Tag Archives: Commentary

Hacking Humans : A Talk About Social Engineering

Back in January I did a talk at NDC London about Social Engineering. This was a new talk and I very much enjoyed doing it to an almost full room. The conference organisers have now published all the videos from the conference. You can see this talk in the video below.

Here is the official talk description:

Social engineering is one of the biggest threats to our organisations as attackers use manipulation techniques to coerce people into revealing secrets about our companies to allow attackers to gain access to critical systems.
In this talk we will look at some of the techniques used in social engineering and look at how to guard yourself against them. We will cover subjects like pre-texting, elicitation and body language as techniques for manipulating people.

Tim Ferris Tricks for Combatting Procrastination

I am not going to write a big article around this, but procrastination is something that effects us all, especially when you have a big project to complete. This happens to me all the time and I constantly have to train myself to get past it.

The tips in this video are very useful, I highly recommend watching it. Over to you Tim….

Speaking at NDC {London} 2017

Last week I had the pleasure if attending NDC {London} again as a speaker. The NDC conferences are such an amazing experience and they are run by the awesome people at programutvikling. This is my 2nd time speaking at NDC {London} and like last year where I spoke about Cryptography, I was keeping the security theme going by talking at Social Engineering and Human Hacking.  I was fortunate enough to spend the entire in London for this conference, which included the 2 workshop days before  the main conference.

The reason I wanted to attend the workshop days is because I would like to plan a workshop, so I wanted to sit in part of one to see how they are run. Troy Hunt was kind enough to let me sit in his Hack Yourself First Workshop. I learnt a lot here, not only about security, but the mechanics of running a workshop, including the introduction, pacing, slides, and style etc. This was very useful and I am now ready to plan a workshop of my own.

Stephen Haunts at NDC {London} 2017

Stephen Haunts at NDC {London} 2017

During the first 2 days in London I got to spend a little downtime walking around London with Lars Klint. This was quite relaxing as we caught a train to Tower Gateway and then walked from the Tower of London down the Southbank, through Trafalgar Square and around other parts of London. We easily did 18km that day. My feet were killing me, but was great fun. It was the first time Lars had been to these areas, and for me, I hadn’t walked around those parts of London since I was a kid. Continue reading

Recording a Pluralsight Play by Play course at NDC {London}

During my recent speaking trip to the NDC London conference, I was also invited to record a Play by Play course for Pluralsight. A Play by Play course is a short film course that is in a conversational style. This involves having one person who is the subject matter expert for the course, and a 2nd person who is the facilitator for the course. It is this persons job to introduce the course and help draw information out of the subject matter expert by asking questions. This conversational style should make it easier for the learner to get a good gist of the subject in a short space of time. These types of courses are not meant to be super in-depth, but an introduction to a subject, or focusing on one area of a larger subject.

My partner in crime for this course was Lars Klint, who is another Pluralsight author. Lars has done a few of these courses before, so I knew I was in good hands. The course we was recording was about enterprise data security using Azure KeyVault. Essentially the course was about encryption key management using hardware security modules, or abstracted hardware security modules like Azure KeyVault.

We started the planning for  this course in December where we put together the proposal  that split the course down into modules. Each of these modules then had a content plan so we knew what the overall narrative would be from start to finish. Once this was approved I then split this out in to a slide deck where we have bullet points for each modules. I had this on my screen whilst we were recording. This acted as a prompt for me and Lars. Whilst this prompt would have been recorded on my laptop, none of this will be seen as it will be edited out.

Stephen Haunts recording a Pluralsight : Play by Play Course

Stephen Haunts recording a Pluralsight : Play by Play Course

When I first walked into the room on the day of recording, I will admit that it felt a little intimidating seeing all the lights, 3 large cameras and 3 camera operators, but luckily Lars and Troy Hunt were recording a course first, so they were happy for me to sit in and watch. I am glad I did this as it meant I could see what was involved, including how best to recover if you make a mistake. The technique here is to remember what you last said, pause and carry on with the same intonation in your voice to help make it a clean edit point for the editor. Every now and again we would speak out editor notes to the camera, but of course this will all be edited out of the final course.

Continue reading

Life at a Start-up : Exploring the Microsoft HoloLens

Over the last week we have been working on something quite exciting. At BuyingButler and RightIndem we pride ourselves on being a very technology focused company, and we love looking to see where we can use the latest technology to solve real problems. We have been doing just that with Microsoft new HoloLens Mixed Reality headset.

On Thursday 12th Jan 2017 we had a good friend and fellow Pluralsight author Lars Klint fly over to the UK for the NDC London conference. Before the conference he came up to Nottingham  for a couple of days to work with us around some use cases for the Hololens for RightIndem. I can’t discuss what those use cases are at the moment openly, but they are quite exciting and complement one of our project modules nicely.

If you would like Lars to run a workshop for your company, you can see the details on his workshops page. I highly recommend him for the Hololens workshop or his Winning at Life workshop.

First though, what is the HoloLens. Below is the brief description taken from the HoloLens website.

Microsoft HoloLens is the first self-contained, holographic computer, enabling you to engage with your digital content and interact with holograms in the world around you.

When wearing the headset, you still have an unrestricted view of your surroundings, but you also see holograms that are placed in the room that you can only see with the HoloLens attached. These holograms are aware of their surroundings and can be placed on walls and tables. This is achieved by the HoloLens doing spatial mapping of the environment around it. You can then interact with these holograms directly whilst walking around your environment.

The HoloLens is a Windows 10 device which is untethered, which means you do not need a cable running between the headset and a powerful computer like you do with a Virtual Reality headset like the Oculus Rift.

Lars Klint Demonstrating the HoloLens

Lars Klint Demonstrating the HoloLens

With Lars visiting our offices we had 2 goals to achieve over 2 days. On the first day Lars facilitated a brain storming session with myself and the rest of the companies management team. We already had some ideas of where the HoloLens could be applied, but the purpose of this session was to work through different ideas and walk away with a rough plan for a series of minimum viable products we could build. This session went very well, and everyone involved had the opportunity to try the HoloLens for a good amount of time. This was important as people need to understand what the experience feels like in order to understand the constraints posed. Off the back of the session we have an idea for 2 technical spikes we want to try and a prototype product to build with it. The cool thing is, we already have a company we are talking too about partnering with us to deliver a HoloLens solution.

Continue reading

Switching to an Apple Mac

For my entire career I been a Windows users. I have made my career around it, and it has been a good career. This has meant working on desktop and laptop PC’s of varying quality from really bad, and underpowered machines, through to some very nice laptops like the Dell XPS and the Lenovo Yoga 900. Back in August of 2016, I decided to switch over to using an Apple Mac to give it a try as we run a mixed Mac / PC estate at Buying Butler and RightIndem.

It took a few days to get used to some of the differences, especially around the use of the keyboard layout, but after a few days it started to feel very natural. For general productivity I am still using the Microsoft Office suite, and I must say Office 2016 on the Mac is pretty good. I have found it stable and I have not had any compatibility issues with any documents. One of my most used tools is OneNote and this works perfectly on the Mac. In fact, I am drafting this very post in OneNote whilst on a long train journey.

If I am honest, I always used to think that people who used Macs just used them because Apple seemed trendy and never really saw the point. After using one for a while though, I can see why they are so beloved of their users. They are very easy to use and they do indeed just work.

MacBook Pro 15 Inch with Touch Bar

MacBook Pro 15 Inch with Touch Bar

The Mac I started off with last August was the late 2015 MacBook Pro 15inch with a 512gb SSD and 16gb of Ram. The machine also had an additional graphics processor, so this machine felt very fast indeed. I initially had reservations around how future proof 16gb of ram would be, but in my observations, memory management seems to be a lot more efficient in MacOS. Working in a development team that still makes a lot of use of the Microsoft .NET development platform I still need to run Visual Studio 2015/2017 and this doesn’t run natively on the Mac so I still need to run Windows for development work. My 2 options here were to run a bootcamp partition and boot across to Windows, or run Windows 10 in a virtual machine using Parallels. I opted for the later to try It our and it runs very well. I run a VM with 8gb ram assigned to the virtual machine and it runs very well. I am literally only Visual Studio and any related development tools in this VM and any productivity tools natively on the Mac. Even with this virtual machine running, and office and browsers windows, I have still not been near the tipping point with Ram which is great.

Continue reading

Life at a Start-up : Assessing and Appraising our Development Team

In this series I have written about  our hiring process, but now I want to talk about what work with developers once they are at the company. Once developers, or indeed any staff member starts at your company, you have  a duty to develop them over time. Buying Butler is no different. I have worked for many companies both large and small and seen some good examples of staff development, but also some terrible examples. Naturally I want Buying Butler to be a  good example.

Life at a Startup - Buying Butler / RightIndem

Life at a Startup – Buying Butler / RightIndem

I run the development teams across both Buying Butler and RightIndem, so I am going to be talking about how I work with my developers specifically, but anything I say here is just as applicable to any type of skilled knowledge worker. Like most companies, we conduct 1 to 1’s with our staff. We use these as a way to give feedback but also offer some coaching if required and to see how developers are progressing with objectives. When giving feedback, I feel this should generally be positive in the 1 to 1. If there is anything bad that you need to bring to their attention then this should have happened prior to a 1 to 1. This meeting shouldn’t contain any bad surprises in my opinion.

Continue reading