For the last 1.5 years, starting with my acceptance into the Ontario Internship Program up till I exit that program and entered into a short term agreement where I am right now, I’ve been under contracts. The position I am in right now is actually a tester position, and not my natural spot. But I’ve been told that I should apply for it because there might only this plus another lower position coming up for me to try get a full time job.
So right now, I’m trying to make a cover letter and learn more about testing, before submitting my application and hopefully get an interview for it.
Speak, present and impress!A session on advanced presentation skills. The presenter was very knowledgeable about the art of presenting. He touched on the differences between presentation, speech and academia skills. Many people start their presentation with the words “I”, which actually belongs to a speech where the speaker has power over the audience. The presentation should be about the audience, and hence the first word should really be “you”.The main point that hit me was that many people were “post”-senting instead of “pre”-senting. A good example is myself, I usually use Powerpoint slides to highlight points, and just read them off and explain a bit about it, and in short just read out the slides to the audience.This apparently came out of the ancient religious tradition, where the clergy could not read, and the priest had to read out for them. Presentation should be about clarity and value, not fancy Powerpoint slides that we read out to people. Very interesting session, and I highly recommend it to anybody who presents regularly to audiences.Exploiting and defending networks & web applicationsThese are actually 2 sessions, one specifically on web applications and the other on networks. It’s targeted towards people internal to an organization who have to understand how crackers think and will attack their networks. Very similar in content, with minor differences in between. In hindsight, I could’ve probably just attended one of it and get full understanding of the session.This hands on lab walked us through the process that an attacker might take to attack a network system. A simulated environment was on hand, and it was surprising how easy it was to execute things like an SQL injection attack, based on small errors that web applications give out to users (ie. exceptions that are not caught). The speaker is a security consultant that has been doing this for a long time, and he explained how vulnerable most systems he goes into are, including some quite large banks and companies.Main point from these 2 sessions: make life difficult for a cracker to break into your system, for it’s not possible to completely eliminate security threats.