Monday, January 12, 2015

A new year, a new job...

Today I start a new chapter, one that I am very excited about.

I've been doing computer security for a long time. I've done general system administration, software patch management, incident response, and policy and risk management. Four years ago I left the work I knew for a field entirely new to me. My entire career to that point had dealt with operating systems and software. The extent of my experience with networking had been plugging an Ethernet cable into my computer and setting an address. So naturally, I took a job where I was responsible for network administration.

I've learned a lot in the last 4 years. I've learned network design. I've learned how to plan for and supply the right amount of network capacity for a growing datacenter without spending money unnecessarily. I've learned how to integrate an acquisition into an existing network. I've learned the significance of a subnet mask and a VLAN and a PVLAN. I've learned how to configure and manage a wide range of switching and routing devices from many different manufacturers. I've learned how to diagnose performance issues, and how to design a resilient network that will remain online despite adverse conditions. I've learned how to install and manage several varieties of firewall.

Along the way I accomplished one of my goals in taking the job: I became the "translator" between those that write security policy, and those that engineer and support networks. Security doesn't happen in a vacuum - it's about managing the risks that a business faces so that the business can be successful despite the chance of "bad things" happening. In order to manage risks, the organization has to understand the things being protected. 

Over time though, translating became auditing, determining if various designs followed the rules (the policies). I also discovered something about myself: I don't enjoy the auditing aspect of security. It is vital - you can't manage something if you don't measure it, and I am good at it. But it's not where my passion is. My passion is hacking and defending, and teaching others to defend - the things I write about in my blog.

So today I begin a new chapter in my career. Today I leave auditing behind for a new job where I will hack, defend, and teach others to defend (nice how that aligns with my passion, eh?). Follow along as our journey through online security and hackerdom continues...

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.