Skip to Main Content
July 09, 2024

HackingDave’s Rule of Five

Written by David Kennedy
Career Development

Buckle up! This is a different type of blog that isn’t our normally scheduled technical prowess or superhuman talents we have here at TrustedSec. Each month, I have the privilege of hosting a meeting with new employees and interns at both TrustedSec and Binary Defense. This session serves as an introduction to the company, a warm welcome to the team, and an open forum to answer any questions they might have. It's a chance for me to motivate them about their careers and explore what's possible in the cybersecurity field. These sessions are a cornerstone of our onboarding process, providing a platform for new team members to voice their aspirations and concerns, and fostering a sense of community and shared purpose right from the start.

During these meetings, I often encourage new hires to pursue their dreams, even if that means eventually leaving the company. It's crucial to chase your passion, whether it's with us or elsewhere. This might seem counterintuitive, but I firmly believe that when individuals are passionate about what they do, they bring more value to their current roles, even if their long-term path leads them elsewhere. Recently, I was asked a question that particularly resonated with me: "You have accomplished so much in your career. How does someone starting off make progress or even feel accomplished when the hill is so large to climb? It feels like at the end of the day, I've accomplished nothing towards my larger goals."

This question struck a chord because it's a challenge nearly everyone faces, me included. Reflecting on my journey, I responded with how vastly different my days are now compared to when I first started in cybersecurity. Back then, cybersecurity was my hobby and passion, not a career. I spent countless nights coding until 3 or 4 AM, sometimes not sleeping at all because I was so engrossed in developing new tools or uncovering zero-day vulnerabilities. I remember the intense struggle of trying to bypass Data Execution Prevention (DEP) in Microsoft. After two weeks of frustration, working late into the night in my basement, and living inside of a debugger, I finally succeeded. That small victory taught me the importance of perseverance and passion in learning new things and pushing beyond perceived limits.

This leads to an essential piece of advice: Make your career your hobby. Focus on what excites you and turn that into your job. If you don't enjoy what you're doing, quit and find something you love. Passion breeds excellence. This approach not only fosters personal satisfaction but also significantly enhances productivity and innovation.

Building a Sense of Accomplishment: HackingDave’s Rule of Five

Feeling accomplished can be particularly challenging, especially in the early days of a career. I struggled with this during the formative years of TrustedSec and Binary Defense. My days were consumed by back-to-back conference calls, leaving me exhausted and wondering what I had achieved. I realized that this was not the best use of my time and was not aligning with my long-term goals. This constant state of busyness without clear accomplishments can lead to burnout and a sense of futility. This effect hits all of us in both personal and professional settings. How many times have we spent the entire day in meetings or on something that had no tangible impact on anything that was relevant to our jobs, career, or progression?

To combat this, I implemented a strategy I call HackingDave's Rule of Five. Every morning, before checking emails or messages, I list five non-negotiable tasks that I must accomplish that day. These tasks are crucial and aligned with my long-term objectives and ensure that I make tangible progress daily. This simple, yet effective method has been transformative in how I approach my workday and has greatly improved my productivity and sense of accomplishment. I came up with this idea after two solid days of barely sleeping and dealing with a multitude of issues. None of them which were critical, and I could have totally not been involved in them. I needed a change and a system that I could put myself into that I could accomplish specific goals that were important to my short, mid, and long-term objectives.

Here are some examples of my Rule of Five tasks:

  1. Reach Out to a Colleague or Friend I Haven't Spoken to in a While: This helps maintain personal and professional relationships, which are essential for a supportive network.
  2. Work on Coding a New AI Module to Test Deception Capabilities: This task might span several days, but dedicating time to it daily ensures steady progress.
  3. Research New Attack Vectors or Post-Exploitation Techniques: Staying updated with the latest trends and techniques keeps my skills sharp and relevant.
  4. Explore the Latest Medical Studies on Longevity and Health: This personal interest also aligns with my long-term goal of maintaining good health and well-being.
  5. Write Two Pages for a Book I'm Working On: This long-term project benefits from consistent, incremental progress.

Another set of tasks might include (At least for me):

  1. Improve My Skills by Coding or Working on a Technical Project: Continuous learning and skill enhancement are crucial in the fast-evolving field of cybersecurity.
  2. Write a Recommendation Letter for a Friend: Helping others is a fulfilling task that strengthens my professional network.
  3. Purchase a Pinball Machine for the Office to Boost Morale: Creating a positive work environment is essential for team motivation and productivity.
  4. Fix the Lighting in the Training Room to Enhance its Appearance: A conducive physical environment can significantly impact learning and collaboration.
  5. Research Ideas for Decorating the Cleveland Guardians Conference Room to Impress Clients: Creating a welcoming and impressive space for clients can leave a lasting positive impression.

These are just some examples that I might use day to day to accomplish things that move the needle for me.

Some other examples:

  1. Go Out for a Twenty-MinuteWalk: Fitness is important, just by going outside or using an indoor treadmill gets your entire body moving and almost a sense of serenity or accomplishment. You can expand this by hitting the weights at a gym or going for a run. The dopaminergic effect on exercise cannot be understated. It’s one of the largest tools we have.
  2. Clean Up the Office: This one might seem simple, but decorating, putting up a new certification, or cleaning up your office to look clean is something physical you can do. I like to balance my Rule of Five with a combination of something I can physically touch as well as something that I can accomplish work-related that may not be something tangible.
  3. Drink Three Bottles of Water: It’s the simple stuff remember? Set a goal you have a checklist for and keep yourself more hydrated. This can be associated to daily tasks or one-hit items for one day.
  4. Brain Exercise: Pick something that is a manual task for you right now and figure out a way to automate it to make it more simplistic. If you think about your return on investment, if it takes you ten hours to write a piece of code that automates 30 minutes a day, within 20 days you’ll start to get the value of that time investment.
  5. Write A Blog Post on the Rule of Five: Guess what was on my list for today? Special thanks to Daniel Miessler for this one. You would not be reading this blog if it wasn’t for a personal text from him telling me I needed to turn this into a blog.

By adhering to this philosophy, I not only feel a sense of accomplishment at the end of each day but also ensure that I focus on what truly matters for my personal and professional growth. This method helps prioritize tasks that align with my long-term goals, cutting through the noise of everyday distractions.

You can expand this into two set types of rules: Daily routines/rules you must accomplish and 5 floating rules of things you need to accomplish. For me, I have five daily routines and five Rule of Five floating rules. My daily 5:

  1. Workout Regiment: Do some sort of workout routine, regardless of if it's lifting, cardio, walking, but it must be something active. This rule is non-negotiable. If it's on the list, I must do it. Even if I don’t feel like it. You control your brain, not the other way around. Even if you don’t feel like it, you must do this.
  2. Vitamins and Supplements: Ensure I take my daily vitamin and supplements (Primarily Vitamin D, creatine, Rhodilola Rosea, and Fish Oils).
  3. Protein Goals: Make sure I hit 250 grams of protein daily. Non-negotiable. I must hit protein centric goals to ensure muscle building.
  4. Positive Message to Family: Say at least one unique and positive message to my wife and kids individually. Good vibes or karma creates a positive environment for everyone. I make it a point to praise my family at least once a day (Usually it’s much more). Complimenting them on an accomplishment, encouraging them, or noticing something they have done in a positive manner.
  5. Get Seven Hours of Sleep: I’ll admit this rule bends sometimes depending on schedule, but I try to stick with this one as much as I can. Sleep is foundationally one of the most important things for our body to heal properly and adequately handle the stressors of our day. If we aren’t getting enough sleep, it impacts everything in our life.

Again, these are just some examples of how I’ve expanded the Rule of Five for daily drivers to apply to my health and routines that help me stay consistent with certain areas of my life.

Continuous Learning and Development

Another question posed during the meeting was about my thought process behind developing research or tooling, such as Magic Unicorn for PowerShell: A tool I wrote and maintained for countless years. The answer lies in the foundation of continuous learning and applying that knowledge to solve real-world problems. My process involved understanding network protocols, coding, and exploring new methods to meet specific needs. For example, Unicorn was born out of the necessity for an x86 downgrade attack that didn't exist, leveraging my foundational knowledge to develop a solution.

The key takeaway here is that the experts were once beginners. A beginner becomes an expert by gaining more experience and knowledge overtime. By continuously learning and challenging yourself, the difficult tasks of today become the easy tasks of tomorrow. It's like lifting weights: consistent effort leads to improved results.

It's important to recognize that everyone's journey is unique. My experiences and successes are the result of a specific path I've taken, characterized by relentless learning and application. For anyone starting out, it's crucial to build a solid foundation in the basics, whether it's understanding network protocols, learning to code, or mastering the principles of cybersecurity. Once you have this foundation, you can build upon it with specialized knowledge and skills, much like constructing a house.

This approach has significantly contributed to my success. I hope these insights and strategies can help others navigate their career paths and achieve their goals. Keep learning, stay passionate, and always strive to push beyond your limits. By focusing on what excites you, continuously building your skills, and implementing practical strategies like the Rule of Five, you can overcome the challenges of feeling overwhelmed and unaccomplished, setting yourself on a path to long-term success and fulfillment.