Been a while since my last post and I've been looking for something a little different to write and feel inspired enough about.
I'd like to talk about my obsession with food, practicing the culinary arts and the relationship it has to my work as a infosec practitioner.
I've been a foodie as long as I can remember. Growing up, my mother was very encouraging about exposing me to as many different cuisines and foods from around the globe as possible. I'll admit that this made it near impossible to swap lunches in school for all the things kids typically want but it was a blessing in the long run.
Being a foodie and a home cook is more than just about enjoying a dish. It's about appreciating the effort that went into it, what the dish means, why was it prepared this way, what did I like or dislike, what emotions does it invoke, so on and so forth. I think at least a few of those points we can all relate to. A certain dish can bring up memories, cheer you up, create a shared experience with loved ones and wash all worries away at least for the moment while you dig in to something delicious.
While I have been cooking all my life, it was half-assed and just to have something to eat. Only recently have I rediscovered my love and passion for creating dishes and enjoying the literal fruits of my labor. Not to mention being able to share these dishes with friends and loved ones and watch their faces light up.
I'm going to try and explain why I feel that digging into to cooking from an academic as well as mental and creative process is helping me with my actual day to day work. In fact, I could argue some processes in infosec helps my cooking, too.
Tackling New Challenges
The first challenge I took on in my culinary journey of late has been training. Studying french techniques, taking classes and applying lessons learned as often as I can. It's very easy to look at something and feel discouraged to attempt due to "not being good enough" or "over my head" or any of the self de-motivating thoughts and issues that can pop in our heads. If you can push past those thoughts and say "fuck it...let's give this a shot" right then and there you've already accomplished something and that is a special feeling if embraced. Just the act of giving something a try, succeed or fail, is beautiful.
Infosec is full of challenges and the approach to tackling them may be different from person to person. For me it feels very similar to tackling a new dish:
- Do I understand the purpose of this dish
- Is it sweet, savoury, fried, shareable
- Do I even have the physical ability to tackle it
- Do I need a cast-iron pan, smoker
- Can I work in the time this will take
- Planning a head, sit in the oven for a while, have to stir the pot constantly
- Have I found all the correct ingredients
- Do I need to substitute, adapt
- Do I know what the finished product will look like
- Firm cook time, does it just "look" ready
Mise en Place
Mise en Place is a French term you'll hear pretty early on in culinary training. It basically means "everything in its place". This is a very fancy way of saying prepare in advance.
When tackling a new dish or any old dish for that matter, prep is everything. You don't want to start dicing and peeling the second it's supposed to go in the pot.
When I setup my mise en place for a dish in my kitchen, I try to create a visual and logical workflow. So for example, let's take the setup for cooking a steak. You may say "Well, take out steak, put in pan, cook then eat" and in a sense you're right. For me however it would look something like this:
- Counter right of stove - prep station
- Stove - where we'll cook
- Counter left of stove - plating station and serving
- Prep station (idea is everything is ready, in an order of sorts and within arms reach)
- Steak out and room temperature, seasoned and ready for the pan
- Mise en place bowls with sprig of rosemary, crushed garlic, slices of butter
- Pinch bowl for Maldon salt
- Squeeze bottle for my cooking oil
- Fork/spatula/tongs for flipping the steak
- Basting spoon
- Stove (even this needs prep!)
- All the pots and pans needed, on the stove in their position, heat on/off
- Plating station
- A resting rack/tray for the steak to rest once out of the pan
- Plates at the ready
- A mental image of how I will plate the food
Very long story short, preparing will be invaluable to how your dish/pentest will come out.
Let me be very clear, I am FAR away from mastering anything but I returned to the very basics. Foundations are so important because with a firm grasp over them your ability to explore creativity, improvise and adapt is enhanced through the roof. You can go grocery shopping and just look at simple ingredients and say "ahh that will burn X fast, that doesn't work with this, these have a lot of water inside" etc.
I spent a lot of time researching and practicing salt and oil. Yep you read that right. Understanding cooking salts vs. finishing salts, cooking oils vs. finishing oils. It changed EVERYTHING!
Infosec is extremely similar in my opinion. It's so easy to just want to get into security but skip the foundations. I for one am not one of those people that says you have to know how to program or be a 10yr network admin. However, those types of "foundations" for lack of better terms, probably can "elevate" your current abilities. There's nothing wrong with going back to basics and brushing up.
Similar to having a solid foundation, finesse shows up in cooking and I would argue in security. In a cooking context, whisking is something I learned a lot about that I never really considered before. The size and "space" in the whisk affects how much air gets whipped in, over whipping something, the pattern (often in culinary training they'll teach a figure 8 pattern in the bowl). If I'm on a pentest or something similar, maybe controlling how aggressive a scan is, how many systems I have beaconing home at once, how many "moves" per day I'm executing on target.
There is a time and place for being delicate or gentle with your approach to a technique. This is also no indication of a lack in difficulty, in fact usually much harder and can take considerable practice to get right.
Practice, Practice, Practice
Speaking of practice, I think this one we can all grasp and agree it applies to nearly everything you could want to learn about anything.
In cooking, a great example of this is knife skills. Sometimes you have people who are naturally gifted at certain things but for the rest of us we have to practice. I love making dishes that require me to dice, mince, quarter or chiffonade because it means I get to practice without being wasteful. At first I just care about the technique and not speed. Getting consistent and even cuts are what's important and ninja speed, Iron Chef cutting speeds I can worry about later.
In security, one part of practice that I admit can be hard for people, especially student or recent into the industry, is to get exposure to things like a large scale and complex AD environment. Some amazing folks in the industry build CTFs and events and online labs, some free and not much cost to help people get that exposure and practice.
I think a major enemy of learning is not applying lessons learned. When available and safe to do so, fail. In cooking, I've learned so much more about how NOT to do something than how to do it. Personally, the failures and dont's offer me far more than the do's.
Think I'm going to wrap this up here but I hope something in this post was of value to you.
Happy hacking and cooking to you my friends :)