What’s so hard about asking for help?

656503534_95363638d2I have a guest blog up at Forensic Focus, a riff on the impostor syndrome topic I’ve written about previously. I want to add to those thoughts by talking specifically about a more hidden issue that goes broader and deeper than impostor syndrome: the notion of asking for help.

Far from being an affront to the concept of Rugged Individualism or an appalling cover for mooching off the hard-won efforts of others, asking for help can be the difference between a string of jobs and a good career, a good versus a great manuscript, or an overworked and stressed parent versus one who, while still overworked and stressed, at least feels a little more balanced.

And yet, one of the most oft-repeated pieces of advice you’re likely to hear at any new endeavor — job, parenting, school — is, indeed, “Don’t be afraid to ask for help.” The fact that it’s repeated so often indicates that many people are, in fact, afraid to ask for help.

Why don’t we feel worthy?

It isn’t just risking a verbal sneer from That Guy on the forums or listservs who always manages to treat you like you have no business leaving the kids’ table for the adults’ (although that’s never easy to take). That Guy is really just part of the much larger trend towards online shaming, which is, though shameful in itself, not personal.

For me, and I suspect for many others, the fear of being unworthy goes much deeper than that. It has multiple facets, all of which boil down to one thing: my own perception that I haven’t yet figured out how to reciprocate — to give back something of equal value, to make it worth another person’s while to take time out of their schedule for me.

When I’m in the grips of this perception, I think: “Nah, they’re way too busy. I’ll just be pestering them.”

Or: “This idea isn’t baked enough, I can’t figure out how to frame it, and the person I want to approach won’t have the time or energy to brainstorm with me.” (Folks, this is where good ideas go to die.)

Or: “Everyone will think I’m lazy.” (You know, when That Guy admonishes you for not Googling the answer yourself, without considering that maybe you didn’t find the answer you were looking for, or that you’re specifically seeking the perspectives of people you know and trust.)

(Underlying all of this: a fear that I won’t ever be able to reciprocate, which of course, goes back to impostor syndrome: a pervasive belief that I’m not good enough to be able to adequately reciprocate.)

Business blogger Liz Strauss put it a different way as she explained the difference between the outcomes of two separate business meetings in her professional past:

I realized that on the first trip I’d been talking to those CEOs and SVPs as colleagues and partners and on the second trip I’d been putting everyone in the room on a platform above me.

It’s hard to offer value when you feel smaller — when you put the rest of the world above you.

Liz framed this in terms of needing “a person who won’t let you fail.” In my experience, such people have been few and far between… but I think that’s because I’ve inadvertently set myself up to miss them, to miss the opportunity in working with them.

Making yourself worthy

There is no other way to find these people and opportunities than to put yourself out there. I’ve found this to be of critical importance as I search for a job following a layoff: striking up conversations with strangers — completely out of character for me — seeing where the path of conversation leads, trying to put together those pathways with the disparate threads of my freelance-to-marketing career.

I think too often that we get hung up thinking we have to have some kind of expertise to reciprocate, without realizing that sometimes, the reciprocation lies in the act of helping itself. You don’t necessarily have to know or be able to articulate what this other person might get out of helping you; sometimes, they just want to. Either they’ve reached where they are with the help of others and want to pay it forward; or they’ve seen something in you they like, and they’re willing to take the chance. (Be wary, either way, of those who would attach strings or otherwise take advantage.)

In other words, we think too much about the costs of helping, and not enough about the costs of not helping.

Optimize for the cost of saying “no”

You can’t predict what’s going to make a person say “yes.” One person’s cost of saying no isn’t the same as another’s. At that point, it’s in your best interest to have at least some idea of where your needs and their interests align. When you recognize that there is work to be done, that you’ve hit a brick wall and have no idea how to scale it, what is it about this other person that makes you want their help, specifically?

In a world where “Don’t take it personally” is sound business advice, in other words, make it personal. Don’t just contact them because they appear to be the kind of guru whose brain you want to pick; study their LinkedIn profile, their Twitter account, any articles they’ve written lately, what they’re interested in.

This shouldn’t take long! Just as a coworker once told me to stop thinking things through so carefully and go out on a limb more often with my ideas, don’t overthink your value proposition to others. Just be able to articulate it. Hypothesize why helping you will help them, and invite them to test that hypothesis together.

The result may only be transactional. The other person may even say no. But the more people you ask, the more willing you are to invite others into your life, the higher likelihood you’ll have of building long-term relationships with the very people who won’t let you fail.

photo credit: pull for help via photopin (license)

The Authenticity in Failure

14189813404_69a7864ea5In my last post, I wrote a little bit about how impostor syndrome — the belief, most often seen among high achievers, that the only thing you’re good at is pulling the wool over people’s eyes at how big a fraud you are — had driven a hiatus from my blog as well as from other professional pursuits.

For me, impostor syndrome is both generalized and specific. In my head exists a general sense that no matter what I do, I’m probably screwing it up. Between marketing and parenting (and thanks to the latest health research, even sleeping and eating), there’s not a chance I’m getting much of it right — and I won’t even know it for many years to come.

There’s a certain freedom in realizing that everything you do is probably a mistake, but it only works to counteract that generalized fear. The more specific fears are harder to beat, because they go back to the times I’ve actually screwed up.

When you have impostor syndrome, specific mistakes “prove” that you are, in fact, a fraud. If you knew what you were doing, you’d never make them. And too many in a row will make your employers realize what a mistake they made in hiring you. It doesn’t matter if I keep my job that one day. That mistake piles on all the others, and someday it will be enough to bring the whole house down.

In the past, this uncertainty could paralyze me into inaction — a self-fulfilling prophecy. These days — since dietary changes blew away most of the cobwebs, an unintended consequence of fixing physical issues — it’s a lot easier to manage. Having had time and space to reflect, here’s what I’ve learned:

I’ve never felt this way when I wasn’t stretching.

Feeling incompetent doesn’t happen when 90 percent of my daily work consists of things I could do in my sleep. Instead, I’m bored. Given a choice between feeling incompetent and feeling bored, well, I’d definitely rather feel incompetent. It means I’m growing, that I have more things to learn. That I care enough to want to get it right. That other people respect me enough to challenge my intelligence.

There’s a fine line between stretching and self-sabotage.

Part of stretching is leaving your comfort zone. However, when you’re out of your comfort zone so often that you feel like you’re failing pretty much all the time, that’s a signal: you need to find a way to play to your strengths. Sometimes that’s a matter of having a heart-to-heart with your boss about how to be more successful. Other times, it could be a matter of finding a job that’s a better fit.

When mistakes aren’t OK, it’s time to get out.

It’s one thing for bosses to tell you that mistakes are OK to make, how you learn, whatever. It’s another to have the sense that they really aren’t OK. Seeing a colleague fired for a relatively easy-to-make mistake has a way of messing with your head, even many years and positions later.

Find the place that values mistake-making. To quote John Cleese, “I suggest that unless we have a tolerant attitude towards mistakes — I might almost say a positive attitude towards them — we shall be behaving irrationally, unscientifically, and unsuccessfully.”

Do your own thing.

Not at work, obviously. But make sure you’re making time for your own crazy projects. Otherwise, you risk putting too much of your time and energy into everyone else’s projects. Not only will they never have the same vision as you; your vision may also not be what the organization needs. You need an outlet for what you need, which can help you separate yourself from your work and lend better clarity to your professional life.


This is how we bust through impostor syndrome: by telling ourselves, every time we start thinking that what we have to say isn’t as good or isn’t as necessary as what others have already said, that out of all the humans ever to put words on paper, all the possible permutations and combinations and evolutions of the human brain rendering language usage so unpredictable, only one thing is true: it hasn’t been said YET. That’s why we need to say what we need to say.

Embrace humility.

I’ve learned the uncomfortable truth that impostor syndrome and pride are intimately linked. I feel incompetent when I realize I don’t know as much as I thought I did, and when I realize the answers aren’t as obvious as I want them to be. That’s a sure sign it’s time to ask for help — to humble myself, even to be vulnerable.

This is not an easy task in a world that values self-sufficiency above all: the ability to outsmart, outmaneuver, and outperform peers — we see it, pervasively, in reality television and politics, in our kids’ test scores and gleeful celebrity gossip. We’ve taken competition to an extreme, where we’re obsessed with being “better than,” and it’s making us lose our empathy.

The thing is, impostor syndrome and its big brother, perfectionism, make you focus on yourself even when you think you’re focusing on others — your kids, your workmates, your friends. Fear of screwing it all up can make you stop trying out of self-pity, and that can have the exact same effect as extreme competition.

I may not get much right in life. No one does. If that makes me an authentic impostor, then I’m okay (and probably a lot happier) with that.

photo credit: Find peace via photopin (license)

Hold tight and pretend it’s a plan

kayaker balancing in whitewaterIt’s been awhile since I blogged here; now that I think about it, since around the time I first discovered the “NuWho” Doctor Who reboot on Netflix. Thankfully, however, correlation does not imply causation, and Doctor Who was really part of a larger rebalancing, the start of a process of examining and processing and deciding.

Things I learned:

No matter how much you love something, it is possible to overdo it.

No, I am NOT talking about binge watching entire Who seasons on Netflix in a single day. Well, mostly not. Although it is hard to walk away from.

The fact is, I burned out on writing. I lost the soul of it because I let my ego get too wrapped up in topics and forms that other people at work weren’t as invested in. What I did do was get reinspired by watching incredibly well made TV shows and discovering new fiction.

I’m better now at recognizing when I’m doing too much of other people’s stuff, a signal that I need to pause and do something for myself. (I also don’t swim competitively for that same reason.)

Sometimes taking a break isn’t enough. Sometimes you have to quit altogether.

I learned this in 2006, also after a period of burnout, when I quit my part-time freelance job, also because I lost the soul of writing in too many PR pieces and not enough stories. I wrote fiction and raised my sons, but it wasn’t until a story I loved found me that I went back to trade journalism.

At that point, though, I quit fiction. I didn’t believe I had anything to say that stood out enough from the crowd. It took another five years, a depression, heartbreak, the abovementioned burnout, and various other tribulations for new stories to find me. I’m told it’s my best work yet; stay tuned.

In any case, quitting, I’ve found, is as much about things and activities as it is about people. It’s letting go, setting free… and if “it” — passion, stories, friendship — comes back to you, you aren’t yet through learning from it. Don’t sit around waiting, either; find other things to do with life:

quote about downtime by Anna Quindlen

You’re not an impostor if you’re doing your own thing

Not feeling I had much to say also figured into my hiatus from this blog. Rampant impostor syndrome had convinced me I wasn’t enough of a marketing expert to join the throng of voices from other, more experienced communications experts.

That still left #forensicfemmes, but with no forensication experience of my own, who was I to publish anything that real forensicators would find of value? As a person who places high value on informed opinion, to weigh in, for example, on IBM’s “Hack a Hair Dryer” would have nothing on Lesley Carhart’s excellent blog on the topic.

It would take another few months, a decision to drop my other blog, Cops 2.0, and use this space to focus on my personal-professional life, to work out how it all comes together. While there won’t be anything close to a regular blogging schedule with a solid editorial calendar, my intent for this space is:

  • Fiction talk. That includes stories I write and/or publish, authors and books I love, things I learn about the industry.
  • #ForensicFemmes. I see an intersection with finding and doing work that is personally fulfilling, that feels like contributing time and expertise to a valuable mission.
  • Personal lessons learned about career, marketing, life, etc. Expect lots of references to geek culture. And raccoons, the “hackers of the animal kingdom” I’ve learned to love through volunteering at a wildlife sanctuary.

As the 11th Doctor noted:


photo credit: Level Six 2009_0237 via photopin (license)

Authenticating your content: The power of voice

there's a red house over yonderWhen I was regularly writing fiction, one of the most talked-about topics on the listservs and message boards was: How do you establish your voice?

The reason it was discussed so much is that voice is incredibly difficult to define. It’s the thing that makes writers sound uniquely different, what distinguishes Dennis Lehane from George Pelecanos in crime fiction, or Stephen King from Shirley Jackson in horror.

And it’s every bit as important in business writing as it is in fiction.

Last year I worked with an author on using articles to promote his book. Between some material in the book, emails we traded, and his blog, I’d pulled together what I thought was a pretty good piece. It was technically accurate and flowed well, and covered what I’d pitched the editors.

The problem? It didn’t sound enough like him, and he told me so. And he was right. He’s a prolific blogger as well as a book author, and has his own distinctive voice.

Why does it matter if voice is distinct?

Because everyone recognizes impersonal “corporate speak.” It’s usually filled with buzzwords like “leading,” “synergy,” “paradigm shift,” and so on. It’s lazy, safe, predictable. People use it because no one wants to inject their own personality into it.

This is a legitimate branding concern. Too many distinct personal voices can dilute a brand and confuse its customers. On the other hand, a brand that sounds just like every other brand is also pretty diluted. It also, and I see this in social media, misses opportunities to show its unique strengths.

So where’s the balance? How can you sound distinct, without losing your voice when your best communicator leaves or your company (and PR department) suddenly grows?

Know your company’s mission, vision, and values

The people who communicate on behalf of your company need a strong command of its mission, vision, and values. This isn’t as simple as making them memorize the company’s mission statement (many of which are useless anyway).

It’s not even as simple as inviting them to strategic planning or goal-setting meetings. A company’s values come through in every interaction with their publics, from sales to customer service to employee relations. Communications people, like everyone else, observe and listen. Pushy sales, lazy or rude customer service, and indifferent employee relations communicate a company’s values far more than a few sit-down meetings with the C-suite.

A communications staff using indistinct language may, in fact, be afraid to rock the boat — or at the very least, afraid of the potential consequences, from the boss if not the public. So:

If you’re the boss:

  • Start by asking yourself what you stand for. Integrity, truth-telling, the best service in your market, and so on. Outline what that means for your customers. While you’re at it, think about whether you need to redefine your business.
  • Review company content: website, press materials, videos, etc. Do their words match your vision?
  • If the answer is “no,” find out why. Be open to the answers.
  • Work with your communications team to figure out how and where you can make changes.

If you’re the communicator:

  • Assess the language you use in your current content; separately, assess what you believe your company’s brand to be. Do they match?
  • If not, challenge your boss to do better. Find out how and where to change your assumptions and align your ideas with your boss’s.
  • Start experimenting with language and visuals. Use words that advance the newly aligned understanding of mission, vision, and values. Don’t back down from committing to a different way of communicating!

In an industry like digital forensics, where thought leaders are easily recognizable, a blog or article that doesn’t “sound like” them can mean trouble. Whether they own a business or are contributing something else — research or training — a diluted brand can be as bad as making readers wonder whether they can trust what they’ve just read.

This is all the more important as more business-to-business firms — 89 percent, as of last year — embrace social media. It can be scary to show how you’re different from the competition. But companies are made up of individuals and their interactions with one another. If you have to think about authenticity, you probably aren’t authentic; but if you focus on developing your best values, and your voice along with them, you’ll differentiate in a way no competitor can match.

Would you add anything to the lists of what to do to find your voice? How do you communicate?

Creative Commons License photo credit: foto3116

The process of social content creation

Work In Progress - Go SlowThose of us who use Twitter on a regular basis often find ourselves fascinated by the speed of our streams. New content gets shared, retweeted, discussed on an hourly basis; it’s impossible to read and digest it all, so we filter it, judging an entire blog post by its headline or the hashtags used to promote the tweet.

Twitter streams so quickly that it’s easy to think you have to go faster, too. A blog post leads to a Twitter conversation that leads to more blog posts and more conversation… who wants to miss the opportunity to contribute (and be recognized for contributing)?

In watching the activity, it can be difficult to remember two key points:

  1. Everyone goes at their own speed.
  2. In failing to go at our own speed, we miss things… sometimes important things that might make the difference in how we differentiate our thinking from others’.

As social media and communications expert Amber Naslund wrote not long ago:

Reflection itself has a few benefits, from cool-off time to the ability to let thing sit and process for a while, like steeping tea leaves. Sometimes I notice something I didn’t before. I notice that didn’t say something or make myself clear enough, something that might have made the conversation easier, and I know to be more articulate and specific next time.

How I create social content

An example: to get to the post I wrote about contributing to the DFIR community, things sat in the back of my mind for a few days. I had seen Twitter conversations among Harlan, Ken, Erika and others; I’d read their blog posts. I knew there was something I could add… I just wasn’t sure what. I didn’t want to rehash what everyone else was saying, and I didn’t want to let the opportunity pass.

At the same time, two totally unrelated articles sat in my browser tabs. As with the DFIR conversation, I’d read them, knew I wanted to do “something” with them (bookmark them? Use them in a blog? Did I have a client who needed their wisdom?) but wasn’t sure what… until I began to see how they related to the DFIR discussion. What if, I asked myself, the writing itself might be the problem? And so my take on the “contribution” topic became about my own specialty: content.

Like Amber, I need time to process things. I’ve found this outside of Twitter too, in the last few months especially, whether in an email thread or in-person meetings or at trade shows.

  • It might take me two or more days to respond to email, not because I’m consciously stewing about something, but because I’ve read the thoughts and want to be sure I’m getting the issues and requirements right.
  • In person or on the phone, it’s not unusual for me to come back to meeting-mates a day or two later with more information, clarifying things I said and usually in relation to what I heard. (I sometimes struggle to articulate myself verbally.)
  • At DC3, on the last day of the trade show I came to the expo hall floor early and spent half an hour with the notes I had taken, connecting the dots between people and the thoughts they’d shared.

Among the connections I make is where good content lies. That’s why I don’t blog more than weekly on any blog I maintain.

Learning from the researchers

It’s hard to remember, amid the constant stream of content, that everyone has their own pace. This is true of fiction writers as well: some writers are just naturally more prolific than others (and may even suffer from hypergraphia). But it is also true that the more you write, well, the more you write. You learn to see the ideas in the everyday, to splice them together with other ideas.

And then there are the DFIR researchers.

It’s sometimes difficult for me, as a PR pro and content marketer, to see clients’ best minds working so slowly. Months can pass between good articles that support, say, a client’s training course, or that review a client’s forensic product.

Of course, all that means is that the writer is taking time with the research. Day jobs take precedence, and good research deserves thoroughness. It’s the only way to provide content that will be meaningful to the reader.

Back to Amber’s point: there is power in slow thinking, and perhaps what we owe most to our readers and followers is not the ability to keep up… but the ability to filter, connect, distill, and purify according to our own unique experiences and perspectives.

Are there times when you could have thought slower, or where you chose to think slower? Tell us about it below!

Creative Commons License photo credit: KarolGajda

20 ways to connect after a conference

Putting The Puzzle TogetherThis week I’ll be at my first DoD CyberCrime conference in Atlanta. Following on two HTCIA conferences, two Techno Security events (together with one Mobile Forensics Conference), and a Police Leadership Conference, I’m looking forward to meeting a somewhat different crowd.

And yet, also a little apprehensive. Early on I learned that conferences are alternate realities. All kinds of things happen there that wouldn’t happen in typical workaday life. As I commented on Conversation Agent Valeria Maltoni’s blog recently:

You meet people and have great, deep conversations, you brainstorm all kinds of possibilities. But when you go back to the normal schedule, after you’re all caught up and looking for a little of that ‘spark’ you found in a different time and place… you’re still constrained by schedules, responsibilities, expectations that temporarily didn’t exist at the conference.”

Valeria wrote an excellent post, “30 Connective Things You Can Do at a Conference,” about how best to manage that alternate reality, to network the way you want and need to. Because conferences and networking are so important to the DFIR community, I’d like to riff off her original post and talk about 20 connective things you can do after a conference.

1. On your day of departure—in your hotel room the night before you leave, in the airport, on the plane or train or in a coffee shop during a driving break—take the time to reconstruct your sessions, meetups, after-hours conversations, etc.

  • What did you learn, and from whom?
  • What ideas did you and others come up with?
  • What did you observe, what did you overhear?
  • What patterns do you see?

Write all this down to come back to in a week or so, after you’re caught up at work.

2. Share what you learned with your team. Remember that you’re coloring the information with your own perspective, so if possible, share the slide deck and/or handouts with them and invite their feedback.

3. Revisit your notes. Together with your team’s feedback, decide if there’s enough for new research, a new paper, blog article or podcast. Be sure to set aside time daily or weekly to work on the project (depending on how in-depth it is); when you publish it, be sure to refer to the conference, people and ideas that led you to complete it.

4. Didn’t get a chance to provide feedback to speakers? Make a point of emailing one or two speakers per day after you get back to the office. Be specific about the takeaways you gleaned. Leave the door open for further discussion.

5. Share what you learned about products and vendors with your team. Collect their questions and needs—not just about what the product(s) can do, but what they need to do their jobs better. Follow up with the vendor(s) to ask those questions and see how well they respond to your team’s needs. That response will be an important part of your purchase decision.

6. Take time to think about things you wish could’ve been different:

  • More time meeting new people?
  • Hanging out with old friends and colleagues?
  • Lecture track you would’ve wanted to attend for yourself, rather than work?

Decide to make those changes at the next conference you attend.

7. Start a Twitter, LinkedIn group, forum/listserv or blog conversation about something you learned. (Sometimes conferences have their own LinkedIn groups.)

8. Identify the 3-5 people you connected with most strongly. Make a point of calling or emailing them every so often with things you believe they’d benefit from:

  • an article that recalls your conversations
  • a speaking opportunity at another conference or with the media
  • a congratulations on one of their accomplishments. Comment on their blog; tweet @them; find them on Google+ Hangouts.

9. While you’re at it, think about the things that made you click.

  • Particular ideas?
  • Core themes that connected your conversations and ideas?
  • Shared values?

Again, see if there are patterns—finding them can help you work out where you can benefit the community the most.

10. Set a goal for yourself to speak at next year’s conference, especially if your topic is based on the ideas you heard at this one.

11. Did you meet someone you thought would benefit from knowing a friend or colleague? Make sure you email-introduce them (and perhaps even conference call) the week following the conference. And be clear about the value they would have to each other.

12. Find a way to invite the best speaker(s) to your local area. A Security B-sides event, HTCIA or other association chapter meeting, or one-day training session can be ideal. See whom you can partner with to make it happen. Or, hold a virtual event. Your employer may be amenable to a webinar, or you might suggest the speaker to an event like #DFIROnline.

13. Pace yourself while reconnecting. Follow up immediately after the conference, but then let your relationship build naturally. Remember: conferences are alternate realities. Remind the other people who you are, then let the dust settle so that the ideas you built can stand by themselves for further building.

14. Who organized the event? If you can, volunteer to do something at next year’s conference, or encourage your employer to support it in some way (if they aren’t already) by sponsoring a giveaway or networking session.

15. Between this event and next year’s, you’ll network with more professionals. How might they benefit from coming to next year’s event—especially if they’re based in other countries? Invite them based on what you’d like to learn from them, and tell them you’ll be glad to introduce them to your connections.

16. Did anything you learn at the event change your mind, or send you in a new direction? Use a blog post to write not just about what, but also about how it happened—the old idea you’d never heard expressed that way before, or the unexpected angle. Did it help you solve a problem, or are you still mulling how to apply it in your own professional life? Either way, share it with the community.

17. Join a social network that’s new to you:

  • Well-traveled ones like Twitter, or underrated ones like SlideShare.
  • Volunteer for the SANS blog (if you’re qualified).
  • Create a new Google+ Circle and spend time there daily.
  • Guest blog for your favorite DFIR bloggers.

18. Publicly acknowledge the conference and what you thought was great about it. Mention by name those who made it great: organizers, speakers, people you connected with. A video testimonial can be especially powerful.

19. Traveling to where a speaker or conference connection is based? Let them know ahead of time, and tell them you’d love to get together if they’re available. Use your notes from your conversation(s) or their lecture to drive your conversation.

20. Think beyond your constraints. We get so caught up in our day to day responsibilities, we forget the things that made conferences spark for us. Make the time to recapture it, if not in conversation (that’s not always possible), then for yourself, in your own mind, from your own notes and memories.

“…follow through is key,” Valeria wrote. “Closing the gap between promises made and promises kept builds a solid reputation, and helps you make stuff happen, too.” It takes practice for sure, but the DFIR community is forgiving as long as you’re trying your best, and values face-to-face as much as virtual relationship-building.

What are some things you do to follow through with people you’ve met at a conference?

Creative Commons License photo credit: kenteegardin

Book review: Uncertainty

As part of an ongoing discussion about contributing to the DFIR community, I’m offering a book review. It speaks to the “fear of failure” noted by numerous forensicators, and the excuses we all make up to avoid pain. Whether you’re a small business owner, a researcher, or someone with an idea you’ve hesitated to put out there: this is for you.

The need to embrace uncertainty

Jonathan Fields hooked me in the first chapter of his book Uncertainty by describing why uncertainty matters:

 When you begin, nothing is certain save the drive to create something worth the effort….

Not knowing on day one how it’s going to end or what it will look like when it’s complete can be paralyzing for many. It’s brutally hard to act in the face of incomplete information or assurances that you’re on the right path. But it’s that very lack of assurance that also serves as proof that the journey you’re embarking on is not derivative. That the quest and the potential outcome are unique. That both will matter.”

Fields holds up inventors, technologists, artists and business owners as his examples; the book is geared toward creatives rather than any one way of making money. That’s important for DFIR practitioners, for whom forensication is as much art as science: applying the science in (ethically) creative ways, and creating new ways to refine the science.

But there’s a difference between creating for one’s own use, and creating (or communicating your creation) for everyone’s benefit. The latter is riskier, and potentially much more rewarding. Later on, in Chapter 9, Fields asks the reader to consider doing nothing at all:

In reality, there is no sideways in life…. There’s only up or down…. if you’re teetering on the edge of happiness, health, liquidity, and contentment now and if you’re stuck in a “do nothing to change” scenario, then ten, twenty, or thirty years from now, your creative life, your business, and your body of work will likely be somewhere between really unpleasant and really dead.”

He reminded me of why I quit my job over 10 years ago to become a freelance writer, and why I later convinced my husband to let me try full-time self-employment: the status quo wasn’t a happy place to be. Ultimately, I wanted our children to have the example of adults who strove for happiness and fulfillment.

Embrace uncertainty, unleash creativity

Between Chapters 1 and 9, Fields goes into detail about what it takes to “lean into” uncertainty as you pursue your dreams and goals. He effectively dissects the fear of failure and gives the reader tools to nurture creativity, to the point where it becomes possible to change plans when needed.

And so, after describing both the physiology and the psychology of uncertainty, Fields devotes several chapters to two main concepts:

  1. training mind and body through the routines of meditation and exercise, which help the creator release work from his/her mind
  2. “socializing creation,” which provides the creator with a way to get feedback even as a work is in progress.

I can think of many forensicators to whom exercise is a critical part of success, and I’m implementing Fields’ recommendations in my own daily life as a creative. However, it’s the latter concept I want to focus on, because it speaks directly to the “community” discussion.

A forensicator’s fear of looking stupid or failing is not, on its face, all that irrational. Who wouldn’t worry about how one’s employer or a courtroom will react to the disclosure that you don’t have all the answers?

But contributing to the community is not about giving something up; it’s about a give-and-take of knowledge and skill. You would not have gotten to where you are without others’ help (no matter how alone you felt at times).

Therefore, worrying about how other forensicators will react is not rational. The conversation from the last few weeks demonstrates a ready-made “hive” of trusted professionals. These people will offer feedback and advice towards anyone’s goal of creating something useful, be it a piece of software or a presentation. Do the work, and you’ll get the support.

Make it a closed hive, if you must; I’ve experienced the nasty side of hypercompetition, and the DFIR industry has no shortage of it. But Fields argues that we need judgment in order to be valuable, that creativity needs constraint to birth something useful. Involve others early on, and not only do you get that constraint; you also get the support and validation you’re fearful you won’t get.

Committing to your calling

“How committed are you to the specific endeavor?” Fields asks. “Is it a project or a calling, the thing you can’t not do? Understanding the difference informs the choices you make, but it also changes the way you act in a thousand tiny ways. It changes your personal energy and leads people either to buy in on an extraordinary level or to view your quest as something not all that important.”

In life we are all driven by the desire to be important, in varying degrees. For some, being important to one’s own children is the highest calling. For others, it’s importance to the local community as a public safety professional, journalist, or business owner. Others want to be important to a cause, such as stamping out cybercrime.

Contributing to the community is as much about self as it is about the group. Paradoxically, protecting self from the pain of failure ultimately starves self along with community; whereas contributing feeds both self and community, nurturing knowledge for all.

Edited: Over on Google+, Gregory Pendergast asked me for a more direct assessment of the book itself. Here’s what I told him:

It’s positive and practical. Nothing “The Secret”-ish about it; I was a little surprised to see such an emphasis on meditation (“attentional training”) but even that resonated because I have experienced brief times when deep contemplation or focus on exercise  (for instance, swimming) worked exactly as Fields was saying it does.

The writing itself is clean and direct, and I liked that Fields would state an idea early on, then circle back around to it once it had had a chance to percolate in the back of my head. Chapters built nicely on each other, and the book has stuck with me in the weeks since I read it, like quiet encouragement to stick with the good habits.

With thanks to Conversation Agent Valeria Maltoni for her generous gift of Uncertainty. Here’s her Amazon affiliate link if you like what you’ve read and want more.

Contributing (content) to the DFIR community

Making community software sustainableBlog posts and Twitter conversations over the last week or so — in particular an emphasis on whether programming is the most effective way to contribute — seemed awfully familiar, but I didn’t realize why until I read Harlan Carvey’s observation, “Some analysts seem to look around, see how some others contribute, and say to themselves, ‘I can’t contribute to the community because I don’t know how to program.'”

Substitute “write” for “program” and you’ll see a statement that novelists, journalists and other authors have been hearing for decades. The thing is, looking at Harlan’s list (case studies, book reviews, even asking questions), I can see how those “simple” suggestions might be just as intimidating as reading the Rob Lee post that started it all.

William Zinsser (one of my very favorite writing authorities) wrote in On Writing Well:

Take an adult chemist or physicist or engineer and ask him or her to write a report, and you’ll see something close to panic. “No! Dn’t make us write!” they say…. They were told at an early age by an English teacher that they don’t have “a gift for words.”

Which is criminal. As Zinsser goes on to explain:

“Writing, demystified, is just another way for scientists to communicate what they know…. Describing how a process works is valuable for two reasons. It forces you to make sure you know how it works. Then it forces you to take the reader through the same sequence of ideas and deductions that made the process clear to you.”

That sounds an awful lot like the standard for “reproducible” to me!

Helping the reader identify with your work

My observation is that most of the DFIR practitioners who are active on Twitter and Google+, also keep blogs; many also teach. In other words, they already communicate in a way that, as Zinsser suggests, “…take[s] much of the mystery out of science writing by helping the reader to identify with the scientific work being done.”

You can do that, he explains, by telling a story from your own experience, or someone else’s; relate your science to something the reader is already familiar with and can easily visualize; writing clearly and sequentially, pacing what you explain.

But how many are out there, reading these blog posts, thinking to themselves, “Yeah but… I can’t write”? Or feel as if they’re doing all the writing they already wish to do in their reports?

I’m going to estimate that these readers fall into two camps:

  1. Those who yearn to be better writers, more effective communicators. They’d like nothing more than to blog and tweet and write trade articles and maybe even a nonfiction book or novel that draws on their experiences. But they’re terrified of looking stupid.
  2. Those who could not care less about writing more, or they’re too busy to put the work into it… but they’d nonetheless like to contribute more to the community, although they aren’t sure how.

Communicating DFIR experience through writing

Harlan’s suggestions are right on the money, but I posit that for people who are not in the practice of writing regularly, it can be hard to figure out where to get ideas. Two posts I’ve read recently describe seven easy ways to turn old content into new content, and ten mindful ways to use social media.

These posts suggest things like:

  • making blog posts out of LinkedIn conversations
  • turning blog comments into new blog articles, or written content into video
  • knowing your intentions before posting
  • sending “random tweets of kindness” offering help
  • responding with your full attention

One article is purely about content creation. The other is about the attitude you need for creating good, valuable content. Both worth a read, and worth deeper thinking about how you can contribute.

Contributing without writing

Those of us who love the way a spirited Twitter chat rolls along have trouble understanding those who don’t just jump in, or indeed, who don’t even understand Twitter. There are plenty, though, and I’d like to see the DFIR community come together to use tools like Google+ Hangouts or group podcasts. In other words: natural conversation, for those who are more comfortable communicating by voice.

I also want to put in a plug for getting more involved with professional associations, volunteering on some level as a board member or event organizer or committee member. I know: employers can be stingy with the time you take for this kind of thing. But it can benefit them, too — corporate citizenship is a term I’m hearing more and more about, and building into some of my clients’ strategies — and can be a way for you to contribute in a way that fits you best.

Where do you feel you’ve fallen short in the community? How do you think you might improve?

Creative Commons License photo credit: opensourceway

Need beta testers? Tap the #DFIR community

digital forensics tool beta testing
How do you find #DFIR examiners to beta test your tools?

If you’re a small and/or unknown digital forensic tool provider, getting people to beta test your tool(s) may be a challenge. Ideally, you’re located in an area where you can partner with local labs and their experts. But what if you want to expand into a new geographical location, or you’re so new that the local experts don’t know who you are?

I asked the digital forensics/incident response experts on Twitter and Google+ what they thought:

Fill a need

“In my corporate work,” wrote Joseph Shaw on Google+, “we find that our investigations always fall within a very strict set of technologies and use cases, so the only time we look at a new tool is if it does something we really need done and can do it faster and cheaper than an existing tool we already use.”

Shaw’s lab follows the same procedures as Stacey Edwards’, who wrote: “We test both new products and new versions of old products against a standard set of data. If the results match what we would expect, and the product is affordable, more stream-lined, or runs faster, then we’ll proceed with it. If the product does nothing extra for us, then we’ll typically pass on it for the moment, but we may decide in the future to go back to it.”

“For me, it was a new product with a lot of potential, that would fill a void in email processing,” tweeted Frank McClain, “and that’s usually what gets my attention: new, potential, unique and that does something interesting; something I relate to, think I can help with.”

Filling a need is also about making it easy for the users. Any demo needs to provide full access, not limited features. “If I have time and the vendor makes it easy to obtain, I’ll test it and compare to end results [from established tools],” tweeted Daniel Parsons. “The no namers tend to be buggy and ease of use is still low, but you never know what you’ll find.”

Finally, as the “Big Kahuna” tweeted, “bragging rights” can be important. Examiners who are involved with tool testing should be able to say so, as it enhances their credibility as well as yours.

Be available

Where do users find out about new forensics tools — i.e., how might you let them know about yours? Says Edwards: “Twitter, email lists, blog posts, etc is usually how we find out about them. Or, if we have a need such as ‘products that convert OSTs to PSTs,’ we’ll poll people and do a Google search. It’s typically a need arises first, then we’ll do the searching and testing.”

This highlights the importance of two tools: SEO, and social media. Anticipate the keywords your intended customers will use. And follow — and engage — with them using social tools. Twitter and Google+ have the strongest digital forensics followings, though some LinkedIn groups may net good feedback as well. In addition, forums like Forensic Focus continue to be important to many users.

Likewise events. “I just demo’d the new Oxygen Suite 2011 because they gave it at #htciacon [the HTCIA Conference],” tweeted Parsons. Earlier in the year, at the Techno Security/Mobile Forensics Conference, Cellebrite made available a demo of its latest version of Physical Analyzer software. They made their demo part of a contest, in which participants underwent a timed analysis for the chance to win a new BlackBerry PlayBook. (Disclosure: Cellebrite is a client.)

Most of all, community

The digital forensics/incident response community is all about its relationships. Good investigators know that the time to build them is before you need them, and it’s no different for companies seeking beta testers. Get involved early and often — months before you need testers.

McClain, who seeks open source tools, looks to build relationships “with smaller developers, other forensicators (like [Andrew Case]) who build tools for the community,” he tweeted. Likewise Gilbert, who relies on word of mouth to find out about noncommercial tools, and on his relationships with vendors for commercial tools. “Usually [there are] no true betas on production work,” he tweeted.

Are you an examiner who has participated in beta testing, or a vendor who has asked examiners for help? Leave a comment — how do you prefer to make these connections?

Image: dpstyles via Flickr

Your Twitter follow strategy: picky or profligate?

Twitter follow networkTwo blog entries last month made me think about why I’m so picky when it comes to Twitter follows (as opposed to Facebook friends or LinkedIn connections, where I have to have either met people or know who they are and why I want to connect with them). I follow about 600 fewer people than follow me, and every so often I cull my “following” list. I try to stick pretty tightly to forensics folks, cops, and PR/marketing pros.

Although Mitch Joel at 6 Pixels of Separation agrees that being a “Twitter snob”  can be good — keeps your stream uncluttered, reinforces your credibility — Christopher Penn takes a step back from the either/or argument:

Here’s a different way to look at the question: what are your goals? Broadly, there are two different goals you could be pursuing with your social networking strategy, segmentation and serendipity.

If you have a goal of creating a tight, highly valuable network where the only interactions you have are with people you know and trust, you’re effectively pursuing a segmentation strategy. You’re looking to get maximum value out of the content that comes from the network….

If you have a goal of creating a broad, diverse network where you’re interacting with many people across many different industries and backgrounds, you’re pursuing a serendipity strategy. You’re looking to get maximum value out of the network itself….

Neither strategy is correct, writes Penn. Although arguable that this is a function of personality rather than business goals (I am deeply introverted, and prefer quality over quantity in my networks), when I take a look at the accounts I manage, I can see each strategy in play regardless of the fact that I specialize in the forensics niche.

Most of my clients specialize in different areas, and I follow accordingly. There is, of course, some overlap, as with e-discovery and forensics examiners. But it’s not all the same. One client has more interest in homeland security, especially border operations, than others do. Reading their blogs, in part to learn what their specific needs are and in part to learn which of their content is relevant to the brand, means the focus is on content.

Another’s audience includes information security professionals as well as forensics and e-discovery. This is also the fastest growing account, and although I try to retweet as much as I can from the network in the name of validating and strengthening the community, it’s the network itself that is the focus.

In the digital forensics space, most business and personal accounts will focus on quality and content rather than on quantity and networking. That said, some will want to focus more on the latter — those forensic firms serving not just other businesses, but individuals as well. (Think private investigators and data recovery firms.)

Speaking of individuals, you see these same strategies in play in other social networks. Some LinkedIn contacts, for instance, have 500+ connections — and ask more to connect with them. Likewise on Facebook, where hundreds of security and intelligence people friended Robin Sage without thinking about it. But that’s another post for another time.

How do you decide to connect with people on Twitter (and other social networks)? Where do you place value — on content, or networks?

Creative Commons License photo credit: Marc_Smith