Main menu

User Rating: 3 / 5

Star ActiveStar ActiveStar ActiveStar InactiveStar Inactive
 

In the mid 1990s I was given by my father a 1200 Baud Migent Pocket Modem and an old Tandy 1000 computer. Around this time, I discovered BBSs, and that there was about 3-4 of them I could locally dial. It wasn't very long before I had my own BBS setup, and my parents paying for a dedicated phone line. (No more late night calls into the board). I also had one other friend that got into BBSs around the same time and it because a competition as to see who could break into the others BBS, and who could protect themselves the best. I can still remember writing BAT scripts that would launch fake dos prompts to fake my buddies out thinking they had won.


Shortly after that period, I learned of this free operating system called Linux, and you could download it over the “Internet”. Unfortunately, where I lived it was long distance to the closest Internet connection point. I can still remember going to my dad's office where they did have Internet access with a pack of 50 Three and a quarter inch floppies with the expectation of downloading the whole thing from a Sunsite mirror. If I recall correctly, the estimated time was somewhere in the days to weeks to finish, assuming all the disks were OK. There was no way my father was going to allow that. However, he did promise me to take me to the book store at The University of Toronto, where he was sure he would be able to find a CD collection, as that was the best place to look. Sure enough a few weeks later, we made the trek to Toronto and found a 4 disk set which included the Sunsite mirror and an extra CD chock full of RFC documents.

 

Soon after I ran Linux as my only operating system, I found a local dial connection to the Datapac network. This is the Canadian X.25 network interconnecting Universities, and other interesting nodes. I remember “acquiring” a list of datapac node numbers, (like phone numbers but for the network) and common user names and passwords. For the most part, I connected to libraries and other information sources allowing me to read technical texts and other boring data. I guess luckily for me, I was never ballsy enough to try anything too outlandish that could get me into real trouble.

 

During my school years I was well known both with the teachers and kids that computers were my thing. In elementary school, I was able to break into the school Lantastic network gaining access to administer functions. I don't think they were ever used to store student data or marks – but then that never actually crossed my mind. I became so good at manipulating that system, the local IT tech, and school decided not to punish me, but made me one of the few people that had true administer rights to the network so I could assist in troubleshooting and fixing issues.

 

During high school, I was also given the job to assist with troubleshooting and fixing computers. During what was suppose to be my electronics shop class (which I skipped a grade in), I was usually found in some class room or the library ripping apart a computer to fix an issue. Although, the Computer Science teacher didn't like this arrangement, the shop department recognized me as a top performer and gave me an award with a check – they told me this was the only way they could “pay” me for all the work I had done. End of my high school year, the school got a true Internet fiber connection, but the students were not suppose to be using it. I ended up getting “busted” for “hacking” when I included an Netscape OLE link in a presentation – it was the only way the computer teacher could punish me. Thinking back, It probably wasn't a good idea to constantly correct his mistakes in class.

 

Starting in around this time, my father would bring me into his office to assist in supporting the network there. I was originally trained by (IIRC) a friend of the boss who was the consultant at the time. The network was running arcnet with novel netware over IPX. I remember when It was my job to move all the machines to Ethernet, but still running netware over IP. The next evolution was adding a dedicated windows 95/98 box to run an Internet sharing application that dialed out over their PBX line on-demand so the users could access and share it when required. Next we migrated to Linux which housed samba, and email with an LDAP back end. Of course, up time was a problem for some reason so I learned how to use DRBD to create a high availability cluster. Customer grade hard drives still made this a problem, so migration to a rack server was done.

 

Give or take a few years, my high school career ended and I went to Seneca college to study Computer Programming. I decided within about a year and a half that this didn't interest me to be a real profession. Between the ever so difficult, C++ programing, and the idea that I should learn Cobol, Unix Shell scripting, and Microsoft Office – it became boring to me. But computers still held my interest.

 

Skip a few years of mindless years working for Rogers Telecom, managing a bar, and a few Internet companies into my first help desk role. It was for a company that was under contract with IBM that was under contract to a fairly large telecommunication company in the US. Here I was awarded multiple top 10% awards for my service, was a top performer and quickly gained new skill sets. One of the skill sets the local IT department liked was that I could bend the systems to do my bidding. The systems, to the point of the local IT department, were actually well locked down. However, multiple times, I was able to circumvent these locks usually giving me complete control over both the local work station, and access to files and settings on the remote citrix server. When I wasn't circumventing the protections, I was usually found writing javascript code to provide things like time clocks till my breaks, and a stop watch. Of course, I could almost always tell when the QA systems were monitoring me, so I would ensure I wrote a nice happy note to the QA analysts to make sure they were having a good day – They didn't like that.

 

After this, the world brought me to a financial institution in Canada – my entry started with my applying for an entry role in the Security Operations section. I submitted my application, did my pre-interview with the HR consultant on my birthday. A few days later, I got a call saying they were going to re-post the job opportunity at a lower grade, and I would have to re-apply. I didn't. A few weeks later I received a phone call to say they wanted me to come down to the city for an on-site interview. After a few interviews, I heard nothing back – I ended up calling the HR consultant only to find out he forgot to call me and inform me that I had the job and was to meet the heiring manager later that week to sign the paper work.

 

My task at this job was to assign, and ship RSA tokens. It was mind numbing, to the point that I ended up writing automation scripts that allowed me to input the data once, and the script entered the data into the 3-4 systems that it needed to be added too. I was top performer, and only worked half the time. (Shhh, don't tell anyone that). Of course, this lead to me running a project with 1 other staff member, and 2 contractors to assign, and ship over 30 thousand tokens in under 4 months. By the end of that project, I was snapped up by our incident response team, given a promotion, with a title that said I was an information security analyst and put in charge of implementing Qualys and the upkeep of our IDS systems.

 

My first real taste of Incident Response was with the "nihaorr1" Mass SQL injection on May 12, 2008. Being a technical person, I was given the lead on the investigation directing support personnel, and developers to identify, react, contain and correct the issue. It was at that time I fell in love with the art of IR. Since then, I have handled countless malware cases, worms such as the Hallmark "postcard" and conficker Worms, Attacks such as the pushdo fake HTTPS attack, and all kinds of forensics. Over the years, I got multiple awards and promotions directly, as well as multiple group awards for our team such as SC Magazine Info Sec Group of the year, First 27001 certification in Canada. Secondary to my role as Senior incident handler, I spent countless hours testing, breaking and recommending security products for our environment.

 

I look forward to my future every day – as every day has brought new challenges.