We find bad things, all sorts of things, and understand, describe and build something to help people protect themselves. It's a great job, an incredible variety of things to do every day, and no end of new problems to solve. While it's a technical job, the creativity required to solve new issues is what really inspires those in our industry.
Why did you get into IT security?
It wasn't a conscious choice but always was an interest. I was a general IT consultant for a couple of years after a stint in the military and got a job offer to move into Sprint security. Had a great mentor there, Dennis Henderson, without whom I'd have never survived.
Staying up to date technically on every technology that is in use or could be attacked. To be in security you have to be at least familiar with everything that runs on every network: applications, hardware, networking, all of it, as well as the security tools. You have to be aware of all the new attacks, new exploitation methods, and what research is out there which may be exploited. It's a job where you're paid to learn.
What keeps you up at night?
What I didn't get done the day before, the research I wanted to read, the tools I wanted to try and learn, and the new signatures we didn't get to and get published.
Of what are you most proud?
Our community project, Emerging Threats. It's a 10-year-old, community-based IDS project. It's used by an incredible number of people: 150,000 downloads each day. It exists and is so useful because of the community.
For what would you use a magic IT security wand?
To educate users. If users really understood what was happening and what the threats were, they'd be much more resistant to the attacks that prey on their lack of understanding.