Monday, January 12, 2015

A new year, a new job...

Today I start a new chapter, one that I am very excited about.

I've been doing computer security for a long time. I've done general system administration, software patch management, incident response, and policy and risk management. Four years ago I left the work I knew for a field entirely new to me. My entire career to that point had dealt with operating systems and software. The extent of my experience with networking had been plugging an Ethernet cable into my computer and setting an address. So naturally, I took a job where I was responsible for network administration.

I've learned a lot in the last 4 years. I've learned network design. I've learned how to plan for and supply the right amount of network capacity for a growing datacenter without spending money unnecessarily. I've learned how to integrate an acquisition into an existing network. I've learned the significance of a subnet mask and a VLAN and a PVLAN. I've learned how to configure and manage a wide range of switching and routing devices from many different manufacturers. I've learned how to diagnose performance issues, and how to design a resilient network that will remain online despite adverse conditions. I've learned how to install and manage several varieties of firewall.

Along the way I accomplished one of my goals in taking the job: I became the "translator" between those that write security policy, and those that engineer and support networks. Security doesn't happen in a vacuum - it's about managing the risks that a business faces so that the business can be successful despite the chance of "bad things" happening. In order to manage risks, the organization has to understand the things being protected. 

Over time though, translating became auditing, determining if various designs followed the rules (the policies). I also discovered something about myself: I don't enjoy the auditing aspect of security. It is vital - you can't manage something if you don't measure it, and I am good at it. But it's not where my passion is. My passion is hacking and defending, and teaching others to defend - the things I write about in my blog.

So today I begin a new chapter in my career. Today I leave auditing behind for a new job where I will hack, defend, and teach others to defend (nice how that aligns with my passion, eh?). Follow along as our journey through online security and hackerdom continues...

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at), or hit me up on Twitter at @dnlongen