Martin McKeay over at the Network Security Blog asks “How did you get into Security?” That is a good question. Its something that I’ve been asked and what I like to ask others in the business.
Up until recently, I’ve done security my entire adult life very reluctantly. I started off in the military as Security Policemen (now called security forces). I was a security specialist and was groomed into law enforcement. The description sounded like special forces. And even though security forces do some pretty cool stuff its NOT usually doing anything even close to what combat controllers, pararescue, Force Recon, Navy Seals and Delta Force do. Instead its like the Air Force version of infantry (when I was in we even trained with the Army infantry at Ft Dix).
I had about five years learning every aspect of physical security. I later “cross trained” into communications expecting to do some hardcore technical stuff. And I did, but while I wanted Routers I got the help desk and later pure security (firewalls, IDS, C&A packages, COMSEC, EMSEC) a little of everything. My experience in the military made it easier for me to pass the CISSP which covers a little of everything.
These days I teach certification classes and do auditing, policies, consulting as well as certification and accreditations.