Security Professionals: Who Are They? Loren Michael Johnson ([email protected])[email protected] @lmj_ou.
Dec 25, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Goals
• Inspire You to Become a S.P.• Demystify I.T. Security• Case Studies – Lessons Learned• About Me• Q/A
technology for all.
ONMP Goal• Official Goal: Expose Oklahoma
security/networking students to the practical day-to-day life of security/networking professionals.
• Hidden Secret Goal: Identify, develop and recruit talent!
3
Job Shadowing
• On-Site– Schedule a time with us to see what we do!– E-mail the project leader, Henry Neeman
([email protected]) to set up a time.
• Virtual– E-mail us at [email protected]– Facebook: [email protected]
4
Other Opportunities/Resources
• Cisco Academy– Francis-Tuttle– OU IT internal for now
• IT Internships at OU– Contact Jennifer Pike ([email protected])
• Jobs at OU– http://jobs.ou.edu
• Jobs at OneNet– http://www.okhighered.org/job-opportunities/
5
About Me
• Loren Michael Johnson ([email protected]) -– OU Data Analyst for the IT Security (1996-Present)
• DCTS - Telecom – Network Analyst
– OSU-OKC (Novell) (1995-1996)• Vax Systems Programmer (1994-1995)• Computer Operator (1992-1994) (workstudy -> fulltime)
– CISSP
6
About OU
• OU IT Network Services:– Support 8000+ wireless users– Support 15000+ network users– Support ~25000 host devices– Support ~1300 wireless access points– Support ~850 security cameras– Support ~1250 network switches and routers– Over 200 physical and virtual servers
7
So, what’s it like?
• Is it like the movies?– Some of my favorites are Enemy of the State, The
Italian Job, Law & Order: SVU– Some days it is like The Office
8
Cool stuff
• Visiting Dignitaries– VP, Senators, Foreign Heads of State, Candidates
• Celebrities– NPR’s Science Friday Ira Flatow– U2 Concert
• IT related Cool Stuff– Syncing of Supercomputing Power
9
Network Pro’s typically…
• Work in a team environment• Participate in projects• Provide “Tier 3” support• Manage -
– Routers– Switches– IP, other protocols– Circuits & cable plant– Specialty devices (wireless, security, voice, etc.)
– Network services such as DNS, DHCP, NTP, etc.
10
Also, expect to…
• Multi-task• Sit in the the hot seat• Be the “instant expert” on lots of topics• Work nights, weekends, and other off hours• Be “on call”
11
You’ll spend time…• Logged into network
devices…– Configuring– Troubleshooting– Testing– Learning
• The picture at the right is a screenshot of Cisco IOS, which is very common
12
You’ll spend time…• In meetings
– Leading
– Participating
– Listening
• It pays to develop skills
– Listening
– Presention
– Negotiation
– Conflict resolution
– Whiteboarding
• Solution D!
13
You’ll spend time…• Documenting the
network– Static documents like
Visio diagrams– Living documents like
HP Openview, MRTG, DNS, etc.
14
You’ll spend time…
• Setting up new stuff– Circuits– Hardware– Software– Processes
• Cleaning up old stuff– Cable management– Configurations– Processes
• Know your organization’s change management process– If there isn’t one, lead the way
15
Procurement• As a network professional, you will buys things like…
– Equipment– Circuits– Labor / Services
• You will spend time with vendors– Product evals / design– Negotiations– Competitive bidding
• Understand your company’s policies on vendor relations and avoid unethical conduct
• Spend money as if it is your own – be a good steward
16
Management• Availability
monitoring• Performance
baselining• Asset management
& tracking• Change
management
17
Support
• Support and troubleshooting is usually URGENT!• It can also be time consuming• It is important to be both an effective and efficient – don’t
waste time
18
Disposition
• The network is always in transition – some new, some old
• Retiring systems requires planning and commitment
• Can be complicated• Make it simple for users• Minimize downtime• Be persistent
– Methodical
19
Zane Grey (co-worker)
technology for all.
Zane Grey (co-worker)
technology for all.
Zane Grey (co-worker)
technology for all.
About OU & ME
• What do I do at OU?• A Little History
– Arp Cache Database– Security Incident Database– NullRoute Database
• Current Projects/Initiatives– NET-REG– Training– Network/DNS tracking
23
About OU & ME
24
About OU & ME
• Lead for DNS and DHCP Teams• Part of the Training Team• Security Incident Database• Network Database(s)• NET-REG
25
About OU & ME: Network
• Network Database– A few hundred networks to thousands
• ARP Entries– IP Address to MAC/Network Card Address– Network snapshots, history
• Benefits– Movement, Tracking, Use of Devices– Forensics
26
About OU & ME: Security
• Security Database: a brief history– Sticky notes (here is what I did)– Tracking in text files on a server
• Automation (expect/perl/bash)
– Database• Team wants accounts• Support/Helpdesk want to view• Blocking/Unblocking• Reporting
– Cutting offenders off – Identified by Calling in
27
About OU & ME: NET-REG
• Hundreds of Copyright complaints per week– Too much for a few operators to handle– Policy mandates education, tracking, punishment
• NET-REG– McDonalds, Hotels, Starbucks
• We are not Starbucks (Starbucks^10)– A few people a day VS. 1000’s on right now– Changes every day
28
About OU & ME: NET-REG
• NET-REG:– Tutorial 5 Questions related to Copyright– Ownership of your machine, give it a name– Lasts a whole year (reset before Fall Semester)
• Backend:– Userid -> IP Address -> MAC/Hardware Address– Fed into DHCP, DNS
29
About OU & ME: NET-REG
• How It Was Done– DNS– DHCP– WEB SERVER (feeds DATABASE)– DATABASE (feeds DHCP and DNS)– Key scripts (perl/bash) ties it all together
• RIAA (others) Complaint emails– 90% automated– We are still very kind (1 charged)
30
About OU and ME
31
About YOU & Your NETWORK: OPSU
• rose.edu policy: http://www.rose.edu/web-standards
• 2. Copyrighted software must only be used in accordance with its license or purchase agreement and must not be copied or altered except as permitted by law or by the software licensing agreement. ITS staff will install college-approved software on college-owned computers. Upon request, ITS staff will install personal software as long as it is licensed.
• · Intentional viewing of pictures of an erotic or sexual nature when such images can be viewed by others who are offended by them; and, mailing, printing, or copying obscene materials.
• · Knowingly running, installing, or giving to another a program or data file which could be classified as or contain a computer virus, worm, or Trojan horse.
32
Resources I Use
• Magazine: Information Week, Computer World (free for those in the ‘business’)
• Podcast: Cyberspeak (.libsyn.com) + isc.sans.org• Book: Getting Things Done (GTD) – Search for
customized adaptations (InboxZero)• Dropbox http://db.tt/w4LH4wL• Evernote (.com) + App• GnuPG• Chat programs
• Various testing devices
technology for all.
Strategies for Success
34
Hone Technical Skills
35
Know the OSI model DHCP-relay problem
Pursue Education & Training Use certifications to motivate and validate
Be Proactive• Be Proactive - act in anticipation of future problems, needs, or
changes – About your tasks– About projects– About your education– About your career– About your life
• Research shows a high correlation between proactivity and success• “Proactivity consistently produces better results than reactivity or
inactivity.” [1]
[1] Kouzes and Posner. The Leadership Challenge 4th Edition. 2007. John Wiley & Sons.
•
36
Put Customers First
• Recognize that without customers, you don’t have a job
• Make sure you leave things better than you found them
• Make sure the customer is satisfied before claiming victory
• Don’t cast blame on the customer
• Use language your customer can understand
• Make it easy for people to reach you for follow-up
• Trusted advisor
• Know that even what doesn’t work can be an opportunity for Learning (ITIL - Information Technology Infrastructure Library)
37
Practice Self-Responsibility
• Take responsibility for yourself• Be really great at something• You are responsible for…
– Staying informed– Getting the job done– Your successes & failures– Your skill development– Your career– Admitting Mistakes
38
Your Resume/Interview
39
What I look for in a resume/interview… College degree, Experience, Certifications
What I look for in a resume… (under the hood) Someone who doesn’t change jobs every 1
to 2 years (probably won’t last long) Someone who understands the “lingo” Someone who knows how to be “relevant”
Your Career
40
Don’t be afraid Public Speaking Project Management
Related Documents
