How do you describe your job to average people?
If you look at the internet as a bunch of factories supplying storefronts with products, I am both the maintenance mechanic that keeps the factories machinery running smoothly, and the security guard that keeps the bad guys out.
Why did you get into IT security?
I don't think I “got into” security, I was always there. From my early days as a C coder, then a systems administrator, my thoughts were constantly on exploitation of vulnerabilities. I have this odd fascination by the bad guys' obsession with taking over unprotected networks, and how I can prevent it from happening.
What was one of your biggest challenges?
“Twitter Management.” In a previous life, we had this fantastic project manager, who would spend a lot of time working with me to create project timelines and milestones that made sense. I loved working with this guy. My manager would pop into the bullpen, and find whichever of my team were less likely to say no to a manager, and tell them “It would be cool if…”, and then some 140 character or less commandment. It happened so much, we found ourselves telling the PM we had to move dates on actual projects.
What keeps you up at night?
This is a literal question for me. Legacy infrastructure that was built with no thoughts on scale or sustainability drives me bonkers. The body wants to sleep, but the brains wants to solve the problem.
Of what are you most proud?
I would say, having forked OpenBSD into ekkoBSD, and landing myself on the Unix timeline in perpetuity. That was pretty cool.
For what would you use a magic IT security wand?
All monitoring systems would be proactive and come with built-in remediation steps. You would get an alert that said “Your production database is beginning to show signs of failure. Go do these things to fix it, before this becomes a problem.”