A Star is Born
As we collectively (and emphatically) usher in 2021, I can’t help but look back on 2020 in an effort to try and make sense of it all.
2020, for me, was the year I was going to become the best version of myself. Just a few months prior to the start of our plague-ridden roller-coaster ride, I began a new position as a Senior Security Engineer on Cruise’s Red Team. I was beyond excited to get an opportunity to branch out from my previously held AppSec role at Dropbox and explore an aspect of my growing interest in offensive security work. Having had a strong start in 2020 by winning the Nova competition for CanSecWest, I felt as if I was on a rocketing trajectory in my personal growth and career.
By this time, the world was already coming to realize that 2020 wasn’t going to be the “Roarin’ Twenties” reboot we had hoped it would be. Well into month, Australia had suffered one of the most devastating bush-fires (50x larger than California’s largest-ever wildfire) and affected an estimated 480,000,000 animals. Additionally, the world was looking at a potential World War 3 (though, thankfully, the situation between the United States and Iran simmered down to a less frightening level within a week or so).
However, despite all this bad, more was to come. It was international news by now that a new virus was discovered in Wuhan, China that was rapidly spreading within the region. By the end of January, the virus had successfully emigrated to regions outside of China (including the United States) and the prospect of a wide-scale pandemic was beginning to take hold.
My partner and I decided to prepare for a worst-case scenario by the middle of February when it was clear to both of us that the rate of transmission and spread of the virus could lead to lockdown scenarios within the United States, similar to what we had been seeing elsewhere in the world. Much like everyone else at this time, it was unclear what the long-term effects this new disease could have and we wanted to take precautions to avoid finding out first-hand. We stocked up on food, a few cleaning items, over the next couple of weeks before the panic shopping would begin.
Also, no: we did not purchase toilet paper — we had a bulk order from a previous 2019 Costco shopping trip that was still going strong.
Masks Before they were Cool
Fun story from around this time: my partner had finally convinced me to start wearing a mask when going out. I remember the first time I got into an Uber with a mask on and the driver was so worried that I had the virus. (At this time, there were no mandates to wear a mask and the public messaging on whether or not they were helpful was dangerously inconsistent). I had to repeatedly convince my driver that I was not sick and that the mask was to mitigate the chance of breathing it in myself.
I wonder if they think about that interaction at all.
SuperNova
Anyway, back to CanSecWest.
I felt reasonably prepared to present the work I did on identify a strategy to exploit some usages of insecure randomness in the V8 JavaScript engine. My slides were mostly done, my demo was fairly fleshed out, and at this point it would just be down to repetition and polish. I had confidence that my talk was going to go over well and I was still beaming that I would actually get to present at this prestigious conference.
Having never been to Canada before (aside from a brief 3-hour stay in Windsor for a show), I was eager to meet up with a friend of mine. We made plans that after the conference, I would take a short domestic flight to visit them before returning to the States. 2020, despite its rough start, was looking like a continuation of the awesome luck, travel, and experiences I had in 2019.
Sadly, as Covid progressed throughout the United States and fear still running high, I had decided that the responsible move would be to cancel my in-person trip to CanSecWest to avoid spreading (or catching) the illness.
While terribly disappointed, I still had drive left in me to do well for myself and continue onward. At this time, I believed that we’d roll out strong enough lockdowns to quell the spread of Covid-19 and that we’d possibly be back to a version of “normal” by fall.
Location, Location, Location
What is life if not a journey of self discovery?
2019 was the year that I discovered that my productivity was heavily influenced by the environment I put myself in. This might sound obvious to you (or me, now), but I didn’t understand what this truly meant until I spent some time reflecting on how I had such a productive streak when I first joined Cruise.
I realized that the environment that I created for myself there (mostly professional, not logged into distractions, sitting near / around others working on similar stuff) provided ample motivation and direction to guide my effort on productive, useful work. Despite my team having a well-established culture of remote work, I actively made the decision to come into the office every day and be the best employee I could be. I was so happy I had found my groove; I felt like I could take on almost any task if necessary.
Of course, the pandemic changed all of that. At some point around March, Cruise had issued orders for everyone to work from home. Even before that, while many of my coworkers were optionally choosing to work from home, I still was walking into the (nearly empty) office to try and stay focused. My last bastion of hope for 2020 was taken from me when I watched the all-hands informing us that we were no longer allowed in the office.
The transition to working from home was horrific for me. Now in a mental slump, working from home felt like a monumental task. It took great effort for me to focus enough on reading even a single document, let alone doing anything useful for my job. Over the next couple of months, the combination of waning mental state, guilt over my sudden plummet in productivity, and a desire to find work that I found genuinely interesting started me on a path that I already knew was going to lead me to finding employment elsewhere.
BLM
March 25, 2020 — George Floyd, a man reduced to begging for his life, is killed by a group of police officers attempting to arrest him allegedly using a counterfeit $20 bill.
This event, as you all may know now, sparked another conversation about the brutality of policing and the justice system against black Americans. In fact, as protests began across the United States demanding a reform, we saw undue brutality and authoritarian practices from many police forces around the country.
For a whole week, I spent so much of my time watching these protests; being angry at the vicious and oppressive policing unfolding all across the nation. This was the first time I could ever remember being restricted by curfew from someone other than my parents. While this will forever be a scar on our nation’s history, we did see some small reforms like the repeal of Qualified Immunity from some small regions of the US and putting the discussion of Defunding the Police into the public discourse.
Discord Downfall
Fast forward a little while and we arrive to around July or so. By this time, tens of thousands have been infected with Covid-19 in the United States and it’s becoming pretty clear that Covid-19 is going to stay for the entirety of the year. Occasional protests are still going on but the focus on them in the media has fallen drastically.
Meanwhile, in this lull of 2020, I tried distracting myself with anything and everything. From drinking a fair bit more, spending more time on discord talking with hackers, and trying to moderate some discords, I found myself getting burned out from the stress of my job (the lack of focus, guilt, etc.) and the perpetual desire to be productive again.
I let myself get more and more frustrated with otherwise trivial things like questions that didn’t provide enough detail, posting behaviors that didn’t appear to be in good faith, and drama (occasionally, quite weird). As an example of the trivialities that I mulled over, here’s a tweet where I complained about a type of interaction I had become accustomed too.
At some point I decided to pull away from actively moderating these groups and even left a number of them. I don’t exactly understand why I get like this when I invest so heavily in a group, but it’s not the first time I left a group or community in frustration. Definitely an area of growth for me in the future.
Regardless, for those curious, I still do respond to mentions and DMs when those are open. Feel free to reach out with questions as I still happily answer them!
Grapl
As alluded to before, the sudden shift in working environment, lack of interest in my work, an unexpected round of layoffs that heavily affected my team, and the culmination of stressors from 2020 pushed me over the edge. I was desperate to find something that I could believe in (that also paid the bills).
Thankfully that day finally came when I was given the opportunity to join Grapl: a company a friend started that not only solves the problem of SIEMs in a novel way, but the product is predominantly built using Rust, my favorite programming language.
Grapl has a special place in my heart as it’s a project that I have believed in since the first time I heard about it back when it was just a side-project. I’m so happy that I found a place that I genuinely feel like the work I’m doing matters, is valuable to society, and will succeed with gusto.
Since joining Grapl, I’ve had some of the following contributions:
- Refactoring major services to significantly improve code organization and structure
- Identifying and fixing dozens of bugs in the core product
- Finding and fixing vulnerabilities
- Building out high-demand features in Grapl
- Identifying and fixing a significant performance bottleneck that was previously classified as a blocker
All-the-while, I get to work with people that I enjoy and respect. I’m truly lucky that I get to work where I do, even if the startup life isn’t everything it’s cracked up to be.
Something fun to point out, though: my new job is entirely remote, yet I find myself much more able to focus despite working from home. It goes to show how important enthusiasm for your job is in productivity as well, I guess.
California Fires
If 2020 wasn’t bad enough, California decided to remind the world that Climate Change is still a very real thing.
It’s not atypical for California to have seasonal wildfires. I remember in the first month I moved to San Francisco, waking up to the heavy smell of smoke in the air and an incredibly dry throat. However, in the years I’ve lived here, I’ve never experienced anything as bad as the fires were this year.
The air quality index, for days at a time, would be well over 200. In previous years, when the air got bad, it was mostly a permanent bonfire smell (something similar to hanging out around a campfire with your friends). This year, the air was putrid and smelled of burning rubber and plastics. Thick with toxins, and not at all pleasant to the nose, we were forced to keep our windows and doors shut constantly.
Of course, 2020 wasn’t quite done with California yet, as an intense heatwave sweeped the state. San Franciscan homes, for those unfamiliar, often do not have centralized cooling. This is because, nine or so months of the year, SF’s weather is very temperate and does not require further regulation to be enjoyable. Now, though, we were faced with sweltering heat and unbreathable air; forced to make a decision between opening the windows to get 5–10 degrees of relief (2–5 degrees Celsius) and breathing toxic air, or close the doors to preserve our clean air but die in the heat.
After a couple of weeks of on-and-off heat waves and smoky conditions, we approached the end of this literal hellscape. This experience, though, remains in my memory as it was a first-hand encounter with the post-climate change world we’re entering into.
Distractions
While many of my peers were using this time for self-improvement, I was clearly struggling. For whatever reason, the only thing that remotely interested me (in my free time) was playing games and chatting with people. This is not terribly abnormal for me. I often have said I tend to go through cycles of extreme productivity (which, thankfully, I’m on right now), and stretches of relaxation and entertainment.
Notably, this stretch of self-indulgence had lasted longer than is typical. Usually these periods of distraction last 2–3 months, but since March, I had been unable to focus on hacking, working on side-projects, or even writing blog posts. This can be seen though the lack of updates posted to this blog for the entirety of 2020 (having last posted about reading a book in June).
After the toughness of this year, I’ve decided to not be too hard on myself.
2020 has been heartbreaking, polarizing, frustrating, isolating, demoralizing, unrelenting, and deadly. In this mindset, I probably let my break from “productive pursuits” last longer than is typical, but by the end of December I regained my productive desires. I’ve since started back up on a side-project that I’ve had incredible success with so far, been reading again, and am writing this blog post for all of you today.
My Interpretation of 2020
We’re not out of the woods quite yet.
With all of the discussion regarding 2020 as the worst year ever (which it’s probably not), I suspect many of us confine this series of bad luck and horrible events to the year. In my opinion, this is a mistake. Nothing about the year restricts horrific events, polarization, effects of climate change, and an uncertain landscape for the future of the US to come to an end on New Years.
There is work to be done and progress to be made with our environment, our politics, and within ourselves. If we brush off this last year as “2020 sucks”, we fail to recognize that the year was a messenger from the future giving us its message that we need to act now or our future will look similar and worse.
I fear, based on our response to the global challenges handed down to us, that we will fail future challenges as well. The Spanish Flu was much more deadly than Covid-19, yet an anti-mask sentiment was present even then. Our wildfires scorched two continents, and our politicians fail to act.
On Climate Change: we still treat it as something one can choose to believe in or not. We need to teach people that Climate Change is a well proven, solidly understood phenomenon like Gravity or Photosynthesis — it’s not a question of belief, it’s a question of your understanding of it. Even if some countries and administrations do understand it, they promise too little and deliver too late.
Our future does not look bright, from my perspective.
Lastly
Enough doom and gloom for one blog post.
What am I doing now? Well, as mentioned before, I’m working on my side-project (that I’ve only mentioned at least a couple dozen times by now in vague detail). As some of you may know, I’ve also taken a hiatus from my stream on Twitch which is partly due to that streak of just wanting to play games and chat with people. That being said, I’ll be returning to Twitch later this month to show off my side-project, illicit feedback, and continue to improve it with all of you.
In terms of bug bounty work, I’ll be making it a soft goal to get back into bug bounties again, though I don’t want to promise any commitments. I don’t have a strong desire to spend my time hacking alone these days and I haven’t felt interested enough in collaborating with my friends either.
Lastly, I’ll be returning to reading the book The Road to Reality and posting updates on my “D0nut Reads” publication. In fact, I’ll be posting a review soon of another book I’ve been reading called Something Deeply Hidden by Sean Carroll sometime today or tomorrow.
Have a good 2021, everyone. Let’s actively make this year better than the last one.
