Today we interview Nick Owen. I had the pleasure of meeting Nick at SecTor 2009 and he has a wealth of knowledge in areas that most people struggle in.
Q: Tell me a little about yourself.
I’m best described as a serial entrepreneur. WiKID is the fourth start-up in which I have been actively involved. For the record, I am 1-1-1, though the tie is a bit generous.
I live in Atlanta, Ga, with a beautiful wife, three lovely children, one cat, one fish, and six chickens with a frustrated (so far) hawk as a neighbor.
Q: How did you get interested in information security?
My second startup did electronic bill presentment and payment services. I was in charge of operations and thus security. I hired Caleb Sima’s group from ISS to do a pen test. I later invested in SPI Dynamics.
Q: Do you find it difficult to juggle a family AND a startup? What is the biggest sacrifice you’ve had to make as a result?
For the first two start ups, I spent a lot of time at the office. You spend a great deal of time thinking about and discussing what you need to do to succeed. You worry a great deal about things that aren’t always tremendously important, like what the competitors are doing. That also was the time when Netscape came out, Yahoo started, Java debuted, etc, so it was a very interesting time. Now, I have a pretty good idea of what our strategy is, I know what part of the market we’re targeting, etc, so I typically work from about 8-6 and rarely work on weekends. That being said, I always think about work and I worry that I’m not always “there”.
My “pay” is not always “regular”, but luckily I have a spouse who is very tolerant of this fact. I actually think this is good for my children. They are by no means spoiled :).
I have to say that it is a great time to start a company. Why? Because the economy will only get better from here. So, if you can start a company, you will be sitting pretty as the economy recovers.
Q: What is your educational background (e.g. formal schooling, certifications, self-learning, etc.) and did it add value to your information security career
I have a BA in History and an MBA, making me both ignorant and evil, which seems like a great basis for information security.
Q: Why do you think a mix of History and an MBA provides a good basis for infosec?
In all seriousness, I believe that you go to school to learn to learn, not to actually learn facts or a specific skill. History teaches you strategic thinking, trend recognition and how to write (though I seem to have forgotten the grammar part). I have over time picked up a lot of tactical information about security, giving me what I think is a well-rounded view.
I got my MBA to increase my marketability as management material, but also to round out the skills I thought I would need to be an entrepreneur. I knew I needed to be a jack-of-all-trades.
When I first started blogging, I did a number of posts on why ROI is a poor measurement, how to come up with a cost of capital for a project, etc. I realized that I had to focus on our market and I got a bit frustrated by it. I may pick that back up, but I still not sure that any information security people would actually use it.
Q: What did you want to be when you grew up? Would you rather be doing that?
I think I always wanted to be working for myself. When grown ups asked me what I wanted to be, I usually chose an inanimate object, such as a fire hydrant.
Q: What projects (if any) are you working on right now?
I would like to get some time to do some blogging, exploring some concepts around ‘best practices’ and how to measure the financial impact of information security investments.
Q: What is your favorite security conference (and why)?
I probably had the most fun at DefCon, but SecTor was great. I liked the fact they had limos pick up the speakers at the airport. I have never come off a plane to find my name being waived by someone.
Q: What do you like to do when you’re not “doing security”?
I’m on the board of my children’s school, the Waldorf School of Atlanta. I have a garden where I primarily grow tomatoes and various hot peppers, which I often use to make my own hot sauce.
Q: What area of information security would you say is your strongest?
I have written a good number of tutorials on how to integrate two-factor authentication with a bunch of different network devices and applications. If we get too far from authentication, chances are I am making it up.
Q: What advice can you give to people who want to get into the information security field?
Explore the numerous open source tools in information security, choose any that are of interest and contribute. Contributing doesn’t mean just code. It means feature requests, documentation, bugs, etc. Doing documentation is a great resume stuffer. You are essentially saying “I know how to learn to use a tool and I know how to document my work”. How valuable is that to a potential manager?
Q: How can people get a hold of you (e.g. blog, twitter, etc.)