About

Welcome to another one of my small corners of the Internet, this one dedicated to all things Infosec related. This blog is really more for me to remember things, the older I get the more I forget, but if you get some value out of it, great...

But first, why should you listen to me? Well, let me first say, you might not want. You've been warned. :-)

Since this blog is Infosec focused the first thing I'll say it that I probably shouldn't give a ton of details about me, that just wouldn't be all that operationally secure now would it? However, I'm not into hiding and nearly all of the information here can be obtained through open source intelligence (OSINT), it's not like you can't find my name easily from here.

I've been in Information Technology (IT) for 25 years now, when I started we were still "MIS" and were basically the finance department's report winches. In fact, in my first job as an operations manager I had a report runner kid. He was quite literally a kid, 18 years old, I hired him away from McDonald's to walk a cart around delivering greenbar reports. FYI, he's now a successful software developer, hopefully in part to some decent guidance from me.

I grew up around computing, my father has been in tech since the 60's, eventually starting a company that designed and built a luggable Z80/CP-M machine in the 80's. I've been playing with things like punch tapes, E(E)PROMS, 8" floppies, Winchester/ESDI disks, modems & acoustic couplers, CP/M, AT&T UNIX and other stuff since I was perhaps 7 years old. People ask what got me into tech and I say that it's essentially in my DNA from birth thanks to dad.

I left tech for a while to pursue a career as a long haired heavy metal 80's Hippie Freak Rock Star (tm), using the term "career" VERY loosely. It was amazingly fun but it was this that ultimately got me back into tech. I wanted to automate and digitally record music so I bought a 486 PC at CompUSA in the very early 90's, it was all downhill from there. I rediscovered my addiction to hacking whatever tech I could get my hands on. I immersed myself back into learning and ultimately got a "real" job for a company doing general AS/400, PC and network support work. I'm probably like many others in IT, I'd learn something new and want to exploit it to earn more, and as a result the first half of my career has a LOT of job hopping in it. I've been a manager, consultant, contractor, dot com tripper, developer, mainframe operator, firewall blame taker, network engineer, UNIX admin, backup dude, SAN slug, QA tester and even a project manager for a bit. Just about every tech in IT I've at least tried to play with, sometimes even getting paid to do it. I "settled down" in 2003, took a new job and have been there since.

So why am I writing this? Over the past 15 years at this job I've been responsible for security, I mean it's in my title, but have never had a chance to focus on it. About 2 years ago things changed at work and I'm now able to do just that: focus. Couple that with the fact that I believe Infosec must become one of the core competencies in IT which means I'm future proofing my career a bit. This blog is my journey into becoming more of a "real" Infosec person, I'm still very much re-learning many things about information security that I haven't touched in a decade.

And so the journey begins...