InfoSeCon 2015 Review
Today’s blog is courtesy of Jeremy Herr, a Carolina Career College student and Network Administrator working at the Catholic Community of St. Francis of Assisi.
On the evening of orientation at Carolina Career College, we were asked, “What do you want to do when you grow up?” What a tough question to answer. What did I want to do when I grow up? I think I put down a bit of a generic answer like “Manage IT,” but really didn’t know what that meant specifically. I did believe, though, that over the next 9 months, I would find out the answer to that question at some point during the completion of the Security and Network Infrastructure Program at Carolina Career College.
One of the great things about being a student at Carolina Career College is having instructors that currently work in the IT field. I first met Robert Martin when he was my instructor for the MCSA Windows 7 course. Rob is a CISSP (Certified Information Systems Security Professional) working for Lenovo and the President of the Raleigh chapter of the ISSA (Information Systems Security Association). Rob not only taught the material well and prepared us for the certification exam, he went a step further and began to get our class introduced to Information Security. From day one, Rob stressed the importance of Information Security (and the CIA triad) in all fields of the Information Technology Industry–there are necessary applications for IT Security in everything we do as IT Professionals. This was very intriguing to me.
We had all read about the many big corporations that had been hacked, or had friends and family that had their personal information stolen. This problem is not going away, and it’s only going to get worse as the hackers get better. Talk about job “security!” It’s obvious, IT Security Professionals will continue to be in high-demand for a long time. Rob encouraged us to come to a Raleigh chapter meeting of the ISSA, and even sponsored our guest admission fee to the meeting. Our entire class attended, and a lot of us were so impressed that we joined the organization. I began to believe that this might be the area of IT I would be most interested in.
One of the events we learned about at the meeting was the annual Triangle InfoSeCon, the area’s largest Information Security conference. It was announced that for the first time, the event would be held on Raleigh’s center stage, the Greater Raleigh Convention Center, and timed perfectly with the explosive growth of interest and awareness of Information Security. The ISSA was looking for volunteers to help with various things leading up to the conference and for the organization in general. I spent the next many months assisting with contacting sponsors, drafting marketing emails soliciting for new and returning sponsorships, etc. It was a great way to get to know the “big players” in the Information Security Industry. I also signed up to volunteer on conference day.
While assisting at the Triangle InfoSeCon, I had the opportunity to watch one of the Keynote Speakers: Jason Thomas, Chief Innovation Officer at Thompson Reuters Special Services, LLC. Jason’s talk delved deeper into many of the IT Security issues facing our industry that we learned about in CompTIA Security+ and CompTIA Advanced Security Professional (CASP) certification courses. One of those issues is people. Jason explained how we can install the latest and greatest IPS, IDS, UTM, you name it, but we still can’t prevent people from clicking links. Or, no matter how much we train them to identify these threats/scams, how they will handle a Social Engineering Attack. As human beings, we are compelled to help others in need. Many Social Engineering Attacks prey on this part of our human nature. We just cannot completely control how our users will react to such an attempt.
This is a very real and very tough challenge facing our Industry. Jason also talked at length about how we as people are increasingly surrendering our privacy in exchange for convenience. He used the XBOX One as an example, and how the device stores your face to use as a convenient login. Or, how it’s always “listening” for you to say “XBOX ON,” alluding to the fact that it is also recording and analyzing everything it hears until it detects “XBOX ON.” He told the audience that outside of the US Government, Microsoft is the single largest holder of faces in the world. Immediately, I began to wonder how securely that data is stored and the implications. Pair that with other Personally Identifiable Information, the number of children that utilize these devices, and you can imagine any number of scenarios that might play out. Scary stuff. This was just one more of the many issues Jason went into that the industry is facing.
Attending the Triangle InfoSeCon solidified for me that IT Security is the career path I am most interested in. The coursework gave me the introduction and the initial interest, the ISSA furthered that interest, and the Triangle InfoSeCon solidified it for me. Being a student at Carolina Career College gave me the opportunity to learn about this great organization, become a member, and get involved. It opened up networking opportunities that could not be recreated easily. What it really did for me was afford me the opportunity to mingle with and learn from leaders in the Information Security Industry from all over the world and really see if this was what “I want to do when I grow up.”