Skip to main content

How to Ask for Technical Help Correctly

I was going to post this over in reddit's /r/cybersecurity_help, but I decided it sounds too much like a lecture. 

-----

We understand that when you have "pressing" concerns, you often can't even formulate a question coherently, but please take a few moments to organize what information you have, and what questions do you have, so we can answer your questions immediately, rather than trying to draw additional details out of you which wastes both your time and ours. 


Rule 0: Please read the posting guide:


https://www.reddit.com//r/cybersecurity_help/wiki/guide 


Rule 0.5: Please read the "10 rules" (check right hand bar at following link). Failure to follow them may result in removal of your question. 


https://sh.reddit.com/r/cybersecurity_help/


I'm going call this the 2 C's of Cybersecurity Questions: Condition, Confirmation. (There are 2 more on the answer side, Cause, and Correction, but we'll talk about those later)


**Condition: WHAT made you came to this subreddit today?** 


This should be short, concise, and goes in the subject/title. 


* Good: "I lost control of my gmail, hotmail, and EpicGames accounts."


Clear on what had happened. Details would be in the body of the post. 


* Meh: "Can this be (insert malware name)"


Please start with description of your problem(s), NOT what you SUSPECT the cause is. 


* Bad: "OMG PLS HLP ME NOW!!!!!!" 


We don't need to know how you feel. We need what brought you here today. 


**Confirmation: what evidence, supplemental facts, observations, and so on, do you have to support/confirm the condition that brought you here today?**


* Good: "I can no longer log into my gmail, hotmail, and EpicGames accounts. I checked my phone and it confirms some sort of account change at each. I tried password recovery for each and I am not getting any message, so it appears ownership email had been changed."


This is nice detailed explanation of the condition. This doesn't have to be screenshots or logs or whatever. "What should I do?" is implied. 


* Meh: "Well, my PC started doing X, Y, and Z. Should I be concerned?"


You could have LEAD with that, as the condition/subject, rather than speculate on the cause. 


* Bad: "He's in my phone! Help me!"


How are we supposed to help if you can't even provide details about what phone make/model, what OS level, and what made you suspect someone's in your phone? So now, we have to spend another back-and-forth trying to solicit details out of you. THEN we MAY be able to offer some suggestions. 


BONUS TIP: Please don't include opinions, like "I'm sure it's my ex who had taken a cybersecurity course / ex-government job / secret agent". You'll attract attention of trolls. 


-----


For those of you answering, please limit your answers to the 2 C's of answering... (suspected) Cause, and Correction (Remediation), or solicit Confirmational Evidence... or perhaps, inform OP that the question is off-topic. 


**Confirmation(al evidence) -- OP needs to provide more details so we can narrow down the cause / correction**


Please explain WHY more details are needed. Sometimes, it's obvious, but it's better to overexplain than underexplain here. 


**(Suspected) Cause -- i.e. what do you think OP was afflicted by**  


Please also explain how you came by this conclusion, and/or references from a recognized source. Google, Microsoft, AV vendor, Security News, MakeUseOf, etc. 


**Correction/Remediation -- how should OP fix the affliction**


Same idea as above, add reference if possible


Please note that for some Correction methods (i.e. remediation), we do recommend "the nuclear option" i.e. "nuke it from orbit, start over", and it works regardless of cause. So we do sometimes ignore the cause but we would usually explain WHY we do that. 


Also, we do give STOCK answers quite often, as this is a form of tech support. We will copy/paste stock answers, even when we have relatively incomplete info. 


**Off-topic -- OP's question is not cybersecurity related**


A lot of people come here for privacy related questions. "Someone used my photo without my permission", "someone is harassing me online by impersonating me", and so on. Refer them to /r/DigitalPrivacy. For people asking about Sextortion, there's /r/Sextortion. There's also /r/phishing or just /r/Scams 


DO NOT DO: pass judgment on OPs actions, attitude, condition, etc. We are here to SUPPORT (within limits). Simply don't mention anything else. Limit reply to the statements provided (the portions that seems factual, not opinions) 

Labels:

Comments

Post a Comment

Popular posts from this blog

I finished Google Cybersecurity Certificate in 5 Days. What did I learn?

As of May and June 2023, there were a lot of buzz about the Google Cybersecurity professional certificate issued in conjunction with Coursera.  So I took the 8 course certificate program, and I was able to finish it in 5 days (May 31st to June 4th), which is so fast, it was within the 7 day trial period, so I did not pay anything (normally $49.00 USD).  I did go in with a couple unfair advantages: * I already know SQL * I already know Python * I was an IT professional  * I have taken a cybersecurity intro course before * I was also between jobs so I have a LOT of time to dedicate to studying * I have taken many Coursera courses before (back in early 2020) So is the course any good? I think it is a good course for people who have no idea what to expect, and this will give them a taste on what a job in cybersecurity will involve. The video lectures are relatively short, and there were a LOT of emphasis on the non-traditional non-technical background of many of the Google em...
Post a Comment
Read more

I Got Both Google Cybersecurity and and ISC2 Certified in Cybersecurity. Should You?

The Google Cybersecurity Certificate and the ISC2 Certified in Cybersecurity are two of the most popular cybersecurity certifications available. Both certifications cover a wide range of topics, including network security, application security, and security operations. However, there are some key differences between the two certifications. Both Google Cybersecurity Certificate and the ISC2 Certified in Cybersecurity are considered entry-level certifications The Google Cybersecurity Certificate is very friendly for people who did not come from a computer background, but if you already know IT, Linux, SQL, or Python, you will have an advantage here. You will also learn some practical cybersecurity tools, such as SIEM and Splunk log reading, and you will end up trying to write incident report logs, short analysis reports, and so on.   The ISC2 Certified in Cybersecurity is more focused on theoretical and base level knowledge, with a bit more discussion on the differences among in...
Post a Comment
Read more

I finished "Certified in Cybersecurity" by ISC2 in (ahem!) 2.5 days, and passed the exam. What did I learn?

I decided to look into another introductory cybersecurity certification after finishing the Google Cybersecurity Professional Certificate back in June in 5 days. Took me a while due to other obligations, but I finally decided on "Certified in Cybersecurity" by ISC2, and I started last Thursday.  I finished all coursework by Saturday, and I was waiting for the peer-graded assignments to be graded. That was when I realized this is only half the battle (yes, I am quite bad at research sometimes). This is a prep course for the actual ISC2 CC certification exam, and that cost $199.  So I went on Google to look for a discount code, as there often are for these.  That is when I found that ISC2 is doing a "One Million CC" initiative... It will give away 1 million CC prep course and exams absolutely free to people around the world. It's even available in languages such a Spanish, German, Chinese, and Japanese, in addition to English! That's right... the self-paced C...
Post a Comment
Read more