We're all mad here.

Twitter: 0xBashCat


Independent Contracting doesn't have to be inconceivable. Blog by Basil: 8-13-18.

Installed a surveillance system for a client over the weekend.

Lessons learned:

  • Write down everything that will be done up front
  • In general, I would suggest getting paid at least half up-front for everything in scope
  • Run your contracts by a lawyer skilled in information technology law
  • After a lawyer has assured you that your contracts are legally viable, get signatures from all stakeholders
  • Request seperate funding for supplies as needed, ask cashier for at least two receipts for everything
  • If something is out of scope but likely needs done eventually, quote a price in contract
  • Separate out-of-scope objectives into different contracts
  • No matter how relaxed your client appears to be, the correct answer to "do you want a beer/smoke/joint?" is a polite but firm "no thank you"
  • VERY carefully consider hourly rate vs fixed rate per job. Hourly keeps getting you paid regardless of shareholder shenanigans
  • You are there to do a job. Get it done right, document, and GTFO.
  • If end-user training is required, make a separate hourly contract. You can budget training into the initial scope, but be careful!
  • Better to under-promise and over-deliver than to over-promise and under-deliver
  • Know your limitations. If you aren't prepared to take a job and get it done in a timely manner that makes sense for both yourself and the client, refer them to someone who can
  • If you're considering a large contract where you will need to bring additional help, the time to start thinking about an LLC and insurance is now
  • If you're going to be spending significant time outside, stay very well hydrated and wear sunscreen. Do not jeopardize your objectives and timeline by failing to take care of yourself or take proper precautions

  • Fun Fact: I fell off the roof once and jumped off a second time. The first time I got lucky and landed like a cat from the ten foot fall. The jumping off part was stupid. Don't take unnecessary risks.

Welcome to my brand new site.  This will be an information security blog with a strong focus on independent contracting, firewall appliances, local area networking, cloud security, and security for remote work environments. (I drank the Cisco Kool-Aid.) After that, in descending order, my interests are in helping people get started in the industry, device hardening (Windows, Linux, MacOS), small business & home-office security, IPS/blue-team work, white hat stuff (if you care about hats and we'll discuss that problem too), the certification/degree processes and problems, locksport, social engineering, red-team work.  Eventually I'll talk about scripting (powershell and bash), and programming (starting with Python.) One day I hope to be able to reverse-engineer malware, but that is probably a few years off.

Personally, I enjoy rock climbing (specifically bouldering,) mountain biking, and long walk on the beach (wtf who cares? this is an infosec blog)

So if you're interested in hearing about my journey or finding your own passions or paths through the myriad of options in the IT industry, stay tuned. It might get weird, but I promise we'll have a good time. 

*Under construction*