Current mood:	In the At Work-Network
Current music:	Chemical Brothers / Ice Cube - Bring The Pain

The Boring World Of Information Security
I am an IT Security Professional. Well, actually, I am a lot of things, most of which aren’t printable, but the gig that puts bread on the table is Information Technology Security. Although as of late, there's been a healthy dose of system design / project management, which in it's own right is every bit as boring and tedious as Security work.

I don’t know how I ended up doing this. I enjoyed encryption and hashing well enough in college. The University of Kentucky has a superb computer science department, nestled in the otherwise vast wasteland of proud ignorance that is central Kentucky. But I didn’t really focus on security at UK…

I guess it was in ’98 when one of the webservers I was responsible for “got 0wn3d” (owned / rooted / compromised / cracked / hacked (although we don’t really like the “h” word)) that I got into security pretty much because I had to.

Now, some 7 years later, I got all the good industry certs, the ISC2 CISSP, the Microsoft and Comptia Sec certs, and I still don’t know what I want to do when I grow up… at least for a career. IT Security isn’t a bad gig… most of the practitioners are pretty sharp, if not a bit arrogant. But it’s not like I’m immune to having a bit of snootiness from time to time… It is reassuring to know that if you ever wanted to compromise a computer, you have the ability… I guess it’s the same smugness a 2nd or 3rd degree black belt has in knowing that if he/she really wanted to, they’d whip your ass.

Still, what allotta people don’t know about Information Security is that it’s intolerably boring and monotonous. Mind-Numbing data analysis, tedious procedures, and the sheer idiocy of computer owners and administrators can often make you wonder “why am I doing this for a living?” Then you get the paycheck, and it doesn’t seem so bad. Better than digging ditches, I suppose.

Another detriment, although some would disagree and call it a perk, to the security world is the vast amounts of pornography (called pron or pr0n in the biz slang) you have to contend with. When it comes to tracking down the underbelly of the Internet, where the “script kiddies” and “black hats” lurk, the scene is guaranteed to be littered with scattered ass.

I spent I guess about 2 years at one of my old jobs, job doing nothing but tracking down pr0n fiends. You would figure if a person was getting paid around… lets say anywhere from $10/hr to upwards of $50/hr (yeah, that’s into the 6 figure range) they’d have better things to do at work than run the risk of surfin’ ass. But when I was on the Security Incident Response Team at one of Louisville’s larger employers, I -and 2 other fulltime employees- spent the bulk of our 9 or 10 hour days bustin’ out people who surfed places they shouldn’ta or since naughty pictures back & forth.

Not all of these people were into hard core pr0n, but if it was deem “sexual content” (which a lot of those Visa/Mastercard “priceless” e-mails have in prevalence) it was pr0n, and people get a week off without pay, or out-and-out fired.

That was prolly one of the worst gigs ever, really, because I don’t have anything against pornography personally, but having to look at it 8 hours a day gets a bit long in the tooth.

Actually I DO have a bit against pornography, as it doesn’t really do anything for me… if anything that particular job actually wiped away the fleeting vestiges of porn appreciation. I guess it might be a Catholic thing or who-the-hell knows-what, but I’m not really big into the whole masturbation scene, which is generally why people look at pr0n to begin with, which somehow further vilifies and denigrates someone who’d look view such material at work

But I can’t apply my own deprived neurosis on others…. I once saw a postsecret card that said something to the affect of “I can’t masturbate because it makes me think my grandmother is up in heaven looking down on me in disapproval.” That guy/gal musta had the same kinda Grandmother as my paternal grandmother. I wouldn’t want her to watch me jerk off neithers.

Once when I was like 7 or 8, I was in my paternal Grandfathers backyard playing with my Uncles Dog, Dana. My grandfather, in what I can only guess to be some predetermined genetic need, had a big garden in the far back corner of the yard, complete with vines that in the late summer / early fall produced vast quantities of sweet purple grapes. I loved those grapes… I’ve often fantasized about having my own little vineyard in my meager garden… maybe next year. But I digress. Dana Dog, a fine specimen of irish setter if ever there was one, and the smartest dog I’ve ever met (well, I was 8) would run and run and run around the yard, weaving through the grapevines, and generally having a grand ol’ time.

One day we were out in the back playing and Dad and Granddad were discussing something-or-other, and I ran smack into a wasp. I remember running under one of the horizontal guidelines that the grapes grew around, and I saw the wasp, but my momentum pushed me right into it! It bounced off my forehead and I felt it land just below my right eye, and the sum-bitch stung me, right in the lower portion of my orbital socket.

I freaked… in about 10 seconds, I could feel my eye start to swell up, and I knew I was gonna be blind forever, just because of those stupid grapes! So I run up to my Dad and GD, tell them my tale of woe, and they both stared at my sniveling ass and said, in what I remember to be surprisingly patronizing tones “go see your grandmother.” So I whimper my way to the house, and seek out her matronly wisdom for returning my sight.

By this time, my eye was swollen shut, and I was sufficiently freaked. I was a sobbing snotting mess by the time I told her what happened. She looked at my eye, and headed straight for the iodine. As she was applying it, I was still freaking out and she said, in a really harsh tone, “Stop that whimperin’ and fussin’” Tough love from a tough lady.

Hell no I don’t want her looking down on me as I beat off.

I can almost hear her muttering “Lord have mercy… I shoulda gouged out both eyes if I knew that’s what he was going to use them for!”

But I’m way off topic here.

The point being is IT Security pays well, but it’s not always what it’s cracked up to be… but then, what in this life is, eh?

If you’re looking to get into the market, I suggest don’t… you’d just be competition for me, and that’d make me have to work that much harder, and neither of us wants that.

The real money in technology for like the next 2 decades is going to be database administration (DBA.) I suggest interested students check that field out… of course, it’s just as tedious, but without the pornography, which could either be a selling point or a show-stopper.