In episode 114 of Darknet Diaries, Jack Rhysider talks to HD Moore the creator of Metasploit. The whole episode is worth a listen, but wanted to share this section from the last few minutes of the episode (no spoilers) where Jack summarises the skills HD has demonstrated developing Metasploit. One skill in particular stands out for being hard to quantify, and often overlooked; working in the dark.
“I find this particular skill to be one of the most important skills when dealing with technology: Which is being comfortable doing things in the dark, in areas that you have no knowledge of or visibility into. Because when working in IT you are constantly faced with new challenges or problems that you have no idea how to solve. The problem might even be so weird that you don’t even know what to Google.
When assessing our suitability for a role in we tend to focus on specific technical skills. We assess ourselves on the languages we know, the frameworks we are comfortable with, and the tools we use. Front-end, backend, full stack or SRE, there is a go-to list of skills we are expected to have. That time I tried to list “knowing how to Google” on an internal company CV did not go down well.
One of the most valuable skills we can develop is figuring out how to tackle the unknowns. Where do we start? Is there even a problem here? What to you type into that search box? How long do you look? The ability to make progress when surrounded by darkness is invaluable. Doing so under pressure takes significant practice. These are the moments when we begin to doubt our own credibility.
And so being able to venture out into unknown territory even if it’s just unknown to you; you’ve got to learn to be comfortable in these dark areas. It’s scary and frustrating to try things that you know you’re going to fail at and even look stupid doing. But the more comfortable you get in that space of working with the world of unknowns, the better you’ll be next time you face the darkness, which is like all the time.”
You could be working on a hobby project or you could find yourself at the centre of a major incident for a global bank. Being able to make sense of the unknowns is a real skill. Both these scenarios present different pressures but the need remains the same. Assess the situation, reason about it, and make progress. This is something that every software engineer will face many times in their career. Finding opportunities to find comfort in this darkness is a highly transferable skill.
Yet, a word of caution. Don’t let comfort in the shadows leave you blind to alternatives. It’s always the network right? Not the network? It’s always DNS! How often have we heard phrases like this? When faced with the unknowns it is tempting to reach for the things we have seen before or to do the things we always do. Sometimes we get lucky, and we look like heroes. On other occasions we come up short and must to climb down from our hill of certainty and look again.
If you work with someone who always seems to know what to search for or where to look then try asking them a question. “How did you know to look there?” “What made you enter those particular search terms?” If you find yourself put on the spot by one of these questions, take the opportunity to explain. This is a golden opportunity to educate.
I’ll be honest, these questions are the ones that cause me to stop and think. They challenge actions I perform without thinking Sometimes this is even uncomfortable. Do I know what I’m doing or am I guessing? This doubt is good. It can prevent over-confidence. On more than one occasion such questions have caused me to stop before making things worse.
If you find yourself pairing or working alongside me, please do challenge me. I will take the time to try and explain or at the very least acknowledge that sometimes I really am just guessing.
You can find the full transcript and listen to the full episode over at Darknet Diaries or jump to the summary quoted above on Overcast, Darknet Diaries, Episode 114: HD.