Over the past several years, I've discovered an abundance of interest regarding how I got started the Information Security (IS) industry. Whether it was college students seeking course advice, close friends looking to retrain into new careers, or a random cold call from Utah, I've always felt my responses lacked the compassion and detail that such important questions deserved. To remedy this shortcoming, I've kicked off this blog in order to better share my story and advice to a broader crowd. Without further adieu, here’s a first glimpse into my humble beginnings:
I started out in this industry as a bastard child of the 90's with a desperate need for dial-up internet. See back in the “long long ago”, you had three general choices for obtaining internet:
- Pay for service by the minute (by the minute FFS!)
- Have super cool parents which could afford an “unlimited” account
- Or hoard free AOL CDs like they’re rations for the zombie apocalypse
Unfortunately, I fell into the internet-by-the-minute category which meant I had to be quite creative with my bandwidth. With this limitation, I quickly found myself attracted to several grey hat areas which allowed me to stay occupied both on and offline. The most influential of these included pirating video games, designing websites, and other script kiddie activities. It was the murky world of piracy which impacted me the earliest, so I’ll save the other stories for another time.
As you can imagine, curious preteens don’t have much discretion when it comes to the source of “free” video games. Without app stores to keep me fenced into a safe marketplace, I resorted to the results from my favorite search engine and downloaded/installed everything I could find. Hacked demos? Check. Random drivers? Check. Malware? Double check. And what do you know…
Yes! To much surprise, I was quickly introduced to Microsoft’s Blue Screen of Death (BSOD). Motivated by the fear of an angry mother, I learned how to recover data, resolve run-time dependencies, diagnose kernel panics, remove registry entries, repair boot records, and — when all else failed — reinstall the operating system. Although unintentional, my downloading habits and the resulting crashes quickly prepared me for my first career in System Administration. Additionally, it briefly introduced me to the concept of malware, the possibilities of file system forensics, and the importance off reoccurring backups.
With this story in mind, I’d highly encourage anyone interested in an IT or IS career field to first leverage the opportunities you face in your day to day activities. Rather than immediately running to the Geek Squad or Genius Bar, try embracing the suck and solving your problems first. Jump on over to your search engine of choice and describe your problem; you’ll save some cash and gain valuable hands-on experience in the process. For the seasoned IT veteran, there is always room for improving efficiency when it comes to problem solving. If I would have learned to automate my file restoration or security patching process earlier, I may have had time to actually play those video games I so desperately needed.