Today we interview another friend, that I’ve known for quite some time, Kevin Riggins.
Q: Tell us a little about yourself.
I am a husband, a son and the proud father of our furchild, an 8 year old Corgi 🙂 I am an avid science fiction reader and love tinkering with computers and electronic gadgetry.
Professionally, I am a Senior Information Security Analyst with a Fortune 500 financial services company. I lead and manage a team of five analysts who are responsible for providing internal information security consulting services and tasked with performing risk assessments for the different business units that make up the company.
I have a blog called Infosec Ramblings where I write about information security topics.
Q: How did you get interested in information security?
I have worked in an extremely broad range of disciplines in information technology over the years. This includes help desk, workstation management, server management, UNIX administration, etc… About 10 years ago, I started becoming very interested in how easy it was for people to get access to information that they weren’t necessarily supposed to have access to. I was able to talk my employer into sending my to my first SANS conference where I went through the Security Essentials course. I came away from that experience knowing that this was the path I wanted to take.
Q: What is your educational background (e.g. formal schooling, certifications, self-learning, etc.) and did it add value to your information security career?
I am a college dropout. Actually, I do have my Bachelor’s degree, a BA in Computer Science, but I did not get it until I was an adult. I decided during my youth that I would rather work than continue to go to college. I don’t regret that decision, but I am also very glad that I went back to school as an adult and finished what I started. I have had more certifications than you can shake a stick at, but the only two that I keep current at the moment are my CISSP and my CCNA.
As far helping my career is concerned, college helped me learn how to think better. The actual information wasn’t as important as the process of learning. Regarding certifications, you see quite a bit of disparagement aimed at the CISSP and those who have the cert. For me, getting my CISSP was a very valuable experience. I spent a significant amount of time self-studying for the exam and I think that really helped me broaden my perspective when it comes to information security. Does that mean I think the CISSP indicates I am some sort of expert? Not at all. Like any certification, the experience of the individual who has those letters behind his name is much more important than said letters. I also self-studied for my CCNA. I think the fact that I have one “management” cert and one “technical” cert helps show that I am not one dimensional.
It also keeps the network folk from trying to pull the wool over my eyes 🙂
Q: What did you want to be when you grew up? Would you rather be doing that?
I honestly can’t say what I wanted to be when I grew up. That pretty much extended all the way into my first stab at college. I started out in Electrical Engineering, switched to Computer Science, then Accounting, then Petroleum Land Management, and so on, and so until I finally landed in Electronic and Computer Technology and then quit. I got a job based on the last one and the rest is history.
Q: What projects (if any) are you working on right now?
You recently published Michael’s interview where he mentioned a mentoring project that will be coming to the Security Catalyst Community. I am working with him on that project and really looking forward to what we can accomplish with the help of the great community that exists there.
Q: What is your favorite security conference (and why)?
Any that I can get to 🙂 I really enjoy Defcon and have had fun at RSA Europe the last couple of years. Defcon is great for keeping up with the newest things that are happening in Infosec. Not necessarily via the presentations, but via the great hallway track. RSA Europe is fun because I get to meet up with a lot of my European friends.
Q: What do you like to do when you’re not “doing security”?
“Doing security” tends to bleed over into my non-work life, but beyond spending time with my wife and puppy dog, I am an avid amateur photographer. My flickr page is listed below. I don’t get things up there as often as I’d like, but I really enjoy taking pictures. I have recently taken up piano again. I am focusing on Jazz piano right now and have fun. As I indicated above, I love reading science fiction and I also enjoy singing in choir at my church.
Q: What area of information security would you say is your strongest?
I have a broad background to draw from and, as such, I would say I am strongest at being able to have a good grasp of what affects a project from a security perspective, a business perspective and an information technology perspective. This allows me to effectively communicate with all the people involved in the efforts that we have to assess and consult on.
Q: What about your weakest?
Admit weakness? In a public forum? Pshaw. Just kidding. I am not as technically proficient as I used to be. I still have a lab at home and still keep my fingers in, but my day-to-day duties don’t call for the level of technical hands-on ability that I used to have.
Q: What advice can you give to people who want to get into the information security field?
Take a hard look at yourself and decide if you are ready for the stresses that a career in information security will put on you. You are contemplating getting into a field where you can never quit learning. Our field is an ever changing one and keeping up takes a significant commitment. It is also a field where you may be faced with having to influence people to make decisions that they might not want to make. In other words, you are often going to be causing others some stress which can make them not happy with you. You have to be okay with that.
It’s been said by others already, but I will repeat it. Find a mentor. Preferably one that has been around for a bit. The value of having someone to bounce ideas off of and who has been through the trenches cannot be stressed enough.
Q: What suggestions would you have for technical people who want to move into a supervisory or management role?
I am going to answer this question assuming that the individual has done their research and truly thinks they want to become a supervisor or manager. What to do? Tell somebody in your current organization. It is easier to move into a supervisory or management role with your current employer than it is to find a new job without having some management experience. You can often ease into it by managing this project or supervising that process while still staying technical. This is great for figuring out if you truly do want to make such a move.
Q: How can people get a hold of you (e.g. blog, twitter, etc.)