Martin asked a few of us how we got into security, so here’s my story:
Just like so many 80’s kids, my fascination with computers started with WarGames (Mitchell knows about this – Tron had a lot to do with it as well). I guess that contained a little bit of foreshadowing since it was all about security, though I didn’t get the distinction back then. I just knew I wanted to do stuff like Matthew Broderick.
But as far as how I fell into security, I started in general IT like most people. When I was a senior network administrator, my group got to install a new firewall to replace an old Unix box that a propeller head had put in for us (we were beefing up our 384k connection to the Internet to a full T-1). I remember seeing the old Unix FW and being fascinated by the logs running across the screen, though I had no idea what it all meant. Anyway, I don’t remember who the firewall vendor was that we installed, but I do remember that it was NOT CheckPoint (we fought for CheckPoint, though we didn’t know why – we just knew that CheckPoint was the best, which it was back then). I got my first real glimpse at security then (I was really fascinated by NAT, if you can believe it). So I started looking at security a little closer, and I had to make the effort to do it since back then security was not baked into the network in any way.
So I changed jobs to work at my first true VAR, and the first three days I was in a NetScreen firewall class. That got me hooked on NetScreen and the idea of a hardware firewall instead of a server software firewall. I started getting more and more into designing security architectures and installing firewalls (NetScreen, CheckPoint, and PIX). Then the VAR I was working for started a partnership with Enterasys, and I got deep into their Dragon IDS product. They also had the first real production 802.1x products (as far as I know, anyway – I am open to correction there), and I was just blown away by port-level authentication. It really opened a whole new world for me, and I knew that there was real meat in security that the typical network guy could chew on. Before that I really thought security was relegated to the uber-geeks with long hair and pasty complexions in dark rooms.
So even though Enterasys ended up sucking, they had some great vision and were really pushing the envelope on baked-in security. That got me more into security, and my boss at the time really wanted the company to have a security practice. So he took me and two other guys from our Dallas office to a CISSP boot camp, and we knuckled down and passed the test after a week of brain pounding. Though the test was fairly brutal, we all passed, and that is really where I started designating myself as a security professional instead of a network guy. The rest is history.
Vet
Douglas Schweitzer is a fellow Computerworld security blogger. Most of the time Douglas’ posts are pretty good. But I want to point out an error in his latest post.
