April 5, 2007

In response to Andrew Hay’s challenge (http://www.andrewhay.ca/archives/81), here is how I got into computers, security, and public speaking.

Remember the Trash-80 (aka the Tandy Radio Shack TRS-80) computer that came out in the late 70’s?  That’s where I got my start in computers.  I was a 7th or 8th grader and my middle school had 3 of them.  I’d go in early to play with them.  I hate to admit it, but I soon bought a CoCo, TRS-80 Color Computer and continued to expand my knowledge of computers.  Of course the only way to play computer games at that time was to program your own.  That’s how I learned programming (in Basic of course).

Skipping ahead past High School (repressed memory)… I received a full U.S. Air Force ROTC scholarship to Michigan State University to study Computer Science.  These are two critical parts to my development as a Security Professional.  (1) Air Force ROTC taught me how to lead, speak and write.  (2) Computer Science taught me how to program (mostly in C) and about Unix.  This was in the mid to late 80s, when University Computer classes either taught theory or programming.  Nothing about systems management.  Nothing about computer security.  When I graduated, relatives would come up to me to ask questions about their home computer.  I’d tell them, “Just because I have a degree in computers doesn’t mean I know anything about them.”  That’s how I got started in home tech support…

After college and before I went into the Air Force, I spent a year with AT&T Bell Labs.  I was a researcher in their Archives with the entire history of AT&T at my fingertips.  Bell Labs was the place where Unix was born.  I even got to spend time with Ken Thompson & Dennis Ritchie.  My love of Unix grew.

In the Air Force, I was an Intelligence Officer, so I didn’t spend too much time on Unix.  I did learn about data classification and security.  Military Intelligence school (I know, an oxymoron) was one of the best places to start an education in information security.  I can’t tell you how much this helped me on the CISSP exam. It provided both the concepts and the practical experience required of a security professional. 

While in the Air Force, I received my Master’s degree from Syracuse University.  I continued to refine my writing and speaking skills, which are instrumental as a security professional.   At that time I began gravitating toward security.  Many of my papers were about security with Garfinkel & Spafford’s Practical Unix & Internet Security as my guide.  Ironically enough, my Master’s thesis was on the usability of computer systems; the flip side of the coin from security.

Fast forward a few years… I left the Air Force and became a Unix systems’ administrator.  This gave me experience in applied security.  In the Air Force, it was about leadership and theory.  Working for a business, I learned how to make security work. 

My first “real” security job was as a Unix security administrator.  The company hired me because of an audit point; they had no one responsible for Unix security.  When I arrived, I asked about the other security administrators.  I assumed that if they hired me for Unix then they should have one for the other areas (Windows, network, mainframe, policy & compliance, etc.)  There was none.  I took it upon myself to start their security program.  It was a great opportunity to learn about all aspects of risk management and continued to refine my knowledge of applied security. 

Today, I’m at ConAgra Foods; one of America’s top food companies.  I continue to learn and grow.  I experience every day the importance of balancing security, usability and business risk.  I work with all aspects of the business, helping them protect our critical assets.

If I had it to do over again, I wouldn’t change a thing.  Each step I took has been instrumental in my growth.  Each learning experience has taught me critical security concepts and how to apply them to protect my organization’s reputation and revenue. 

Most important, I’ve learned, “By working together, we all become stronger.”

I challenge the following people to write a blog post on how they got to where they are today.  I choose you because you have unique viewpoints and I want to learn more about you.

Tag, you’re it! 😎

About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.