Activity
306 followers
-
Rocky Furrow shared thisIf I ever see BIOS Crash Berry at any of the gas stations near me, I'll give it a try and report back. [That is also the Ubuntu boot screen! More of the world runs on Linux than you may realize.]
-
Rocky Furrow shared thisOne thing I learned from a very similar experience while cleaning out an old PC: don't spray the fans with compressed air at full strength! As fun as it is to kick up a dust storm while causing a helicopter noise, it ends up wearing out the fan bearings by forcing them to spin way beyond their intended speeds. And if the CPU fan can't start, POST will fail.
-
-
Rocky Furrow posted thisMy green banner is finally coming down. Update next week!
-
Rocky Furrow shared thisThis is a perfect example of somebody successfully utilizing OSINT in an area far, far outside of the tech sphere: Joaquin Buckley, UFC fighter, studied Stephen "Wonderboy" Thompson's YouTube channel to develop a game plan for his match against him back in October 2024, and ended up winning by KO. https://lnkd.in/etVvjK2Z‘I Studied His YouTube’ Buckley Reveals His Strategy For Beating Wonderboy 😮‘I Studied His YouTube’ Buckley Reveals His Strategy For Beating Wonderboy 😮
-
Rocky Furrow posted thisI firmly believe that I was offered my first full-time position back in 2006 because of my ability to clear a multitasking simulation with 100% accuracy and speed. Never let anyone tell you that video game skills won't help you find a job.
-
Rocky Furrow posted thisGoing through my spam/blocked messages in my personal inbox. Looks like the bad guys have started asking for Litecoin instead of Bitcoin in their recent scam attempts. What would be the reason for that? I've also never seen one requesting Monero and I figured that would be a given due to privacy. [Hope everyone had a great Labor Day weekend!]
-
Rocky Furrow liked thisRocky Furrow liked thisHi friends, I have officially decided to search for my next role. If you are on a small team developing novel hardware I'd love to discuss how I can contribute to its build, testing, and ramp-up to production.
-
Rocky Furrow reacted on thisRocky Furrow reacted on thisSo I recently made a change and joined Fahrenheit Advisors as a Recruiting Consultant. I have known Keith and Rich for years and I'm so excited to join this amazing team. I'm working mainly on our Human Capital team and right now we have some exciting opportunities. Reach out if you are interested in connecting with me.
-
Rocky Furrow liked thisRocky Furrow liked thisSecurity engineering is one of the easiest roles to fake on a resume and one of the hardest to fake in an interview. If your early career is SOC and you are applying for engineering roles, be ready to back it up. A resume that reads as monitoring dressed up as engineering might clear HR, but it collapses in a technical interview. Two gaps show up most. First, tool understanding. SIEM, EDR, and vulnerability management are easy to list on a resume and harder to explain when the interviewer asks how the tool actually works. Not using the platform to look at alerts, but how it is deployed, how it fits in the environment, etc. Fine to list them on the resume, but don't oversell it as engineering, rather than in a SOC capacity. Be honest but proud. Second, fundamentals. Active Directory, core protocols, how services are actually deployed and secured. Those are the questions that sink candidates, not the tool list. You need to understand the plumbing of a real IT environment. Engineering is not reacting to alerts. It is designing, deploying, and hardening the systems the alerts describe. Which is materially different from SOC exposure. Also, none of this is aimed at downplaying the SOC. I love that side of the work, and it is where plenty of strong engineers start. However, if you want to move from an analyst to engineer you likely need to take some active steps: Here are my suggestions: 1️⃣ Get hands on with Active Directory. TryHackMe and Hack The Box have AD style labs ready to go. Microsoft can give you a trial Microsoft Azure tenant so you can setup a hybrid environment with your AD homelab. That's a common enterprise setup, so worth deep diving. Look up common AD attacks and simulate them. It isn't enough to know what an OU is. You need security context. 2️⃣ Pick two or three protocols you already touch (Kerberos, LDAP, TLS, DNS, SMB) and go deep. You learned about kerberoasting? Try it out in a lab, golden tickets, skeleton keys, etc. Why not try it? You will feel much more confident defending it, and explaining in an interview if you try out the things you learn about. 3️⃣ Raise your hand for projects. Shadow network and systems engineers when you can. I get it, not all orgs will allow this, but you need the exposure. Do whatever it takes to get it. If you are in that SOC to engineering transition and want help mapping out a realistic plan, send me a message. #cybersecurity #infosec
-
Rocky Furrow reacted on thisRocky Furrow reacted on thisIn October 2025 I "suddenly" quit my job at GEICO. The reality is that somewhere along the way I was working so hard I forgot what the point of living was. I was giving the job everything I could to deliver the "design revolution" they wanted, people were saying thank you, users said “I wish I could use this design today!” but more was always wanted, and the pressure was always on to keep reaching for more. I had genuinely thought that making amazing things would fix the problem. On the surface that was exactly what everyone was asking for. Initiative, hustle, the extra mile, the extra certification, the extra weekend, chase that promotion. There used to be this phrase about “Giving a damn” and I thought, “That’s exactly how I feel!”. It was fun at first because it felt like it was going to go somewhere, that it would reach the everyman and make everyone’s lives a little bit better than it was before. But after a while, I was grinding, but nothing was coming out of it. Projects would be highly reviewed, but something was "always wrong". I’d fulfill the goal to complete a certificate just to have it replaced with another. I made money, but I felt like I was being paid to both hustle and watch paint dry simultaneously. I didn’t understand it, and my body started to react to that through sleepless nights and panic attacks. So like any other issue, I tried to troubleshoot it. For over a year, I scoured for answers in every imaginable place. I asked Co-workers, managers, and directors for advice. I went to HR, Doctors, life coaches, classes, courses, books, philosophy, legal— you name it and I toiled over it. I was trading work for relationships, reading books on leadership while riding a bike and shooting GLP-1 into my stomach. I keep trying to hit a moving goal post of “more”. After a year of doing that, it all caved in. It created a cycle of wondering when, if ever, I’d be “enough”. It did a lot of damage. I lost a lot of friends, I lost a lot of myself. I had multiple suicide interventions. It got to a point where medical professionals told me something had to change. Despite being hailed as a "Figma ninja" by my senior directors, I had never felt worse in my life. After having hard conversations with loved ones, the only thing that made sense for my safety was to leave that environment. The oversimplified answer was that making it make sense wasn’t something I had control over, and the only thing I had control over was whether I kept living that life or if I pivoted to a different one. It’s been a while since then. I am still re-learning how to live, what it means to live, and what it means to be enough— on my own terms. For now, I’m studying art and illustration because I want to. I don’t know where I’ll be in 5 years. I don’t think you know where you’ll be by then either. I needed to stop believing that only rockstars deserve to eat. Maybe they feast, but I’ve decided I’m not sacrificing my ability to taste in order to get there.
-
Rocky Furrow liked thisRocky Furrow liked thisI’ve hired over 50 security professionals across my career. The best ones almost never came through the certification pipeline. The best security engineer I ever hired was a sysadmin who’d spent three years automating everything he touched and got curious about why the firewall rules were rubbish. The best incident responder came from military intelligence and had never heard of NIST. And there was a developer who got bored of building things, wanted to break them instead, and turned into one of the sharpest analysts I’ve worked with. None of them had a CISSP when I hired them. Two of them still don’t. Meanwhile I’ve interviewed candidates with four or five certifications who couldn’t explain what happens when you type a URL into a browser. Credentials on the CV, nothing behind them. And they got through HR screening ahead of everyone else, because the job spec said CISSP required and nobody questioned it. CISSP appears in over 82,000 active job postings. 95% of security teams still report a critical skills gap. The industry built an enormous credentialing infrastructure and the gap didn’t move. I held the CISSP for fifteen years. It got me past HR filters and satisfied compliance requirements and proved I could commit to studying a body of knowledge. None of that made me better at the job. And the industry has quietly decided to pretend those things are the same because it’s easier than building a hiring process that tests for what actually matters. Next time you write a job spec, ask yourself: would the best security person you’ve ever worked with get past the requirements you just listed? #CyberSecurity #CISO #InfoSec #CISSP #SecurityCareers #CyberSkillsGap
-
Rocky Furrow liked thisRocky Furrow liked this23.5 years at GEICO. Literally my entire adult life. What a ride it has been. So much learning, growth, and meaningful relationships that I will always truly cherish. I walked in the door at 19 years old, not even two years removed from high school, with no idea what was ahead. Because of GEICO, I was able to earn my college degree, provide for my family, grow into leadership, and learn this industry inside and out. Doors I never knew were possible kept opening. It changed the trajectory of my life completely. When I look back, I think about the people more than anything. The mentors who challenged me. The teammates who became close friends. And the many individuals I have had the privilege to lead along the way. Now it is time for a new adventure! I am joining Hagerty Insurance as a Senior Director of Claims, Auto Injury and Litigation. The brand is iconic, the opportunity to make an impact is real, and I am ready to go build something. This next chapter is about paving my own path, building my brand, and making an impact I can be proud of. I have never been more ready. Let’s get to work. #Hagerty #NeverStopDriving #EnjoyTheRide
-
Rocky Furrow liked thisRocky Furrow liked thisYesterday we celebrated the retirement of our longest tenured Sales manager, Kim Lindsay. Kim has worked in our Fredericksburg, VA office for 30 years, and in many ways is synonymous with GEICO Sales. She helped us navigate a lot of changes over the years, good times and bad, but most importantly has been a fierce advocate for her people every single one of the days that make up her 30yr tenure. She will be dearly missed. As creative as she is hardworking, Kim bedazzled the GEICO shirt pictured below and it was a huge hit at our recent Sales conference. Congratulations Kim and thank you for 30 years! #lifeatGEICO #insurancesales
-
Rocky Furrow liked thisRocky Furrow liked this#start_early Corporations are not worth the effort! DON'T WASTE YOUR LIFE!!!!!!!!!!!!!!!
-
Rocky Furrow liked thisRocky Furrow liked thisTo be clear: Mythos finding a 27 year old vulnerability in the BSD kernel doesn't mean it found a bug that went unnoticed for 27 years, or that it achieved something no human researcher could achieve in 27 years. BSD does not have a bug bounty program. There is no financial incentive to report bugs in BSD. However, kernel remote code execution (RCE) bugs are worth a lot of money if you sell them to an exploit broker. A BSD kernel RCE would probably fetch somewhere around $100k - $200k USD. While the bug looks mostly useless, you never truly know whether a bug is useless or not. Sometimes a seemingly useless bug can be chained with another vulnerability to achieve RCE. Therefore, almost anyone who found that bug would have been financially incentivized to keep quiet about it. Furthermore, BSD has about a 0.1% market share, so there's probably not a whole lot of people even bothering to audit the code in the first place. There's this old trope in open source that says "many eyes make all bugs shallow". It frequently gets used to imply that open source software is more secure simply because more people have access to the code, therefore can audit it. But it completely ignores the economics of vulnerability research. It takes years (even decades) of experience to become a good vulnerability researchers. Most people are not putting decades of experience into auditing code for free. Sure, lots of people can read the code, but the majority of the people who can actually find vulnerabilities in it are incentivized to just horde them. This has happened before too. There was a major Linux vulnerability called shellshock, which went unreported for 25 years. The vulnerability itself was pretty obvious and not the kind of thing that was likely to have gone unnoticed to even a spectacularly average vulnerability researcher. The simple fact of the matter is, the economic incentives for auditing open source code just isn't that. Anyone CAN audit the code, but that doesn't mean anyone is going to, especially when they're not getting paid to do so. There's a big difference between a bug going UNNOTICED and UNREPORTED. It's very unlikely Mythos achieved something no one else did or could. It just performed work that nobody else wanted to do, at the cost of $20,000 worth of tokens.
Experience & Education
-
SECNAP Network Security
View Rocky��s full experience
See their title, tenure and more.
or
Licenses & Certifications
Other similar profiles
Explore more posts
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content