Week 2

So this is week 2 of this intern! Yay! So this week I continued to work on figuring out this afl fuzzing thing.

The flopped presentations...

This Tuesday, I again attended the presentation meeting for our security team. Now, I realized that these meetings only cover about half of the security team's presentations, and they are offset by a week so that each person only presents bi-weekly but there is a meeting every week. Today at the meeting, there were a few interns who presented their parts (one related to AFL fuzzing, and one related to driller). Now what's interesting is that these interns are Ph.D. / master students, (although not specifically in cyber security though). Here I am hearing the supervisor really being very critical not only of their presentation, but also on how they are presenting it, always asking for more information.

For me because I do not need to present yet, I think for me it is very easy to be very detached from this, thinking that this might not apply to me, that I could do better at this than they have, but it definitely should not mean that. They are, in fact, all masters and above; students who should have more experience and knowledge than me, an undergraduate, which should be a reminder to me that I am not immune to such pitfall. In fact, as I make some introspection, I realized that one of the reasons why these people lack the ability to present their information falls under one or more of these categories:

  1. They have not prepared well enough the material presenting. Whether that be because they just simply skimmed through the code/ research papers, or just flat out did not understand the code, they did not grasp the material well enough. Furthermore, they also did not take the time to research all the things that they do not know. Perhaps this position is not very suitable for these interns because from what I know about them, they aren't interested in this field. Or maybe they wasted all their time who knows doing what (I know I'm not doing my work right now as I'm writing this down.. shhh... nobody asked you.)

  2. They thought they knew more than they actually did. Perhaps they thought they knew the paper, and maybe they copied parts of the research paper verbatim, thinking that this is enough to pass by. It occurred to me that some of the presentations that I've observed have been really padded with a lot of verbatim terms, yet the presenter failed to really explain these terms in the big picture. I think maybe along these lines the person probably got caught up in the nitty, gritty details of the paper and the code, and failed to see the big picture.

    Hopefully for me, I won't fall into this same trap, trying to explain the tiny details, forgetting how the big picture would apply in all. Although I think it is definitely a good skill to learn: how to filter out the tiny details, and focus mainly on the big picture, which is what a manager/boss would want to hear. Who cares you used x and y tools to make z happen, I would like to know how x and y helps us solve our big picture goal.

  3. "I can't follow your flow of thoughts!" Sometimes I think I know that I know what I am doing, but I find myself hard to explain that in plain English. This is something that I commonly fall under because I often get a few ideas, and jump to this conclusion really quickly. I find it pretty difficult to slow down and say, "so here's how I got from A to B, and then from B to C" instead of "I got from A to Z". However, another extreme is walking baby steps with the person wasting time over stuff they already know. Sometimes it's also easy to jump from one extreme to another.

And some tibits:

Wow! I did not intend these above three points a full essay by itself. Oh well, here's the rest of my weekly blog:

I also found something else very annoying: conversions between customary and metric systems. Come on America! Why do we use a completely different system (for every darn measurement, except for time, thank God)? Hmm...? (because America!) Oh well, Google/DDG has been my friend lately, whether it was for translations or for metric/customary conversions.

In addition, here I've also noticed something interesting: not only are quite a few people interested in CTF competition, but they are also interested in binary exploitation /reversing (hehehe... something that I haven't really seen back in college. But of course, the people here are like graduate school or older, so I guess that compensates?).

Okay so I've also finished my first draft of my presentation next, next Tuesday, hope that goes well. By the end of the week, I'm starting to get some confidence and some momentum in this place. Okay that is it for this week.