What made you select to work in safety?
I began out as a Linux programs administrator in the course of the .com increase. The place the place I used to be working had a number of racks of those 1U blue Cobalt RaQ home equipment, (Cobalt the model, not the programming language). These servers had a proprietary working system based mostly on Crimson Hat Linux that was all the time getting compromised. I used to be always cleansing these servers up with out understanding how they had been getting hacked. I began researching the vulnerabilities and acquired drawn into safety at that time.
I believe what actually acquired me hooked was experimenting with dsniff and capturing plain textual content credentials on the wire after discovering it on a compromised server. Everybody was utilizing FTP and Telnet again then. I cringe eager about it now.
SANS: What was your first SANS course and GIAC Certification (if relevant)?
My first SANS course was SEC504 in Mesa, Arizona with John Strand. I’ll always remember that first day. I had the police known as on me shortly after arriving on the lodge.
What occurred was I took a taxi from the airport to the lodge. The taxi driver and I had some idle dialog about why I used to be on the town and he requested in regards to the Defcon shirt I used to be sporting. I defined it was safety convention, he didn’t perceive, so I adopted up with “hacker convention”, after which he understood.
He drops me off on the lodge and I paid for the cab with a bank card and requested a textual content receipt. I test in, head to my room, drop my baggage off, after which seize a fast lunch on the lodge restaurant. As I stroll previous the foyer the cab driver chases me down telling me that I paid with a stolen bank card. I discover there’s four cops following him in the direction of me as nicely.
As we speak by way of this and I produce my ID and my bank card, the cab driver explains some girl in Oklahoma known as him, says she’s not in Arizona, and he or she didn’t authorize this cost on her card. That’s once I notice what will need to have occurred. I typo’d my very own telephone quantity once I entered for the textual content receipt! I think about the cab driver was considering… hacker… hacker’s and identification theft! That man stole that girl’s identification and is utilizing her bank card!
The officer answerable for this case known as the lady and confirmed that was the case. This made for an ungainly week as a result of the identical officers had breakfast within the lodge each morning that week. I went on to acquire the GCIH certification a couple of month after that class.
What programs do you train / creator?
I train MGT514: Safety Strategic Planning, Coverage, and Management.
Why do you train, analysis and observe info safety?
The primary cause is as a result of it’s enjoyable, it’s my ardour, and it doesn’t really feel like work. My spouse asks me how I can work on a regular basis and we get into this dialog about the way it doesn’t really feel like work. It’s intriguing, I’m all the time studying one thing new, and I get to be across the prime individuals within the trade once I’m instructing.
SANS: What suggestions are you able to present newcomers to cyber safety and protection?
Protection isn’t about one factor that you are able to do to extend safety. Protection is overlapping technical and administrative controls working collectively that will increase safety. As you might be working in the direction of that, just be sure you implement it within the context of what the enterprise is attempting to realize. I see that missing in plenty of approaches at present.
Who has influenced your info safety profession?
This can be a exhausting query to reply. Pondering again, I might say my former brother-in-law, David Weiss, now retired from the FBI, had an affect on the course I went in safety early in my profession.
Previously four years I’ve had much more individuals affect my safety profession equivalent to Frank Kim, John Strand, Tim Medin, Ed Skoudis, and Alissa Torres.
Every a type of have shared data with me that has made me higher technically and professionally. I approached plenty of them for recommendation on my first SANS homicide board additionally.
What would you like individuals to learn about you?
I need individuals to know that I get pleasure from what I do, and serving to others discover their manner in info safety. I don’t just like the gatekeeping and harassment plenty of these new to the trade expertise. I work exhausting to create an excellent atmosphere for people who I work with and attend the courses I train. I’m all the time obtainable if you would like recommendation, or steerage alongside the best way.
SANS: Favourite quotes, songs, or books?
There are such a lot of quotes to select from and it is dependent upon the circumstances. I suppose the one quote that might be my favourite is:
“The person has all the time needed to wrestle to maintain from being overwhelmed by the tribe. To be your individual man is tough enterprise. In case you strive it, you may be lonely usually, and typically frightened. However no value is simply too excessive to pay for the privilege of proudly owning your self.”
The quote is by Rudyard Kipling, however mistakenly attributed to Nietzsche.
I don’t actually have a favourite track, however my favourite band is 9 Inch Nails.
There are two books I’ve had for many of my life: The artwork of Conflict by Solar Tzu, and The E-book of 5 Rings by Miyamoto Musashi.
SANS: Inform us about stuff you get pleasure from that individuals might not anticipate.
I get pleasure from Cyber Punk paintings however want residing within the Canyonlands space of Utah. In some unspecified time in the future we’ll make that transfer from Oklahoma.
I get pleasure from understanding, martial arts, kayaking, and mountain climbing. I might say I’m not your typical “geek”, however I discover lots of people in info safety with comparable pursuits.
Joe Sullivan has over 20 years of expertise in info safety. Joe is Principal Advisor at Rural Sourcing in Oklahoma Metropolis the place he manages and develops the safety consulting companies and the groups that present them. Over his profession Joe has labored in incident response, penetration testing, programs administration, community structure, forensics, and is a personal investigator specializing in laptop crime investigations. Joe teaches MGT514: Safety Strategic Planning, Coverage, and Management.
Learn Joe’s full profile right here