It’s raining and the morning sky is still dark, but the light is slowly shifting from ebony to blue.

I’m thinking about Bladerunner as I listen to the rain. Harrison Ford narrates my near-future dystopian fantasy as a billion drops per second shower the world. I imagine each drop a malware-loaded bot, a digital armada with greater power than humanity has yet amassed but smaller than an atom, slamming against my firewall.

Good morning, it’s a great day to hunt bots.

The information security company WhiteOps is the genesis of this daydream. Claim to fame: authenticating trillions of online interactions. The service: determine if it’s a bot or not.

That’s what reminds me of Bladerunner, the Voight-Kampff test from Ridley Scott’s cyberpunk masterpiece. A digital detective tasked with identifying bots imitating humans. Sounds like another way of saying non-human investigations. So spooky and suspenseful, I’m definitely going to need a trench coat.

Detecting and defending against bots isn’t the future. It’s now. These bots are the new tanks and the next-generation super-cyber bombers. Consider how devastating the German u-boats were to the battles in the Atlantic. Bots are cyber-dimensional submarines exploiting the trade routes of the internet. They are electric ideas driven by algorithms with ambitions. And one of their greatest powers is passing as human.

WhiteOps has a position open: Threat Intelligence Investigator. That sounds slick enough to me. If there is an AI that loves me, then there will be a bright and shiny circuit-badge with this gig. Just once, I want to unfold my wallet, flashing my ID, and say, “I’m Investigator Twitchell, this is my partner, we’re looking for some bots that were spotted in the neighborhood.”

I sent in a resume and cover letter a few days ago. Not just because Threat Intelligence Investigator sounds badass, it does, but also because figuring out what is human online is essential.

If you find my words dramatic, well then don’t read this report on fraud and definitely don’t read this article on the AI-containment problem. And most definitely don’t read this one about Facebook being a Doomsday Machine with 90 million bots lurking around trying to friend the planet to death.

I hope to hear back from WhiteOps, but if not, I’m still going to hunt bots!

And once I find them, game on. Ding ding goes the boxing-ring bell, let the match begin. In this corner hailing from 3-dimensional space fighting for humanity and weighing in at 170-pounds of bravado and hyperbole, Jay “The Bot Hunter” Twitchell.

Well, like my grandfather used to say, “If you’re going to fight robots, you need to go to robot fighting school.” So, before my certificate of completion as a Digital Detective (artistic license with title) arrived, I was already signed up for a 4-day SOC analysis course with Black Hills Information Security taught by John Strand.

SOC is short for Security Operations Center. It’s where the cybersecurity team responds to possible intrusions into the network. Picture a cyber-war room. Kinda like a NASA launch control room, with a two-story wall covered in screens, flashing red and green lights, maps from missile command, and graphs and dashboards keeping the score of the living and the dead. In the heat of it, sweat flowing from every brow, a dozen people furiously typing on keyboards, faces aglow in the wash of screen light, whispering battle commands into their microphones.

SOC Analyst Level 1...gets that team’s coffee. Everybody’s got to start somewhere. As a coffee-dog and bot spotter, you let the team know about a flashing alarm and then Level 2 and 3 deal with capture, containment, and neutralization. You survey the network like a bushman on the savannah scanning for evidence of predators’ digital skat, dissecting packets, and looking for paw prints of persistent connections in silicon.

Information security is totally hunting the hunter, spy vs spy. Just not the fast cars and jet packs, but instead SQL injections and rootkits. And If you're going to hunt down the enemy, you have to learn how to read the threat landscape and appreciate the tactics. To hunt a fox you must become a fox, yes? You need to know the methods so you can spot the signs that you are being stalked.

John Strand is a great resource for honing cyber-safari skills. John is formerly a SANs institute instructor (15yrs) and runs BHIS, a cadre of devious cyber ruffians.

A quick summary of the 4-day course:

There is no one product or strategy that is foolproof. Anything, given time and persistence, can be bypassed. The trick is layering the network with enough security gambits that it costs too much time and/or sets off enough alarms that an attack can be prevented or quickly resolved. The idea is to create a layered web. A spider uses more than one string to catch a fly.

Endpoint analysis and common command-line magic tricks combined with a slew of open-source network monitoring tools and Shazam, you can respond to an incident. Right?

Hmmm...not so fast. Even a good plan won’t help you if you aren’t used to responding to threats. There are a couple of fun quotes about this, “Everyone has a plan until they get punched in the face.” and “No battle plan survives meeting the enemy.”

This is why you hire penetration specialest-teams like BHIS, and run attack simulations. If you can’t afford that, then attack your own system and test the defenses. Sounds like martial arts to me. Seeing as how I’ve paid professionals to beat me up most of my life, I totally get this principle. When you're getting your ass kicked isn’t the time to discover you're not ready for an ass-kicking. No one has time to think when they are getting pummeled. It takes practice to learn to roll with the punches.

And if you're going to pay someone to cyber punch you, John and his team seem like the right kinda people.

My takeaway from the 4 days: John is a passionate and generous instructor. The class was pay-what-you-can. So, the cost wasn’t an obstacle for the education. And I’ve rarely seen someone outside of a Pentecostal tent so evangelized about their work. It’s great to see that this field can keep a fire alive in the belly. Borders on inspiring.

My favorite quotes from the course were:

“You don’t get paid for the good days, you get paid for the bad ones.”

and

“You don’t train until you get it right, you train until you can’t get it wrong!”

To get your own dose of John, listen to this Darknet Diaries podcast where he shares stories about all kinds of penetration testing. One story involves his mother popping shell on a prison system. Below is the podcast and an article from Wired for the extra curious (it’s totally worth it).

Darknet Diaries - 67: The Big House (google.com)

(Darknet Diaries is my favorite podcast)

How a Hacker's Mom Broke Into a Prison—and the Warden's Computer | WIRED

I signed up for another course in March: Active Defense & Cyber Deception. I also enrolled in BHIS’s Cyber Range where you can build your cyber skills and supposedly compete for a position on the BHIS team. I also bought a t-shirt. I know it’s not quite a trench coat, but it’s a good start for the newest bot hunter on the block. Watch out, robots. I’m coming for you.

Considering I’ve gone the last 50 days without drinking any alcohol, I have to say that Annie Grace’s book, This Naked Mind, is the most influential book I read in 2019.

This book now sits in my martial arts section in between my Taoist meditation collection and various works on how to punch people in the face. That’s because this book is psychic dynamite. If you really like drinking, and are of the impression it’s not that big of a deal to tie one on from time to time, you don’t want to read this book.

I didn’t begin to abstain immediately after reading the book, but my perspective changed in a single day. It was one of those books that made me so uncomfortable, I had to read it all in one sitting. Something deep down wanted to argue, wanted to put it off. I knew that something would keep me from ever picking it up again. So, knowing when my first impulse is to push back on something, that I’m trying to defend my position without considering it, I instead started taking notes.

6 hours later my wife came home and I read my notes to her. I couldn’t get through them without crying. So yeah, it packs a punch.

In short, the book tackles social and cultural issues as well as the science of alcohol consumption. Not only does it cover how alcohol is marketed, the never ending campaign of you deserve a beer, it clearly lays out how alcohol changes the chemical makeup of the brain, making it impossible to perceive reality objectively long after you think you are sober.

I’ve read a number of books about addiction and alcoholism. They have each had something important to say but none have swayed me quite like this book to the mental ninjitsu of alcohol.

After each chapter I made notes. Most of which are very personal. Instead of sharing all of them, I’m picking out the one’s that are most straight forward, but it’s hard for me to hide my feelings. Here goes:

-Alcohol reduces the brain's ability to understand what is and isn’t a threat. Once it has affected your system, anything that keeps you from drinking is a threat. Family, friends, job, or hobbies.

-It’s a short term solution that has an exponential long term cost. Like borrowing money from a loan shark that charges 200% interest everyday after the original loan.

-Alcohol doesn’t make you feel better. Instead your brain’s ability to process sensation overall decreases.

-You aren’t more charming and you aren’t funnier. At least not in the way you would hope. But your ability to read social cues has lessened so you don’t notice the discomfort of others.

-The pain (often existential) remains, for when you wake up tomorrow, the pain returns often worse than before. But is hard to remember that, because alcohol affects memory. Though the alcohol allows for a short cut, or a short circuit, a quick fix as it were, to dull our social, emotional, and psychological discomfort, it can never make them go away. It actually increases our feeling of powerlessness, because “without alcohol, how else can I handle those situations?”

-Uncomfortable emotions aren’t washed away, they are suppressed. It doesn’t make us feel more comfortable or confident in social situations. Instead alcohol makes it harder to empathize with people, and so we confuse a growing sense of indifference with comfort. You don’t get better at handling situations, you just care less how they turn out.

-If it alcohol made you happy you would be filled with happiness by now.

-Claiming alcohol gives you pleasure is like saying it’s enjoyable to create blisters for the relief of taking off your shoes.

I can go on (I have 5 more pages of notes), but why try to rewrite the book? The Naked Mind made me challenge my definition of courage. It made me aware of my unconscious biases and gave me a way to examine my life more closely. It asked me to consider what I needed a break from and what I really deserved. It offered me a way to be more honest with myself and more present for the people I love.

I have another 50 days to go on my 100 day challenge of no alcohol. Why did I make that choice? I needed to see for myself what life was like without drinking. I needed to discover tools and techniques to deal with the frustrations of life without compounding them. And ultimately I wanted to discover what my best was, without giving myself an excuse for failure. Good enough isn’t my best. And I, along with my family and friends, deserve my best.

I challenge you to read this book. I understand you might be nervous, but I promise it’s worth your life.