In my first post I detailed the choices that led me from my original plan of being a history teacher, to dropping out of my computer science program, to starting my first help desk job. In my second post I mentioned how I climbed from my first help desk job, to working at Nortel, and the subsequent layoff that followed.
Nothing makes you feel as horrible as being layed off from a job. You end up blaming the company at first and then you turn the anger to yourself. At the time of my layoff, the job market in Ottawa was horrible so I had plenty of time to think all of this over as my house was being built. My soon-to-be wife and I lived with my parents for 3 months and her parents for 3 months as we gave up our apartment to save money during construction.
During this time I must have applied to at least 500 different jobs in various locations in Canada, the United States, Europe, and Australia. No one wanted me. The problem with being layed off by Nortel is that, typically, you’re not the only person. In fact I was one of a few thousand people layed off, all looking for the same (any) job.
While at my soon-to-be in law’s I received a call from a company who was contracted, by Nokia, to find some people to work front line firewall and network support. I jumped at the opportunity and within a week I was working as a contractor at Nokia. Since I had very little security experience there was a steep learning curve but Nokia provided exceptional training for both Nokia IPSO (the routing platform), Nokia IP Series appliances (their hardware), and Check Point VPN-1/Firewall-1 (the bundled firewall package).
While working at Nokia I made a point of learning everything I could about the products I supported. I also ensured that I obtained the certifications for the training I received in order to make myself stand out from the rest of my coworkers. Within 8 months, a record at the time I might add, I was hired full time by Nokia. Even thought I was hired into the job I made sure not to stop learning. I felt my routing and switching knowledge was weak so I paid, out of pocket, for a CCNA prep-course, and subsequent exam. Customers were calling in having problems with their Cisco to Check Point VPN’s, so I bought a books on Cisco PIX and Cisco VPN Concentrators and learned how to troubleshoot VPN related issues.
By this time I was hooked on security. At first I tried to read as much as I could on security topics to make me better at my job. The more I read the more I realized that I was genuinely interested in all facets of security, even those that didn’t relate directly to my current role. I started teaching a CompTIA Security+ prep-course, based on my own course content, through a local business to give back to the community. The funny thing was that most of my students were current Taima, now Convergys, employees looking to get ahead just as I had done.
I also started doing some consulting on the side for Cisco and Check Point issues. This helped me learn quite a bit about working with government organizations and subcontracting through other, larger consultancy firms. In 2004, after speaking with two friends at Nokia, we decided to form a business to help add credibility to our consultant engagements and help limit the taxes that could be taken from us. This is how Koteas Corporation was formed. Even though we didn’t, and still don’t, perform a large volume of work due to our full-time jobs, our customers have returned to us when they need help or advice.
At this time in my life I was looking for change. Nokia had become stagnant and there was little room for career advancement. Koteas Corporation didn’t have enough volume to support a full-time employee. I….was in a rut.
In February of 2005 I received a call from a recruiter in Fredericton, New Brunswick. A start-up called Q1 Labs was looking for a 3rd level support person to help support their network security management product, QRadar. They offered to fly me down for an interview to see if I was a fit for the organization. I spoke it over with my wife and I agreed to come down for an interview. The interview process was grueling. I was there for 8 hours and met with the heads of every department (Support, Engineering, and QA), the CTO, the CTA, and the VP of Engineering. I had never worked for a startup before but every person I talked to was so excited about the product and their jobs. This was quite a switch for me coming from such large multi-national corporations as Nortel and Nokia. I was instantly hooked and wanted to work there. After a couple of followup phone interviews with the COO and the CEO I received my package in the mail. My manager at Nokia was happy for me and understood why I wanted a change so we parted on very good terms and still keep in touch to this day.
When I arrived at Q1 I started working immediately. Not only was I supporting our customers but I was also supporting evaluation customers and our Sales Engineers in the field. I also had the opportunity to travel to customer sites to provide installation, configuration, and training services. During this time I wanted to make sure I kept learning so I invested in the SANS Intrusion Detection In-Depth self-study and the GCIA Incident Handling certification. This course was one of the best courses I’ve even taken and taught me so much about packet analysis and intrusion detection. While in support I also had the opportunity to go to a Building Scalable Cisco Internetworks class which taught me quite a bit about high level routing.
In 2006 I became the primary trainer for QRadar. I loved going from site to site providing the week long training course on our product. Also, because of my past experiences at Nokia and Koteas, I was able to relate sections of the course to customer needs and situations. At this time I also decided to pay for another SANS course. This time I took the Hacker Techniques, Exploits & Incident Handling course and subsequent GCIA Incident Handler certification (GCIH). Upon completion of my exam I received an email inviting me to join the SANS institute as a Stay Sharp trainer and Local Mentor for my area based on the score I achieved on the exam. I happily accepted!
In late 2006 I was rewarded with a promotion to lead a team of software developers whose main responsibility was integrating 3rd party event and vulnerability data into QRadar. Ironic isn’t it? The guy who dropped out of college because he didn’t like programming was now leading a team of software developers.
The story doesn’t end here as I am still happily working for Q1 Labs, still leading the same team (loving it!), still working on expanding Koteas, starting to be a technical reviewer for security related publications, starting to work more with the SANS institute, still studying and learning all I can, contributing back to the security community in forums and articles, blogging (of course you knew that already), starting to present at conferences, and starting to get my name recognized in the security industry. I hope you have enjoyed this three part series and if you have any questions/comments/concerns or just want to drop a note then please feel free to email me at andrewsmhay [at] gmail.com.
Thanks for reading!