Welcome to our first Defender Spotlight! In this weekly blog series, we’ll interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. Let's get down to it.
Our first defender is Jon Schipp of OpenNSM, and more recently Komand. That’s right, folks! Jon just joined on as our security architect, and we couldn’t be more thrilled.
As an accomplished security pro, Jon founded an open research and collaboration group focused on free and open source software called OpenNSM. But I'll let him speak more on his background.
Hi, Jon! Tell us about yourself and your history in security operations.
I grew up in a small town where an IT community was not present, so I tried to create one by starting user groups. I've been involved in many security related and Linux User Groups, and I've been interested in unix-like operating systems for a long time. I nailed a *nix administrator job with a security role after college. This is where I learned that understanding an operating system is essential to securing it in addition to deploying and configuring the network security monitoring tools.
I then became interested in automation and solving the problems I was facing in my work. I started dabbling in development and contributing to open source projects such as SecurityOnion, Netsniff-NG Toolkit and Bro. Later, at the National Center for Supercomputing Applications, I was helping drive security and infrastructure at scale by improving their host detection capabilities through log analysis and monitoring.
I really enjoyed the challenges of deploying software at scale and developed a greater interest building infrastructure to help support an organization's mission. I've been gravitating toward the non-technical areas of training, leadership and information sharing over the past year or so to address gaps in the technical arena.
What are you working on these days?
Right now, I'm working for a new company called Komand, who I believe has a really useful up and coming product that will change the way security teams work.
Can you talk about a moment in your career where you were proud to be working as a defender?
Years ago, I was working for a small retail company who distributed products all over the United States. One day, the company received a phone call from a very upset customer asserting that her credit card and other information were compromised, and it was our fault. The phone call was escalated to the Vice President, and I was called into the office.
Now, this was my first professional role in the information security field. I was fresh out of college and in charge of their IT infrastructure and security, which is not an uncommon occurrence in small organizations. I was admittedly very nervous, since this was the first time I was truly customer facing and the work I had been performing for the organization was under scrutiny.
Through investigation and follow up phone calls, we came to the conclusion that we were not the company from which the data was taken. I was congratulated for having the necessary tools and procedures, for performing and handling investigations and verifying certain questions and answers. Everyone loves to receive compliments for a job well done, myself included, but I found a deeper value from this experience.
It's not the policies, procedures, or the technology I want to illustrate, but the direct impact this work can have on people's lives. The customer was troubled, she didn't know what to do and I sensed it in her voice - I had spoken with her. This was a pivotal moment for me, and it helped me solidify the purpose of my work beyond completing tasks because security is important. I was proud to be a defender because I could make a meaningful difference.
What advice would you give to someone getting started in security?
Play with as many tools and technologies as you can, and contribute to open source projects. Tinker as much as you can, then write and speak to people about it. Go to small conferences, and if you're broke, crash on someone's floor. While I was in college, I worked at McDonald's part-time and didn't have a lot of money to attend conferences. I would pack tuna and sardines for my meals, carpool and crash on floors.
I met many great people that way and stayed friends with a great deal of them (big shout out to IronGeek). Check Twitter, conference forums and search for people near you. If you want to be a defender, you should also get involved with OpenNSM which provides a great platform to learn.
What roles, qualities, and skills do ideal security teams have?
Aside from technical prowess, motivation, curiosity and a developer or two.
What are some of the best industry events to attend and why?
I've always been a fan of attending small conferences because there's more intimacy, which means there's a greater chance of developing professional relationships. If you're located in the Midwest, I recommend PhreakNIC, SkyDogCon, and Notacon. Two small but great events that I often attend are SecureWV (formerly Hack3rcon) and AIDE. DerbyCon is the best mix of top notch speakers, a good crowd and ability to network with a smaller town feel.