It can be fun to go into an interview cold – there’s an appealing energy that comes from the uncertainty of not knowing what’s going to happen next. That’s also why I enjoy role-playing games so much. As a DM, you can set up a combat encounter or introduce an NPC, then embrace the chaos as players hurl their characters in completely unexpected directions. Combine that with merciless randomness of dice rolls and you have a recipe for grand amusement.

But it’s also helpful to plan for chaos, whether from a dungeoncrawl or interview.

Prep calls are essential to making an interview entertaining and informative. Ideally, it’s a conversation that feels dynamic and natural. The worst thing to do is ask a question, passively wait for an answer, ignore the sense of that answer, and carry on to the next question.

Here’s a rough outline of my approach:

• Be flexible. Explore the topics the guest is passionate about and knowledgeable of. Sometimes we’ll start with one topic, only to discover a tangent that would be more interesting.
• Use open-ended questions to prompt clear explanations or strong opinions. It takes practice to reformulate questions from yes/no formulas into “why” or “how” ones that generate conversations.
• Probe for interesting or unique insights. This may also reveal areas to avoid. It’s hard to give specific examples here since it relies on the context of the topic, but I usually find questions based on “What does that mean for X?” or “Why does that matter?” works well.
• Anecdotes are good. If responses tend to be generalities or platitudes, ask for examples of the topic in practice, such as how they’ve seen a problem solved, a tool implemented, or a strategy succeed.
• Anecdotes of lessons learned from mistakes are also good. Plus, failures are often entertaining. Here I pay attention to the tone of the answer. Something like, “They were all idiots,” isn’t really helpful or educational. Something like, “We didn’t anticipate X” or “We tried to apply a process for X when it’s better for Y” is more useful.
• Listen for themes or framing devices as they answer.

During the prep I skip around a lot as I build a picture, but in the interview I’ll try to stick to themes and a flow that builds a story. Stories and conversations are more engaging than dry Q&A. This also means I may reorder questions from how we went through them in the prep call.

Ultimately, I look for some sort of narrative in terms of problem, complication, and solution or background, conflicts, and resolution. Some examples might be:

• What’s the problem? Why is it such a problem? How should we think of solutions?
• You tried X, then Y. You learned Z. In hindsight, what would you do differently?

One of the traps of asking too many followup questions or searching for a narrative is that it may constrain the guest to a rigid path. They have insights and knowledge to share. Let them reveal what that is rather than trying to guess it through questions. Thus, I always ask, “Is there something we didn’t cover that you want to mention?”

If they seem likely to be nervous during the interview, I’ll repeat some seed questions so they have an idea of what to expect.

Finally, I explain that we’ll close out the segment with a call to action or shout out of their choice. I’ll ask what they’re working on or what they want to draw attention to. Sometimes this also helps me refine questions during the interview so they build up to this point.

To recap, I go into every prep call with a plan to:

• Ask what they’re passionate about.
• Ask many short questions to gather context and background so the subsequent interview can be a more natural conversation.
• Develop a narrative arc.
• During the interview, actively listen to the guest’s responses and use them to flow into followup questions.

The way I prep for interviews is closely tied to the format we use on ASW. They’re intended to highlight the guest’s expertise, put them in a good light, understand their opinions, and draw out their personality. If the format were different, I’d keep many of the principles, but would adjust as necessary to the context. But in every case, being prepared makes for a better interview and, perhaps surprisingly, one that can be even more spontaneous.

For more about how I approach the podcast, check out the style guide.

Writing show intros provides a brief and enjoyable creative outlet. I have yet to present a haiku, although I have dipped into limericks – of which I have several more drafts in the queue. In one October episode I reimagined a stanza from The Raven.

And now I have a few experiments with haikus.

Today is the fourth anniversary of the fourth edition of Anti-Hacker Tool Kit. Technology changes quickly, but many of the underlying principles of security remain the same. The following is an excerpt from the introduction.

Welcome to the fourth edition of the Anti-Hacker Tool Kit. This is a book about the tools that hackers use to attack and defend systems. Knowing how to conduct advanced configuration for an operating system is a step toward being a hacker. Knowing how to infiltrate a system is a step along the same path. Knowing how to monitor an attacker’s activity and defend a system are more points on the path to hacking. In other words, hacking is more about knowledge and creativity than it is about having a collection of tools.

Computer technology solves some problems; it creates others. When it solves a problem, technology may seem wonderful. Yet it doesn’t have to be wondrous in the sense that you have no idea how it works. In fact, this book aims to reveal how easy it is to run the kinds of tools that hackers, security professionals, and hobbyists alike use.

A good magic trick amazes an audience. As the audience, we might guess at whether the magician is performing some sleight of hand or relying on a carefully crafted prop. The magician evokes delight through a combination of skill that appears effortless and misdirection that remains overlooked. A trick works not because the audience lacks knowledge of some secret, but because the magician has presented a sort of story, however brief, with a surprise at the end. Even when an audience knows the mechanics of a trick, a skilled magician may still delight them.

The tools in this book aren’t magical; and simply having them on your laptop won’t make you a hacker. But this book will demystify many aspects of information security. You’ll build a collection of tools by following through each chapter. More importantly, you’ll build the knowledge of how and why these tools work. And that’s the knowledge that lays the foundation for being creative with scripting, for combining attacks in clever ways, and for thinking of yourself as a hacker.

I chose magic as a metaphor for hacking because it resonates with creative thinking and combining mundane elements to achieve extraordinary effects. Hacking (in the sense of information security) involves knowing how protocols and programs are constructed, plus the tools to analyze and attack them. I don’t have a precise definition of a hacker because one isn’t necessary. Consider it a title to be claimed or conferred – your choice.

Another reason the definition is nebulous is that information security spans many topics. You might be an expert in one, or a dabbler in all. In this book you’ll find background information and tools for most of those topics. You can skip around to chapters that interest you.

The Anti- prefix of the title originated from the first edition’s bias towards forensics that tended to equate Hacker with Attacker. It didn’t make sense to change the title for a book that’s made its way into a fourth edition. Plus, I wanted to keep the skull-themed cover.

Consider the prefix as an antidote to the ego-driven, self-proclaimed hacker who thinks knowing how to run canned exploits out of Metasploit makes them an expert. They only know how to repeat a simple trick. Hacking is better thought of as understanding how a trick is constructed or being able to create new ones of your own.

Each chapter sets you up with some of that knowledge. And even if you don’t recognize an allusion to Tenar or Gaius Helen Mohiam, there should be plenty of technical content to keep you entertained along the way. I hope you enjoy the book.