Transcript Slide 1
Security Professionals: Who Are They? Loren Michael Johnson ([email protected]) @lmj_ou Goals • • • • • Inspire You to Become a S.P. Demystify I.T. Security Case Studies – Lessons Learned About Me Q/A technology for all. ONMP Goal • Official Goal: Expose Oklahoma security/networking students to the practical day-to-day life of security/networking professionals. • Hidden Secret Goal: Identify, develop and recruit talent! 3 Job Shadowing • On-Site – Schedule a time with us to see what we do! – E-mail the project leader, Henry Neeman ([email protected]) to set up a time. • Virtual – E-mail us at [email protected] – Facebook: [email protected] 4 Other Opportunities/Resources • Cisco Academy – Francis-Tuttle – OU IT internal for now • IT Internships at OU – Contact Jennifer Pike ([email protected]) • Jobs at OU – http://jobs.ou.edu • Jobs at OneNet – http://www.okhighered.org/job-opportunities/ 5 About Me • Loren Michael Johnson ([email protected]) – OU Data Analyst for the IT Security (1996-Present) • DCTS - Telecom – Network Analyst – OSU-OKC (Novell) (1995-1996) • Vax Systems Programmer (1994-1995) • Computer Operator (1992-1994) (workstudy -> fulltime) – CISSP 6 About OU • OU IT Network Services: – – – – – – – 7 Support 8000+ wireless users Support 15000+ network users Support ~25000 host devices Support ~1300 wireless access points Support ~850 security cameras Support ~1250 network switches and routers Over 200 physical and virtual servers So, what’s it like? • Is it like the movies? – Some of my favorites are Enemy of the State, The Italian Job, Law & Order: SVU – Some days it is like The Office 8 Cool stuff • Visiting Dignitaries – VP, Senators, Foreign Heads of State, Candidates • Celebrities – NPR’s Science Friday Ira Flatow – U2 Concert • IT related Cool Stuff – Syncing of Supercomputing Power 9 Network Pro’s typically… • • • • Work in a team environment Participate in projects Provide “Tier 3” support Manage – – – – – Routers Switches IP, other protocols Circuits & cable plant Specialty devices (wireless, security, voice, etc.) – Network services such as DNS, DHCP, NTP, etc. 10 Also, expect to… • • • • • Multi-task Sit in the the hot seat Be the “instant expert” on lots of topics Work nights, weekends, and other off hours Be “on call” 11 12 You’ll spend time… • Logged into network devices… – – – – Configuring Troubleshooting Testing Learning • The picture at the right is a screenshot of Cisco IOS, which is very common 13 You’ll spend time… • In meetings – Leading – Participating – Listening • It pays to develop skills – Listening – Presention – Negotiation – Conflict resolution – Whiteboarding • Solution D! 14 You’ll spend time… • Documenting the network – Static documents like Visio diagrams – Living documents like HP Openview, MRTG, DNS, etc. You’ll spend time… • Setting up new stuff – Circuits – Hardware – Software – Processes • Cleaning up old stuff – Cable management – Configurations – Processes • Know your organization’s change management process – If there isn’t one, lead the way 15 Procurement • As a network professional, you will buys things like… – Equipment – Circuits – Labor / Services • You will spend time with vendors – Product evals / design – Negotiations – Competitive bidding • Understand your company’s policies on vendor relations and avoid unethical conduct • Spend money as if it is your own – be a good steward 16 17 Management • Availability monitoring • Performance baselining • Asset management & tracking • Change management Support • Support and troubleshooting is usually URGENT! • It can also be time consuming • It is important to be both an effective and efficient – don’t waste time 18 Disposition • The network is always in transition – some new, some old • Retiring systems requires planning and commitment • Can be complicated • Make it simple for users • Minimize downtime • Be persistent – Methodical 19 Zane Grey (co-worker) technology for all. Zane Grey (co-worker) technology for all. Zane Grey (co-worker) technology for all. About OU & ME • What do I do at OU? • A Little History – Arp Cache Database – Security Incident Database – NullRoute Database • Current Projects/Initiatives – NET-REG – Training – Network/DNS tracking 23 About OU & ME 24 About OU & ME • • • • • Lead for DNS and DHCP Teams Part of the Training Team Security Incident Database Network Database(s) NET-REG 25 About OU & ME: Network • Network Database – A few hundred networks to thousands • ARP Entries – IP Address to MAC/Network Card Address – Network snapshots, history • Benefits – Movement, Tracking, Use of Devices – Forensics 26 About OU & ME: Security • Security Database: a brief history – Sticky notes (here is what I did) – Tracking in text files on a server • Automation (expect/perl/bash) – Database • • • • Team wants accounts Support/Helpdesk want to view Blocking/Unblocking Reporting – Cutting offenders off – Identified by Calling in 27 About OU & ME: NET-REG • Hundreds of Copyright complaints per week – Too much for a few operators to handle – Policy mandates education, tracking, punishment • NET-REG – McDonalds, Hotels, Starbucks • We are not Starbucks (Starbucks^10) – A few people a day VS. 1000’s on right now – Changes every day 28 About OU & ME: NET-REG • NET-REG: – Tutorial 5 Questions related to Copyright – Ownership of your machine, give it a name – Lasts a whole year (reset before Fall Semester) • Backend: – Userid -> IP Address -> MAC/Hardware Address – Fed into DHCP, DNS 29 About OU & ME: NET-REG • How It Was Done – – – – – DNS DHCP WEB SERVER (feeds DATABASE) DATABASE (feeds DHCP and DNS) Key scripts (perl/bash) ties it all together • RIAA (others) Complaint emails – 90% automated – We are still very kind (1 charged) 30 About OU and ME 31 About YOU & Your NETWORK: OPSU • rose.edu policy: http://www.rose.edu/web-standards • • • 2. Copyrighted software must only be used in accordance with its license or purchase agreement and must not be copied or altered except as permitted by law or by the software licensing agreement. ITS staff will install college-approved software on college-owned computers. Upon request, ITS staff will install personal software as long as it is licensed. · Intentional viewing of pictures of an erotic or sexual nature when such images can be viewed by others who are offended by them; and, mailing, printing, or copying obscene materials. · Knowingly running, installing, or giving to another a program or data file which could be classified as or contain a computer virus, worm, or Trojan horse. 32 Resources I Use • Magazine: Information Week, Computer World (free for those in the ‘business’) • Podcast: Cyberspeak (.libsyn.com) + isc.sans.org • Book: Getting Things Done (GTD) – Search for customized adaptations (InboxZero) • Dropbox http://db.tt/w4LH4wL • Evernote (.com) + App • GnuPG • Chat programs • Various testing devices technology for all. Strategies for Success 34 Hone Technical Skills 35 Know the OSI model DHCP-relay problem Pursue Education & Training Use certifications to motivate and validate Be Proactive • Be Proactive - act in anticipation of future problems, needs, or changes – About your tasks – About projects – About your education – About your career – About your life • Research shows a high correlation between proactivity and success • “Proactivity consistently produces better results than reactivity or inactivity.” [1] [1] Kouzes and Posner. The Leadership Challenge 4th Edition. 2007. John Wiley & Sons. 36 Put Customers First • Recognize that without customers, you don’t have a job • Make sure you leave things better than you found them • Make sure the customer is satisfied before claiming victory • Don’t cast blame on the customer • Use language your customer can understand • Make it easy for people to reach you for follow-up • Trusted advisor • Know that even what doesn’t work can be an opportunity for Learning (ITIL - Information Technology Infrastructure Library) 37 Practice Self-Responsibility • Take responsibility for yourself • Be really great at something • You are responsible for… – – – – – – 38 Staying informed Getting the job done Your successes & failures Your skill development Your career Admitting Mistakes Your Resume/Interview What I look for in a resume/interview… College degree, Experience, Certifications What I look for in a resume… (under the hood) Someone who doesn’t change jobs every 1 to 2 years (probably won’t last long) Someone who understands the “lingo” Someone who knows how to be “relevant” 39 Your Career Don’t be afraid 40 Public Speaking Project Management Security Professionals: Who Are They? Loren Michael Johnson ([email protected]) @lmj_ou