Tech Skills Matter in Security

Executed a search warrant today with our Cyber Crimes Unit (I'm in a different unit, but go out for mobile phone forensics and driving the van). House is secure and they proceed to begin the search. This typically involves finding the modem/router to get information from it. A search of the dwelling comes up with no modem/router. I walk in to assist and think back to my days as a lowly tech running coax and network cable. Find the run that comes into the house and splits off. When you look closely I realized that it split into three and not two like they had believed. Low and behold I follow it, go upstairs (as they begin to get ready to climb in the attic) and go to another bedroom. Seems there was a table (amongst some other items) piled in front of a closet. Move that stuff, open it up and there sits the modem/router (along with another computer).

Moral of the story, those tech skills you had at the beginning of your career can defintely come in handy later on when you are doing other work.

Find more posts tagged with

Comments

UnixGuy

DatabaseHead wrote: »

Follow up....

Another reason to keep at least one foot in the tech side.

When a recession hits, guess which jobs are ousted?

Not the technical ones, they are required to keep the lights on...... PM's, BA's, Techno Functional, Top heavy managers See ya!

Umm not necessarily true. Not a recession but I saw projects within Banks lose funding and as a result fire all the devs in the department because there was no project for them to develop. You'd be surprised how many places will run with half their tech staff if needs be..

UnixGuy

Mooseboost wrote: »

this was the response: "Oh yeah.. The tech mentioned there was an old Netgear router that had the same IP as the firewall. I told him he could just plug it up to the firewall so they could keep their wifi. I figured the firewall would, like, overpower the IP with its own"...

To this day, I still crack up over it. This was a pretty common trend we noticed with some of the "straight to the cyber" guys we hired. No previous IT experience but being hired because of security degrees /certifications. I've ran into the same problems with analyst who don't understand the context of alerts because they understand network protocols or how an enterprise network functions.

Knowledge is power. Don't skip the foundation or you will never have a stable house.

LOOOL!! this is hilarious

+1 for 'Cyber' guys who lack experience... I met a guy who requested the networks team to block 'www.google.com/<long url here>' to stop people from downloading something...

DatabaseHead

UnixGuy wrote: »

Umm not necessarily true. Not a recession but I saw projects within Banks lose funding and as a result fire all the devs in the department because there was no project for them to develop. You'd be surprised how many places will run with half their tech staff if needs be..

I clearly stated a recession...... (I graduated in 2000, I've been through 2 of them in the US). Not sure how long you been in IT, but programmers do more than just build new applications, most of them maintain the code and provide "support". Hence why I said keep the lights on...

You think the PM's are going to keep their jobs if there are no projects to manage?

UnixGuy

DatabaseHead wrote: »

I clearly stated a recession...... (I graduated in 2000, I've been through 2 of them in the US). Not sure how long you been in IT, but programmers do more than just build new applications, most of them maintain the code and provide "support". Hence why I said keep the lights on...

You think the PM's are going to keep their jobs if there are no projects to manage?

True, PMs & Specially BA's seem to be the first to go...I've just seen entire floors being let go / offshored that made me realise nobody is safe, but I see your point.

tedjames

Mooseboost wrote: »

I often tell this story from my engineering days to illustrate why technical skills should be coupled with security:

That's a great story! At my last job, I worked with an alleged "senior level" security analyst who always boasted about her technical expertise and tried to belittle others in the group whom she saw as inferior. One day, one of our penetration testers happened to be talking with her about one of his recent tests. He mentioned that he used cross-site scripting extensively in testing one site. She said, "Oh, we did that with hardware at my last job." I'm still looking for that XSS appliance. That must be what's inside the Hooli Box...

DatabaseHead

UnixGuy wrote: »

True, PMs & Specially BA's seem to be the first to go...I've just seen entire floors being let go / offshored that made me realise nobody is safe, but I see your point.

BTW it's hard to cover all the angles I agree, any staff especially contracting staff are at risk. Hell even when the final quarter financials are out they can be released (they being the company) can let go of staff to get their operating cost under budget.

Again just my experience, what ends up happening is the programmers end up taking on both roles. A programmer can usually take requirements and talk to business users whereas the PM's/BA's (like you mentioned and I agree with) can't develop.

PS. I am a specialized BA

. Ut oh!

BTW and sorry to bloat the thread. My mom is a developer on a government contract for over 20 years. Her team used to be ~50 people, how it's down to 6. Her boss is one of them and he is technical can resolve abends/errors and even make development changes when needed. Her previous boss, rules and policies, axed. Techno functionals were brought in and back off projects at least 10 times over a 3 year period. Most of them had become so specialized without gaining technical knowledge they were at the mercy of the contract. Pretty sad if you ask me......

I just want to be very clear if you have relevant tech skills you can safe guard yourself against long streaks of unemployment.

This goes with IT managers with no tech skills or skills that have faded away. They become expendable when the dollars aren't there.

Last point, Cap Dev stops but BAU continues on.....

the_Grinch

It is always interesting to see discussions on who fares better during an economic downturn. I've always found the difference between IT and Development is Developers tend to land on their feet faster. Obviously this is solely based upon opinion, but when friends who were in IT have gotten laid off it has always seemed to take them a bit longer to get a new job. Part of that would be pay though, as it seems developers in my area tend to have a solid salary just about equal throughout. Where as us IT people are all over the map when it comes to salaries and duties.

My dad worked with a guy who was an AS400 programmer a few decades back. The company had laid him off several months before (in a manner that would have definitely ticked me off) and he landed on his feet immediately after with a much higher salary (and running the entire department he was part of). Low and behold my dad says come with me to meet this guy. It just so happens that said company did not realize how much of the work they did still relied on the AS400 and they had a major problem which had brought them to a halt for several days. They had no option, but to contact him and see if he'd come in to assist. Paid him several hundred dollars and in speaking with him he knew what the problem was fairly quickly.

In another story of the AS400 the school district I once worked at used it for their book keeping. One day for some reason it was offline and the "tech" went up and decided to basically reboot the thing (there was apparently a procedure for taking it down as well as dealing with it going offline which he did not know). Days later the thing is still down and there was no end in sight. Ultimately the district had to search for an AS400 person and thankfully found out that the power company had a guy who worked on them everyday. He got something like $400 an hour to fix the issue. Just shows that old languages and technology will always need someone to work on them.

I do have to say as I've aged I have seen why some many companies have demanded experience before jumping into the security realm. Lots and lots of people have gone back to get Master's in Cyber Security without any technical skills. Couple that with the fact that most programs aren't hands on at all you have a recipe for disaster. I had a friend who was in executive management at an agency in my state and he told me some real horror stories about hires they were making. You have people with no technical skills (and no aptitude for them) coming into decent paying position where their expected to write reports about cyber threats who's technical knowledge ended at the mere spelling of XSS.

DatabaseHead

@ Grinch

Thanks for posting your experiences.....

Good stuff.

Adding-on.

For the life of me it makes no sense whatsoever for someone to get a masters in cyber security with 0 security experience, I just can't understand that strategy....

Sure if you parents are rich or you get the GI bill, company pays for it then do it... But don't fall for the great fallacy, that degree = jobs automatically. A lot of times you have to start at the bottom....... Just like everyone else.

LordQarlyn

I agree one should always try to keep their tech skills sharp and current, not just as a fallback, but to even to do a non technical job better. I firmly believe that a person in a non technical job has current technical skills, it gives them an edge in making decisions or planning over those without technical skills.