Kat Sweet

Now with a catchy tagline!

The Building Blocks of Infosec CFPs

Between gearing up to co-chair CircleCityCon’s CFP, and working on a panel submission with a couple of first-time CFP submitters, this month’s program has been brought to you by the letters C, F, and P. (CFP = call for papers or call for proposals, depending on who you ask. Applications for speaking at a con.)

In the two-ish years that I’ve been volunteering for infosec cons (in various capacities), I’ve come across many would-be presenters who feel intimidated by the process of developing a talk and submitting to a CFP. Often times, anxiety is fueled by uncertainty. So I want to do my part to try and demystify the CFP process. More posts will follow, but for now, let’s start with the absolute basics: defining the main components of a CFP submission.

(By the way, if you’re not yet convinced to speak, I recommend reading Snipe’s post “Why you should stop stalling and start presenting”. For a good panel talk that covers a broad range of CFP prep topics, watch “CFPs 101” from BSidesLV 2016.)

When I was developing my first talk ever for the BSidesLV Proving Ground track in 2013, my presentation mentor Javvad gave me advice that’s stuck with me in every subsequent CFP: “Create an engaging story.” The way you structure and deliver your content matters, whether your medium is comedy, thriller, sci-fi, or musical theatre. Your talk’s title, abstract, and outline are the building blocks of your story. (As are your slides, but that’s another show.) Your bio adds context for your perspective as the storyteller. Each conference may have slightly different expectations (follow their directions!), so tailor accordingly.

Title

This isn’t academia -- keep it short and to-the-point. If the title isn’t descriptive, make damn sure your abstract is. Tying in humor or a pop culture reference is fine, but know that certain references have been done to death in presentation titles. Expect some reviewers to side-eye a talk titled “_____ for Fun and Profit” or “_____: How I Learned to Stop Worrying and Love _____”.

Biography

Of the four main components of a CFP, THIS IS THE ONLY PLACE WHERE YOUR NAME GOES. There’s usually a word limit of around 100 to 250 words. This can be a good place to include “cred” for why you’re qualified to speak on your topic; it’s how you introduce yourself to attendees who are unfamiliar with your work. However, because many CFP committees do blind reviews, don’t expect your bio to be the deciding factor in your acceptance -- your outline and abstract should demonstrate your credibility without referring to you by name.

Abstract

This comes from academic papers; it’s the TL;DR of your talk. An abstract is a paragraph or two (usually less than 250 words) that sums up the main points of your talk and, more importantly, draws your audience in. I’d recommend doing at least a draft of your outline before tackling the abstract -- that way, you know what you’re summarizing. You’ll probably be word-limited, so find ways to be concise. “We are planning to have a discussion about” easily becomes “we discuss”. Remember that an abstract is supposed to be just that: abstract. Don’t go into specifics.

Detailed outline

The skeleton of your talk, in the form of a bulleted or numbered list with sub-sections. Four or five lines is not sufficient -- make it granular. While complete sentences aren’t usually necessary, one or two words per line doesn’t say much. Reviewers aren’t mind-readers; we should be able to look at an outline and get a good feel for how your talk will flow. Furthermore, since you probably have knowledge in an area that not all of your reviewers will be familiar with, someone who’s not a subject matter expert should still be able to understand what you’re saying.

Even if a CFP doesn’t ask for an outline, it’s good to have one drafted by the time you submit. Strategizing how you want to structure your talk is time-consuming, so do the hard work early on… your future self will thank you. Bonus points if you include a time estimate for each section.

Based on the CFP submissions I’ve reviewed in past years, people perennially struggle the most with the concept of the outline. It occurred to me that many people lack a frame of reference -- unlike the abstract and bio, which are published on conference websites, most people never see anyone else’s outlines. So as an appendix, below I’ve written up a sample outline of a very familiar story.

In conclusion

Being able to construct the basic components of a CFP doesn’t guarantee you acceptance (particularly in very established, competitive cons), but it will take you a great deal of the way there, and like anything else, it gets easier with practice.

Stay tuned for a sequel.
 

Soul Asset Management in Nihilistic Rock Suites

1) Introduction: Real life vs fantasy (1 minute)

-Overview of the problem

   -There is a landslide

   -Reality cannot be escaped

-Actions prior researchers have taken

   -Opened eyes

   -Looked toward skies

-My background

   -Poor boy

   -No sympathy needed

   -Easy come, easy go

   -Little high, little low

-Main points of this talk

   -Previous research assumed that wind direction was statistically significant

   -(Side note: See, for example, "Blowin' in the Wind" (R. Zimmerman, 1962), which posits that answers correlate with wind direction)

   -My findings reveal that nothing matters, regardless of wind direction

2) What happened in my research (2 minutes)

-Killed a man via cranial gunshot wound

   -Additional detail: discarded a life that had just begun

   -Unintended consequence: caused Mama to cry

   -Call to action restating main point: nothing matters; continue course of action

-Medical side effects of time coming

   -Spinal shivers

   -Constant body aches

-Next steps

   -Leaving the audience behind

   -Facing the truth

-Disclaimer: while I don't want to die, I occasionally wish to not have been born

-Live demo: Guitar solo (will provide a backup demo recording)

3) Dealing with the aftermath (1 minute)

-Key stakeholders bidding for soul

   -Scaramouche: a little sihouetto of a man

   -Fandango: thunderstorm conditions causing fright

   -Galileo: Galileo

   -Figaro: magnifico

-Soulholder rebuttal

   -As stated in the intro, I am merely a poor boy

   -Additional information: nobody loves me, and my family is poor

   -Rules of monstrosity state that life should be spared

-Introducing new stakeholders and their challenges

   -Bismillah: refuses to let go, despite soulholder requests

   -Beelzebub: handling allocation of devils

4) Limitations (1 minute)

-What you can't do

   -Stoning

   -Ocular spitting

   -Loving and then leaving for dead

-Steps to overcome the limitations

   -Just get out

   -Get right out of here

5) Conclusion (1 minute)

-Reiteration of main takeaways

   -Nothing matters - by this point, audience should be able to see this

   -Wind direction also does not matter

 -Audience Q&A

 

Being an Infosec Latecomer, Part 2: Election Bugaloo

2016 was a milestone year for me: I landed my first job in infosec. A real live security internship. A new world opened up for me, and at the same time, as I started to settle into my brand new role, I couldn’t help but get the feeling, “Hey, I’ve done this before”.

As I mentioned in Part 1, and in my un-talk at CircleCityCon, broadcasting the fact that there are countless paths to a security career will help bring in more people with a wide variety of life experiences. This is glossed over way too much in the way hackers are presented to the world -- prevailing narratives frame us as having special l33t skillz that no one else has. Some of it I’m sure is internally-generated -- I think that some people who have only worked in one field perceive their job’s processes and learning curves to be unique to their industry. But those of us who started in other fields bring knowledge and skills from our “past lives” that are not only incredibly transferrable to infosec, but often lacking in the current infosec workforce.

So where did I come from? Hi, my name is Kat, and I’m a recovering political staffer.

When I graduated from college, I wanted to work in politics, having already put in a lot of thankless volunteer work during previous elections. I brought a solid writing background, a knack for doing independent research, and a healthy dose of cynicism -- plus, it was an election year and it seemed like a good idea at the time. Over the course of the next few years, I worked both on the campaign side (finance and fundraising, more specifically) and the legislative side, working my way from page to legislative aide. However, in addition to it not being a great fit for my personality, the job market was limited and incredibly volatile. After my and several others’ jobs disappeared as a result of an election, I decided that politics and I should see other people.

It was a couple more years before I got the idea to learn how to code (if you’re curious, it was Ruby, and there was a lot of nervous crying), which led me to “I’m not a dev, but this tech stuff is interesting. Hey, this security stuff is really interesting. But all of the security people have been hacking since childhood, so I guess maybe I’ll try to get a non-tech job at a tech company.” I had gone to a few security cons, speaking and volunteering but feeling like I didn’t have a real claim to be there. I was legitimately embarrassed by my resume. A turning point was watching Eve Adams’ and Johnny Xmas’ presentation at DerbyCon in 2014 -- all about how to break into infosec from other fields. As I re-watched that presentation, and as I started to meet more people in security, it started to sink in that I was not a blank slate.

Though most of my technical knowledge is a few years old at most, I -- without realizing it at the time -- built up an arsenal of skills during my days as a political staffer. Among them are:

Communication with diverse populations: I wrote a lot of words, and I spent a lot of time on the phone with strangers whose lives were vastly different than mine, many of whom hated everything I stood for. Being a legislative staffer is simultaneously behind-the-scenes and very public-facing: I made thousands of constituent contacts without having my name attached to any of the correspondence. Security work can be similarly invisible-yet-impactful, and the sheer amount of communication that security work requires can’t be overlooked. Whether you’re a pentester writing a report, an analyst responding to a user, or a manager justifying your budget to the C-suite, we are tasked with communicating security to those who are not in a security state of mind. The ability to understand the viewpoints and values of others and get our message across accordingly is a vital skill for promoting better security.

Staying current: This is a skill that often gets downplayed compared to other non-tech like writing, teamwork, time management, etc. I don't think it even fully occurred to me to label it a job skill until I started interviewing for tech positions, when the question of how I kept up with infosec news reliably came up. Political staffers would religiously read feeds like WisPolitics and the Wheeler Report the way security professionals would with threat intelligence feeds. Twitter wasn’t very big yet when I left, but I’d imagine that nowadays every legislative and campaign team has eyes trained on Twitter as much as any security team. Working in politics got me into the mindset of seeing a news release, evaluating how it affected our environment, and figuring out what actions to take as a result.

Working under pressure: I would invite anyone who thinks that “soft skills” come easily to spend a day answering the phones for democratic leadership in a conservative state during budget season. Or work on a campaign when you know that the political winds are not in your favor. Being able to keep a clear head and triage when it feels like everything is imploding is not an innate skill -- it takes practice, as well as a fair amount of desensitization. And it’s a vital infosec skill, particularly for those in areas like incident response. As they say, it’s not a matter of if your organization gets breached, it’s a matter of when. My political work wasn’t glamorous, but it prepared me well for keeping calm and carrying on in security. (Well, most of the time.)

Politics to infosec may seem an odd path, but many others have found ways to connect their past work to their practice of security. If we hope to move forward as an industry, we need to make more of these connections. Security affects everyone in the world, therefore we need to bring in perspectives from all kinds. Homogeneity does not serve us well.

Coming into security with a background in another industry doesn’t show that we’re indecisive or lacking dedication -- it shows that we’re adaptable, and that even if we didn’t get it quite right on the first try, we’ll keep hacking harder.

Getting Back Up

This is more motivational-speaker than I usually go, but for the sake of those who are new to being in front of an audience, I wanted to document this as a way of saying, "I survived, and so will you". 

I've been a performer for as long as I can remember. I grew up doing theatre, music, and occasionally (terrible) dance. Though I'm newer to public speaking than the performing arts, I've now presented seven times at security conferences, served on several panels at the sci-fi convention WisCon, and taught lockpicking to groups of strangers. I'm far from perfect at any of these, but I've had years to learn a thing or two about stage presence.

Last Friday at CypherCon, midway through my talk -- a talk I've successfully given before -- I had a panic attack onstage.

I'm no stranger to anxiety (though I manage it infinitely better than I used to); people who saw me earlier that day can tell you how shaky I was. The perfect storm had been building: I came to CypherCon having just taken three midterms that week. I was letting myself get psyched out by my timeslot (sandwiched right between the keynote address and Johnny Xmas and Lesley Carhart's talk). The room was loud, which made it hard to deliver a talk that had audience engagement built in. However, I was completely not expecting something of this magnitude to happen, so public. As I bolted from the room, guilt and fear of the consequences immediately overtook my original presentation anxiety... what if the organizers hated me for not finishing? What if people thought I was just doing this to grab attention? How was I supposed to be a BSidesLV Proving Ground mentor this summer if I couldn't even get through my own talk? Why were people coming out into the hallway and being nice to me? Panic became the loudest voice, and it took a while for me to calm down.

On Saturday, though, something else happened that I wasn't expecting: The feelings of suckitude pretty much went away. I didn't dwell on my failure the way I thought I would. I got up and enjoyed the rest of the con. Friends checked in on me to make sure I was okay, and I surprised myself that I actually was okay... once the panic died down, I knew logically that people had survived worse, and this didn't signify the end of my ability to present at future cons. When I got home I decided to submit the talk to the CFP for CircleCityCon so that I could maybe have another go at sharing it. 

This is where I think practice with being in front of an audience helps tremendously. It leads to more opportunities to fail, and more opportunities to practice recovering. I've survived (to name just a few) my video dying during my SkyTalks presentation, botching a Brandenburg Concerto in a solo/ensemble competition, and saying "fuck" onstage at a voice recital. Weathering those smaller public-facing setbacks made it easier to weather a large one.

We try to get all of our failures out of the way in a private, controlled environment so that we'll be flawless by the time we're presenting in public, but it doesn't always work that way. The way to build resilience is to fail forward and fail repeatedly until it becomes mundane. Whether the demo gods are smiting you, or your neurotransmitters pick that exact moment to kick you in the ass, whether you're a first-time presenter, or you've been onstage for the better part of three decades, things can go south in unanticipated ways. When that happens: Recognize that it happens to everyone. Cry. Have a drink and a hug. Then get back up. Rinse, spin, repeat. The world won't end.

Being An Infosec Latecomer, Part 1: Education

A few things prompted me to finish this post, which has been in draft form for months: 1) My presentation “Hacking Our Way Into Hacking”, about infosec latecomers, was accepted to CypherCon in Milwaukee (I originally presented it in BSidesLV’s Underground track); 2) Infoperspectives published an excellent, very comprehensive post on the state of women in infosec, which ended with an inspiring quote from Cheryl Biswas about mid-career women coming to infosec; and 3) I keep going to conferences and coming back with ideas, and I think I finally reached a critical mass of half-baked blog post drafts after GHC -- it was time to dust off the dormant blog.

An important part of getting new people into security is showing that there are many different paths to get here. Public perceptions have the power to bring people in or drive them away, regardless of the underlying reality. And as someone who didn’t start out in security or even in tech at all, I spent a long time fearing that I’d missed my chance to work in a technical job, thanks to the narrative that all good hackers started as kids. (It wasn’t entirely inside my own head -- various folks suggested that I should be an office manager or technical writer instead.) It is telling that just searching “too late” on the learnprogramming subreddit yields so many results. We need to change the narrative: there is no “too late”, and our pre-infosec pursuits were not wasted time. I want to elaborate on how I bring knowledge from my “past life” to infosec. I’m working on additional posts about my past employment. This one focuses on my undergraduate education.

(Side note: This is not about the value of formal education vs. other educational methods. There is plenty of good discussion on that topic, and it’s certainly a discussion worth having -- it’s just not germane to this particular post.)

While my BSidesLV iteration of “Hacking Our Way into Hacking” wasn’t recorded, I’ll share part of my introduction from that talk, where I describe my undergrad experience:

“I really started to tap into my passion for trying to solve fascinating and challenging problems, deconstructing things to see why they did what they did, taking time outside of class to self-teach, questioning authority, staying up late banging my head against my laptop. Pretty typical hacker story, right?

“Wrong. I majored in gender and women’s studies.”

At first glance, the jump from gender and women’s studies to security seems like a non sequitur. However, I love finding connections in unexpected places, and while I certainly didn’t declare my major thinking “when I grow up, I want to work in infosec!”, I owe a great deal of my security brain to my gender studies education. After all, deconstruction knows many forms. Here are a few common threads that I’ve brought with me from gender studies to my security education (and, if all goes well, my eventual security career).

Critical thinking: Asking questions and being willing to seek out information carried more value than knowing all the answers (a welcome change from high school!). This definitely mirrors security -- any degree of troubleshooting or researching requires being comfortable with open-endedness and willingness to be wrong. But more specifically, gender studies taught me how to think critically about systems and power structures. Understanding the players, their dependencies, and what they could gain or lose featured prominently in gender studies, and it features prominently even in my introductory-level security classes. Analysis of power structures seems particularly important for those going into security policy, compliance, or any kind of project management.

Breadth: One of the things that attracts me to security also attracted me to gender studies: the interdisciplinary nature. I like learning about many different things -- it gives me a fuller picture of the world around me. Gender studies, more than a discipline unto itself, is a lens through which to study anything from psychology to history. Similarly, security exists in every level of computing (networks, systems, applications, etc.), and even beyond the bounds of hardware and software (social engineering, anyone?). It’s important to understand the pieces of the puzzle and how they fit together, even if not all of the pieces are our particular domain. Which brings me to...

Empathy: Gender studies programs were developed to bring in perspectives that were missing from college curricula. My own program exposed me to viewpoints that I might not have otherwise come across; it also gave me the chance to discuss them with other students, further broadening our understanding. It wasn’t always easy. There were times throughout my gender studies coursework when I was genuinely uncomfortable because I had to confront my own privilege, and other times when I was uncomfortable simply because I had to question what I had always known to be true. Empathy breaks us out of taking things for granted, and when we move beyond a singular perspective, we become better problem-solvers. Security needs empathy. Since the systems being secured are used by so many different kinds of people, it’s vital for those designing, testing, and maintaining those systems to be able to recognize the validity of other worldviews.

I’m just one person, but I’m hardly the only person in infosec with a non-STEM degree. (I’m not even the only person in my netsec cohort at school with a non-STEM degree.) We’re everywhere. We all apply aspects of our past education to our security practice in different ways, and having a variety of foundations upon which we build our technical skills is absolutely a good thing.

If technologies are a reflection of the societies in which they’re developed and implemented, then there is merit to studying societal patterns. If our machines are only as secure as the people who use, build, break, and fix them, then there is merit in studying people. If technology is integrated into every facet of our lives, then there is merit in studying many different facets -- philosophy, music, literature, art history, sociology, and yes, gender studies.

Or put another way: until the robot overlords come and humans leave the equation, all majors have a place here.

Still Alive

2014 has been a year completely devoid of dull moments, to say the least, and as a result, this blog has been too long neglected. Stay tuned for updates within the next few weeks.

Closets Are For Clothes

I usually make some kind of comment about National Coming Out Day, though usually just a few sentences about bi invisibility, biphobia from the gay community, labels, legislation, or just pride and rainbows and glitter.  I thought I’d do something slightly longer than 140 characters today, though:  the coming out story.

It’s been about 12 years since I started coming out as bi.  (I say “started” because, as we too often perceive a person’s sexual orientation based on the relationship they’re currently in, bisexual visibility is difficult, and the coming out process seems to never really be finished.  That’s a whole other blog entry right there, though.)  As far as I can tell, I’m kind of a coming-out anomaly:  there really wasn’t much in the way of a long, drawn-out process of confusion, denial, self-loathing, fear… oh, I was plenty angsty as a teenager, just not for reasons of sexual orientation.  I was a sophomore in high school, and I had a crush on a guy and a girl.  Pretty straightforward.  (Biforward?)  My reaction upon realizing it was something along the lines of, “Hmmm.  Okay then.”  As soon as there was a closet, I felt no overwhelming need to stay in it… I had a pretty easy time of it, and I consider myself incredibly lucky for that.  Madison was and continues to be a very LGBTQ-friendly city, and saying “that’s so gay” at my high school would probably win you some dirty looks.  Had I experienced major harassment for coming out, the support network would’ve been right there.  So, I told my friends fairly nonchalantly, got involved with my school’s Gay-Straight Alliance (later as co-president) and Proud Theater, and went back to blowing off my English homework.    

Boring story, Kat.  It'd make a terrible after school special.  Where’s the drama?

For many people, the coming out process is experienced in extreme ways:  they may face ostracization, harassment, depression; they may risk losing their job or getting kicked out of their house.  (Don’t even get me started on Russia.)  Or, conversely, coming out may be a huge celebration filled with hugs and happy tears as they finally publicly embrace their identity.  So I wanted to post my own story as a reminder of the stories that tend not to get told -- the mundane.  My coming out wasn’t hugely positive or negative, it just… was.  And I wouldn’t have had it any other way.  I hope that as the world becomes a more accepting place to be LGBTQ, more people will be able to experience coming out as just a natural progression, not a nerve-racking, earth-shattering event, and the closet will start to be rendered obsolete.  (Though if you still want to have a big glittery coming out party, more power to ya.)

Happy National Coming Out Day!

(NSFW) Vegas Post-Mortem

<self-flagellation>

It’s been almost 4 weeks since I gave my presentation on 3D printing sex toys at the security conference BSidesLV.  I came back from the trip exhausted and then hit a busy time at work, yada yada, uber procrastination.  So, please accept my apologies for the delay in following up!

</self-flagellation>

<punting>

In the coming weeks I’m hoping to write a more detailed post about what I discussed in my presentation, as well as things I missed and some next steps.

</punting>

In the meanwhile, enjoy the video.  I thoroughly enjoyed presenting and was thrilled by how many conversations my talk sparked before throughout the conferences.  (And a few beforehand, including on the EuroTrash Security podcast and with TripWire Security.)

I’m told that I also presented at SkyTalks (“no cameras, no sobriety”) on Friday, August 2 after they had a last-minute cancellation.  I have no memory of this, but then, if you can remember SkyTalks, you weren’t really there.  ;-)

And for those of you playing along at home:  In the grand tradition of people releasing their code after a conference, I give you the OpenSCAD butt plug file that I used in my presentation.  Use it well; tweak it to your heart's desire.  If you prefer something printer-ready, there’s also an STL file for one of the dildoes that I passed around.  Let's see how long this repo lasts.

My first hacker conferences didn’t disappoint, and I’ll definitely try to make it to more!  Thanks to all those who made “The Sensual Side of 3D Printing” possible, including the BSidesLV mentorship program and SkyTalks; Javvad Malik, who took time out from prepping his own BSidesLV talk to be my presentation mentor from across the pond; and in particular, my boyfriend Brendan O’Connor, who held my hand through several piles of failed molten plastic, and who is all-around awesome.  (Side note:  his fantastic presentations at DEF CON and Black Hat have made something of a splash -- read more here!)  And, of course, thank you very much to everyone who attended the talks!

FFF Friday: 3D Printing Resources for Beginners

Newbies, this one’s for you!

3D printing has been rising in popularity in the past few years.  It’s begun to show up in headlines ranging from “3D printing is OSSIM -- it makes prosthetics!” to “3D printing is EVIL -- it makes guns!”.  However, the practice of creating a 3-dimensional physical object from a digital model is still a new concept to many people.  Maybe you’ve vaguely heard of it but don’t necessarily understand the mechanics of it.  Maybe you’re interested in learning but don’t know where to start.  Or you know a little and want to take it further.  Whatever your background, we all have to start somewhere, so for today’s FFF Friday, I’ve put together a few resources for newcomers to the wide world of 3D printing.

This isn’t meant to be an exhaustive list by any means, just a brief roundup of links to point you in the right direction.  Oh, and just as a standard disclaimer:  nobody linked in this post -- or any others -- is paying or bribing me to promote them.  :-)

When I refer to 3D printing, I’m usually talking about fused filament fabrication (FFF), also called fused deposition modeling (FDM), though that’s a trademarked term.  This is the kind that involves squeezing filament through a heated nozzle and laying it down one layer at a time.  Other types of 3D printing deploy different methods of forming the 3D object, such as powder or [frickin’] lasers; FFF is the most widely used among hobbyists and the easiest to access.  If you have 15 minutes to spare, Lisa Harouni’s TED Talk gives a good intro to the different types of 3D printing and some of the amazing things it can do.  

The software:  One of the best places to start may be simply playing around with some of the software used in 3D printing.  3D modeling is typically done using a computer aided design (CAD) program like OpenSCAD or SolidWorks, or a computer graphics program like Blender or SketchUp (to name just a few of each).  Software costs run the gamut from free and open source to “you want me to pay HOW much?!”  Regardless of program, Teh Interwebs has many tutorials and docs for learning your way around the software.

The hardware:  It’s remarkable how much 3D printers have come down in price recently:  you can now buy one for as little as a few hundred dollars.  New printers are constantly being developed -- it seems like there are always a few on Kickstarter at any given time -- with various features, but they usually share the same core components:  nozzles for filament, a heated build platform, controls for temperature and alignment, connector to a computer, etc.  Some come plug-and-play, while others require some assembly.  One of the most innovative developments, IMHO, in 3D printing is the RepRap Project’s introduction of printers that are actually self-replicating:  you can print the parts to assemble your own printer!

The materials:  The most common types of 3D printer filament are ABS (made famous by Legos), PLA (corn plastic), nylons, and wood.  (“Wait, wood?” you say?  It’s not 100% wood, it’s wood pulp bound together by PLA.)  ABS and PLA come in several colors; nylon is just one color, but as I discussed last week, it can be dyed!  For all of your shopping-on-the-couch-in-your-skivvies needs, Amazon now has its very own 3D Printer Store with a huge filament selection, as well as some 3D printers and parts.

Want something made but don’t own a printer?  Shapeways will print it for you.  If you’re a student, some engineering schools may also have 3D printers available for use (in my hometown, the University of Wisconsin-Madison has a student print shop in their College of Engineering, though it’s fairly costly).  And if the reverse is true, and you own a printer but would rather use someone else’s designs?  Thingiverse lets people share all things 3D that they’ve designed, so while you can upload your own creations there, you can also grab other users’ files and print them.  

There are several ways to get your feet wet without having to buy a 3D printer right away.  Find out if there’s a makerspace or hackerspace in your area -- most will usually have at least one 3D printer, and they may even offer classes.  That’s how I first learned about 3D printing.  (Makerspace.com has a makerspace directory, although it appears to still be a work in progress.)  It’s also worth looking for a nearby Maker Faire, where 3D printing always features prominently.  There are half a dozen flagship Maker Faires each year, but in addition to those, there are a ton of smaller, regional Faires.  Come for the robots, stay for the Makerbots.

For further reading, Make magazine, the quarterly bible of the maker movement, has an Ultimate Guide to 3D Printing.

While I’ve barely scratched the surface of the resources out there, you can do some pretty cool things with even remedial knowledge of 3D printing, so I hope this has been a useful jumping off point if you’re new to it.  Go forth and print!

FFF Friday: Dyeing Nylon Filament

Welcome to the first installment of FFF Friday!

It’s widely known among 3D printing enthusiasts that nylon 3D printer filament can be dyed.  This stands to reason:  many fabrics are nylon-based, so the same dyes that work on nylon fabric will work on nylon filament.  You can dye nylon objects after printing them, or for a striking tie-dyed effect, you can dye the filament itself.  Today I’ll be chronicling my adventures in the latter.

While any nylon-compatible fabric dye will serve you well most of the time, I don’t necessarily know how safe the regular acid dyes are for my purposes (which, as I mentioned in a previous post, are not your typical print job, wink wink nudge nudge).  Would they make me immediately keel over from acute internal acid dye poisoning?  Probably not.  But I’d rather go for total biocompatibility if I can help it.  I wanted something that’s known to be nontoxic.  Something so safe, I can eat it.

Kool-Aid.

This is the part where the Kool-Aid man dramatically busts through my front window on a motorcycle, spilling punch from the top of his head and guaranteeing that I can kiss my security deposit goodbye.

This is the part where the Kool-Aid man dramatically busts through my front window on a motorcycle, spilling punch from the top of his head and guaranteeing that I can kiss my security deposit goodbye.

Dyeing yarn with Kool-Aid is a common practice in the knitting/crocheting world; amid the many tutorials, there’s even a pallette with formulas for 135 Kool-Aid color combinations.  I didn’t find much information on using Kool-Aid to dye 3D printer filament, but by the Transitive Property it seemed feasible:  if we can dye nylon filament like yarn, and we can dye yarn with Kool-Aid, we can dye nylon filament with Kool-Aid.  So I basically combined the two techniques, which are fairly similar anyway.

No special equipment is required, just some packets of unsweetened Kool-Aid.  This may go without saying, but in the name of all that is holy, don’t use the pre-sweetened variety unless a sticky mess is what you’re aiming for.  Unlike some other dyes, there’s no need to mix in additional vinegar -- unsweetened Kool-Aid is plenty acidic on its own (as anyone who’s ever drunk the stuff on a dare in middle school knows... not that I’m speaking from experience or anything).

image.jpeg

Taking the nylon filament off of the spool and tying it into coils will help expose more surface area and allow you to swish it around in the dye more.  Since I wanted to test small batches, each of the coils is roughly one ounce of Taulman 618 1.75mm filament.  (One step that I admittedly forgot was pre-soaking the filament in hot water for a few minutes.  In retrospect, that probably would have helped soften the filament and set the dye better.) 

9x5 loaf pans are good for holding up the dye bags.

9x5 loaf pans are good for holding up the dye bags.

I boiled water and dissolved the Kool-Aid powder at a ratio of 1 packet per quart of water, then added the filament and let it soak for 30-45 minutes.  Once it's done, rinse it in warm water and make sure it's completely dry before using.  You can dry filament in a cool oven, but since it was a warm day I simply left mine to air dry, then returned it to its container and let the desiccants finish the job.

I decided to make two solid colors using two packets apiece, which I soaked in a big pot, and two variegated color combos, which were done by propping the coils in Ziploc bags and dyeing one side at a time.

The resulting colors can best be described as... glowstick.

Is it soup yet? 

Is it soup yet? 

I combined lemon lime and mixed berry hoping to get a nice teal.  In the pot, it certainly looked teal.  However, the blue dye in the mixed berry must be weak, because the end product was decidedly lime green.  I noticed that most of the filament had a tendency to float up to the surface, and the only part of the coil that had taken any of the blue dye was right where I had tied it -- ie. the part that was denser and stayed near the bottom.  So I added a second tie to the next batch to keep it submerged.

I moved the tie over -- you can see on the left where the coil was tied and absorbed some of the blue.

I moved the tie over -- you can see on the left where the coil was tied and absorbed some of the blue.

As red is universally the strongest dye color, the solid cherry/lemonade mixture created a super-concentrated reddish pink.  The variegated black cherry and orange also fared well, although I didn’t dunk the filament in quite far enough for the second half, so there are a few blank spots.

Cherry and lemonade.  I found that lemonade Kool-Aid is practically colorless, so I wouldn't use it on its own for dyeing. 

Cherry and lemonade.  I found that lemonade Kool-Aid is practically colorless, so I wouldn't use it on its own for dyeing. 

Variegated filament: black cherry on the bottom and orange on top. 

Variegated filament: black cherry on the bottom and orange on top. 

Ice blue raspberry lemonade is quite a light blue to begin with -- think blue ice packs -- so I’m surprised the filament retained as much blue dye as it did.  The blue filament is actually pretty true to the color of the dye liquid.

image-5.jpeg

By far the most surprising result, however, was the grape.  Yup, the other half of this coil is grape.  Grape Kool-Aid itself is definitely near the blue-violet end of the purple spectrum, but the nylon filament apparently found every last red molecule, sucked it up, and rejected everything else.  SCIENCE!

It reminds me of a rocket popsicle.

It reminds me of a rocket popsicle.

Just for teh lulz, I also dyed some Patons Classic Merino with black cherry and ice blue raspberry lemonade.  I’ve been knitting for years but this is the first time I’ve given my yarn a Kool-Aid dip.  It looked unnervingly like brains while it was soaking, but came out as a nice dusty rose color.

No, Mr. Bond... I expect you to dye. 

No, Mr. Bond... I expect you to dye. 

Yarny goodness. 

Yarny goodness. 

I haven’t yet had a chance to try printing anything with my newly neon nylon, but from what I’ve read on filament dyeing, dye retention after printing isn’t a problem, nor is warping.  Further research to be done:  increasing the ratio of Kool-Aid to filament; trying more color combinations; using Kool-Aid to dye already-printed objects; and dyeing filament with other natural and biocompatible dyes like beet juice, turmeric, and coffee.

Clockwise from top left: orange/black cherry, ice blue raspberry lemonade/grape, lemon lime/mixed berry, cherry/lemonade. 

Clockwise from top left: orange/black cherry, ice blue raspberry lemonade/grape, lemon lime/mixed berry, cherry/lemonade. 

Rainbow! 

Rainbow! 

While the filament colors aren’t quite as pronounced as they would be using acid dyes, Kool-Aid dye has the advantages of being readily available, dirt cheap, and completely safe.  All in all, a winner.

Ohhh yeaahhhh.

Introducing FFF Fridays!

BSidesLV is only 4 weeks away, and the final schedule is up!  I’ll be taking the stage at 6:30 pm on Wednesday, July 31st (you can read an overview of my presentation topic here).  PowerPoint slides are being prepared, implements of pleasure are being designed, and I’m sure somewhere a set of pearls is being clutched.  If you’re crazy enough (as I am) to be heading out to Vegas during the hottest part of the year, and may be interested in my talk, allow me to help you get into a 3D printing mindset with FFF Fridays!

Each Friday for the next 3-4 weeks leading up to the conference, I’ll be posting about a different 3D printing-related topic -- things that there won’t be time to cover in detail during my 50-minute talk.  (I can’t promise a post on the 26th, as I’ll be traveling starting at ass-o’clock in the morning, but I will try my damnedest.)  Stay tuned for the first installment this Friday, July 5th!

(NSFW) Speaking at BSides!

Approximately six weeks from now, I’m going to speak with a room full of hackers about 3D printing sex toys.

As some of you may know, next month I’ll be speaking at the information/security conference BSides Las Vegas.  Fourteen other presenters and I make up the Proving Ground, the speaking track for people who have never presented at a major conference.  Each of us is paired with a seasoned mentor to help us develop our talks and hone our presentation skills.  (I've found mine to be a tremendous help thus far.)  BSidesLV recently released the Proving Ground lineup -- it looks to be a fantastic track, with topics ranging from malware to mental health... and then, of course, there’s my own NSFW abstract.  

In “The Sensual Side of 3D Printing”, I’ll be discussing the ins and outs (pun fully intended, as are any subsequent puns) of designing and constructing sex toys with a 3D printer.  Laughter is wholeheartedly encouraged, but I also hope this talk will be educational.  (If all I wanted to accomplish was making my audience laugh via a string of innuendos, I’d just throw back some shots and do karaoke of the Traveling Wilburys’ “Dirty World”.)  While 3D printing is a fairly simple skill to pick up, there are several special considerations when using 3D printing for sexual purposes, from materials selection to design concepts for an optimal -- for lack of a better term -- user experience.  We’re toiling in a sensitive area here.  Therefore, I’ll be taking the audience through the steps of Toymaking 101 so that they can go home to their 3D printers and get cracking, without repeating some of the rookie mistakes I made while first learning.

Why 3D print sex toys?  Well, it’s an ideal way to tackle some of the problems with the state of sexuality in our society -- namely, lack of privacy and lack of choice.  What constitutes “acceptable” sex is very narrowly defined, and so we get uniformity.  Enter 3D printing.  Since 3D models are infinitely customizable, we’re free to design our toys exactly the way we want.  Which, when you think about it, is hackery at its finest.  After all, what is hacking if not learning how something works and taking control to make it our own?

Many of us have known the awkward-turtle experience of entering the skeezy conventional sex toy shop (in my college town, it was the oh-so-classy “Whack Shack”).  Depending on our location or living situation, that may be our only option for getting sex toys, and the price we pay is that our private sexual desires are made uncomfortably public in a world that’s telling us that those desires are bad.  3D printing provides us with the privacy we deserve -- we can make our own toys at home, and there’s no one around to judge us.  Even the NSA doesn’t have to know when we 3D print a toy.  (Although they know when I write about it... Hi, NSA.)  3D printing sex toys means our sex lives only have to be as public as we want them to be.

Plus, it’s just really, really fun.

I’m thrilled to be attending and presenting at BSidesLV, a conference that seems very welcoming and certainly has a rich history of hosting talks that push the envelope or are a little outside the box.  In the weeks leading up to the conference, I’ll be discussing my talk further, and in the meantime I’m happy to answer questions.  Happy printing!

Wilkommen, bienvenu, welcome!

Welcome to the inside of my head! 

After much heel-dragging, I've finally joined the rest of the world and set up a blog and personal website.  (Let me apologize for the Spartan surroundings -- I'm still in the process of tweaking the page styles.)  While in the past I've been somewhat shy about having an online presence beyond Facebook and Twitter, this is a logical next step, and one that I'm very glad to be taking.

Now that the site is up and running, expect plenty of posts about life, work, and other random-ass things that I may be thinking about.  And, in a few days, an announcement most unusual... ;-)

Thanks for reading!