Martin asked a few of us how we got into security, so here’s my story:
Just like so many 80′s kids, my fascination with computers started with WarGames (Mitchell knows about this – Tron had a lot to do with it as well). I guess that contained a little bit of foreshadowing since it was all about security, though I didn’t get the distinction back then. I just knew I wanted to do stuff like Matthew Broderick.
But as far as how I fell into security, I started in general IT like most people. When I was a senior network administrator, my group got to install a new firewall to replace an old Unix box that a propeller head had put in for us (we were beefing up our 384k connection to the Internet to a full T-1). I remember seeing the old Unix FW and being fascinated by the logs running across the screen, though I had no idea what it all meant. Anyway, I don’t remember who the firewall vendor was that we installed, but I do remember that it was NOT CheckPoint (we fought for CheckPoint, though we didn’t know why – we just knew that CheckPoint was the best, which it was back then). I got my first real glimpse at security then (I was really fascinated by NAT, if you can believe it). So I started looking at security a little closer, and I had to make the effort to do it since back then security was not baked into the network in any way.
So I changed jobs to work at my first true VAR, and the first three days I was in a NetScreen firewall class. That got me hooked on NetScreen and the idea of a hardware firewall instead of a server software firewall. I started getting more and more into designing security architectures and installing firewalls (NetScreen, CheckPoint, and PIX). Then the VAR I was working for started a partnership with Enterasys, and I got deep into their Dragon IDS product. They also had the first real production 802.1x products (as far as I know, anyway – I am open to correction there), and I was just blown away by port-level authentication. It really opened a whole new world for me, and I knew that there was real meat in security that the typical network guy could chew on. Before that I really thought security was relegated to the uber-geeks with long hair and pasty complexions in dark rooms.
So even though Enterasys ended up sucking, they had some great vision and were really pushing the envelope on baked-in security. That got me more into security, and my boss at the time really wanted the company to have a security practice. So he took me and two other guys from our Dallas office to a CISSP boot camp, and we knuckled down and passed the test after a week of brain pounding. Though the test was fairly brutal, we all passed, and that is really where I started designating myself as a security professional instead of a network guy. The rest is history.
Vet
If Matthew Broderick and War Games is what got you started in computers and security, then it was worth every penny spent making the movie. I officially take back everything bad I’ve said about War Games on my blog. (I actually liked the movie when I say it, but mostly cause I liked the girl in it. Now, enough “true confessions” and back to my stoic online persona.)