Security's Everyman

Security's Everyman

Thursday, April 05, 2007

Getting into Security (Revised)

This is a revised version of a post I did last month. I brought it back up in response to some posts that have been floating around the SCC forums. Santa asked us to tell our story so I decided to retell mine with a little more detail. I won't be offended it you choose to pass on reading it this time.

My earliest experiences with computers (not counting Pong) was on a Apple IIc. We used it to keep basic records and such for a softball league that I helped run when I was in high school. I loved it because it was so much more user friendly than the PC's at school. I hadn't played with them because the DOS environment looked too complex for me. I had very little confidence in my intellectual abilities at that stage of my life. Soon after that I took a class in college. I think it was called "Basic Computing". It scared me to death and I swore computers off from then on. Even though I made a B in the class I just didn't get it.

Fast forward to 1995. I moved back to Atlanta to get my Masters Degree and went to work for a company I had worked for years earlier. It was a manufacturing environment and they put me in the Electronics department. Again, I was scared because I considered that kind of stuff over my head. I quickly learned that I could do the work and did a good job at it. There were several Computer Geeks in the department. They all talked computers and built their own so I learned by listening and talking to them. Then I started helping them build systems and decided that this wasn't such a scary field after all. I got my first computer and started learning. It was a clone 8088 that had two 3 1/4 floppies and a 5 1/2 floppy. No hard drive and a 3 meg memory card that was bigger than some servers I now have. I was behind the times but I was making headway.

It was also around that time that the company decided that they needed to start thinking about having their own network and IT manager. They talked to me about the position because I was the only one in the group that had social skills to work with Management. So I decide to focus my MBA on MIS and go from there. Then reality set in and the fact that the company President didn't like me ruined those plans. It was also around that time that my college roommate called with a job in IT no experience required.

I packed up moved to Dallas and that is where I started my original post.

I first started out working for a company that sold telephone banking systems. They were OS/2 based and used primarily Rexx and VScript for the voice coding. I was an installer at first and then moved into the Tech Support department. One thing I had to do was learn basic programming and this is where I learned that I was NOT a programmer. Programmers think differently than the rest of us. :) While I was there I started learning Novell because at that time most small to medium banks still ran Novell networks.

I then took a position at a Bank as the Network Admin for one division of the company. This was a whole different challenge because it was a Windows shop and I knew very little about networking in the world of Microsoft. While there I also learned why it was important that I learn about the OSI model when working on my Novell CNE cert. I learned about routing and switching and discovered that there was much more to the world than OS/2. While there I also came to realize that having a firewall was not all that was needed to secure a network. I was promoted to Corporate Network Admin and assumed more responsibility for security. We didn't have anyone actually in charge of security so I talked to the CIO and unofficially became the security guy. It was here that I really started reading, studying and learning about security.

The next job I took had the promise of learning and practicing more and more security. Promises often don't come turn and this was one of them. I did do lots of security related jobs with customers but it never really panned out to be what I hoped so I moved on.

That lead into my current position of Network/Security Engineer. That pretty much means that I do it all. At least I'm responsible for it all.

Along the way I discovered that I will never know all there is about security. There are areas that are just not my forte. People often ask me what they need to do to get into security. My advice is to tell them to find their passion and focus on that. If it's not directly related to security find out how security fits in and start doing it. Become the security expert in your area. Don't try to learn it all. Don't try to go where the "hot" jobs are at the moment. You will only be successful if you are doing what you really like and what you are passionate about.


LonerVamp said...

How did you get that first Network Admin job at that bank? :)

That's the part of stories that interest me, is that first time getting into a newer area. Did they take you on the hopes you'd develop the skills, or did you already have them in networking?

Andy, ITGuy said...

Good Question Loner. It was a combination of both. I understood the concepts of networking, but from the perspective of Novell. I had worked with the new CIO on a couple of previous jobs and he liked me and the fact that I wasn't a "geek" that was buried in the depths of the server room. :) My people skills have always played a big part in new opportunities for me.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.