Often mistaken for an angry and embittered former member of ZZ Top, Jack Daniel is one of the most recognized faces in the Information Security industry. In honor of his 50th birthday to, we’re posting his D-List Interview today.
Q: Tell us a little about yourself.
I’m just some old dude who hasn’t grown up and somehow ended up in security. I like to build stuff, and fix stuff. Breaking stuff is fun, too- but I find building and fixing things more fun and more satisfying. I have pretty good diagnostics and troubleshooting skills, which is pretty handy for someone who likes to fix things (dramatically improves the success ratio). I also have pretty good BS detection skills, and don’t have much fear of calling people on things. And you can always ask Google about me, but some other dude hogs all the search results for my name.
Q: How did you get interested in information security?
I got “into” Information Security the same way I got into IT, management, and many other things: it started because no one else would do it. Thing were broken and no one else would fix them. Then things were compromised and no one else would fix them or prevent a recurrence. Then, being deranged as I am, I found I enjoy the challenges of InfoSec, and *some* of the people in the field.
Q: What is your educational background (e.g. formal schooling, certifications, self-learning, etc.) and did it add value to your information security career?
I’m a college drop out. Life interfered, and besides, there’s too much to learn for me waste time in school (apologies to your current employer). Certs? utbCCNA (utb=used to be), MCSE/MCSE+I oros (oros=on really old stuff, as in NT). I have a CISSP to rub in peoples faces when needed. I generally refer to myself as a “reluctant CISSP”, a distinction I believe many CISSPs share.
I think the certs have helped at the time I got them, but I actually used the training and testing process as a way to learn, not just put letter after my name. Even at my age, my lack of a college degree is occasionally a stumbling block, but that’s life- there are always stumbling blocks.
Q: What did you want to be when you grew up? Would you rather be doing that?
I wanted to be a marine biologist, then a marine geologist, then I met some of them. So, no, I don’t think I would prefer those careers.
Q: What projects (if any) are you working on right now?
We’re remodeling the house, room by room, currently on the kitchen. Oh, you meant in InfoSec…
The most interesting things I’m working on are in the security community. I have been an active member of NAISG since the beginning, and am on the board of directors. NAISG is an approachable security group with chapters around the US and one overseas, and I’m trying to help the group and chapters grow. I am also working on building the Security B-Sides events, helping grow these alternative events and offer venues for topics which should be getting more exposure.
Q: What does NAISG offer that other security organizations don’t? Is it US-centric or can it flourish within other countries?
NAISG is open to anyone with an interest in security, and is notable for what isn’t, and what it doesn’t have, No cost, no prerequisites to participate, no “old boys club” nonsense, no need to drop zero day to join, and no sales pitches for presentations. Members range from small business admins, to students, to security professionals- and anyone else interested. NAISG has evolved from a local user group into an organization with chapters across the US and now one in Bangalore, India. I believe NAISG is a good fit where security information isn’t getting to people who need it. We also provide a framework and web infrastructure to ease chapter creation for those interested. more info is on our site at www.naisg.org.
Q: What is your favorite security conference (and why)?
That’s impossible, I go to many and like some things about all of them. I love Shmoocon, because it is Shmoocon, an ever-so-slightly grown-up hacker con. Great people. Good, balanced content. Not a small event, but not too big, and SOURCE Boston, because of the quality content, the speaker/audience ratios, the professional, yet informal feeling. And of course B-Sides events, because they open conversations and provide venues for talks and panels you will not hear anywhere else.
Q: Tell us a little more about B-Sides. How did it come to be?
After the “Thanks, but no thanks” notes went out for BlackHat USA 2009, several people expressed their disappointment, primarily on Twitter. It was suggested that there are always good talks turned down- and that it would be great to have an alternative venue for some of those talks. Idle chatter led to serious talks, and the idea became a reality. The event was great: the presentations rocked, the house had a great “intellectual frat house” feel, and a good time was had by all. There was a core group of people who were instrumental (Chris Nickerson, Mike Dahn, Travis Goodspeed, Jeff Espinoza, and more), and more people than I can count helped make it a success.
Before it was over, there were requests for more B-Sides events. There was one in Mountian View in December, and this year we have B-Sides scheduled for San Francisco, Austin, Boston, and Las Vegas this year- and there’s talk of on in Washington. DC. The goal is to have a fun and informative exchange of information, with none of the “rock star” nonsense of some events, and none of the tedium of many other security events. Details at www.securitybsides.com
Q: What do you like to do when you’re not “doing security”?
I like long walks on the beach…with my coon hound. Actually, I have several neglected hobbies, blacksmithing and wood carving are the two I would really like to spend more time on. And on the rare occasions when our schedules allow it, my wife and I enjoy traveling.
Q: What area of information security would you say is your strongest?
Network Security, shepherding the little packets where they belong, preventing them from going where they shouldn’t, and keeping them out of harm’s way.
Q: What about your weakest?
Anything involving code. Or databases. I am not a coder, and my hatred of databases in not unrequited.
Q: What advice can you give to people who want to get into the information security field?
Pull up your pants, put your hat on straight, and get a real job, kid.
Q: How can people get a hold of you (e.g. blog, twitter, etc.)