Subscribe to RSS Add to Technorati Faves Digg This Page Send to Stumble Upon Bookmark on Delicious

Information Security - Not Just a Job it's an Adventure!

posted by Brian Willis on June 08, 2007

Hello! As this is my first blog (ever), I would like to take the opportunity to introduce myself and give you an idea of the topics I hope to cover in coming entries.

So, without futher ado — My name is Brian Willis and I have spent the last 15 or so years in the Information Security (IS) field. I am a career IS guy - a ‘lifer’. I chose this field as my career (no, I was not dropped on my head as a child) As a flegling Systems Analyst with a Fortune 500 company, I realized that I enjoyed the challenges of breaking into and then subsequently patching systems and networks.

I had always been the kind of person that found the security systems at museums more interesting that the displays (where are the cameras? motions detectors?). This curiosity extended into the virtual world - copy protection, passwords, logging, transaction security — these were puzzles to figure out and bypass. Fortunately, I had managers gave my natural curiosity into a positive avenue of escape by assigning me ‘ethical hacking’-type projects. I was hooked.

The road hasn’t been smooth though. I was told by more than one well meaning manager and peer that security was a ‘dead end’ field. In the early days, there was very little in the way of books, classes, certifications, etc. Most security-related organizations and training material focused on its bricks and mortar aspects. Although I found this frustrating, I reasoned that if I was going to spend 50+ hours a week doing something it should be something I found interesting and challenging — something I could be passionate about. For me, Security wasn’t just a job, it was a hobby — with pay. I have not regretted making security my career and feel fortunate (to borrow from Robert Frost) to have made my vocation and avocation the same.

Over the years I have seen the field evolve from a ‘hobby’ of a relative few to a full-fledged disclipline. I have seen the world change from one where one never heard of computer security issues to one where one hears about computer security-related incidents daily on the radio, in the newspaper and on television. As for my career,as the songs goes - it has been a long and winding road. Along the way, I have been privileged to work in a variety of roles in IS — pen tester,technical investigator, risk analyst, programmer, and manager. I have also been fortunate to have worked on security issues at the state and local, national and international level. In my current role at Intel, I work on strategic and tactical cyber threat analysis as well working with external organizations and host goverments on security-related legislation, regulation and standards.

I hope to use this blog to have a dialogue (not a monologue, I really want your feedback!) on a broad range IT-related security issues and opportunities. I plan on sharing how Intel is addressing some of the current security hot issues and touch on what the future may hold from a security standpoint.

Feel free to drop me a note if there are specific areas of interest you would like discussed.

  • brian

Comments (5)
del.icio.us StumbleUpon Digg It
tagged: , , , , ,

Comments

Jun 08  |  Mirko Zorz said:

Hello Brian! I must say that I’m pleasantly surprised to see a security blogger get a place in this valuable list of Intel bloggers.

What I’d like to read about are details on the challenges you face at your current job, mainly related to cyber threat analysis.

Jun 10  |  Ajit Matthew said:

Hi Brian

Great start to your blog. I look forward to reading more. Do ping us when you have updated the blog

Jun 11  |  Joe Godlewski said:

Hi Brian. I’m in the IT Security field as well, though I am newer to it than you. I fill a dual-hatted role as IT and IA Analyst and am constantly looking for ways to improve our processes in the DITSCAP/DIACAP arena. One of the biggest problems I have is with getting our security personnel to update their documents as needed instead of waiting until the last minute. To this end, I’m looking at using Mediawiki where each asset would have its own entry. This makes it easy for the lowest level in the chain could update the documents and everyone interested would be notified of the updates. The problem is that I need to be able to capture the current state annually for re-accreditation. Check out my blog at http://wiki-beast.blogspot.com/. I’d appreciate your insight.

Jun 28  |  Mark Tu said:

Good artical ! I hope I can see more information security artical about the data encryption.

Apr 18  |  Christopher Mendes said:

Hi Brian, I too am from the Security Analysis background and I fully agree with you with the rapidly changing security threats that keep hovering around us. I was keeping a close watch on the botnet pandemic that is currently attacking financial and social institutions.

I look forward to read more on how we can take on this challenge and wrench out the venom from the BOT-fangs.

Post Your Comment




Comment Policy: We welcome your comments, however all comments are moderated. Offensive, off-topic or fraudulent comments will be deleted and not displayed. By submitting a comment to an Intel Blog, you agree to our legal information and privacy policy terms, including having your name displayed with your comment and that you are 13 years old or older. Your name and personal information will not be used for any other purpose, and your e-mail address will not be published.

Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, and do not necessarily reflect the views of Intel. All Intel names and trademarks are the property of Intel Corporation or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.