Author Archives: networkingnerd

Unknown's avatar

About networkingnerd

Tom Hollingsworth, CCIE #29213, is a former network engineer and current organizer for Tech Field Day. Tom has been in the IT industry since 2002, and has been a nerd since he first drew breath.

Setting Boundaries Before You’re Swamped

Posted on by
Reply

We’re at the tail end of 2020 and things are hopeful for 2021. People are looking at the way IT has pulled together to enable working from anywhere and moving resources to the cloud and enabling users to get their jobs done. It’s a testament to the resilience of a group of sanitation workers behind the scenes whose job it is to clean up after management and sales and do the jobs no one else wants to do.

The cynic in me is worried about what the future is going to hold now that we’ve managed to transform the way we work. I couldn’t quite put my finger on it until I was checking out this Reddit thread from last week. The top rant had an interesting perspective on the way that 2021 is going to go for workers and I couldn’t agree more. My dread has a name, and it’s Overwork.

Harder, Not Smarter

If anything, 2020 proved that we can do amazing things with the right motivation. The superhero mentality of IT paid off handsomely as we stood up remote access servers and found ways to get access to resources for people that couldn’t come into the office and needed to get things done. We proved invaluable to the company in terms of support and project execution.

However, that superhuman effort also makes us valuable because we can do the impossible. Which means individual workers are great at tasks that are a stretch to get done. Doesn’t sound too bad, right? Now, think back on the number of times over your career that you’ve jumped on something that you’ve seen as hard or challenging and gotten it done. Is that number more than one or two? It probably is.

Now, look at it from the perspective of management and the people that make the hiring decisions. You’ve never failed, or at least you’ve failed so infrequently as to be unimportant. You always get the job done no matter what. If we only had a team of you sitting around we could get so much done! Sound familiar?

Let’s look at it from the finance part of the equation. Revenue is down. Expenses are down too, but we could still trim a bit and save money. Where should we cut? Can’t get rid of sales or marketing because they’re working to bring in money. Can’t get rid of executives (for some reason) because they serve some purpose. IT? Support staff? They’ve never failed us before. If we give them a little extra work and don’t fill that open position or cut someone that’s underperforming they’ll come through for us, right?

It’s a tale that’s as old as any in business. Why pay someone to do the work in a role when we can split it up and pass it out to the rest of the team. An extra job won’t hurt anyone, right? Funny how that never happens to the CFO or the CMO. But the networking/storage/security/wireless/server/cloud teams? They’re rockstars!

Know When to Fold Em

In 2021, you are going to need to set boundaries and stand up for yourself when it comes to work. Every role not filled with a person drawing a salary is directly impacting the bottom line of the company. Which means either you should be getting paid more for doing more work or the executives and stockholders are going to get paid more because the company made higher profits. Who deserves that extra money more? The people doing the work? Or the people parking assets in your company until they recover their position and jump to greener pastures?

You need to draw the line and advocate for yourself. Don’t just blindly accept new responsibilities without some sort of future resolution. Are they going to hire someone to fill that role eventually? If not, what are they going to do with the salary? If you and someone else on your team are doing that role permanently you should both be compensated for it. If the executive team gives you pushback, just remind them that they can forgo their next raise or set of stock options to cover things. You’d never see them doing any more without some form of compensation, right?

Drawing boundaries is going to cause friction because superheroes have never had them before. Superman and Spider Man don’t negotiate about saving people on a train. However, you aren’t a radioactive Kryptonian vigilante either. You’re doing a job that you get paid to do. Adding more to your plate is either worthy of additional money or it’s something that needs to be pushed back. If this was AWS and they wanted to upgrade their server instances to a faster CPU, do you think they could persuade Amazon to give it to them for free? Not on your life.

Take the time in 2021 to set yourself up for success. You may be worried that people are going to fire you because they think you want too much money or because you need to be happy to have a job right now. You also need to realize that no one can do your job better than you right now and they know that too. Have a frank and honest discussion about why you feel it’s unfair to pile more work on you without treating you fairly. Make sure they know you’ll help where you can but if they aren’t going to fill the role you need to get the resources they would dedicate to the person doing it. Chances are they’ll realize they do need to hire someone to take the work or they’ll find a way to do without those responsibilities.

Tom’s Take

You are a valuable resource. But you are not infinite. If you burn yourself out then you are spent. The business will likely look for someone to replace you and get them up to speed on your job. You? You’re going to be a shell of the person you were. 2020 has been a roller coaster that has pushed us all hard. We need to find a balance. And if you don’t let people know that you need to find balance in your work and your compensation you may find yourself with no boundaries, no balance, and knee deep in the swamp.

How Long Should You Practice

Posted on by
1

A reporter once asked boxing legend Muhammad Ali how many sit-ups he did each day. I’m sure the reporter wasn’t expecting Ali’s answer. Ali replied with:

I don’t know. I don’t start counting them until it hurts. Those are the only ones that count. That’s what makes you a champion.”

Ali knew that counting things is just a numbers game. Five hundred poor sit-ups don’t count as much a fifty done the right way. With any practice that you do the only things that count are the things that teach your something or that push you to be better.

Don’t Practice Until It’s Right

People used to ask me how long I would spend at night studying for the CCIE lab. I told them I usually spent between five and seven hours depending on what I was studying. Sometimes those people would say things like “I’m not talking about setup time. I’m talking about actual lab work.” I always countered by making them explain why the setup isn’t part of the “real” work. That’s usually when they went quiet.

It’s far too easy to fall into the trap of overlooking things that you think are unimportant. A task you’ve done a hundred times is no big deal until you do it wrong the next time. Like Ali above, the things you do that require no effort don’t count. If you’re practicing a skill for a certification or a lab you need to put the same effort into it every time to ensure you’re doing it correctly. Lack of attention means you are doing it without gaining something from it.

I spend a lot of my time teaching things to people all over the place. I teach IT and networking skills to professionals. I teach outdoor skills to scouts of all ages. I teach merit badges and other things to a variety of youth. And I teach my kids life skills they will need. Every one of these lessons comes with instruction in the little details that matter. Every lesson also includes guidance that it needs to be practiced properly until it’s right. And then some.

Until You Can’t Get It Wrong

I tell my students and kids all the time, “Don’t practice until you get it right. Practice until you can’t get it wrong.” The level of involvement that it takes to get past the part where something finally works up to the level where it works every time is as wide as the gap at the lower end of the spectrum.

Too often people are content to work on something until they get it once. Whether it’s tying a knot or programming a router interface or even cooking a grilled cheese sandwich. Once you’ve done it right once you’re done with learning, right? Most of you are already shaking your head because you know that’s not right.

Once you get it right the first time you’ve already made a list of all the wrong ways to do something and you avoid them in the future. However, that list doesn’t include the entirety of all the wrong ways to do a thing. Amateurs make somewhat predictable mistakes because they’re working from the same basic knowledge. It’s when someone says they know what they’re doing that the real crazy stuff starts coming out of the woodwork.

Once you’ve practiced a skill you need to keep going. You need to work a variety of different angles to make sure you’ve covered all the ways you could get it wrong. If you’re tying a knot you need to practice with different kinds of ropes or in different positions. If there are two ways to tie something, practice them both. You don’t want to be an expert at a clove hitch over the end of a pole only to find out you have to tie it around the middle with no way to use the loop method you have memorized.

In IT, we lab things up to make sure we understand them. For these labs, try out the things in wrong ways. Click buttons before you’re supposed to. Put the wrong numbers in the field. See how the system will try to correct your errors. Maybe it doesn’t even bother? It’s easy to figure out you typed something in wrong when you hear a bell and see a message. It’s harder to troubleshoot when you don’t see anything right away and it all falls over later.

The extra practice above and beyond the first success is just like Muhammad Ali’s sit-ups. The hard ones count. The tasks that stretch your mind are the ones that build your skillset. You can’t give up when the answer isn’t right at your fingertips. Going that extra mile is the key to making yourself a better professional in whatever you do.

Tom’s Take

As we wind down 2020 we’re all looking to be better at things. Hobbies, skills, or professional talents are all calling to us to work on in whatever down time we have available to us. Make that practice count. Work hard to get it right every time. If you want to learn to make hollandaise sauce or write a novel or do a forward flip you have to keep practicing even after your success. Get to the point where you have no other choice but to get it right every single time. That’s the perfect amount of practice you need. Anything less counts as much as Muhammad Ali’s sit-ups before they start hurting.

Seeking Knowledge and Willful Ignorance

Posted on by
Reply

I had a great time recording a fun episode of Seeking Truth in Networking, an awesome podcast with my friends Derick Winkworth and Brandon Heller. We talked a lot about a variety of different topics, but the one I want to spend a few more minutes on here came in the first five minutes. Brandon asked me what question I liked to be asked and I mentioned that love to be asked about learning. My explanation included the following line:

I feel like the gap between people that don’t understand something and the willfully ignorant is that ability to take a step out and say “I don’t know the answer to this but I’m going to find out.”

I’ve always said that true learners are the ones that don’t accept the unknown. They want to find the answer. They want to be able to understand something as completely as they can. Those that I consider to be willfully ignorant choose not to do that.

Note that there is a difference between incidentally ignorant and willfully ignorant. People who are incidentally ignorant are unaware they don’t know something. They haven’t had the opportunity to learn or change their thought process on something. It would be like going to a random person and asking them about how to launch a rocket to another planet. They’re ignorant of the steps because they’ve never had the opportunity to learn them. They’ve never been exposed to the info or had a need to know it. People who are willfully ignorant choose to not learn something even after they’re exposed to it.

Where There’s a Will

We deal with people who choose not to learn things all the time. Even I choose not to learn everything. I don’t have all the Pokemon memorized. I don’t have the registration number of every Starfleet vessel in my mental Rolodex. There are a variety of other more technical topics that escape me. However, my reasoning for choosing not to learn those things is not because of malice. It’s because of self preservation.

If you exposed to something that you are curious about and choose to learn more you will often find yourself consumed by it. I am always on the lookout for a new laptop bag or hiking backpack. When I search for them I will find myself watching videos and reading reviews that are full of terminology that I don’t understand. I educate myself to the best of my ability but I don’t consider myself to be an expert on messenger bags or ultralight hiking packs. And after a while that knowledge is filed away for another day and I have to relearn something all over again when I’m on the hunt for a new bag.

Let’s contrast the acknowledgment of not being able to know everything with the phenomenon of choosing not to learn something out of spite or malice. This is like a networking engineer saying something along the lines of, “I’m not going to learn OSPF because it sucks and I’ll never use it.” A statement like that should immediately raise flags. In this specific case a working knowledge of OSPF is important for anyone building and maintaining networks. You may not need to know the details for every LSA in the database but you at least need to know how OSPF is different from RIP.

This kind of willful ignorance of information makes IT difficult. Why? Because actively choosing not to learn or understand something creates two hurdles to overcome. The first hurdle is showing people where to learn more about it. That is hard enough in and of itself. Every bookshelf in every office everywhere has the kinds of books that people refer to when they need to teach someone something important about networking or wireless or any other enterprise IT technology. Thanks to the power of search engines today it’s even more accessible to get people on the track to learning something new.

The second huge hurdle with those that are willfully ignorant isn’t access to knowledge. It’s getting past their objections to learning it. People have biases that need to be challenged and overcome. I’m not going to speak on anything aside from technology but we all know that everyone has their viewpoint and their understanding and changing their mind about something has varying degrees of difficulty. If someone is convinced, for example, that SHA-1 is an unbreakable protocol and nothing you can show them to the contrary convinces them that is willful ignorance. Evidence that is contrary to the facts isn’t invalid evidence. The quality of the evidence is always important to understand but choosing to dismiss it entirely out of hand solely because it doesn’t fit your understanding is not the kind of position someone in IT needs to take.

A Changing Landscape

Think about some of the following statements:

  • Switching is cheap, routing is expensive
  • 640K is more than enough memory
  • Unbreakable encryption

These are all statements that have been said in the past. They’ve all been proven over time to be wrong. Could you imagine if there was someone out there today that though programs needed to run in less than 640K of RAM? Or that believed that routing packets was too expensive and everything needs to run at layer 2? Those people would get laughed out of the data center.

Those statements are no longer true, but the attitudes behind them are the real problem. It’s not that something is taken for granted but that we choose not to accept anything other than that fact as the truth. Even today we could have positions like virtual reality will never take off or that quantum computers are too noisy to ever be commercially viable. In five years or a decade those statements may prove to be totally wrong. But if I’m still saying them and purposely choose not to learn why they are incorrect then I’m in the camp of being willfully ignorant of the truth.

Tom’s Take

The point of this post wasn’t to call out anyone specific for anything. Instead, I wanted to highlight that we all believe what we believe and we resist learning things that don’t square with that. How we choose to overcome that friction defines us as well as defining us with our peers. If you want to spend your career believing that a protocol is better and you won’t learn anything else then I hope your career is successful and long. I say “hope” because in the world of IT those that clap their hands over their ears and refuse to update their knowledge and understand are running on that kind of hope. They hope their level of knowledge never needs to change. They hope their skills will be enough for years and years of employment. And, in almost every case, they hope they can learn something new fast enough to get a new job when they realize that the attitude of willful ignorance will leave you high and dry.

What’s Your Work From Home DR Plan?

Posted on by
2

It’s almost December and the signs are pointing to a continuation of the current state of working from home for a lot of people out there. Whether it’s a surge in cases that is causing businesses to close again or a change in the way your company looks at offices and remote work, you’re likely going to ring in the new year at your home keyboard in your pajamas with a cup of something steaming next to your desk.

We have all spent a lot of time and money investing in better conditions for ourselves at home. Perhaps it was a fancy new mesh chair or a more ergonomic keyboard. It could have been a bigger monitor with a resolution increase or a better webcam for the dozen or so Zoom meetings that have replaced the water cooler. There may even be more equipment in store, such as a better home wireless setup or even a corporate SD-WAN solution to help with network latency. However, have you considered what might happen if it all goes wrong and you need to be online?

In and Outage

Outages happen more often than we realize. That’s never been more evident than the situation we find ourselves in now. There are providers that do maintenance during the day because most of their customers are at work. When that work happened in a building covered on a different grid or service line it was fine to reboot things in the afternoon. When everyone is at home working on video calls or remote classrooms it’s no longer ideal. And those are just the planned outages. What about the ones that happen without warning?

Between the extra usage at home and the increased stress on the system, I’m finding that my Internet connection is becoming much less stable than it has been in the past. When you’re on a consumer-grade line, you pay for the privilege of getting online when it works. When it doesn’t you get lumped in with the same group of people in your neighborhood or on your local loop. The provider response is usually a shrug and a “we’re working on it” response. Business lines cost twice as much for less speed but gain the ability to call and at least file a complaint or a ticket. If you’re lucky enough to have one with a good SLA you might even get a truck roll to your location within a few hours. Otherwise, you need to plan for the worst.

This is nothing new to the enterprise. The best SLA in the world is only a piece of paper with a specific promise. It doesn’t protected from the North American Fiber Seeking Backhoe or an ice storm that knocks out power to a few square miles of your town. We need to have plans in place to deal with the potential for not having what we need when we need it. In the enterprise that was part of the job. We bought firewalls in pairs and had expensive power equipment run into the data center to protect our services. The cloud is armored against outages, so long as the engineers keep their fingers off of things. But our house is neither the enterprise or the cloud. How can we ensure we’re able to work when nothing else looks like it’s going to get the job done?

Planning To Recover

In order to keep working from home in the event of an outage, you need to consider three important situations: Connectivity Outage, Power Outage, and a Location Outage.

Connectivity outages are the most basic situation we’re going to find ourselves in. The Internet is down or severely degraded. We need to get online and figure out how to keep working. That means we need a traffic plan. And we need to figure out how to get it working. The first step is going to require you to figure out how you’re going to get back online. Do you want to use your cell phone as a tethering device? Do you want to “borrow” the neighbor’s wireless (with permission, of course). Do you want to try and work completely from your mobile device. You need to figure this out ahead of time. You also need to test it.

If you’re going to rely on your phone for tethering, make sure you have that option enabled ahead of time. Find out how much data you have available and what happens if you go over. Do you get throttled to a slower speed? Do you need to pay more? You don’t want to find out what happens in the middle of a critical call. You also need to test the speed of the tethering at your house. For example, my LTE coverage at home is pretty terrible, so I need to fail back to 3G in order to have a stable signal. That means no video calls for me until my broadband connection comes back online.

If you plan is use your neighboring connection for a backup, please get permission first. You never want to find out someone is borrowing your network and you don’t want to do that to someone else. You also should verify that the neighboring connection is a diverse circuit. It won’t do you much good to hop on their connection only to find out they’re on the same provider and everything is offline for the entire block. Test it ahead of time and make sure their data plan works for you. And remember that you’re doubling the amount of traffic pouring through their circuit. You’re going to have to decide, as above, what traffic is critical to fail over. And give your neighbor a heads up so they don’t panic when everything gets slower.

Limited Power

Electricity is a bigger issue because it affects everything at a lower level of the stack. You can have bad connectivity and just work offline with your devices. But a power outage changes the game because half your devices may be out of commission. If my power goes out, my 4K monitor goes with it. That means I need to work from my laptop until I can get everything under control again. My time is limited to how long my laptop battery can hold out.

If you want to solve the power outage problem, you need to solve your power issues. The easiest way is a backup battery system, like a personal uninterruptible power supply (UPS) under your desk. Remember that a UPS isn’t designed to keep you running for days. It’s something that is designed to keep you going just long enough to put a plan in place or shut things down gracefully. Those batteries last for 5-7 minutes at best. And the more devices you have connected to them, the less time they can stay up.

What other devices, you might ask? Keeping your computer on a UPS is smart. What about your WAN connectivity device, like your DSL or cable modem? Have to have that if you want to stay online, right? What about your wireless access points? Are they plugged into the wall? Or are you using PoE? Did you plug the PoE switch into the UPS too? That is going to reduce the UPS runtime. Unlike a data center, your house likely doesn’t have the infrastructure to run a huge UPS with enough battery to go for half an hour. You need something that is going to fit under your desk and has a fan small enough to not create a white noise generator.

Speaking of generators, if you have regular power issues or you live in a part of the country that is prone to storms that knock out power for days on end, you need to consider a home generator. These are larger, more expensive, and require some kind of fuel source. The upside is you can run your entire house off the generated electricity until the power is restored. No need to hook things up to batteries. The down side is that your house uses a lot of power for appliances and other things and you still need to prioritize what is going to get first crack at the leftover juice. You also need to have a plan to keep the generator going. If it runs off of combustible fuel, like diesel, you need to have a supply ready to go. You also need to test it regularly to ensure it’s going to work when you need it. Just like in the enterprise data center you need to know things work before everything goes sideways.

Getting Out of Dodge

The last situation can be a combination of the above factors or something totally unrelated. What happens if your workspace isn’t usable? Maybe your power is out and your heat is gone too. Maybe your Internet is down and you need to go somewhere with a better signal in order to have that big call with the CEO. Maybe you have a tree trimming service that has set up camp outside your office window for the rest of the day and the chainsaw symphony is driving you insane. If you need to move, you need to have a plan.

Where are you going to go? A friend’s house works great, provided they are home and there isn’t a quarantine order. You could try a coffee shop, provided they aren’t closed for some reason. Maybe you’re alone in a distant city and you need to get some work done. You need to figure out what’s available and have at least two backup plans in place. Maybe you want to use a local coffee shop. Make sure they’re open and make sure you aren’t violating local laws. If they’re closed, consider somewhere more local to you. Perhaps the parking lot of a store or other place that offers wireless connectivity. There are times when those wireless setups extend a bit outside the store proper and you can borrow it there. Not everyone has a vehicle, so make sure wherever you are going is easy to reach through your preferred transit method. Oh, and if it’s a restaurant or coffee shop, make sure you tip well on your purchases as a form of “rent” for the table.

Tom’s Take

Enterprises have DR plans in place for everything. Natural disasters, security incidents, and even good old fashioned human error all have a place in the Big Binder of Getting Back to Work. Homes don’t have that, even though they should. You need to know what has to happen to get you back to working if something goes wrong. You need to write it all down, test it thoroughly, and keep updating it as you go. Your boss may understand the first time you can’t work because your power went out or they’re doing circuit maintenance in your neighborhood. But, as an IT professional, you need to have a plan in place in case it becomes a regular occurrence. And when you do get everything ready to go for your home DR plan, make sure you update your enterprise DR plans too.

A Different Viewpoint of Lock-In

Posted on by
Reply

First things first: Go watch this great video on lock-in from Ethan Banks (@ECBanks). We’ll reference it.

Welcome back. Still carrying that pitchfork around screaming about how you want to avoid vendor lock-in? Ready to build the most perfect automation system in history that does multi-cloud, multi-vendor, multi-protocol networking in a seamless manner with full documentation? Nice. How hard was is to build that unicorn farm?

I get it. No one wants to be beholden to a specific vendor. No one likes being forced into buying things. Everyone hates the life of the engineer forced to work on something they don’t like or had to use because someone needed a new boat. Or do they?

Ford and Chevys and Dodge, Oh My!

What kind of car do you drive? Odds are good you’re either ready to get a new one or you’re proud of what you’re driving. I find that the more flashy a car is the more likely people are to talk about how amazing it is. And when there are two dominant manufacturers in a market for cars, you tend to see people dividing into camps to sing the praises of their favorite brands. Ford people love their trucks and won’t hesitate to decorate their bumpers with stickers about the uselessness of a Chevy pickup. Chevy owners will remind you that Ford is an acronym for Found On (the) Road Dead. Ferrari versus Lamborghini. Toyota versus Honda. Tesla versus everyone else. Tell me that car people don’t root for their team.

That’s how it’s always been. However, when you buy a car you are locked in. You have to buy the parts for that car to fix it. Ford starters don’t work in Chevy vehicles. You can’t just pull a motor out of Corvette and drop it into a Mustang. Wanna try to put Lambo tires on your Testarossa? Good luck! You’re locked into a system that has parts for your car. There’s even a specific term for the parts division of Chrysler, which you use when you tell people you drive a MOPAR car.

Why is it that no one cares about lock in when they buy their car? How is it that when making choices between Cisco and Juniper or AWS and Azure that we rail against the need to pick a horse and run with it? How is it that people in IT will go to amazing lengths to over-engineer something to use the most obscure open source routing protocols invented for the sake of making their configs portable only to walk into the parking lot and crawl into a vehicle that has parts that can only be found at the dealer with a 1000% markup on price? How does that compute?

I Take It Back

IT pros see lock-in as a by-product of choices that were made without their input. No one complains about lock-in when they were the ones that got to make the call about which gear to install or which cloud to pick. Lock-in usually becomes a sticking point when the IT contributes were cut out of the decision loop or they didn’t get to voice their opinion for their favorite hobby project on GitHub. The disappointment festers into a feeling that the real problem here is that the evil vendor is just trying to keep us from moving to the solution path that I would have suggested if only they had asked me!

Why do we build networks using standard protocols? Is it so we can rip out huge sections of the network every three years when the incumbent vendor has pissed us off for the last time? Or is it because we want the opportunity to plug in a cheaper device when one fails? Why do we build multi-cloud capable networks? Is it because we hate Bezos or Nadella and we want to stick it to them by moving our workloads whenever we feel like they’ve made a poor strategic decision? Or is it really because some workloads work better in some places and we are trying to keep the rest mobile so we can move them to take advantage of cheaper spot prices like a game of instance whack-a-mole?

Lock-in isn’t a huge problem. It’s the boogeyman we use to cover our real problems: Not feeling heard and valued. We fight back against this by creating more work for ourselves. Instead of paying for the solution with money, we create a solution with an investment of complexity and time spent creating it. You wanna save $10,000 by switching out the gear I suggested for this other model? Fine, I’m going to make it completely open and hard for anyone other than me to use!

Ask yourself honestly: When was the last time you had to completely change your entire setup to a new system or new hardware in less than three months? Pandemic craziness aside, most IT departments can’t even figure out which printers to buy in three months, let alone scrap an entire network or cloud deployment for the competitor. And that’s the technical challenge. Let’s say you’ve used OSPF and open standards and avoided anything proprietary because you’re ready to pull the plug the next time that sales drone comes sniffing for a new motorcycle payment. How is your non-locked-in network going to compete with the power of spiffs? Sure, we could rip this whole $VendorA network out right now and replace it with $VendorB and there’s nothing you can do about it! Until Sales Drone mentions they’ll give you 20% off the next license renewal and throw in four new top-of-the-line switches to “test”. All you hard work sunk because Sales Drone and Executive Team speak the same language: money.

I know this sounds dark and ominous. I realize there are some very valid concerns about vendor lock in, like licensing features behind paywalls that are unreasonable or creating dependence on specific features that can be revoked at any time. But that’s not usually where the lock-in discussions go for IT pros. No, they usually go back to “$VendorA made me mad once and I will never use $ProtocolA again just to spite them!” Lock-in discussions are almost always really about the staff not getting exactly what they want and using their skillsets to create complexity as a panacea for what they perceive as the chance to move away when the executives want to listen to them again. What generally follows is a network that is difficult to maintain and doesn’t hit performance metrics. That means the executives’ decisions are punished. Not through sabotage. Not through malice. But through the decisions by their staff to try and create a system that make things portable when they don’t need to be just in case someone changes their mind sometime in the future.

Tom’s Take

I expect the comments section to light up on this one. Yes, lock-in is a thing. Yes, there are some very specific cases where it’s a Bad Thing (TM). I’m just pointing out that, like the car discussion above, most of the time the average person couldn’t care less about lock-in as long as it was their decision. The same people that will put a sticker of Calvin peeing on a Ford logo on their car chafe at the idea of having to use Cisco’s flavor of OSPF because one area they will never configure isn’t 100% standard. Lock-in is an issue. It’s not the world-ending problem we make it out to be. And it’s certainly not the boogeyman that scares us into making things needlessly complicated to the point of absurdity just to prove a point.

Looking For a Mentor? Don’t Forget This Important Step!

Posted on by
1

With the insanity of the pandemic and the knowledge drain that we’re seeing across IT in general, there’s never been a more important time than right now to help out those that are getting started on this rise. The calls for mentors across the community is heartwarming. I’ve been excited personally to see many recognizable names and faces in the Security, Networking, and Wireless communities reaching out to let people know they are available to mentor others or connect them with potential mentors. It’s a way to give back and provide servant leadership to those that need it.

If you’re someone that’s reading this blog right now and looking for a mentor you’re in luck. There are dozens of people out there that are willing to help you out. The kindness of the community is without bounds and there are those that know what it was like to wander through the wilderness for a while before getting on the right track. They are the ones that will be of the most help to you. However, before you slide into someone’s DMs looking for help, you need to keep a few things in mind.

Make Me One With Everything

The single most important step you can take to increase your chances of being mentored or being set up with someone to help you out is simple in theory but hard in practice:

You NEED to do your homework.

Sound contrite, right? You don’t know what you don’t know. You need to figure out what you have to have, right? Why not ask someone that has been there and have them tell you everything?

Let me give you the perspective of someone who mentors and teaches in all aspects of my life. The scouts, professionals, and students that come to me and say, “Tell me everything I need to know” are usually the ones that listen the least and forget the most. They are the people that haven’t done their homework. They haven’t looked up what interests them or tried to figure out what knowledge they’re missing. They want answers but don’t have questions. Without questions, answers are meaningless.

Moreover, telling someone “everything” is a recipe for disaster. How does a mentor know what to focus on? What areas interest you? In security, are you offensive or defensive? Do you enjoy writing reports or using tools? Do you want to be a per-work consultant or have a steady, if not smaller, paycheck from a single organization? How can a mentor know where to point you if you haven’t done this basic homework?

Let me give you an example that happened to me in the last week. I got a DM from someone I’ve never talked to before. They politely asked if I could answer a couple of questions for them. I said sure with some hesitation. Usually this means they’re looking for some very broad advice or they need help with their homework. When the questions appeared in my inbox, I asked for some clarification. In this instance, it was someone that needed to understand queuing mechanisms. Once I determined I wasn’t doing someone’s CS homework for them, I read up on the topic and explained what I thought was the case. I was pleasantly surprised to get a response that they had read the same paper and it sounded right but they wanted to understand deeper. We talked for a bit and I feel like the person walked away from the exchange with a greater understanding.

What made me happy in this situation is that the person did the work ahead of time instead of just saying, “teach me how this works”. They wanted to understand, not just get the answer to a multiple choice question. They were curious and wanted to learn the right way. These are the kind of people that benefit from mentors. They are self-motivated and willing to do the work to get ahead.

Help Is Always Given To Those Who Ask

You may have heard the phrase, “Help will come to those that help themselves”. It’s another bit of cliche that means you need to be as active in the process as the person you are seeking knowledge from. If you just show up and say, “I need to know everything starting from scratch”, you’re sending the message that you aren’t invested. Mentors don’t want to help those that aren’t invested.

On the other hand, if someone comes to me and says, “I tried this and it failed and I got this message. I looked it up and the response didn’t make sense. Can you tell me why that is?” I rejoice. That person has done the legwork and narrowed the question down to the key piece they need to know. They don’t need to “boil the ocean” so to speak. They have a specific need that can be met.

Mentors are people too. Maybe they enjoy teaching and guiding more than others but they have limits on their energy just like you would. If a mentor spends more time exerting themselves trying to teach someone everything starting from zero, they’re going to burn out. However, teaching someone that just needs a little extra push to get over the hump of a hard problem is a much better use of everyone’s time. The mentor gets the reward of seeing their student understand and the mentee gets the satisfaction of getting it right and doing the work before they ask for help.

Asking someone for help is never easy. It’s an admission that you don’t have all the answers and you need to rely on others. In a profession where being smart and knowing everything is seen as a sign of success it can be humbling to admit you need something from someone. However, I find that those that need the least amount of help from having exhausted their capabilities are usually the ones that learn the most over time and rely on their peers and mentors the least. They know what to do and where to start. They just need a helping hand to get over the line.

Tom’s Take

I am always willing to be a mentor for anyone that needs help. I can help you understand protocols, tie tripod lashings, and teach you more than you ever wanted to know about building space probes or speaking in public. That’s the life I’ve chosen for myself. However, I ask that all those that seek my mentoring help also commit to learning. Do the extra work ahead of time. Narrow your focus to what is essential to get over the hump. Realize that the more you do for yourself the more meaningful it is for you. And remember that those that mentor you are also on the learning journey themselves. Just as they help you, so too do others help them. And one day you will find yourself in the position to mentor others. Showing the investment and determination to go the extra mile for yourself is the example that you will set for those that come later.

Securing Your Work From Home

Posted on by
2

UnlockedDoor

Wanna make your security team’s blood run cold? Remind them that all that time and effort they put in to securing the enterprise from attackers and data exfiltration is currently sitting unused while we all work from home. You might have even heard them screaming at the sky just now.

Enterprise security isn’t easy, nor should it be. We constantly have to be on the offensive to find new attack vectors and hunt down threats and exploits. We have spent years and careers building defense-in-depth to an artform not unlike making buttery croissants. It’s all great when that apparatus is protecting our enterprise data center and cloud presence like a Scottish castle repelling invaders. Right now we’re in the wilderness with nothing but a tired sentry to protect us from the marauders.

During Security Field Day 4, I led a discussion panel with the delegates about the challenges of working from home securely. Here’s a link to our discussion that I wanted to spend some time elaborating on:

Home Is Where the Exploits Are

BYOD was a huge watershed moment for the enterprise because we realized for the first time that we had to learn to secure other people’s devices. We couldn’t rely on locked-down laptops and company-issued phones to keep us safe. Security exploded when we no longer had control of the devices we were trying to protect. We all learned hard lessons about segmenting networks and stopping lateral attacks from potentially compromised machines. It’s all for naught now because we’re staring at those protections gathering dust in an empty office. With the way that commercial real estate agents are pronouncing a downturn in their market, we may not see them again soon.

Now, we have to figure out how to protect devices we don’t own on networks we don’t control. For all the talk of VPNs for company devices and SD-WAN devices at the edge to set up on-demand protection, we’re still in the dark when it comes to the environment around our corporate assets. Sure, the company Thinkpad is safe and sound and isolated at the CEO’s house. But what about his wife’s laptop? Or the kids and their Android tablets? Or even the smart speakers and home IoT devices around it? How can we be sure those are all safe?

Worse still, how do you convince the executives of a company that their networks aren’t up to par? How can you tell someone that controls your livelihood they need to install more firewalls or segment their network for security? If the PlayStation suddenly needs to authenticate to the wireless and is firewalled away from the TV to play movies over AirPlay, you’re going to get a lot of panicked phone calls.

Security As A Starting Point

If we’re going to make Build Your Own Office (BYOO) security work for our enterprise employees, we need to reset our goals. Are we really trying to keep everyone 100% safe and secure 100% of the time? Are we trying for total control over all assets? Or is there a level of insecurity we are willing to accept to make things work more smoothly?

On-demand VPNs are a good example. It’s fine to require them to access company resources behind a firewall in the enterprise data center. But does it need to be enabled to access things in the public cloud? Should the employee have to have it enabled if they decide to work on the report at 8:00pm when they haven’t ever needed it on before? These challenges are more about policy than technology.

Policy is the heart of how we need to rebuild BYOO security. We need to examine which policies are in place now and determine if they make sense for people that may never come back into the office. Don’t want to use the VPN for connectivity? Fine. However, you will need to enable two-factor authentication (2FA) on your accounts and use a software token on your phone to access our systems. Don’t want to install the apps on your laptop to access cloud resources? We’re going to lock you out until we’ve evaluated everything remotely for security purposes.

Policy has an important role to play. It is the reason for our technology and the driver for our work. Policy is why I have 2FA enabled on all my corporate accounts. Policy is why I don’t have superuser rights to certain devices but instead authenticate changes as needed with suitable logging. Policy is why I can’t log in to a corporate email server from a vacation home in the middle of nowhere because I’m not using a secured connection. It’s all relevant to the way we do business.

Pushing Policy Buttons

You, as a security professional, need to spend the rest of 2020 doing policy audits. You’re going to get crosseyed. You’re going to hate it. So will anyone you contact about it. Trust me, they hate it just like you do. But you have to make it happen., You have to justify why you’re doing things the way you’re doing them. “This is how we’ve always done it” is no longer justification for a policy. We’re still trying to pull through a global pandemic that has costs thousands their jobs and displaced thousands more to a home they never thought was going to support actual work. Now is not the time to get squeamish.

It’s time to scrub your policies down to the baseboards and get to cleaning and building them back up. Figure out what you need and what is required. Implement changes you’ve always needed to make, like software updates or applications that enhance security. If you want to make it stick in this new world of working from home you need to put it in place at the deepest levels now. And it needs to stick for everyone. No executive workarounds. No grace extensions for them to keep their favorite insecure apps or allowing them to not have 2FA enabled on everything. They need to lead by example from the front, not lag in the back being insecure.

Tom’s Take

I loved the talk at Security Field Day about security at home. We weighed a lot of things that people aren’t really thinking about right now because we haven’t had a major breach in “at home” security. Yet. We know it’s coming and if it happens the current state of network segementation isn’t going to be kind to whomever is under the gun. Definitely watch the video above and tell me your thoughts, either on the video comments or here. We can keep things safe and secure no matter where we are. We just need to think about what that looks like at the lowest policy level and build up from there.

Learning To Listen For Learning

Posted on by
1

Can you hear me? Are you listening to me? Those two statements are used frequently to see if someone is paying attention to what you’re saying. Their connotation is very different though. One asks a question about whether you can tell if there are words coming out of someone’s mouth. Is the language something you can process? The other question is all about understanding.

Taking Turns Speaking

“Seek first to understand,then to be understood.” – Stephen Covey

Listening is hard. Like super hard. How often do you find yourself on a conference call with your mind wandering to other things you need to take care of? How many times have we seen someone shopping online for shoes or camping gear instead of taking notes on the call they should be paying attention to? They answer is more often than we should.

Attention spans are hard for everyone, whether you’re affected by attention disorders or have normal brain chemistry. Our minds hate being bored. They’re always looking for a way to escape to something more exciting and stimulating. You know you can feel it when there’s a topic that seriously interests you and pulls you in versus the same old staff meeting each week when we just run down a list of notes that haven’t changed in weeks.

The second reason why listening is harder for us is because we’re often waiting for our turn to talk. Be honest with yourself on this one. During your last five conversations with people, were you really listening to what they were saying? Or were you just waiting for an opportunity to jump in with a statement or opinion? And, in all honesty, was that statement just something you were going to say to prove that you were paying attention the whole time?

I admit I have huge issues with attention and listening myself. My brain is always racing a thousand miles an hour with the statements people make. If it’s a briefing I’m usually thinking about use cases or applications of technology or where the next steps will go. If it’s a discussion about a topic with opinions I’m listening for their position and formulating my response by taking their arguments and finding counter arguments. If it’s a boring meeting or status update session I’m usually working on my own list or trying to cross tasks off to get ahead with my time.

Whatever your reason for not paying attention, you have to realize that doing it means you’re not focused on the message. In classic communications training, the lesson is that there are three components to a message:

  1. The sender
  2. The receiver
  3. The message

People focus on the first and the third a lot. They optimize how to deliver a speech or how to craft the perfect message. The second part of the list is the one that gets neglected. How does the receiver act in the communication? Do they pay attention actively and summarize the content? Do they ask questions to seek better understanding? Or are they bored? Are they looking for their opportunity to turn things around and make themselves the primary sender?

Seeking Understanding

It’s been a long hard road for me at Tech Field Day and Gestalt IT to learn how to listen and understand and not just hear and hope for a chance to speak or tell a story. Stephen Foskett (@SFoskett) has helped me a lot by making me sit back and listen and get people talking instead of dominating the conversation. My time with the BSA Wood Badge program has also given me a lot of tools to help.

Here are a few ways that I work on listening with the intention to understand:

  • Taking Notes – This is something that I work hard on because with every conversation I tell myself I have a great memory and then I remember that I’ve forgotten I don’t. I’m a voracious note-taker. If a piece of paper has a square inch of space and there is a pen in reach I will write on it. Sadly, this means there are notes all over the place with zero context that have been lost to time. My note taking strategy has evolved to embrace things like pre-notes, where I start the notes for a briefing or conversation ahead of time to capture important questions or thoughts to ask, written electronic notes with my iPad and Notability where I can write things down on the fly without having to stop to think about typing, and consolidation of notes, where I go back and add those notes to a program like Agenda. Yes, it’s extra work but that extra work helps me summarize, categorize, and draw conclusions during the consolidation process. It’s like reading your study notes back a second time or rewatching a sports play to catch the nuance of the action.
  • Comprehension Questions – When you’re in a briefing, it’s easy to fall into the trap of just repeating back the thing you heard a minute ago to prove you’re paying attention. When I’m teaching my Scouts something and I ask them if they’re paying attention, some of the time they’ll do this to me. I fight back by asking them what that last thing they told me means to them in their own words. I want them to be thinking the whole time and not just listening for their name. Critical thinking is a skill we have to develop just like a fastball or juggling. The way to increase it is to be able to ask a summarizing question in a briefing. Speakers will pause frequently to ask, “Are there any questions? Is this making sense?” This is your chance to jump in with a summary and a question. Quickly summarize the important point – “You said BGP is broken” followed by a question, “Can we fix it with identity validation or something like PKI?” A word of warning on this one: remember to ask a question seeking knowledge. Don’t just state an opinion trying to prove you’re smarter than the speaker and then ask them what they think about your opinion.
  • Take The Lead – This one is especially important for people that interview others or podcasters that deal with shy guests. There are times when you realize the person you’re talking to is smart and capable but doesn’t communicate well. If you see that you’re going to need to jump in a take an active role in the conversation, but from the perspective of teasing out their knowledge. Leading them to where they need to be to be comfortable or expressive. My good friend Ethan Banks (@ECBanks) does an amazing job of this on his podcasts. He asks questions in a way that gives the speaker a clear opening to seize on his words to tell their story. It’s like watching an episode of Perry Mason where the star lawyer asks a question in the right way to make the witness tell the story they’re afraid of telling. When you do it right, it seems like you’re just very curious and the speaker does the job of telling the story. If you do it wrong, you’re dominating the conversation and putting words in someone’s mouth. If you really want to practice this part, ask your kids (or someone close to you) how their day went. Don’t let them stop at “fine” or “good”. Encourage them to expand on that by asking very leading questions about specific parts of the day or topics of interest. You’ll be a pro in no time.

Tom’s Take

Did all of that make sense to you? Did you hear me? Did you listen? Video content creation and blog posts are hard tools for communication because we’re cutting out the second part of the communication process. I don’t get to see your understanding or ask questions that allow you to consolidate your knowledge. I have to hope that the topics here are things that you enjoy and understand, even if you have to go back and read them a couple more times. I promise that if you work on the things above in the coming months you’re going to find yourself a better, more active listener with a lot of knowledge gained. And that’s a learning lesson worth listening to.

Do You Do What You’ve Always Done?

Posted on by
1

When I was an intern at IBM twenty something years ago, my job was deploying new laptops to people. The job was easy enough. Transfer their few hundred megabytes of data to the new machine and ensure their email was all setup correctly. There was a checklist that needed to be followed in order to ensure that it was done correctly.

When I arrived for my internship, one of my friends was there finishing his. He was supposed to train me in how to do the job before he went back to school. He helped me through the first day of deploying laptops following the procedure. The next day he handed me a different sheet with some of the same information but in a different order. He said, “I realized we had too many reboots in the process and this way cuts about twenty minutes off the deployment time.” I’m all about saving time so I jumped at the chance.

Everything went smashingly for the next month or so. My friend was back at school and I used his modified procedure to be as productive as possible. One day, my mentor wanted to shadow my deployment day to see how I was doing things. I invited him along and we did the first one. I pulled out my deployment docs and made sure to follow the procedure so I got a good grade. When we were done, my mentor pulled me aside and said, “I noticed you went pretty fast and did some things out of order. Why?” I mentioned that my friend and I had modified the deployment procedure a bit to make it easier and faster. That’s when my mentor hit me with a phrase that I’ve spent a lot of my career deconstructing:

“But this is the way we’ve always done it.”

You Do What You’ve Always Done

Process isn’t a bad thing. It makes jobs easy to break down into steps to assess timelines as well as being able to make a job repeatable. There’s nothing worse than a process that only lives inside the head of one person. If you can’t replicate your job you can’t ever stop doing it. Sure, it may be hard to write things down sometimes but you have to have a way to capture that data.

However, process all needs to make sense. If the process for starting my computer involves pushing the buttons in a certain order, there should be a reason for it. If the process for starting my computer also includes extra steps, such as getting a cup of coffee or banging on the monitor twice, there needs to be a reason for those too. Maybe the employee really likes coffee? Or maybe the startup process for the computer takes long enough that you can get a cup of coffee by the time the login is complete and if you try to do it earlier you’re going to run into slowness or indexing issues.

Documenting the steps is important. You also have to document the reasons behind the steps. Why must we tackle the project in this specific order? If you are doing Task A and then Task B why can’t you do the second task first? If you have no good justification then you should be able to do them in any order. But if Task B requires something from Task A to be able to be completed you need to document that. Otherwise people are going to do them out of order and miss steps.

Going back to our IBM deployment guide, why did there need to be so many reboots in the original document. Well, some of them were necessary. We needed to change the machine name before we joined it to the domain. We needed to log in with the username locally to create the profile before we logged in with the domain account so everything was created properly (this was NT4 domain days). Now, the instructions had us rebooting after every change, which added 3-4 minutes to every step along the way. My friend and I knew we could cut that down and do multiple changes for each reboot as long as they didn’t depend on the others being done first. But the original process was the “way it had always been done” and we had to prove it was better this way.

You’ll Always Get What You’ve Always Got

It’s not enough to challenge the process for no reason. Maybe your way is better. Or faster. Or just easier. But you have to prove it. You have to be willing to examine the process and ensure that what you’re doing is objectively better. It’s like taking a shortcut to work. It may feel faster for you. However if it takes 2 minutes longer on your drive is it really worth it? Or are you doing it because you don’t like driving or walking the other way?

Back to IBM and the laptop deployments. In order to get the revised process approved, I had to prove it was faster and provided the same output. I had to go into the lab and deploy using the old method and capture all the settings and data. Then erase the machine and deploy using the new settings and repeat the data capture process again to make sure the results are the same. Once I could prove that the new process resulted in the same output, we could move on to the second step.

Step Two involved timing the deployment. Now, in order to make sure I wasn’t juicing the numbers in either direction, we had our oldest, slowest laptop deployer use the new instructions. He would regularly take over an hour to setup a new machine with the old directions. We handed him the new page and told him to use this instead. Same steps, just in a different order. He went through them all cold twice and managed to average around 45 minutes for his deployment. He even remarked that our process was better.

Tom’s Take

Once we had it proven that it was faster and easier to do the things the new way we updated the deployment procedures before the next group of interns arrived. I had left my mark on things and proven that “this is what we’ve always done” isn’t always the best justification for things. But you do have to justify why your way is better. Facts beat opinion every day of the week. And if you aren’t willing to do the work to prove why you can make things better, you’ll always be where you are right now.

Imposters Among Us

Posted on by
2

Have you been playing Among Us? If you haven’t, your kids definitely have. I found out about it a few weeks ago because my children suddenly became Batman-level detectives and knew how to ask the kinds of interview questions that would make the FBI proud. In short, the game is all about finding the imposters in your midst based on their behavior and voting them out of the group to win. Sometimes you get it right. Other times you get it wrong and vote out someone who was doing legitimate tasks. It’s all a matter of perception.

Now, let’s look at another situation where we see this kind of behavior in a different light. You probably guessed where this is going already. We’re going to talk about Imposter Syndrome in our non-gaming lives and how it affects us. We may even make reference to pop culture along the way.

Where You Need To Be

I was thinking about this because something I said a few years ago at Security Field Day 1 popped back up in my feed. I was giving a speech at the beginning of the first day to the delegates and I wanted them to know that I understood that they may feel like they didn’t deserve to be there. I wanted to reassure them that they were where they needed to be. So I said something along the lines of the following:

You are here in this position because you earned it and deserve to be here. It would be an insult to those above and around you to think otherwise. If you have doubt in yourself, trust in those around you that they know who is best for your role.

Thanks to Kori Younger for recalling that specific part of the speech. Imposter Syndrome is hard to overcome because we really do feel like everyone else around us knows what they’re doing and we’re the odd ones out. We feel like we don’t know how to proceed or what to do. And that feeling can be crippling at times.

The idea that we don’t know what we’re doing is really called “learning”. It’s something that we do all the time. We apply lessons and intuition to find new solutions to problems, even ones we don’t feel qualified to do. We feel more comfortable doing this in areas where we have more knowledge or feel more confident, but rest assured we apply it all over the place, especially when confronted with situations we don’t completely understand or feel comfortable working on.

Earlier this year I took a Wilderness First Aid course for an upcoming Scout high adventure trip. Now, I must admit that I’m a terrible doctor or medical professional. I don’t like the sight of blood and I tend to focus on things without having a big picture. WFA is all about what happens when you find yourself in the back country far away from a hospital and what to do to handle situations. After a while, the solutions all kind of started sounding the same. You need to assess, stabilize, and almost always evacuate when critical. Now, that whole process sounds fairly simple when boiled down. But considering the crazy amount of things they want us to know about, like Acute Altitude Sickness, Hypoglycemia, and even things like concussions that cause cerebrospinal fluid leakage, you can see how easy it is to quickly be overwhelmed. However, the training up to that point helps you understand what to do: assess, stabilize, and evacuate if needed.

Applying A Process

Training and baselines help us overcome imposter syndrome in real life. We do similar things in IT or in other lines of work. When we encounter something we don’t understand or we feel overwhelmed by, we repeat the same process.

  • Assess – What is going on? Does this look like something I’ve seen before? The more it looks like a previous experience the more knowledge I can apply. Trust what you know. Being wrong because you applied an incorrect lesson is better than being wrong because you did nothing. Your experience will always serve you well. Trust those instincts.
  • Stabilize – This is where we spend a lot of our time. How can I fix this problem? Or stop it from getting worse? How can I get back to point where things work well enough to be able to reassess or make a different decision? Stabilization is the work that goes on in a process. A problem that is 100% stable is fixed. A problem that is 25% stable is better than it was with room for improvement. We need to apply lessons and things from our experience here too. Seen OSPF fall over before? Let’s try some things to get the routing table stabilized. Seen someone slice open their finger with a pocket knife before? We know how to fix this so it won’t reopen.
  • Evacuate – This one is a little more tricky. Sometimes we can’t fix something. Or we don’t know what’s wrong. So what do we do? Sit there wringing our hands? Scream at the sky? No, we get help. In WFA, evacuation is all about getting better help, whether it’s a first responder at base camp or a doctor in a hospital. In a professional setting, evacuation is more about finding the right help to get past an issue. Asking a mentor or senior person about the issue. Calling the support line. Asking someone on Twitter if they’ve ever seen this before. These are all great examples of evacuation from a situation. There’s no harm in asking for help. But there is harm in not asking for help when you need it.

Remember that everyone else around you is doing the same things you’re doing above when you find yourself in a situation you don’t completely understand. Some look more expert because they have better knowledge to relate to the problem. It doesn’t mean they’re smarter than you or better than you. It means they’re more adept at this problem for this time. Some people are more suited for things than others.

To quote Einstein, “Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will spend its whole life believing it’s stupid.” If we only judge people harshly by their ability to adapt to unknown situations with a minimum of information and then spend hours in post-mortem meetings laying out why they didn’t do everything right, we’re going to make them feel like imposters. Instead, let’s cut them some slack and remind ourselves that we probably couldn’t do as well as they did in the same situation. And if we could have done better than they did, this is a time to step up to the plate and mentor them to make them better. Apply your knowledge to theirs and they will succeed next time. Hoard your knowledge and you will forever believe that they are the imposter.

Tom’s Take

Among Us is all about finding imposters in our midst based on their behavior and what tasks they’re doing. Real life is all about proving we aren’t imposters by doing things and showing our worth. As much fun as the game might be trying to figure out who the imposter is, our reality should be spent more on encouraging people to feel better and mentor them through the process of believing in themselves and applying their knowledge to a problem to have a successful outcome. We should be focusing on making everyone better and more confident. There’s nothing suspect about that.