Hello All - Just wanted to drop by and say hi to everyone!
keatron
Member Posts: 1,213 ■■■■■■□□□□
Hello Techexams family. Just wanted to drop by and say hello and maybe encourage some of you who are just coming into this field.
I guess it was about 2003 or 2004 when I joined here or at least started to look around. I had some experience but zero certifications.
Shortly after I started studying for A+ Net+ Security+ and some of the MCSE exams using exclusively the resources on this site. And I do mean exclusively. After passing all those exams I started to focus a little more on the security certs since that was my area of expertise and practice. But just know that gaining the knowledge I gained obtaining the Microsoft certs, and Cisco certs tremendously helped me accelerate my position in the security community as I had practical knowledge and hands on with most of the technologies that existed out there. In other words I wasn't just a paper cert person, but for some technologies, I WAS A PAPER CERT PERSON FIRST, AND BASED ON THAT CERT I WAS ALLOWED TO BE IN THE POSITION TO GROW PAST JUST HAVING THE PAPER. I all caps that for a reason. It's easy for us to sit back and say to others, "if you just have the paper without the skills, it means nothing". This is 100% not true. Don't ever look at a cert that's of interest to you and say "well it's pointless for me to bother with it, because I don't have hands on". I agree, hands on AND paper together is more valuable, but this hardly means the cert alone is useless. That's only the case if you don't use it to your advantage.
I will never forget the very first forensics case I was involved in; I didn't know a ton about forensics analysis tools, but one thing I did know was how to do a Chain-Of-Custody and how to image a drive without screwing that part up. I informed the law enforcement group I was assisting of this ahead of time. But it wasn't a time sensitive case so I had time to actually dive into the Encase and FTK and master the analysis part. After all, as long as we didn't jack up the original evidence, there wasn't much we could do to mess up the case! But the key is, I had the basic certs required to at least get me looked at or in the door.
Fast forward to today; I run/own a very elite penetesting and digital forensics firm. We do work all over the world for agencies, and fortune 500 companies on a regular basis. Recently as a company we have been doing a ton of network forensics and technical incident response and breach containment. I've been on the news, in newspapers, and articles, and everything in between. My focus personally and what my role in my company has been in the last few years is R&D and acting in either an advisory role or evangelist role. If you look at the companies who are the lead vendors in the security world, , I've worked with just about all of them and continue to do so in the areas of product development, product testing and other things. If I'm not working on a pentest or a case, my typical day goes like this.
Vendor: "Hey we have this $600,000 appliance that we want you to see if you can get past with all the stuff you normally do to get past security appliances".
Me:Sure, here's my hourly rate for this R&D project (which is a way to say i get to just sit and play with cool technology and bill a crazy hourly rate for it).
Vendor:"Ok, we're sending you a NFS (not for sale) version of the appliance out today. We just emailed you a new contract for this prodcut, sign it and get it back to us"
Me: "OK, thanks again!"
Deal done.
This paragraph is the most important of everything I'll say. I attribute MOST of my early success and the door being opening to the time I spent on this site learning. And just as importantly sharing what I'd learned with others on this site. I was recently doing a lecture for about 75 Systems Engineers for a popular security appliance and one of them asked how I gained such a wide and deep knowledge base in so many areas in such a short time. After pondering that question for a moment I realized that Techexams was the pivot point, the catalyst, the initial strike of fire that would eventually light my engine and send me on to opportunities I could have never even dreamed of 10 years ago. Here's some advice to those of you trying to get to that next level.
1. Write out your goals in a excel sheet or something. What certs do you want and what job do you want to be doing. Trust me, write it out and check this off 1 at a time as you accomplish them.
2. Help other on here when you can. Don't be harsh, don't be condescending (you can even see me being guilty of this in some of my early posts on here). But don't. People are here to learn and get help. Be part of the solution. It will get you further in life.
3. Take the opportunity to learn something new every single day. And there's no better place to do that than here.
4. Remember one of my favorite quotes; "Luck is the meeting of preparation and opportunity" The more you prepare, the luckier you will eventually get. You have little control over the opportunity part, but you have 100% control over the preparation part, so own that part and do it to the 1000th degree! You'll thank me later!
5. If you go through a technical process and you don't understand it when you're finished. Seek guidance, but more importantly, do not stop. Go through it again, and again, and again, until you get it.
I hope this helps some of you. Keep studying and stay focused!
I guess it was about 2003 or 2004 when I joined here or at least started to look around. I had some experience but zero certifications.
Shortly after I started studying for A+ Net+ Security+ and some of the MCSE exams using exclusively the resources on this site. And I do mean exclusively. After passing all those exams I started to focus a little more on the security certs since that was my area of expertise and practice. But just know that gaining the knowledge I gained obtaining the Microsoft certs, and Cisco certs tremendously helped me accelerate my position in the security community as I had practical knowledge and hands on with most of the technologies that existed out there. In other words I wasn't just a paper cert person, but for some technologies, I WAS A PAPER CERT PERSON FIRST, AND BASED ON THAT CERT I WAS ALLOWED TO BE IN THE POSITION TO GROW PAST JUST HAVING THE PAPER. I all caps that for a reason. It's easy for us to sit back and say to others, "if you just have the paper without the skills, it means nothing". This is 100% not true. Don't ever look at a cert that's of interest to you and say "well it's pointless for me to bother with it, because I don't have hands on". I agree, hands on AND paper together is more valuable, but this hardly means the cert alone is useless. That's only the case if you don't use it to your advantage.
I will never forget the very first forensics case I was involved in; I didn't know a ton about forensics analysis tools, but one thing I did know was how to do a Chain-Of-Custody and how to image a drive without screwing that part up. I informed the law enforcement group I was assisting of this ahead of time. But it wasn't a time sensitive case so I had time to actually dive into the Encase and FTK and master the analysis part. After all, as long as we didn't jack up the original evidence, there wasn't much we could do to mess up the case! But the key is, I had the basic certs required to at least get me looked at or in the door.
Fast forward to today; I run/own a very elite penetesting and digital forensics firm. We do work all over the world for agencies, and fortune 500 companies on a regular basis. Recently as a company we have been doing a ton of network forensics and technical incident response and breach containment. I've been on the news, in newspapers, and articles, and everything in between. My focus personally and what my role in my company has been in the last few years is R&D and acting in either an advisory role or evangelist role. If you look at the companies who are the lead vendors in the security world, , I've worked with just about all of them and continue to do so in the areas of product development, product testing and other things. If I'm not working on a pentest or a case, my typical day goes like this.
Vendor: "Hey we have this $600,000 appliance that we want you to see if you can get past with all the stuff you normally do to get past security appliances".
Me:Sure, here's my hourly rate for this R&D project (which is a way to say i get to just sit and play with cool technology and bill a crazy hourly rate for it).
Vendor:"Ok, we're sending you a NFS (not for sale) version of the appliance out today. We just emailed you a new contract for this prodcut, sign it and get it back to us"
Me: "OK, thanks again!"
Deal done.
This paragraph is the most important of everything I'll say. I attribute MOST of my early success and the door being opening to the time I spent on this site learning. And just as importantly sharing what I'd learned with others on this site. I was recently doing a lecture for about 75 Systems Engineers for a popular security appliance and one of them asked how I gained such a wide and deep knowledge base in so many areas in such a short time. After pondering that question for a moment I realized that Techexams was the pivot point, the catalyst, the initial strike of fire that would eventually light my engine and send me on to opportunities I could have never even dreamed of 10 years ago. Here's some advice to those of you trying to get to that next level.
1. Write out your goals in a excel sheet or something. What certs do you want and what job do you want to be doing. Trust me, write it out and check this off 1 at a time as you accomplish them.
2. Help other on here when you can. Don't be harsh, don't be condescending (you can even see me being guilty of this in some of my early posts on here). But don't. People are here to learn and get help. Be part of the solution. It will get you further in life.
3. Take the opportunity to learn something new every single day. And there's no better place to do that than here.
4. Remember one of my favorite quotes; "Luck is the meeting of preparation and opportunity" The more you prepare, the luckier you will eventually get. You have little control over the opportunity part, but you have 100% control over the preparation part, so own that part and do it to the 1000th degree! You'll thank me later!
5. If you go through a technical process and you don't understand it when you're finished. Seek guidance, but more importantly, do not stop. Go through it again, and again, and again, until you get it.
I hope this helps some of you. Keep studying and stay focused!
Comments
-
doobu Member Posts: 87 ■■■□□□□□□□Pretty awesome story!
So, what would be the first step in branching out into security? CCNA or Security+? The more I look, the more.."broad/general" Security looks.
I work in healthcare, but I'm looking to branch away back into my grit, which is the financial world, and security seems so interesting. -
keatron Member Posts: 1,213 ■■■■■■□□□□If you don't have any experience yet in the areas of the worlds most deployed technologies (Microsoft, Cisco, Linux), I would say maybe nail some of those areas down first before you even look at the security stuff. I see so many people coming into this field with GSEC, CEH, CISSP etc, but have zero understanding of how the operating systems and networks they're supposed to be protecting actually work. Even if you get the security stuff first, still try and plan to go back and get these basic tangible skills as well.
-
zxbane Member Posts: 740 ■■■■□□□□□□Keatron,
Great post and I am happy to hear about the success you have found. I agree completely with what you said regarding preparation and opportunity. I've focused on the first part and in time great opportunities have come to me and I've been better prepared for them due to putting in the work and study time ahead of the time.
Hope to see you stick around and post more often since it will be interesting to hear insight from someone at the level you are now in terms of running an organization. -
abnmi Member Posts: 66 ■■■□□□□□□□Keatron, I fit what you see. I currently have both the CISSP and GSEC. That said i have never pulled cable or been a sysad. I believe you are correct though. What are your thoughts on getting the CCNA-S. I believe the system intriques me more than doing day to day AD work.
-
keatron Member Posts: 1,213 ■■■■■■□□□□Abnmi, I suggest if that's what interests you, then go for it. With the simulations available now (on this site specifically), and how much virtualization (vmware, virtualbox, etc) has matured since I first joined here, there's really no excuse these days. Even if it means that outside of work, you have to find 30 minutes or so in the day to get some hands on time with whatever you're passionate about.
-
anoeljr Member Posts: 278 ■■■□□□□□□□Thank you very much for this inspiring story and congratulations on all of your success keatron. It shows that hard work and determination will pay off in the long run. I'm glad you shared your story because it helps put things into perspective. I'm currently finishing my bachelors in IT and do desktop support, but I'd like to get into system administration and virtualization, so I'm also doing labs with Microsoft Server 2012 and VMware vSphere at home. I'll be taking a VMware training class next month at Stanley Community College. I plan to get the MCSA Windows Server 2012 and VCP5-DCV certifications within the next 6 months.
-
SephStorm Member Posts: 1,731 ■■■■■■■□□□Keatron, good to see you. Missed you from ISI. Looking forward to your new contributions.
-
Danielh22185 Member Posts: 1,195 ■■■■□□□□□□Great story and words of inspiration!
I try to live each day by this notion. Always study always be preparing. Yes, I do have my days I am just not feeling it or want a break, but that's okay. It's all about keeping the goal in mind and achieving it; then setting new goals and achieving those the same.Currently Studying: IE Stuff...kinda...for now...
My ultimate career goal: To climb to the top of the computer network industry food chain.
"Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi