Sunday, February 2, 2025

Lions and Lambs

 I rather liked my painting analogy - it helps explain what I mean when I say that an idea is floating around in the back of my mind, but that it hasn't come together to the point where I can write it.

The problem is that I will play around with the idea in my head and follow it through to a certain extent - and then realize that I'm focusing too much on one part of the whole. Like going into great detail about the way a fish is painted, and never discussing the reflected trees. 

I could talk about a book I read - about the Carolingians. The descendents of Charlemagne, and in particular the fighting between his grandsons. How they exemplify the differences between the average person and people in power. How all their petty squabbling with each other meant that they put multiple armies in the field - armies that generally had to live off the land, and therefore were a plague on the local populace - and despite all the violence and suffering never really got anywhere with it.

How their pride prevented them from doing as Jesus said, and being 'good shepherds' to their people. 

But pretty soon I feel like I'm just rehashing things I've said before, and I don't think anything I say is going to convince people like that 'take care of your people' is something they should take seriously.

And that's not really worth discussing yet again.

No, I think the issue is that if you want to have lions lay down with the lambs, you have to discuss the lions. 

It's tempting to say 'just get rid of the lions and everything would be great'. We even have the story of the baboons who grew more peaceful after the most aggressive baboons died out en masse.

But we're not really two separate species, people have the potential to be both. Get rid of the 'lions', and it probably won't be long before people like that start appearing again. 

Besides, I don't think they're evil in and of themselves. God probably even admires them, kind of like we do. 

See how sharp their claws are. Hear those fierce roars. See the way their muscles flow as they move.

For a lion to lay down with a lamb, you probably need the lion to... not be hungry, not feel the need to prey on the lamb... and probably get enrichment in other ways so they don't have the desire to stalk or pounce or hunt the lamb.

If you had asked me before, I'd have said that's part of what was great about democracy. That even the more predatory of our species knew that in order to get what they wanted, they had to play be certain rules that protected the rest of us. 

Does it matter if they're power hungry and prideful if the only way to gain power is to at least pretend to care?

It doesn't feel like that anymore, though. 

Clearly 'be a good shepherd' and 'the first will be last, and the last will be first' are ideas that the current predatory lions don't believe in.

Hmmmm. The ideas floating around there still feel off, but to be honest I'm more concerned with preparing for my next potential career change than digging into it any deeper. 

Too bad I can't just make a living throwing out random blog posts.

Posted by at No comments:

Update

 I had some further thoughts on my post about lions and lambs, but most of that was drowned out by my current thoughts on my job and how my coworker tells me that they will yet again try enforcing the 'work from the office' rule (which I've pointed out before I think is a truly terrible idea. Why are so many companies acting so stupid about this?)

This weekend I was reminded again of my original wishes when I studied computer science - to get into cybersecurity - and some of my further thoughts on it.

Namely, that I realized I don't really care for the CISSP material, and trying to calculate exposure factors or memorizing the CIA triangle. 

I've realized, in DevOps at least, that I like just quietly figuring out things. Like, let me dig into the documentation or the logs or try to track down the root cause of some issue or write some script to make our jobs easier or figure out how to create a dashboard to make monitoring easier... 

 I can communicate effectively and can do the bigger picture meetings and the like, but honestly I'd rather just dig into the details.

Which is why I think I'd do better as a malware researcher.

Except...

Well, I don't have a lot of practical experience with assembly. And I've been using Linux at work far more than Microsoft, so I only know a bit about Microsoft Internals.

I have a good overview of the skills I need, I think. But I need practical experience, and just haven't really felt like trying to create a sandbox where I can play around with it. Not when I've been mentally exhausted from my full time job.

Bug bounties seem... a little easier, in the sense that you can get started whenever. But it looks like that requires a lot more knowledge about the front end. About javascript and tools to test for things like SQL injection or cross site scripting or all the OWASP things.

Again, I kind of have an overview of the topic but not a lot of practical experience. Again, however, there are a TON of tools online and I can probably get that. I could do things like Hack the Box.

The bigger concern there is that even though some people are able to make quite a bit of money, it also sounds like the average bug bounty hunter doesn't make as much. I don't really want to take a pay cut...

I could also consider just freelancing in general.

Idk. I'm confident that given the time and a task I can figure out just about anything, but I'm less confident in doing so in a way that will lead to a financial security.

The thought of going fully independent is thrilling - and also terrifying.

To be honest, I'd probably be content to just quietly stick with DevOps for at least a few more years, if the company wasn't being so persistent in enforcing such a terrible idea. It's like they care more about obedience than actual skill, and if that's how they really are then I guess we're not a good fit.

(I could also look for another DevOps position, fully remote. Stick with what I know and all that.)

I haven't yet been told I'm fired for this btw, but I don't see myself going to the office like they want so it's probably just a matter of time. Maybe this is a good time to try to transition into what I really want...

But is it better to focus on the malware analysis and try to find a job there? Or to learn more about bug bounty hunting? Or explore some other options?

Meh. I guess it'll just have to play out the way it will. 

It makes me wish I had the money to ignore all that and focus on the malware research side of things. I think if I took a couple of the courses online, got a certification or two, and then went job hunting I could probably make the transition just fine. (SANS courses sound so cool. And yet they're horribly expensive, and I think the costs are meant to be paid for by the companies hiring people. And yet most of the positions for those sorts of companies look like they expect you to already have experience in that specific area, so trying to get hired on as a beginner seems like a bit of a long shot unless I get those certs).

I'm not really sure how this will go, but I guess it's not an immediate issue.Yet.

But enough about that. Since I'm already online I'll start that follow up post next.

Posted by at No comments:
Subscribe to: Posts (Atom)