With the world in quarantine and isolation because of COVID-19, I decided to publish a blog post reminding us of more cheerful times.
Take yourself back to the last time you spent weeks hammering away at a seemingly impossible challenge, and quickly fast-forward to when you finished that problem.
Do you remember your intense excitement and satisfaction? How did you celebrate your success? I asked security researchers how they celebrate finding 0days, APTs in the wild, new malware, and other big successes. Here are the results.
Thomas Roth @StackSmashing
“I once had a celebratory cake for an 0day
otherwise I tend to [celebrate] with a nice beer in the evening :)”
Ashley Shen @ashley_shen_920
Security Engineer at Google Threat Analysis Group
“I usually celebrate with picking a restaurant from my do-eat list and have a good meal with friends :)”
Yahav Azran @Yahav_Azran
Independent Security Vulnerability Researcher
“I like celebrating a new 0day by playing a good old FPS game with my colleagues 🔫”
Ned Williamson @NedWilliamson
iOS Hacker, formerly 3DS/Chrome Hacking
“I like fashion, so sometimes if I find a really big bug I’ll buy something I was saving to get. But these days I don’t do that as much. I’m mostly disconnected from the ups and downs of finding results since that’s just better for my mental health. The journey is the reward :)”
The Kernel Programmer @userlandkernel
Cybersecurity student researching Embedded Operating Systems
”[I celebrate] by calling friends and paying for festival tickets ;) And of course I jump up from my hours of sitting and scream out yeaaaaah baby”
Niklas B @_niklasb
Pwn2Own competitor. Captain of CTF team @KITCTF
”[I celebrate] usually through months of anxiety in expectation of the death of the 0day”
Shahar Tal @Jifa
VP Research, Security Research Labs at Cellebrite
“Every success has its own due celebration. I wouldn’t say there’s a winning format. Sometimes we join to toast with Whiskey, sometimes we go out for [street food] :) I’m open to celebratory 0day choreography if you have any dance suggestions.”
Senior Security Engineer, Product Security at Heroku
“There is the immediate celebration when that “itch” pays off or the exploit chain comes together. That is usually a bunch of shouting and then rapidly trying to explain it all to my wife. Then depending on how tough it was (or how tired I am) it is either celebratory take-out from our favorite place or going out for a great dinner.”
Hadar Feldman @HadarFeldman
Security Researcher and Product Manager at Microsoft
Brandon Falk @gamozolabs
Security Researcher at Gamozo Labs
“Largely varies based on my expectations of the target. Could go anywhere from a “jeez finally” to “holy shit poppin bottles” Usually just an excited yell, and drinks with friends later that night”
Jon Sawyer @jcase
Offensive Security Researcher
“Significant one that will put food on the table? Rum. Everyday one? Notta”
Damien Miller @damienmiller
Information Security Researcher at Google
“Usually just have a glass of wine and enjoy the relief that something large is complete”
Ben Hunter @B_H101
Security and Malware Researcher at enSilo
“Honestly I just close the jira ticket, feel nice for 15 min and move on to the next thing”
Yarden Shafir @yarden_shafir
Software Engineer at CrowdStrike and Windows Internals Expert
“Usually just tell people about it a lot and move on to all the other tasks I was supposed to be doing while I worked on it”
I believe celebrating success healthy praises our hard earned winning moments, which balance out the inevitable occasional shortcomings on the “roller coaster” of research (and life). I sincerely enjoyed learning each researcher’s celebratory tradition because it brought out his or her unique and interesting character, even though I didn’t publish everyone’s response. Furthermore, I wholly encourage following each of the security researchers mentioned on Twitter - I personally enjoy their tweets and the interesting research they publish.
I hope I managed to slightly brighten your day and maybe even remind you of more joyful times to help you get through this tough period.
Self plug: Follow me on Twitter @whtaguy for new blog posts and infosec tweets.
Let me know how you celebrate your infosec success in the comments or on twitter :)