I started my career in Information Security in 1984 as an Electrical Engineering student working at my University Computer Lab. We had a professor who was complaining that his IBM AIX Workstation (a Unix system) was running slow, and I was asked to look into it. What I found was a file stash hidden in a subdirectory on the workstation that a hacker had established to exchange hacked/pirated PC & Atari games across the Internet. What was slowing down the workstation was all the connections and downloads. From that moment on I was hooked and wanted to work in the Information Security field, but the closest I could get to a degree at my University was the newly established Computer Science degree. It had just been repurposed from the “Electrical Engineering / Computer Emphasis” degree. I switched and the rest is history.
Fast forward 30 years. I’ve worked in the field of Information Security as:
- an employee for a number of Fortune 500 companies
- a Contractor and a self-employed Consultant
- an Analyst clearing intrusion incident/alert queues
- an Architect designing Information Security systems and processes
- an Internal Auditor insuring compliance with government and private standards
- an Investigator performing Computer Forensics
I worked to position myself as someone who can discuss Risk and Cost Justifications with upper management and also talk very technical details with Engineers and Architects. Throughout my career, I’ve enjoyed the day-to-day development and process of my field but what I’ve most enjoyed is taking the time to train and mentor other people in my field. I’ve delivered Information Security presentations at several local, regional, and national conferences. And this brings us to the purpose of this website: I hope to be able to provide information and training through this website about the Information Security field and its various disciplines.
I’m sure I’ll enjoy this extension of my career as much as I have the last 30 years of my day job.