where it's like, Why are these people so mad at me? I just got here... And it's like, oh, because the guy you replaced was just got off. And then and it sucks because it's not fair that you have to rebuild those damaged relationships because you didn't damage them. but life ain't fair? Bryan Brake 33:22 Yep. Well, you know, what, the, the, the whole, you know, DevOps and those things, that was the, you know, the Elysian Fields for developers like, Oh, I can go do anything and enjoy everything, and then it's like, you know, we're, the "no" department where the, we're the where the ones are going to put manacles on them. So, you know, security folks have have got to learn to be flexible, compliance folks can't wield their hammer anymore, like they, they should, if they want to, you know, play with the developers in the devops and the management folks, we talked about this with Liz rice couple weeks ago about getting, you know, security into the devops area and it's like one we got it we gotta learn to be flexible we've got to help them understand that now yeah the bug feature stuff if I'd heard this when we were talking to her I'm almost certain she would agree with us on the fact that you know we can't treat security like security we have treated as feature enhancement in this case Brian "Noid" Harden 34:16 it is a feature, you know it is a feature and increase the stability of the product that can get increases the customer base of the product it's right it has all the same things to it that any other feature would, but yeah but as far as the security being the note apartment thing to something else is like I still run into security people that they look at themselves as the "No" department that kind of pride themselves on Yeah, and when you find those people just call them out. I mean, just just tell them like, Look, man, that doesn't work. It's never work. Stop it now. Because when you're viewed as the "no" department, no one will ever want to work with you. Why would you want to? Bryan Brake 34:57 Yep... you're a non-starter Brian "Noid" Harden 34:59 Yeah, what's go because that was a bit of career advice I got at one point was that basically be solutions focused. You know, nobody wants to basically you're not going to go anywhere if you're the person who's calling out the problem and you might be calling out the problem more articulately than anybody else in the room, you might have a better understanding of the scope of them the depth of the problem, but there is a whole class of manager out there that will just be like, Man, that Noid guy, nothing but problems. Whereas if you instead say, you know, you kind of focus on the sort of the not really the problem, but rather you focus on the solution... "be solutions oriented" to sound like a business guy for a second. And it's like, yeah, you'd be that solutions oriented person, and especially if you can do it with a sort of positive spin, like I had a boss at one point I would stop in his office pissed off every once in a while, and I just be like this is screwed up and that screwed up and blah, blah blah. And he stopped and go "leave my office now and come back in and restate everything you just said. But in a positive way." I don't even know how it will then go sit in the hallway for a few minutes she would come back and I'd be like, okay,we have an opportunity for us. And I tell you I hated them for it. But name if it didn't work. Bryan Brake 36:32 Oh god. Yeah, that would make complete sense. Yeah, coming in with a positive instead of negative. Brian "Noid" Harden 36:40 So that's the thing. It's like yeah, even when your negativity is spot on and accurate. There's a lot of people that are like.. "ugh the person is always negative" And then sure enough, yeah, you start focusing on like, oh, you're the positive solutions oriented guy. Even while you're telling them that it's all basically like we're all going to Hell, but I'm doing it in a positive solutions oriented manner, and you'd be amazed how much traction I get you. Bryan Brake 37:06 Mr. Boettcher, do you have any other thoughts or questions? I want to let Mr.Noid go, cuz he's getting a little ty ty, he's a bit sleepy and he needs to go to bed... Brian Boettcher 37:15 There's a lot of great tidbits in here. I'm gonna have to listen to it again, and get all of them. And, and again, there's a lot of manager tools references here and, and manager tools, if you're not a manager, that's okay. It's not for managers, all that stuff they talk about is is really valuable to all employees. Brian "Noid" Harden 37:39 What's it called, the manager tools podcast? Bryan Brake 37:42 Yep.It's been going on for 12 years. Brian Boettcher 37:45 Since 2006 Bryan Brake 37:46 Yeah, something like that. It's it's very big. We put a link to the three powers three types of power and one to rule them all in the in the show notes as well. So yeah, go listen to that. I listened to that it's it's one of my regular non-info sec podcast that I listened to, so I listen to it every Monday morning, and when I'm on the treadmill at the gym, so yeah, really, really excellent stuff. If you're, you're out there and, you know, yeah, I mean, it'll help you kind of understand, but if you're out there and you're not a manager yet, it might help you understand where your managers coming from, too. All right. Mr. Noid how would people get a hold of you if they wanted to maybe have you for more podcasts appearances or, you know, speaking engagements or whatever? Are you going to be speaking anywhere soon? Brian "Noid" Harden 38:39 Am I I don't know. No, I don't think I am right. Sorry. Are you going anywhere? So question? I am there you go. I am speaking soon. Yeah, I'm, I'm speaking at the NCC group. Open Forum. Oh, that's right. That's next weekend. I don't think it's actually been announced yet. Okay. It's I mean, it's cool for me to talk about it. But yes, it's... Bryan Brake 39:02 the 12 (of March) yeah it is the 12th in Fremont, so if you're outside of the Seattle area you're going to be SOL.. yeah they don't record that Brian "Noid" Harden 39:15 but but I'm going to be giving basically the abbreviated version of my besides talk. they had they had an empty slot they needed to fill up... and they basically said could you do it I said sure and then they said it's 30 minutes long and I'm like well my talks an hour, but how will will make it work... they're I think they're a Tableau up in Fremont... Bryan Brake 39:37 yeah I'm on that list and yeah I know Miss Crowell over there who's one of the senior managers at NCC she's great lady... she's actually not running she used to run it and and gave somebody else but she still helps out a when she can but yeah, really, really great quarterly open forum that NCC group puts out. Plus they put out a nice spread for dinner certainly good Brian "Noid" Harden 40:00 I haven't been the one in a while, but they usually a lot of fun. I wouldn't last one of those I went to was a TLS 1.3 Bryan Brake 40:09 I was at that one too. Brian "Noid" Harden 40:10 That worked out great. Because literally the following weekend, I spoke at DC 206 nice about TLS 1.2 right? and ended up getting Joe to come along and speak about TLS 1.3 and a much more authoritative manner than I could have. It's bad ass. Bryan Brake 40:24 Yeah, Joe. Joe was on the steering committee for that. Brian "Noid" Harden 40:28 Yep. Yeah, I think but yeah, that was also nice. He kept me honest. While I was given my talk. I periodically just look at them any kind of nod. I'm not going into the weeds yet. But yeah, as far as getting a hold of me goes the best way to do it is I'm on Twitter @_noid_ or you can email me at noid23@gmail.com Bryan Brake 40:52 Yeah so yeah if you're in the Seattle area and the downtown Seattle area or Fremont area that's really nice place I think parking I think was at a premium The last time we were there Brian "Noid" Harden 40:52 It's Fremont, parking is always at a premium Bryan Brake 40:52 they're dodging bikes or whatever like motorized bicycles or whatever so you know Brian Boettcher 40:52 scooters now Bryan Brake 40:52 yeah I mean Fremont area they're really weird about their bicycle laws and stuff up there so Brian "Noid" Harden 41:07 ...and zoned parking so watch for your park too Bryan Brake 41:32 I'm going to get Miss Berlin because you know she's got a lot going on she's you know heading up the mental health hackers group.. you can find her was it hacker... god I hate this, um... she's @infosystir on Twitter. hackers mental health is her nonprofit. She's running that and you can find that @hackershealth on Twitter, she will come to your convention or conference and do a village. And and, you know it's a nice chill area you can go to, if you're interested in doing that Brian "Noid" Harden 42:12 is truly doing the Lord's work too. Bryan Brake 42:14 Yes she is. And we're very proud of her for all that she's doing. So yeah, her and Megan Roddy who's also one of our slack slack moderators... So speaking of our slack we have a very active slack community we just like I said we have "JB" who was promoted to moderator because it's been far too long and he's been doing the the European and Asia book club and he should have been a moderator for a while so did that today gave him access to our secret moderator channel and such and but yeah we have a social contract you can join us by emailing bds.podcast@gmail.com or hitting our Twitter which is the the podcast Twitter @brakesec and you can follow me on Twitter.@bryanbrake. Mr. Boettcher, you got a lot going on to sir how would people find you if we wanted to talk about the log MD stuff? Brian Boettcher 43:10 yeah you just go to log-MD.com... Don't forget the dash right otherwise you'll you'll get some well nevermind... Bryan Brake 43:20 Is it like WhiteHouse.com *laughs* that's an old joke kids! Brian Boettcher 43:26 I'd like to say though if you if you do go by your developers donuts or whoever don't eat any between the pickup and drop off right because then you'll show up with four donuts and they'll be like oh thanks great there's 10 of us and you bring us for Donuts Bryan Brake 43:41 {imitating Forrest Gump]"I had some sorry" Don't do that yeah yea buy 13 donuts and then eat one for yourself and then say you got it doesn't you go yeah so you're making an appearance you're going to be Bsides Austin at the end of the month along with Ms. Berlin's going to be that one as well. I think? Brian Boettcher 44:00 I am... Megan's going to be there I'm not sure. Very cool as her home base so we'll see. Nice. Yeah and the classes are cheap. I don't know if they're sold out yet but it's like $100 bucks. Bryan Brake 44:13 Okay, awesome. Cool. Before we go, we have a store. If you want to go buy a T shirt for the Brakeing Down Security logo, you know, you can definitely go do that or get one with Miss Berlin's face on it. Which is very weird but it's still very cool I'm going to probably by pink one here in the next few weeks and thank you to our patrons people who help support the podcast but donating some money helps pay for hosting pays for the time that we're doing this also we're looking into adding some possible transcription services we've gotten a couple emails from people who are saying they want to get transcriptions of us saying "uh, um, ah" lot so I actually actually it was a gentleman by the name of Willie I think was said head hearing difficulties so he wanted to know if we had a transcription of the podcast and I feel really bad because I'm like I don't know how to reply to him and say I you know we're just a little mom and pop shop here so we're looking at transcription services maybe something like Mechanical Turk or there was one called otter.ai that we're we're looking at to maybe kind of make it better for people to hear these things Brian "Noid" Harden 45:26 I'm actually actually suffer from degenerative hearing loss. I'm slowly going deaf myself Bryan Brake 45:31 I've got tinnitus is from the Navy Brian "Noid" Harden 45:32 same here. It's permanent and ongoing. And just yeah, it's like I feel for him. Yep. And hopefully transcriptions will be a thing at some point. Yeah, god's I hope so. Yeah, I mean, other than the US and about 800 times during podcast I apologize for that. But yeah, so we're, we're trying to look into that if if we can make it work we will we will do our utmost to make the podcast as available as possible to everybody. So in end up to be we have to hire somebody, he'll do it for us. So that that may be another thing, which means will need more pot Patreon money, you know that kind of thing. So if you're interested in getting full transcripts we may make that possible if we can get another maybe 20 to 30 people a 20-30 bucks a month. So but we do appreciate that the tips the you know we call them tips because you're helping to support the podcast and helping us get this out. And yeah, so for Miss Berlin who's not here sadly. And she's going to be kicking yourself because this was a really awesome podcast and Mr. Boettcher. This is Brakeing Down Security from a world headquarters here in Seattle. Have a great week. Be nice to another. Please take care of yourselves because you're the only you have and we'll talk again soon. Brian Boettcher 46:45 Bye bye Brian "Noid" Harden 46:46 Bye Internet people. Transcribed by https://otter.ai

It's hard to stay away from a good thing forever. In the first episode of the James McAllister Online audio blog, I formally announce my return to the world of internet marketing, discussing topics such as: * Where I've been these past few years, and why I lost touch with my audience * Growing pains I experienced while building two consumer product brands from scratch, to over 100,000 unit sales. * The death of my former website, 'Help Start My Site', and what's changing with my new website - James McAllister Online View the full post here: jamesmcallisteronline.com/james-mcallister-online Check out my products here: jamesmcallisteronline.com/products

Where I've been, where I'm going, and many things in between!!!

Where I've been and what I've been doing and not doing.  And where I'm going next. Show Theme "Hot Swing" from Kevin MacLeod of Incompetech.com. Comments via the https://www.speakpipe.com/grizzlysgrowls  Comment Line: 218-234-CALL   218-234-2255  Contributions: https://www.patreon.com/grizzlysgrowls    

Where I've been and what I've been doing and not doing.  And where I'm going next. Show Theme "Hot Swing" from Kevin MacLeod of Incompetech.com. Comments via the https://www.speakpipe.com/grizzlysgrowls  Comment Line: 218-234-CALL   218-234-2255  Contributions: https://www.patreon.com/grizzlysgrowls    

Welcome to the very first episode of Hot Box Mixtape, Where I've lined up a truckload of new and old deep house music.

The very first episode of Kids Raising Kids! I wanted to kick this off with simply telling you all my story. Where I've been, where I am now, and the reasoning behind KRK. Enjoy! --- Support this podcast: https://anchor.fm/kidsraisingkids/support

Where, I'm from, Where I've been, Where I'm going... A brief history of How all of this started.

Welcome to my new podcast show! My name is Joe. I've been around the world and my right leg is hairer than my left (crazy story). I have a knack for disecting seemingly complex subjects into easily understood concepts and I enjoy researching psychology, art, recording my own music, and exploring the human mind.This episode is brought to you by ME! - Head to faintthepleasing.com and use the CODE: "anythingjoe" for 30% off all of my music catalogue. Or be smarter and just find me on spotify, iTunes, or wherever you stream music!!!In this episode I introduce myself and my story. Where I've come from, where I've been around the planet, what I plan on doing with this podcast, and why I gave up the city life to live in the country where I hunt my own food and connect better with my roots.

Where I've been, what I'm up to and my anxieties, etc Enjoy! I look forward to hearing from you!

As you go through the work day do you find yourself falling victim to those cupcakes in the break room? The lure of the overpriced vending machine? And the ease and quickness of popping a few power bars in your bag in the morning as nourishment for the rest of the day? Rachel Drori is here to change that with her deliverable and organic soups and smoothies from Daily Harvest. Made for people who want to eat healthy but live a busy life on the go, her products come frozen and pre-packaged in single serve cups and bowls with whole ingredients like avocados, dates, and kale, among others. All consumers have to do is add a liquid or broth of their choice and get to cooking or blending! With recipes cooked up by herself, a nutritionist, and a Michellin star chef, she aims to build a transparent brand that consumers know they can trust, and deliver products that truly provide them with the nutrients that they need to perform their best. The concept for Daily Harvest started when she worked at Guilt Group, and juggled multiple roles between customer acquistion, loyalty, and branding. With hardley anytime for herself, she fell into the trap of grabbing junk food for a quick energy source. Starting to feel fatigued and constantly undernourished, she started pre-packing her own smoothies. She began seeing how having nutritionally-rounded and filling smoothies helped her function better throughout her day, and how preparing her smoothie packs cost her very little time in the morning. Then once her husband started stealing her packs, she saw they were not only convienient and helping her, but others as well. So she started to test the market with her smoothie packs and set a consumer metric for herself. Once she was able to get 5x more customers outside of the people she knew, she would seriously invest in her business idea and quit her job. After she hit that mark, she gained faith and confidence that her business had legs and she launched Daily Harvest's beta website, and got a commercial kitchen in NYC's Long Island City. For eight months, she funded herself and was the company's only employee. She hatched the recipes herself, bought them, packaged them, and drove around NYC delivering orders to consumers. Not to mention she was pregnant at the time! On her delivery runs, she used that one-on-one time with customers to conduct more market and product research. She gained valuable information and feedback, and was able to solve a merchandising issue with one of her smoothies, Carrot Chia. Originally called, Wake-n-Cake, the smoothie wasn't selling despite it's great flavor and health benefits. Puzzled as to why, she talked to customers and conducted a blind taste test, and found that customers loved it. Taking what she learned, she was able to know that it was simply the name and how the smoothie was portrayed. As her business continued to grow and her money started dwindling, she started looking towards external funding. She was met with a lot of no's because venture capitalists couldn't grasp the weight of the smoothie market, and the benefits of organic smoothies. But, as luck would have it, she was able to land one institutional investor, as well as some angel investors from her target audience, and Daily Harvest was able to enter into a new chapter. Take a breather, and have a listen to how she developed a tough skin and fought for her dream in today's episode! In this episode you will... Gain confidence in your business idea to withstand the critics Learn to take the negative feedback you get from venture capitalists in a constructive manner Understand the best way to alter or preserve your products to match the likes and dislikes of your market Find out how to develop a core mission and concept for your business Distinguish between methods of developing customer acquisition and loyalty Become relentless in starting and managing your business INSIGHTS "It's hard to have people poking holes in what your passion is...when you believe in it...So you've gotta have some mental fortitude, but also really believe in what you're trying to build." -Rachel Drori "The way that I built Daily Harvest and my true belief is that ...I would like to be this hugely customer centric business with its roots in hospitality...if I keep that at the core of what we're trying to build, it allows me to keep the customer first." -Rachel Drori "As a start-up, things happen and you don't have the resources to be able to flex your guns...and make this right. Sometimes the customer suffers and I believe it's all about transparency and having a relationship with the customer where they know that you're being genuine." -Rachel Drori "Where I've grown the most is being relentless. It's not my natural personality, but when you have something that you're trying to build...there's no....hierarchy holding you back from it, you really do have to be relentless in everything, and knowing that what you're creating is worthwhile and being able to motivate and entire team behind what that is." -Rachel Drori RESOURCES Daily Harvest Website Rachel Drori LinkedIn Daily Harvest Facebook Daily Harvest Instagram Daily Harvest Twitter Getting to Yes by Bruce Patton, Roger Fisher, William Ury

How Good Is Your About Page? The About Page or About Me page on your website is arguably the most important page on your site. And yet, it's so often neglected when people create a website in order to concentrate more on the "meat pages" of the site. Pages like their portfolio, or the services they offer. The About Page is often just an afterthought. You know you need one, so you whip one up quickly and move on. But if you look at the analytics for your site you will probably see that your About Page is one of your most visited pages. Chances are you have a link to your About Page in your menu bar, and when someone lands on your site, regardless of the page they land on, they will probably click on that link to learn more about you. If you don't have a well-crafted About Page you could be turning visitors off and leaving potential business on the table. What makes a great About Page? People often fail in their About Page because frankly, they're talking about themselves. You would think that's what an About Page is for. But in truth, visitors really visit an About Page not to learn who a person or company is, but to find out why they should care. What's in it for them? they're there to determine if they should be interested in you and to figure out if you can help them. If not then why bother looking at the rest of the website. How do you make a great About Page? How long should an About Page be? There is no right answer to this. The length of your About Page should be long enough to get your message across and nothing else. Every business's About Page will be different so it's imperative that you test different things to see what works for you. You've heard about A/B testing? The About Page is a great candidate for such testing. Parts of a great About Page. Part 1: Your About Page should have a hook. Something that immediately grabs the attention of visitors and lets them know they've found the right person or business for them. Here's an example of a good hook. "Welcome to my site. Are you wondering how to promote your business? Do you have a great idea but don't know how to present it to the world? Are you tired of your current brand and want something more exciting? If you're asking yourself any of these questions, then you've come to the right place. The hook gets into the head of your potential clients. The hook tells them that you know what they need help with and that you have the solution to their problem. Trust me, if they think you have the solution to their problem, they'll be begging to work with you. It's a very basic concept but it's super effective. Figure out what questions your potential clients have and list the most popular ones. How do you figure this out? By asking your clients questions. Over time you will learn what common questions come up, what problems they're seeking help with, and you'll be able to address them here on your About Page. If you open with a great hook, your visitors will want to keep reading. Part 2: Share the benefits people get by working with you. Not the services you offer, but the benefits they get. What will they get if they decide to work with you? An example can be something like this. "Allow me to use my vast skills and experience as a graphic designer to create something amazing, something that is truly unique to you. I have a knack for capturing the personality of a company and creating designs that will reflect not only who you are, but designs that lets you connect with your target market on a personal level. In other words, I create designs you can be proud of. You see? This second part kind of describes you a bit, but in a way that benefits the viewer. Part 3: Share social proof. This is a great place to display an image of yourself so your clients have a face to associate you with. Share your accomplishments, not to gloat, but to prove you're the right person for the job. In my case, this is where I would mention being in the design industry since 1989. That I've helped brand 100s of successful companies. Where I've had my designs featured and what awards I've won. A little name dropping also adds social proof as to why someone should hire you so list any well A little name dropping also adds social proof for why someone should hire you. List any well well-known companies you've worked with. They may be local, national or global companies. If you think it will help, mention them here. Another great way to share social proof is to include one or two testimonials from clients praising your skills and partnership with them. People visit your About Page to learn about you. What better way to learn, than by hearing what others have to say about working with you? Be cautious in part 3. Don't include too much in this section or you might come off as too overbearing and smug. Don't talk about awards you won 10 years ago. They have no meaning to today. You only want to share enough to assure people that you are capable of helping them. Part 4: This is where you finally get to talk about yourself. You could mention where you went to school and how you got into the business. Limit it to just a couple of paragraphs. Enough for people to get to know you a bit better. Imagine you are meeting someone face to face for the first time and they ask you why you became a designer. Part 4 of your About Page is the answer you would give them. In my case I would tell them I had no intention of becoming a graphic designer. I only enrolled in the course as a stepping stone to something else I wanted to take in university. But once I started, I fell in love with graphic design and immersed myself fully in the program, graduating at the top of my class. If you want, you can include a few fun facts here about yourself in this section. Hobbies, likes & dislikes, family information you don't mind sharing. Stay away from controversial subjects like religion and politics. Myself I would mention my love of podcasting. That I'm a dog owner. I might also mention how I'm not a coffee drinker, which goes against the typical stereotype of the graphic designer. Use this section to really show off your personality. Remember, your About Page can also weed out people who wouldn't work well with you. If they don't care for your personality, chances are you wouldn't work well together. Part 5: This is probably the most important section and yet it's also the most overlooked. Include a direct link for visitors to contact you. A contact form works best, but any method that allows them to contact you is imperative. Include some sort of call to action letting them know you're anxious to hear from them. They just spent the time learning who you are and how you can help them, so make it easy for them to get a hold of you to start a working relationship. There you have it. A great About Page. Will following these steps guarantee new clients? Of course not. But every bit helps. And there's no reason your About Page shouldn't be given as much, if not more, attention than the other pages on your website. Don't leave potential business on the table because you have a weak About Page. What does your About Page look like? Leave a comment for this episode telling me your formula for a great About Page and I'll make sure to link back to it. Questions of the Week This week's question came from Michael. He asked... I'm a staff designer at an established agency. The leadership here does allow us to take side (for lack of a better word) freelancing jobs to help us grow our skills and creativity. As long as it's not a direct conflict of interest with the company. I'm struggling to gain traction in finding work. I have good set of personal clients that I work with already but nothing to add any substantial amount to mine and my wife's income. Just odd jobs now and then when my skills are needed. What is your method to finding new work/clients? Which ones have you found most effective and which methods would you recommend I stay away from. To hear how I answered Michael's question you'll have to listen to the podcast. I did however share this link with him. 10 Proven Ways To Attract Design Clients I would love to answer your question on a future episode of the podcast. Submit your question by visiting the feedback page. Resource of the week Who Stole My Images FaceBook Group This is not a resource I'm familiar with myself but when I heard about it I thought it would be great for my audience. It was shared by Molly in the Resourceful Designer FaceBook Group. Who Stole My Images is a group that helps creative people when their intellectual property has been stolen for illicit gains. If you sell your designs anywhere on the internet there's a good chance that someone copied your artwork and is selling it as their own. It's not always easy to stop these people and that's where this FaceBook group comes in. The members have experience and are willing to share their tips and tricks to help you target the thieves. If you find yourself in such a situation simply ask to join the group. Subscribe to the podcast Subscribe on iTunesSubscribe on StitcherSubscribe on AndroidSubscribe on Google Play Music Contact me Send me feedback Follow me on Twitter and Facebook I want to help you. Running a graphic design or web design business all by yourself isn't easy. If there are any struggles you face running your design business please reach out to me. I'll do my best to help you by addressing your issues in a future blog post or podcast episode here at Resourceful Designer. You can reach me at feedback@resourcefuldesigner.com

It doesn't matter WHERE I've been or WHAT I've done, Jesus stands ready to FORGIVE.

It doesn't matter WHERE I've been or WHAT I've done, Jesus stands ready to FORGIVE.

Where I've been for the past few weeks, freeze-frame moments, and time to watch some cartoons! Download here!

The Fable of the Tarsierby Barry J. NorthernWhy not listen along to the Fable of the Tarsier as you read? Just click the play button below or download the MP3. A tarsier sat upon his branch, chewing on a large cricket he had just caught. A warm jungle breeze rustled the leaves about him, and above, stars twinkled through the forest canopy.He heard approaching footsteps on the branch and swivelled his head, fixing his large eyes upon a brother hurrying towards him. The younger tarsier waved his arms and chirruped. So hurried was Chirrup that Cricket-Catcher did not at first understand his words.“... coming … quick … coming … this big.”Cricket-Catcher smiled around a mouthful of food as he watched Chirrup extend his little arms as wide as his slight frame would allow. “Big, eh?”Chirrup jumped up and down and nodded. “Yes, yes. Big it is. Quick.”“Quick too?”“No, no quick, we must go.”“Where? I've just caught this cricket. I'm not moving.”This sent Chirrup into another frenzy of arm-waving and high-pitching singing. “... coming … big … snake.”This caught Cricket-Catcher's attention. “A snake? A big snake is coming?”Chirrup sighed and deflated. “Yes.”“Relax. Snakes are slow.”Cricket-Catcher spotted a Striped Tree Frog sneaking up the tree's wide bole below him. Finishing off his cricket, his mind already on his next meal, he spoke idly to Chirrup whilst eyeing the frog. “You know, those are clever little things. Tasty though. Worth catching. Can't leap as well as us. I saw one in the morning once, just before going to bed.”“Go! We go now!”“Yeah, yeah. Just a minute. It was pale coloured. You never see them pale like that at night. It's like they change colour to fool us. Argh! A snake!”Cricket-Catcher had never before seen a snake as large as the one that loomed up from the shadows beyond the small frog.“I told you!” cried Chirrup as the pair leapt upwards into the canopy where the branches were thin and the snake could not follow.“I know. But did you see the size of that thing?”A picture is worth a thousand words.The Fable of the Tarsier by Barry J. Northern is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.0 UK: England & Wales License.Hosted by The Internet Archive.Music by Jeff Wahl from the album, Guitarscapes, and provided by magnatune.com