actorartathleteauthorbizcrimecrosspostcustomerservicedirectoredufoodgaminghealthjournalistmedicalmilmodpostmunimusicnewsworthynonprofitotherphilpolretailscispecialisedspecializedtechtourismtravelunique

TechnologyI'm the CEO of Winnie, an app for parents that grew to 100k active users in just under a year. AMA.

Jan 4th 2018 by smausk • 11 Questions • 45 Points

I served as MPP’s Director of State Campaigns from 2015 - 2017, and helped lead successful ballot initiative campaigns in 2016 in Maine, Massachusetts, and Nevada. At the end of November 2017, I was named MPP’s Interim Executive Director.

Today, there are reports that Attorney General Jeff Sessions will rescind the Cole Memo, which provides protections for states with legal marijuana from the federal government. If the Cole memo is rescinded, that would enable federal law enforcement agents to raid licensed, regulated, and tax-paying businesses -- businesses that employ thousands of Americans and generate hundreds of millions of dollars in tax revenue for public services including substance abuse treatment programs and new school construction. Jeff Sessions is ignoring the will of the people and he must be stopped.

I am determined to fight this move, to legalize marijuana, and to remind Mr. Sessions that marijuana must be a states' rights issue. Ask me anything!

My Proof

EDIT: Hey everyone, I'm signing off. Thank you so much for all the questions. Sorry I couldn't answer everything -- it's been a busy day as you can imagine. Please visit mpp.org to learn more about our organization's work -- we're fighting for medical marijuana and full legalization policies in states across the country, and we're fighting to fix marijuana policy at the federal level. If you can, please consider making a donation to mpp.org/donate Thank you -- Matt

Q:

Do you think being a mom has disadvantaged you as a startup founder?

A:

In percentages, how much of your work is hacking in the old sense, like reverse engineering, digital tampering and usurping some kind of computer or other electronic gadget? How much is social engineering, role playing and in general would not need a keyboard?


Q:

Your mom was perfect as Bonnie. Did you have to coach her on how to deliver the lines or did she just intuitively understand the character?

A:

First of all, thank you so much for doing this very timely AMA. I have a few questions:

*How do you anticipate this will all shake out in the end? It seems like the tide of public opinion has shifted (and is still shifting) in favor of legalized recreational marijuana. However, I've seen various arguments from both sides that make at least some degree of sense. One of the more solid arguments from the "anti-marijuana" camp is that "technically it was always federally illegal" because federal law never changed, just shifted to a more laissez faire policy.

*How will this affect medical marijuana? Moreso than recreational marijuana, MMJ seems to enjoy relatively broad support (even among conservatives). Do you think Sessions & Co. will try to avoid the potential PR nightmare of denying epileptic children, those in palliative care, and cancer patients their medications? Or do they simply not care at this point?

*What would the timeline be for a change like this? How long after the directive is given to crack down on marijuana would it actually take for the justice system to start shutting down dispensaries and making arrests? Is this likely (or even feasible) if the states (and their police forces) refuse to cooperate?

I think that's all for now. Thank you so much! <3


Q:

How effective are the interventions, and in your opinion does the presence of cameras and being shown on TV seem to help, hinder, or have no effect on the addict's willingness to work on breaking their addiction?

A:

In percentages, how much of your work is hacking in the old sense, like reverse engineering, digital tampering and usurping some kind of computer or other electronic gadget? How much is social engineering, role playing and in general would not need a keyboard?


Q:

Your mom was perfect as Bonnie. Did you have to coach her on how to deliver the lines or did she just intuitively understand the character?

A:

First of all, thank you so much for doing this very timely AMA. I have a few questions:

*How do you anticipate this will all shake out in the end? It seems like the tide of public opinion has shifted (and is still shifting) in favor of legalized recreational marijuana. However, I've seen various arguments from both sides that make at least some degree of sense. One of the more solid arguments from the "anti-marijuana" camp is that "technically it was always federally illegal" because federal law never changed, just shifted to a more laissez faire policy.

*How will this affect medical marijuana? Moreso than recreational marijuana, MMJ seems to enjoy relatively broad support (even among conservatives). Do you think Sessions & Co. will try to avoid the potential PR nightmare of denying epileptic children, those in palliative care, and cancer patients their medications? Or do they simply not care at this point?

*What would the timeline be for a change like this? How long after the directive is given to crack down on marijuana would it actually take for the justice system to start shutting down dispensaries and making arrests? Is this likely (or even feasible) if the states (and their police forces) refuse to cooperate?

I think that's all for now. Thank you so much! <3


Q:

Being a mom is my superpower. Seriously. First of all, it gave me the idea and motivation to build Winnie. But beyond that, it has made me much more productive. Sure I have limited hours in the day because I do have to get home and take care of my daughter at night, but I spend those hours in the office hyper focused on what’s important. It’s just like this switch clicked and I became this focused machine once becoming a parent.

I’m sure people have a perception of me that I’m not as committed because I’m a mom (and on top of that, I’m also pregnant) but it’s also kind of cool to have people underestimate me. It means I can always exceed expectations or fly under the radar. I use it to my advantage all the time.

A:

Information gathering, pretexting and recon usually (there are exceptions) takes up 3/4 of the time spent on a job. Actual time on the customer network itself is usually only a few days compared to the many weeks of preparing phishing and social engineering scenarios because we will already know where the systems are we have to access and already have gathered so many credentials to be able to access them. Most time spend after that is actually finding the target data we are after versus what user accounts and roles give access to what. Good question.


Q:

I don't think we ever gave my mom any direction, my sense of humor comes from her so we had an Elliot/ET thing going on all throughout GAYLE

A:

1) Our hope and goal is for Congress to take legislative action this year that establishes marijuana as a states' rights issue.

2) As of right now, the Justice Department is still restricted from interfering in medical marijuana laws at the state level. That has not changed as a result of today's announcement. We need Congress to renew that policy, so please call your Congressmen and Senators and urge them to protect state-level medical marijuana laws from federal interference.

3) That remains to be seen. In theory, federal prosecutors and agents could take immediate action against state-legal marijuana businesses.


Q:

80-90% of people involved in interventions go to rehab the day of, so pretty successful. It depends on how strong the family in order for the addict is to stay in treatment and stay sober after treatment.

A:

Information gathering, pretexting and recon usually (there are exceptions) takes up 3/4 of the time spent on a job. Actual time on the customer network itself is usually only a few days compared to the many weeks of preparing phishing and social engineering scenarios because we will already know where the systems are we have to access and already have gathered so many credentials to be able to access them. Most time spend after that is actually finding the target data we are after versus what user accounts and roles give access to what. Good question.


Q:

I don't think we ever gave my mom any direction, my sense of humor comes from her so we had an Elliot/ET thing going on all throughout GAYLE

A:

1) Our hope and goal is for Congress to take legislative action this year that establishes marijuana as a states' rights issue.

2) As of right now, the Justice Department is still restricted from interfering in medical marijuana laws at the state level. That has not changed as a result of today's announcement. We need Congress to renew that policy, so please call your Congressmen and Senators and urge them to protect state-level medical marijuana laws from federal interference.

3) That remains to be seen. In theory, federal prosecutors and agents could take immediate action against state-legal marijuana businesses.


Q:

Yes, my husband is actually the primary parent and I think this is true for a lot of families these days, and yet everything is super mom-centric. It really alienates him :(

A:

Have you ever gotten in trouble with the law? I mean as in, the police got involved before you could pull out whatever papers allowed you to break in etc?


Q:

Hi Chris, in love with your whole Gayle concept. It’s absolutely hilarious. My favorite one is “mall kids.” Will you be doing more Gayle in the future? Also, where did your inspiration for Gayle’s character come from?

A:

What effect will this have on the states that are currently considering legalizing in 2018? Will states like Vermont, where the legislature seems poised to act, slow down in response to this news? How will this affect marijuana on the 2018 ballot in Oklahoma, Michigan, and Utah?

Second, given Session's somewhat fraught relationship with the president, do you anticipate Trump will react negatively to his Attorney General's decision to move marijuana policy in the opposite direction of what Trump promised on the campaign trail (leave it up to the states)?


Q:

Is “sober January” where people who don’t necessarily have alcohol issues take off drinking for one month, a good idea?

A:

Have you ever gotten in trouble with the law? I mean as in, the police got involved before you could pull out whatever papers allowed you to break in etc?


Q:

Hi Chris, in love with your whole Gayle concept. It’s absolutely hilarious. My favorite one is “mall kids.” Will you be doing more Gayle in the future? Also, where did your inspiration for Gayle’s character come from?

A:

What effect will this have on the states that are currently considering legalizing in 2018? Will states like Vermont, where the legislature seems poised to act, slow down in response to this news? How will this affect marijuana on the 2018 ballot in Oklahoma, Michigan, and Utah?

Second, given Session's somewhat fraught relationship with the president, do you anticipate Trump will react negatively to his Attorney General's decision to move marijuana policy in the opposite direction of what Trump promised on the campaign trail (leave it up to the states)?


Q:

Yea it is really problematic for dads to have all the critical information locked away in private mother's networks because it means they don't have access to the same information that moms do. It was really important to us that Winnie be inclusive. Winnie is used by moms, dads, couples waiting to adopt or trying to conceive, same-sex parents, teachers, grandparents and more.

A:

Companies and organisations usually rely on their own security services and departments first before escalating to the police, which is part of the process we are testing. Although we usually have a "get out of jail"-letter in the back of our pockets stating why we are there if things do escalate; we never had to deal with the law or the police and we intend to keep it that way =)


Q:

mall couples is my fav too! thank you I believe we will return! I'm exploring other things right now. I got too consumed by that as did my family and friends. Everyone wanted me to do something else but we're all starting to miss it a little...we'll see

A:

Vermont should move ahead. The law that the VT legislature is poised to approve would legalize limited possession and home cultivation. Even if Sessions launches a damaging crackdown on marijuana businesses, that VT law is still very beneficial because it protects individual rights and stops Vermont law enforcement from enforcing certain prohibition laws.

Michigan should move ahead in anticipation of a change in federal policy. Oklahoma and Utah are medical campaigns and less affected by today's news.

I think it's difficult for anyone to predict our President's behavior on any issue. He clearly stated on the campaign that marijuana should be a states' right issue. You can email the White House using this link to remind him of that: http://action.mpp.org/p/dia/action4/common/public/?action_KEY=23874


Q:

I think if there’s a question that you need to take off a month, there may be an issue with alcoholism. Most normies don’t take a month off from drinking, or even come into their awareness to take off a month of drinking.

A:

Companies and organisations usually rely on their own security services and departments first before escalating to the police, which is part of the process we are testing. Although we usually have a "get out of jail"-letter in the back of our pockets stating why we are there if things do escalate; we never had to deal with the law or the police and we intend to keep it that way =)


Q:

mall couples is my fav too! thank you I believe we will return! I'm exploring other things right now. I got too consumed by that as did my family and friends. Everyone wanted me to do something else but we're all starting to miss it a little...we'll see

A:

Vermont should move ahead. The law that the VT legislature is poised to approve would legalize limited possession and home cultivation. Even if Sessions launches a damaging crackdown on marijuana businesses, that VT law is still very beneficial because it protects individual rights and stops Vermont law enforcement from enforcing certain prohibition laws.

Michigan should move ahead in anticipation of a change in federal policy. Oklahoma and Utah are medical campaigns and less affected by today's news.

I think it's difficult for anyone to predict our President's behavior on any issue. He clearly stated on the campaign that marijuana should be a states' right issue. You can email the White House using this link to remind him of that: http://action.mpp.org/p/dia/action4/common/public/?action_KEY=23874


Q:

I saw you post that your husband recently underwent treatment for cancer. How are things going now and how has that experience changed your mindset about the world?

A:

Can you hack me and pm me my runescape password?


Q:

How should I punish my family for disrespecting my beach towels?

A:

How can individuals help to stop this from happening?


Q:

Hello Ken. Just wanted to let you know how much you've inspired me to follow the career path I am currently on. I will soon be obtaining my LADC and my LPCC and largely have the show Intervention to thank for raising my interest.

My question for you is about the families of those undergoing the intervention. How do you/the production team work with families to provide a basic education about addiction? There have been many episodes where the family is so codependent and/or uninformed about addiction, and I'm wondering how the family education plays into your role on the show. Thanks for everything you do!

A:

Can you hack me and pm me my runescape password?


Q:

How should I punish my family for disrespecting my beach towels?

A:

How can individuals help to stop this from happening?


Q:

Shortly after founding Winnie my husband was diagnosed with an aggressive cancer (I've written about it extensively at https://medium.com/killericscancer). At the time my daughter was also an infant. To say it was a tough time would be an understatement. He has since gone through chemo and I'm happy to say that he's now cancer free! The experience of having a sick spouse was awful and I would not wish it on my worst enemy but the silver lining is that it has changed my mindset for the better. I no longer sweat the small stuff. Things that used to bother me before literally have no impact on my life whatsoever. It's made me super resilient as a founder. I am grateful for the health of my family and I know that it can change in an instant. I don't take anything for granted anymore.

A:

hunter2


Q:

Making them drive around with a ham flag on their Kia sends a loud and clear message

A:

1) Call your Congressmen and Senators: tell them that you want Congress to pass legislation that establishes marijuana legalization as a states' rights issue.

2) Please call the White House at 202-456-1414 or reach out to President Trump on Twitter and tell the administration that you oppose any Justice Department crackdown on state-legal marijuana businesses.

3) Donate to MPP so we can increase pressure on Congress to end federal interference in state-level marijuana laws.


Q:

That’s part of the pre-intervention. We spend anywhere from 4-8 hours with the family helping them see that co-dependency kills more addicts than the addiction itself.

A:

hunter2


Q:

Making them drive around with a ham flag on their Kia sends a loud and clear message

A:

1) Call your Congressmen and Senators: tell them that you want Congress to pass legislation that establishes marijuana legalization as a states' rights issue.

2) Please call the White House at 202-456-1414 or reach out to President Trump on Twitter and tell the administration that you oppose any Justice Department crackdown on state-legal marijuana businesses.

3) Donate to MPP so we can increase pressure on Congress to end federal interference in state-level marijuana laws.


Q:

Hi Sara! My partner is a mom and an entrepreneur too. The reason she got into it is because her day job had an awful maternity leave policy. Family friendly benefits like parental leave are not a priority for startups and small companies. And the ones that do care are started by moms.

Is this something that will ever change? Or can be changed?

A:

What is some of the craziest shit you've done while breaking into buildings?


Q:

Your car rants are beyond amazing, but besides your masterful quick edits, do you write everything out beforehand, or is there an element of ad-lib?

Also, do you plan on working with more outside musicians after the success of showpig? (asking for a friend....me)

A:

How can individuals help to stop this from happening?


Q:

Throughout your years what have you come to realize is the hardest part of this job? Are there any specific moments or people that always stick with you?

A:

What is some of the craziest shit you've done while breaking into buildings?


Q:

Your car rants are beyond amazing, but besides your masterful quick edits, do you write everything out beforehand, or is there an element of ad-lib?

Also, do you plan on working with more outside musicians after the success of showpig? (asking for a friend....me)

A:

How can individuals help to stop this from happening?


Q:

Yes unfortunately there’s this sentiment with startups that to be successful everyone needs to work 24/7. This is crazy and wrong. Our brains don’t work well 24/7, especially engineering brains. You need time to rest and recuperate to be at your peak performance. Crazy work environments that encourage face time in the office can be really off-putting to parents or really anyone who wants to have a life outside of work. We’re trying to change that and focus on results, not hours in the office.

As far as parental leave, I’m a big believer that your work environment matters just as much if not more than how many weeks of parental leave you offer. You want to create an environment that allows people to be great workers AND great parents. Many startups cannot afford to offer 6 months of paid parental leave and that’s ok. Instead startups and smaller companies should offer a reasonable paid leave (and flexibility with unpaid leave on top of that) and then provide a really flexible environment for when parents return to work. We're trying to set this example with Winnie and be really vocal about it so more companies follow suit. This is a good write-up of the anti-startup mentality we've created: https://gusto.com/framework/business-secrets/winnie-antistartup-mentality/

A:

There are a lot of examples that come to mind. If I had to pick a few: breaking into an ATM in the middle of a mall while hundreds of people pass you doing their shopping (and not caring because you are wearing the ultimate cyber weapon: a fluorescent vest). Walking through the basements of a dark data center of a financial institution after business hours and almost getting locked in. Replaying an employee's fingerprints on fingerprint access control readers using toilet paper. I'm sure there is more stuff that I am forgetting but those are the first things that come to mind.


Q:

Thank you! There's a script but I'd spend a long ass time in my car usually parked outside someone's home trying to get the Adventure Dad lines just right and whatnot, lot of making stuff up in a hot car and having people tap on my window asking if 'everything's cool'

A:

That being said, we are excited by the medical research being done by organizations such as MAPS. Thanks for reaching out.


Q:

The hardest part of my job is helping families understand that they have a problem. If they change their behavior they can get a different result from their loved one. Most families believe it’s the addict that has the problem, and don’t want to look inside.

I have many moments and people that stick with me. The ones that stick with me the most are the successful ones that that have years of recovery like someone who I intervened just celebrated 11 years sobriety.

A:

There are a lot of examples that come to mind. If I had to pick a few: breaking into an ATM in the middle of a mall while hundreds of people pass you doing their shopping (and not caring because you are wearing the ultimate cyber weapon: a fluorescent vest). Walking through the basements of a dark data center of a financial institution after business hours and almost getting locked in. Replaying an employee's fingerprints on fingerprint access control readers using toilet paper. I'm sure there is more stuff that I am forgetting but those are the first things that come to mind.


Q:

Thank you! There's a script but I'd spend a long ass time in my car usually parked outside someone's home trying to get the Adventure Dad lines just right and whatnot, lot of making stuff up in a hot car and having people tap on my window asking if 'everything's cool'

A:

That being said, we are excited by the medical research being done by organizations such as MAPS. Thanks for reaching out.


Q:

I know you need lots of users to build a successful company - but consumer products are tricky. Do you ever have users you wish weren't on Winnie? Have your experiences at your prior companies taught you good strategies to deal with this?

A:

Can you elaborate on this toilet paper operation?


Q:

Is everything cool?

A:

My question is, What the Fuck? But seriously, from your perspective, what is the government's motivation for this nonsense?


Q:

It seems to me, from watching the show in the past and other anecdotal information, that opioid addicts often relapse within hours of leaving rehab. It's almost as if they never even tried/committed. Are these addicts more resistant to the idea of getting sober than other addicts?

A:

Can you elaborate on this toilet paper operation?


Q:

Is everything cool?

A:

My question is, What the Fuck? But seriously, from your perspective, what is the government's motivation for this nonsense?


Q:

Our leadership team has worked at Twitter, Quora, YouTube and Reddit so we know how content can take a turn for the ugly on these platforms and how hard it can be to control when your platform gets massive. We decided that it was really critical that we prioritized moderation and high-quality content from the very beginning of our platform so we built technology as well as tools for humans to moderate all content on Winnie and made sure this could scale with the number of users on our platform. This ensures discussions stay respectful and useful which is especially important in a parenting community. We also built-in privacy controls so people could post and comment about sensitive issues.

A:

If you are using an optical finger printer reader i.e. a piece of glass serving as the touch surface, then a latent print might be left on the reader. If the reader is wrongly calibrated and/or misconfigured then a piece of damp toilet paper on top of it can replay the latent fingerprint.


A:

It's hard to say, given that a strong majority of Americans support legalization and believe that marijuana should be a states' rights issue. Jeff Sessions has a long-standing tradition of taking deeply misguided positions on marijuana policy. His motivation is guided by obsolete thinking. What matters is how we respond. We need Congress to pass legislation that allows states to decide their own marijuana laws without interference from the federal government. We need to take away Sessions' ability to trample on states' rights.


Q:

No, I think that it’s just that it’s really hard to get sober and they’re living in a bubble in treatment. Without follow up and accountability and someone helping them and supporting them it’s almost impossible to stay sober. That’s why it’s so hard to stay sober. Thankfully there’s more support now to help people stay sober with after care.

A:

If you are using an optical finger printer reader i.e. a piece of glass serving as the touch surface, then a latent print might be left on the reader. If the reader is wrongly calibrated and/or misconfigured then a piece of damp toilet paper on top of it can replay the latent fingerprint.


A:

It's hard to say, given that a strong majority of Americans support legalization and believe that marijuana should be a states' rights issue. Jeff Sessions has a long-standing tradition of taking deeply misguided positions on marijuana policy. His motivation is guided by obsolete thinking. What matters is how we respond. We need Congress to pass legislation that allows states to decide their own marijuana laws without interference from the federal government. We need to take away Sessions' ability to trample on states' rights.


Q:

You're a startup founder living San Francisco with 1 (soon to be 2) kids. It seems almost impossible to be able to afford to do so (both economically and for sanity's sake) for anyone in their 20s/30s. How have you made it work, and do you/Eric talk about raising your kids elsewhere?

A:

Have you ever seen the show White Collar? If so, what are your thoughts on any of the cons on that show? Your story had me thinking of the ep where Neal/the FBI break into a bank to demonstrate weak points in its security.


Q:

"I'm Afraid to Talk to Men" led to one of the most sincerely revealing chats that I (a cis gal) have ever had with my (cis male & pretty masc) husband, wherein I learned that he is also, similarly, afraid to talk to men. As am I. My question: do you think that, deep down, everybody is afraid to talk to men?

A:
  1. In a neutral mindset, how likely is it to progress towards your ultimate goal? 2. Does this include V.A. patients? 3. Why do they keep bouncing back and forth on this?

Q:

Are the interventionists chosen by producers to be the best match for the patient, or is it more based on logistics?

A:

Have you ever seen the show White Collar? If so, what are your thoughts on any of the cons on that show? Your story had me thinking of the ep where Neal/the FBI break into a bank to demonstrate weak points in its security.


Q:

"I'm Afraid to Talk to Men" led to one of the most sincerely revealing chats that I (a cis gal) have ever had with my (cis male & pretty masc) husband, wherein I learned that he is also, similarly, afraid to talk to men. As am I. My question: do you think that, deep down, everybody is afraid to talk to men?

A:

My representative appears to be a staunch Trump supporter. What do you recommend is the best way for us to approach our more conservative representatives?


Q:

First off, I do need to recognize that we are super privileged. What we have is not the norm and we are incredibly lucky. We were both brought up in wonderful loving families who really valued education, both got to attend excellent colleges, and we are both able-bodied — just to name a few things that make us really lucky.

But even for us, with so many privileges, it is tough to make ends meet in San Francisco and we make trade-offs. For example, we are planning to stay in our small apartment in San Francisco even with 2 kids. My new daughter will have her "nursery" setup in the living room! We use the money that we save on housing to afford help like full-time childcare and other amenities that save us time and allow us to have some sanity in our hectic lives. Right now it's working for us but who knows what the future will hold.

A:

I have not, will check it out thanks.


Q:

I dunno but I sure am!

A:

1) Give the strong public support nationwide for legalization, I think it's a question of when, not if, the federal government acknowledges that marijuana policy should be left to the states.

2) VA patients faced obstacles to accessing medical marijuana before today's decision. MPP has been working to address that issue in Congress and will continue to do so.

3) President Trump said during the campaign that marijuana policy should be left to the states to decide. Email him and remind him to stick to that promise by supporting legislation that protects state marijuana laws from federal interference. http://action.mpp.org/p/dia/action4/common/public/?action_KEY=23874


Q:

Each one is picked by the producers after getting to know the family and getting information about the addict.

EDIT; It’s like picking the treatment center, knowing the family and the addict, which treatment center and interventionist would be best for that family system.

A:

I have not, will check it out thanks.


Q:

I dunno but I sure am!

A:

Focus on states' rights, which most conservatives tend to support in principle.


Q:

Indeed, it's a tough go! Kudos to you both for making it work.

With all the discussion around the "new Silicon Valley"s of the United States, it'll be interesting to hear how you and other entrepreneurs approach this question. I imagine a whole lot of people would love to work for a misson-driven company like Winnie in Chicago, Detroit, or elsewhere!

A:

So a white hat hacker? Also whats the easiest way you've broken In?


Q:

I grew up in Acton MA and LOVE the accuracy of your depiction of the neurotic suburban Massachusetts house mother.

I have been scrutinizing all your GAYLE videos to figure out which town you're from.. WHAT IS NORTHBREAD IN REAL LIFE?!

A:

My representative appears to be a staunch Trump supporter. What do you recommend is the best way for us to approach our more conservative representatives?


Q:

When do the people being intervened on have to consent? Doesn't an intervention need to be a surprise to some level?

A:

So a white hat hacker? Also whats the easiest way you've broken In?


Q:

I grew up in Acton MA and LOVE the accuracy of your depiction of the neurotic suburban Massachusetts house mother.

I have been scrutinizing all your GAYLE videos to figure out which town you're from.. WHAT IS NORTHBREAD IN REAL LIFE?!

A:
  1. In a neutral mindset, how likely is it to progress towards your ultimate goal? 2. Does this include V.A. patients? 3. Why do they keep bouncing back and forth on this?

Q:

Yea I also think where I live as the CEO need not be the same as where we eventually hire people. Our lead iOS engineer lives in Indiana, for example. We're trying to build a culture where we can have remote employees (Slack helps with this). Although the majority of our engineering team is in San Francisco, I think there's a lot of untapped talent outside of the Bay Area. As we grow I want to tap into these sources of talent.

A:

Knocking on the window of the kitchen at the back of a large office building where the target office was located holding a box that was empty.


Q:

Northbread is right above Southbread, and southeast of Groton/Dunstable

A:

Focus on states' rights, which most conservatives tend to support in principle.


Q:

The advice I would give them is to do an intervention, because there's always a reason we can find to get them help.

A:

Knocking on the window of the kitchen at the back of a large office building where the target office was located holding a box that was empty.


Q:

Northbread is right above Southbread, and southeast of Groton/Dunstable

A:

1) Give the strong public support nationwide for legalization, I think it's a question of when, not if, the federal government acknowledges that marijuana policy should be left to the states.

2) VA patients faced obstacles to accessing medical marijuana before today's decision. MPP has been working to address that issue in Congress and will continue to do so.

3) President Trump said during the campaign that marijuana policy should be left to the states to decide. Email him and remind him to stick to that promise by supporting legislation that protects state marijuana laws from federal interference. http://action.mpp.org/p/dia/action4/common/public/?action_KEY=23874


Q:

At what point do you think about hiring a data (analytics/data science) expert when you're building a community/app startup?

A:

What was the size of your red team when you started. Do you have a team that competes in CTF events?


Q:

Chris, what's the point of slithering slow so you won't wake if you're just going to shout your sexual orientation later?

A:

are there any interesting tactics discussed in terms of finding ways to stymie Sessions or remove him from office rather than fighting on a purely judicial/legislative approach?


Q:

Has anything funny (appropriate or not) happened during an intervention? Or is the tone usually too heavy for anything like that?

A:

What was the size of your red team when you started. Do you have a team that competes in CTF events?


Q:

Chris, what's the point of slithering slow so you won't wake if you're just going to shout your sexual orientation later?

A:

are there any interesting tactics discussed in terms of finding ways to stymie Sessions or remove him from office rather than fighting on a purely judicial/legislative approach?


Q:

I think it really depends on the amount of data your startup has. If it’s a pure community/consumer app, you probably have to wait until you achieve some large scale in terms of the number of users in order to have your analytics/data science person have enough data to work with. For us, we want to make this hire fairly early on because we have a massive amount of data we’re sitting on. We have proprietary information about hundreds of thousands of venues throughout the United States and we think there’s a lot of interesting things we can do with this information.

A:

A red team assigned to a job usually consists of 3 to 4 people depending on the skill sets that are required with 2 people being on the job on a constant basis over a period of a few months in order to ensure realistic results and responses from the target company. We sometimes compete in CTF events if we have time.


Q:

I think in hindsight it's poor planning by someone who's just barely holding on

A:

That would be difficult. We really need Congress to take action so that Sessions no longer has the authority to decide whether or not the federal government should interfere in state level marijuana laws.


Q:

No, I think the situations are always so heavy that there’s nothing funny by the time they need an intervention.

A:

A red team assigned to a job usually consists of 3 to 4 people depending on the skill sets that are required with 2 people being on the job on a constant basis over a period of a few months in order to ensure realistic results and responses from the target company. We sometimes compete in CTF events if we have time.


Q:

I think in hindsight it's poor planning by someone who's just barely holding on

A:

That would be difficult. We really need Congress to take action so that Sessions no longer has the authority to decide whether or not the federal government should interfere in state level marijuana laws.


Q:

What is the very best dessert?

A:

What does your hacking kit look like? Could you list some (or even your favorite) tools you're using in your daily job/life?


Q:

Yo Chris! Used to go to your highschool, although I'm a number of years below you. My friends and I were always obsessed with your old sketches like Tag, the weird bird one, Dayquil/Nyquil and my personal favorite, Old Man Stillborn. My question is: 1. How did you come up with the name "Old Man Stillborn" 2. Will we ever see this incredible yam man's return? Has he been in Shaws all these years?

A:

Greetings from the Philippines! The Philippine' Government is on the move of reviewing the Bill which would legalize marijuana in the country. if you're given the chance to be heard by the government, what will you say/ how will you convince them to approve the bill?


Q:

What helped you most in your recovery?

A:

What does your hacking kit look like? Could you list some (or even your favorite) tools you're using in your daily job/life?


Q:

Yo Chris! Used to go to your highschool, although I'm a number of years below you. My friends and I were always obsessed with your old sketches like Tag, the weird bird one, Dayquil/Nyquil and my personal favorite, Old Man Stillborn. My question is: 1. How did you come up with the name "Old Man Stillborn" 2. Will we ever see this incredible yam man's return? Has he been in Shaws all these years?

A:

Greetings from the Philippines! The Philippine' Government is on the move of reviewing the Bill which would legalize marijuana in the country. if you're given the chance to be heard by the government, what will you say/ how will you convince them to approve the bill?


Q:

I'm pregnant right now so just about everything is the best dessert

A:

Here is a selection that we usually bring on the job and after carefully planning our attack plan using at least two to three attack waves spread out over a couple of weeks or months:

  • USB Armory, to have a self-contained system with everything you need
  • Multi-band WiFi dongles with Atheros chipset suited for frame injection
  • Proxmark EV2 or custom RFID/NFC copiers for access-card stealing or cloning
  • Magspoof for access-card stealing or cloning
  • Weaponized PocketCHIP / Raspberry Pi / Beaglebone with LCD display for WiFi hacking using a rogue access point. But also for running tools on the go such as network manipulation, credential extraction and man-in-the-middle tools
  • Rubberducky or teensy for fast typing of payloads when required
  • USB keyloggers and USB extension cords either stand-alone or WiFi enabled
  • Ducttape and straps to install rogue network implants for later persistent network access
  • Extension cords and network cables
  • Bluetooth headset earpiece to stay in contact with my colleagues keeping watch
  • Lockpick kits, bump keys, jiggler keys and other lockpicking tools
  • Pliers, wrench, screw drivers for breaking down a lock or door
  • Camera to photograph evidence and findings
  • USB thumb drives tied to a lanyard and old keys to be "left" in bike sheds and parking lots containing interesting and enticing content for the lucky finder
  • Fake paper access card and badge holder
  • Banana, bunch of papers or other things to hold in your hand. People who have something in their hand walking around the building are usually not regarded as suspicious
  • Disguise and clothes if you have to switch roles. You might have come into the building as the smoke detector check-up guy and might have to transition to a suit and tie to be able to get into the executive offices in another wing of the building

Q:

Oh hell ya!! Old Man Stillborn was based on a man I saw in a Greyhound station in Albany. I saw the oldest woman I've ever seen in my life, then I panned over a little and saw her dad... Old Man Stillborn will ride again

A:

We focus on United States policy, but please feel free to use our website as a resource (mpp.org) and contact us with questions. President Duterte's drug policies are despicable and some of the most inhumane on the planet, so we very much hope that advocates in the Philippines are successful in bringing about more sensible marijuana laws.


Q:

For me it’s knowing that recovery is a process, and even though I have over 28 years sober, I still have to work a program and do things myself. There is no destination, recovery is a process.

A:

Here is a selection that we usually bring on the job and after carefully planning our attack plan using at least two to three attack waves spread out over a couple of weeks or months:

  • USB Armory, to have a self-contained system with everything you need
  • Multi-band WiFi dongles with Atheros chipset suited for frame injection
  • Proxmark EV2 or custom RFID/NFC copiers for access-card stealing or cloning
  • Magspoof for access-card stealing or cloning
  • Weaponized PocketCHIP / Raspberry Pi / Beaglebone with LCD display for WiFi hacking using a rogue access point. But also for running tools on the go such as network manipulation, credential extraction and man-in-the-middle tools
  • Rubberducky or teensy for fast typing of payloads when required
  • USB keyloggers and USB extension cords either stand-alone or WiFi enabled
  • Ducttape and straps to install rogue network implants for later persistent network access
  • Extension cords and network cables
  • Bluetooth headset earpiece to stay in contact with my colleagues keeping watch
  • Lockpick kits, bump keys, jiggler keys and other lockpicking tools
  • Pliers, wrench, screw drivers for breaking down a lock or door
  • Camera to photograph evidence and findings
  • USB thumb drives tied to a lanyard and old keys to be "left" in bike sheds and parking lots containing interesting and enticing content for the lucky finder
  • Fake paper access card and badge holder
  • Banana, bunch of papers or other things to hold in your hand. People who have something in their hand walking around the building are usually not regarded as suspicious
  • Disguise and clothes if you have to switch roles. You might have come into the building as the smoke detector check-up guy and might have to transition to a suit and tie to be able to get into the executive offices in another wing of the building

Q:

Oh hell ya!! Old Man Stillborn was based on a man I saw in a Greyhound station in Albany. I saw the oldest woman I've ever seen in my life, then I panned over a little and saw her dad... Old Man Stillborn will ride again

A:

We focus on United States policy, but please feel free to use our website as a resource (mpp.org) and contact us with questions. President Duterte's drug policies are despicable and some of the most inhumane on the planet, so we very much hope that advocates in the Philippines are successful in bringing about more sensible marijuana laws.


Q:

Cat Person or Dog Person?

A:

Like the movie Sneakers?


Q:

Hi Chris! My boyfriend and I saw you in Columbus and he used a picture we got with you after your show (complete with your can of La Croix) as his “most fun memory” when we celebrated our one-year.

Are you still afraid to talk to men? And do you still hold a beer with two hands?

A:

So Phillips Morris just said that they want out of the tabacco game. Do you think this is all just a ploy to hand legalization over to them ?


Q:

What is different about the new season and What can we expect?

A:

How did you learn to do everything including experiences and education history?


Q:

Hi Chris! My boyfriend and I saw you in Columbus and he used a picture we got with you after your show (complete with your can of La Croix) as his “most fun memory” when we celebrated our one-year.

Are you still afraid to talk to men? And do you still hold a beer with two hands?

A:

So Phillips Morris just said that they want out of the tabacco game. Do you think this is all just a ploy to hand legalization over to them ?


Q:

Both are cool to pet but I personally can't take care of anyone/anything else. Kids are enough work by themselves!

A:

One of the better - if not the only real - red teaming movie out there with a killer cast. I love it and watch it at least once or twice a year. No more secrets Marty.


Q:

Oh man that night I chugged so many La Croixs I became an influencer, I had to get my stomach pumped. My top button started buttoning itself. And yes, less so, every time I release one of those things I feel slightly better about the problem. Like now I have no qualms about people shrieking Baby Got Back and lighting fires doing so on dance floors

A:

No, I don't. I think this decision is driven by outdated and misguided beliefs on marijuana.


Q:

The new season is really exciting. We’re going into a community and showing people that there is a solution in communities. We’re helping communities along with law enforcement, elected officials, and people that lost loved ones and working as a treatment team.

A:

Work as a system administrator when security consultancy simply didn't exist. Work as a network engineer and web master. Learn about where companies drop the ball when it comes to inter-company or inter-department communication and responsibilities. Learn where companies cut corners and try to exploit those. Learn social engineering and what drives or upsets the meatware i.e. the people working there. Have expert knowledge about operating systems, networks, web, mobile and other facets. Check out this list of tips to get started: https://safeandsavvy.f-secure.com/2017/12/22/so-you-want-to-be-an-ethical-hacker-21-ways/


Q:

Oh man that night I chugged so many La Croixs I became an influencer, I had to get my stomach pumped. My top button started buttoning itself. And yes, less so, every time I release one of those things I feel slightly better about the problem. Like now I have no qualms about people shrieking Baby Got Back and lighting fires doing so on dance floors

A:

No, I don't. I think this decision is driven by outdated and misguided beliefs on marijuana.


Q:

How large do you think a company should be before a CEO should no longer be responsible for day-to-day operations (and can essentially take a sabbatical without adversely affecting the company)?

A:

How did you learn to do everything including experiences and education history?


Q:

thoughts on Sufjan Stevens?

A:

If this issue goes to the Supereme Court, what makes you think the Court won't use the Commerce Clause like it's done in the past to make Marijuana illegal?


Q:

Which drug's addiction carries with it the worst side effects? (As in, what is the overall worst drug to be addicted to in how it affects your day to day life).

A:

Like the movie Sneakers?


Q:

thoughts on Sufjan Stevens?

A:

If this issue goes to the Supereme Court, what makes you think the Court won't use the Commerce Clause like it's done in the past to make Marijuana illegal?


Q:

Immediately :-) Seriously! One of the things we learned early on at Winnie is that anything can happen. When my husband was diagnosed with cancer shortly after we started Winnie there were a couple weeks when I was so preoccupied with figuring out the type of cancer he had and getting his treatment plan in place that I didn't come into the office or even sign into Slack or email at all. I did have to run payroll but that was it. Everyone else figured out how to operate without me and things went on (in fact, they moved faster without me there). I think it's important that there is no single point of failure in a company including the CEO.

A:

Work as a system administrator when security consultancy simply didn't exist. Work as a network engineer and web master. Learn about where companies drop the ball when it comes to inter-company or inter-department communication and responsibilities. Learn where companies cut corners and try to exploit those. Learn social engineering and what drives or upsets the meatware i.e. the people working there. Have expert knowledge about operating systems, networks, web, mobile and other facets. Check out this list of tips to get started: https://safeandsavvy.f-secure.com/2017/12/22/so-you-want-to-be-an-ethical-hacker-21-ways/


Q:

I just saw him actually in the greenroom at Thalia Hall in Chicago, he was riding around on a pekignese crying about how soft the shirts are at the GAP

A:

If Congress takes action to defend states' rights on marijuana, this issue would not involve the Supreme Court.

EDIT: changed to "defend states' rights on marijuana"


Q:

I think the worst ones to detox from are Suboxone and Methadone they have the most painful detox physically.

A:

One of the better - if not the only real - red teaming movie out there with a killer cast. I love it and watch it at least once or twice a year. No more secrets Marty.


Q:

I just saw him actually in the greenroom at Thalia Hall in Chicago, he was riding around on a pekignese crying about how soft the shirts are at the GAP

A:

If Congress takes action to defend states' rights on marijuana, this issue would not involve the Supreme Court.

EDIT: changed to "defend states' rights on marijuana"


Q:

how large was the payroll when you started? what's the smallest number of people you would suggest people start with for a company making a similar app?

A:

This sounds like a dream job. when it comes to legal means in attacking networks. Are there any tool, methods that are actually illegal?


Q:

But, seriously - how was the Yanni concert? Can you tell us more details about how it went?

A:

Do you think the United States can overcome this opioid crisis?


Q:

This sounds like a dream job. when it comes to legal means in attacking networks. Are there any tool, methods that are actually illegal?

A:

But, seriously - how was the Yanni concert? Can you tell us more details about how it went?


Q:

Initially the company was just me and my co-founder and we didn't have any money so we couldn't pay ourselves anything. We were able to start things with just us (and an advisor we paid in equity) because we could both code. A couple weeks before my husband's cancer diagnosis we raised a small bit of money from friends and family and hired 2 employees.

A:

If you think this is a dream job, we are hiring: https://www.f-secure.com/en/web/about_global/careers/job-openings


Q:

I got kicked out! It was soooo hard to get over the barrier that close to the stage. After I rushed the stage, the security guard said to me "Ok honey, you gotta go."

A:

Yes, I think if we follow the doctor diversion programs that have an 85% success rate, with aftercare, we could make a huge change.


Q:

If you think this is a dream job, we are hiring: https://www.f-secure.com/en/web/about_global/careers/job-openings

A:

I got kicked out! It was soooo hard to get over the barrier that close to the stage. After I rushed the stage, the security guard said to me "Ok honey, you gotta go."


Q:

What is the weirdest thing or setup you encountered during paid or unpaid hacking?

A:

I told my coworker Topher how you were my favorite comedian and explained the Gayle bit and tried to summarize your style. He recommended I check out Jim Gaffigan "if I'm into that sort of thing"

Please advise?


Q:

Love the show and the amazing results it seems to produce! Are you close with the other interventionists? Any memorable experiences with Jeff/Candy/etc? Thanks!

A:

What is the weirdest thing or setup you encountered during paid or unpaid hacking?


Q:

I told my coworker Topher how you were my favorite comedian and explained the Gayle bit and tried to summarize your style. He recommended I check out Jim Gaffigan "if I'm into that sort of thing"

Please advise?

A:

Finding video surveillance and access control management systems exposed to the internet without firewall. Finding "this is the backup of the entire website.zip" in the webroot of a production server for a bank. Being able to guess the password of the network connected guest badge allowing us to print our own guest badge every day and just walk in the building (the password was 12345). Production level financial information servers running under the desk of a sysadmin because of internal IT politics and tensions. A company with a garbage container outside containing hundreds of computers and hard drives in perfect working condition containing passwords, documents, financial records, etc.

Once breaking into an ATM in a major retail chain we triggered the seismic alarm and it started to make a lot of noise. When looking around no one even looked at us. Until a child, trying to go through the revolving door to get into the mall, touched the glass wall of the revolving door triggering the alarm and stopping the door for a couple of seconds as part of the security measure. The glass revolving door alarm sounded exactly like the seismic alarm of the ATM and thus no one cared =]


Q:

oh dear

A:

Yes! I love seeing them and Donna as well. As you can see we run into each other at different events. Candi and I just did a video together that we posted on the Intervention Facebook page.


Q:

Finding video surveillance and access control management systems exposed to the internet without firewall. Finding "this is the backup of the entire website.zip" in the webroot of a production server for a bank. Being able to guess the password of the network connected guest badge allowing us to print our own guest badge every day and just walk in the building (the password was 12345). Production level financial information servers running under the desk of a sysadmin because of internal IT politics and tensions. A company with a garbage container outside containing hundreds of computers and hard drives in perfect working condition containing passwords, documents, financial records, etc.

Once breaking into an ATM in a major retail chain we triggered the seismic alarm and it started to make a lot of noise. When looking around no one even looked at us. Until a child, trying to go through the revolving door to get into the mall, touched the glass wall of the revolving door triggering the alarm and stopping the door for a couple of seconds as part of the security measure. The glass revolving door alarm sounded exactly like the seismic alarm of the ATM and thus no one cared =]

A:

oh dear


Q:

If someone is planning to learn a computer programming language, which language would you recommend to that person, which would help the most in pen-testing?

A:

Im a peace corps volunteer and Gayle literally is the highlight of my day. I feel like I'm with my mom. I literally fall on the floor laughing so thank you. So many questions: what was your exposure to B girls and do you drink coffee, if not, what do you drink the AM?


Q:

Love the show!! So many people are struggling with addiction you help so many. What made you want to be an interventionist?

A:

If someone is planning to learn a computer programming language, which language would you recommend to that person, which would help the most in pen-testing?


Q:

Im a peace corps volunteer and Gayle literally is the highlight of my day. I feel like I'm with my mom. I literally fall on the floor laughing so thank you. So many questions: what was your exposure to B girls and do you drink coffee, if not, what do you drink the AM?

A:

Everything is geared towards Python these days so having proficiency in Python and scripting languages such as Powershell/Bash/etc will give you a lot of options when having gained access to systems or when wanting to develop something. Check out the grayhat hacking and blackhat hacking book series.


Q:

I've never had coffee actually, so I usually drink apple cider...I live off a hummingbird diet because my taste buds never evolved

A:

I think, after watching families suffer and be in so much pain after someone dies, it really motivated me to help because the addict is high and doesn’t realize the pain their causing.


Q:

Everything is geared towards Python these days so having proficiency in Python and scripting languages such as Powershell/Bash/etc will give you a lot of options when having gained access to systems or when wanting to develop something. Check out the grayhat hacking and blackhat hacking book series.

A:

I've never had coffee actually, so I usually drink apple cider...I live off a hummingbird diet because my taste buds never evolved


Q:

Thanks! Python 2 or 3?

(I guess both, probably...?)

A:

How do you get over the fear of bombing while doing standup?


Q:

What's your favourite food? ;D

A:

Thanks! Python 2 or 3?

(I guess both, probably...?)


Q:

How do you get over the fear of bombing while doing standup?

A:

Yes.


Q:

By bombing a lot! And I dry heave before every show

A:

All food! I have a food addiction. I switched my addiction to food addiction and finally addressed that this year. I love all foods.


Q:

Yes.

A:

By bombing a lot! And I dry heave before every show


Q:

Sorry if this already got asked, but what’s your opinion on shows like Mr Robot? If you watch it, how possible is a scenario like that? Do you feel like the show addresses all parameters required to pull off a hack of that scale?

A:

Chris, I’m in the middle of finals and I don’t want to type anything anymore. What do you do when you need a boost?


Q:

It seems like many of the addicts that you help are "surprised" when the intervention actually happens. Are they aware from the beginning that they will be on a show called "intervention?"

A:

Sorry if this already got asked, but what’s your opinion on shows like Mr Robot? If you watch it, how possible is a scenario like that? Do you feel like the show addresses all parameters required to pull off a hack of that scale?


Q:

Chris, I’m in the middle of finals and I don’t want to type anything anymore. What do you do when you need a boost?

A:

Mr Robot is being praised for its realistic portrayal of hacker tools and attacks and it is indeed a fun show in how they show how simple it can be to compromise something. They get the occasional thing wrong and I always find it refreshing to hear Sam Esmail and team talk about how they actually fix the things they got wrong afterwards. But it is and remains a show. I don't think we are going to see anyone trying to melt backup tapes anytime soon but I like the cyberpunk aspect to it ;)


Q:

VEGAN DONUTS 3 pm most days, I suddenly realize if I don't get donuts my whole being will unravel and I will be one of those worm succulents Ursula the Sea Witch keeps in her seaweed soul garden

A:

No, they have no idea that they’re on the show Intervention. If they do we shutdown production. They have agreed to be filmed and are approved by a doctor.


Q:

Mr Robot is being praised for its realistic portrayal of hacker tools and attacks and it is indeed a fun show in how they show how simple it can be to compromise something. They get the occasional thing wrong and I always find it refreshing to hear Sam Esmail and team talk about how they actually fix the things they got wrong afterwards. But it is and remains a show. I don't think we are going to see anyone trying to melt backup tapes anytime soon but I like the cyberpunk aspect to it ;)

A:

VEGAN DONUTS 3 pm most days, I suddenly realize if I don't get donuts my whole being will unravel and I will be one of those worm succulents Ursula the Sea Witch keeps in her seaweed soul garden


Q:

how do you feel about contractors contracts significantly limiting your attack surface?

A:

What's your favorite place to eat in the greater Boston area?


Q:

What does it mean that this seasons participants are “interconnected”?

A:

how do you feel about contractors contracts significantly limiting your attack surface?


Q:

What's your favorite place to eat in the greater Boston area?

A:

We usually get in pretending to be the contractors themselves


Q:

Veggie Galaxy, where everyone's poly!

A:

Normally, we fly all over the country and intervene on individuals, but this season they will be all connected by living in the same community.


Q:

We usually get in pretending to be the contractors themselves

A:

Veggie Galaxy, where everyone's poly!


Q:

How would one get started doing this?

A:

Hey Chris! I was blessed enough to see your show last month, and it was amazing. My friends and I have watched you religiously for years now. My question for you is, when did you know you wanted to be a comedian?


Q:

How would one get started doing this?

A:

Hey Chris! I was blessed enough to see your show last month, and it was amazing. My friends and I have watched you religiously for years now. My question for you is, when did you know you wanted to be a comedian?


A:

Thank yoouuu when I saw the show Mork and Mindy when I was very very young! I started signing my papers in Kindergarten 'Chris the Comedian' even though I was too shy to speak to anybody let alone do prat falls


A:

Thank yoouuu when I saw the show Mork and Mindy when I was very very young! I started signing my papers in Kindergarten 'Chris the Comedian' even though I was too shy to speak to anybody let alone do prat falls


Q:

How do I protect myself as a normal user best from cyber attacks?

A:

If you were to do a Gayle spinoff series, who would be the main character of said spinoff? Is it Bonnie, because she can now text? Would it be the SAT tutor? Dr. Bruce?


Q:

How do I protect myself as a normal user best from cyber attacks?

A:

If you were to do a Gayle spinoff series, who would be the main character of said spinoff? Is it Bonnie, because she can now text? Would it be the SAT tutor? Dr. Bruce?


Q:

I read that you are from Belgium. As a Belgian Computer Science student who is also interested in (Software) Security, is there any University in Belgium that you recommend for getting my Masters?

A:

If you come to Toronto, I will personally deliver you a briefcase of maple syrup based products. Deal?


Q:

I read that you are from Belgium. As a Belgian Computer Science student who is also interested in (Software) Security, is there any University in Belgium that you recommend for getting my Masters?

A:

Hi, Chris! I've been a big fan for a few years now and regularly binge your Gayle shows. I was wondering, what was your inspo behind Gigi the Christmas Snake? Also, what's your favorite candle scent and when do you think you'll come to Kansas City next?


Q:

I am no longer living in Belgium I'm afraid and my school days are long over. It all depends on your interests and what it is you want to with information security.

A:

Yes as long as the syrup is loose in the briefcase


Q:

I am no longer living in Belgium I'm afraid and my school days are long over. It all depends on your interests and what it is you want to with information security.

A:

Last month Gigi started volunteering at an Enterprise Rent a Car but lost his position for screaming his exe’s name “REBECCA!!!” into all of the Kia’s. Now I heard he’s giving unsolicited, rogue tours of Madame Toussaud’s Orlando, getting kicked out daily because he’s not employed by Madame Toussaud’s.’ All the while he’s been working on a screenplay that bears an almost word for word resemblance to every episode in chronological order of Black Mirror and he claims that the Notorious B.I.G. wants to buy it.


Q:

What are the books that you would recommend to people who are already into hacking and who would like to acquire more knowledge on different hacking techniques as well as the way of thinking?

A:

Hi, Chris! I've been a big fan for a few years now and regularly binge your Gayle shows. I was wondering, what was your inspo behind Gigi the Christmas Snake? Also, what's your favorite candle scent and when do you think you'll come to Kansas City next?


Q:

What are the books that you would recommend to people who are already into hacking and who would like to acquire more knowledge on different hacking techniques as well as the way of thinking?

A:

If you come to Toronto, I will personally deliver you a briefcase of maple syrup based products. Deal?


Q:

It kind of depends what domains you want to get better at. Most of the skills that are required are expert sysadmin skills, being able to program and script things together and having a solid understanding on how the technology works. But, also understanding what the caveats are of that technology being used in an organisation and how it can be used against that organisation. And for that you need to know what the daily tasks are of a sysadmin, network administrator, developer and deployment environments, how code gets distributed from the IDE to the production environment, how email environments work, etc. Basically how a company works and how it functions.

Rather than going the "hacking exposed" and other book series way which are more tool related and which will not help you in understanding; I am a big proponent of playing war games or hacker challenges. Learning by doing and getting your hands dirty on your own lab, writing your own tools and code is going to be the most productive for you to learn new things. But from a pure technical side I always recommend the following books as a bare minimum:

  • The art of software security assessment
  • Exploiting software and how to break code
  • The tangled web
  • O'Reilly's Network security assessment - latest edition
  • The web application's hackers handbook
  • The browser hackers handbook
  • Mobile application hacker's handbook
  • Grayhat Python
  • <Any book on your favorite operating system>
  • <Any book on your favorite programming language>
  • <Any book on TCP/IP>
  • <Any book on ITIL and IT processes and procedures>
  • All the books I forgot for which you are all facepalming right now
A:

Last month Gigi started volunteering at an Enterprise Rent a Car but lost his position for screaming his exe’s name “REBECCA!!!” into all of the Kia’s. Now I heard he’s giving unsolicited, rogue tours of Madame Toussaud’s Orlando, getting kicked out daily because he’s not employed by Madame Toussaud’s.’ All the while he’s been working on a screenplay that bears an almost word for word resemblance to every episode in chronological order of Black Mirror and he claims that the Notorious B.I.G. wants to buy it.


Q:

It kind of depends what domains you want to get better at. Most of the skills that are required are expert sysadmin skills, being able to program and script things together and having a solid understanding on how the technology works. But, also understanding what the caveats are of that technology being used in an organisation and how it can be used against that organisation. And for that you need to know what the daily tasks are of a sysadmin, network administrator, developer and deployment environments, how code gets distributed from the IDE to the production environment, how email environments work, etc. Basically how a company works and how it functions.

Rather than going the "hacking exposed" and other book series way which are more tool related and which will not help you in understanding; I am a big proponent of playing war games or hacker challenges. Learning by doing and getting your hands dirty on your own lab, writing your own tools and code is going to be the most productive for you to learn new things. But from a pure technical side I always recommend the following books as a bare minimum:

  • The art of software security assessment
  • Exploiting software and how to break code
  • The tangled web
  • O'Reilly's Network security assessment - latest edition
  • The web application's hackers handbook
  • The browser hackers handbook
  • Mobile application hacker's handbook
  • Grayhat Python
  • <Any book on your favorite operating system>
  • <Any book on your favorite programming language>
  • <Any book on TCP/IP>
  • <Any book on ITIL and IT processes and procedures>
  • All the books I forgot for which you are all facepalming right now
A:

Yes as long as the syrup is loose in the briefcase


Q:

What are your favourite ‘war games’ and ‘hacker challenges’ ? From a 2nd year comp sci student looking to go into security!

A:

what do you find to be the most difficult part about starting out/being succesful in comedy?

and bonus question: what do you use to coif your mane?


Q:

What are your favourite ‘war games’ and ‘hacker challenges’ ? From a 2nd year comp sci student looking to go into security!

A:

Also, my friend wants to know: Who is Phil and why is he so tough?


Q:

Try http://overthewire.org and http://cryptopals.com and get involved with their communities. Look for any kind of challenge be it system or network based. SANS.org usually has a recurring hacker challenge e.g. their holiday challenge, as do the major conferences which they archive for later download and replay. As far as originality I like http://www.pwnadventure.com a lot.

A:

1)Having access to a good sea salt spray 2) Sea salt spray


Q:

Try http://overthewire.org and http://cryptopals.com and get involved with their communities. Look for any kind of challenge be it system or network based. SANS.org usually has a recurring hacker challenge e.g. their holiday challenge, as do the major conferences which they archive for later download and replay. As far as originality I like http://www.pwnadventure.com a lot.

A:

a guy I worked with at Cafe Ziba in 2005


Q:

Are there any programming languages that are better to learn specifically for ethical hacking?

A:

Hi Chris! Who are your biggest influences/inspirations? Who is your favorite comedian?


Q:

Are there any programming languages that are better to learn specifically for ethical hacking?

A:

what do you find to be the most difficult part about starting out/being succesful in comedy?

and bonus question: what do you use to coif your mane?


Q:

If I had to pick two, python and powershell will help you the most, in no particular order.

A:

Noel Fielding/Robin Williams/Maria Bamford I think? JB Smoove makes me laugh the hardest, I also reallly like Jen Kirkman.


Q:

If I had to pick two, python and powershell will help you the most, in no particular order.

A:

1)Having access to a good sea salt spray 2) Sea salt spray


Q:

Is protocol fuzzing something you leverage in your approach? How common is fuzzing in hacker community?

Red teaming seems to be a method of finding the weakest security links possible, but what about slighty more difficult vulnerabilities that you dont attempt to find bc they take too long to discover or you just miss them? Do you suggest more significant security program change within an organization after you exploit the low hanging fruit?

Thnx!

A:

Is protocol fuzzing something you leverage in your approach? How common is fuzzing in hacker community?

Red teaming seems to be a method of finding the weakest security links possible, but what about slighty more difficult vulnerabilities that you dont attempt to find bc they take too long to discover or you just miss them? Do you suggest more significant security program change within an organization after you exploit the low hanging fruit?

Thnx!


Q:

Hi Chris! Who are your biggest influences/inspirations? Who is your favorite comedian?

A:

Fuzzing is more useful if you want to find vulnerabilities in a certain piece of technology. It is extremely rare we use fuzzing as part of a red team test but it has happened that we were able to fingerprint what software a company was using as part of their daily tasks, find vulnerabilities in it and then exploit those in a way that advances us towards our objective.

There will always be things that we do not find as part of a red team. We only need to find one way in. If a customer is interested in finding as many vulnerabilities as possible in a given solution, technology or process then we can offer that service to them as well but it kind of goes beyond what a red team is trying to achieve. Which is to test the resilience and monitoring capabilities of an organisation against a targeted attack where the attacker picks the attacks, not the defender. Once the detection mechanisms reach a certain maturity and most low hanging fruit is found, then and only then as part of an iterative process can more controls and processes be introduced.


Q:

Fuzzing is more useful if you want to find vulnerabilities in a certain piece of technology. It is extremely rare we use fuzzing as part of a red team test but it has happened that we were able to fingerprint what software a company was using as part of their daily tasks, find vulnerabilities in it and then exploit those in a way that advances us towards our objective.

There will always be things that we do not find as part of a red team. We only need to find one way in. If a customer is interested in finding as many vulnerabilities as possible in a given solution, technology or process then we can offer that service to them as well but it kind of goes beyond what a red team is trying to achieve. Which is to test the resilience and monitoring capabilities of an organisation against a targeted attack where the attacker picks the attacks, not the defender. Once the detection mechanisms reach a certain maturity and most low hanging fruit is found, then and only then as part of an iterative process can more controls and processes be introduced.

A:

Noel Fielding/Robin Williams/Maria Bamford I think? JB Smoove makes me laugh the hardest, I also reallly like Jen Kirkman.


Q:

Do you enjoy your job? I work server administration and I find myself disliking it more and more everyday. I would rather be breaking in than patching holes constantly it seems. I would like to learn more hacking do you have any educational sources you recommend?

A:

Do you enjoy your job? I work server administration and I find myself disliking it more and more everyday. I would rather be breaking in than patching holes constantly it seems. I would like to learn more hacking do you have any educational sources you recommend?


Q:

I do - because I get to use my own creativity in order to see how far I can push a scenario that might result in compromise and use/develop some custom tools and techniques along the way.

A:

I do - because I get to use my own creativity in order to see how far I can push a scenario that might result in compromise and use/develop some custom tools and techniques along the way.


Q:

What's an invaluable piece of equipment we wouldn't think of?

A:

What's an invaluable piece of equipment we wouldn't think of?


Q:

A stepladder

A:

A stepladder


Q:

Have you ever hacked all the things? Have you ever managed to drink all the booze?

A:

Have you ever hacked all the things? Have you ever managed to drink all the booze?


Q:

I wish

A:

I wish