Inside IT Security at Brown:
John Duksta, CIS IT Security Specialist
Q: What exactly does an Information Security Specialist do?
First, there is the routine day-to-day work of managing firewall rule changes, monitoring intrusion detection systems, and periodically performing vulnerability assessments of various departments on campus. We also give security training sessions through the CIS CompEd program. Last, and definitely not least, is my favorite part of the position: consulting with other groups and departments on their security concerns. This is the part of the position that lets me give Information Security a human face for our users.
Q: What's your background (education as well as experience)? What skills and experience do you bring to your job?
My undergraduate degree is actually in physics. I did a number of my classes out of the "normal" order, so by the time I took my computer science classes and realized that I probably should have been studying CS, I had too many credits in physics to go back and change my major.
Work-wise, I've been doing IT for about 13 years. I cut my teeth in networking doing phone support for vendors. I then moved on to consulting, which is where I started doing security work. In the seven years prior to my coming on board at Brown, I was a security systems engineer for BBN/GTEI/Genuity and then for VeriSign Managed Security Services. I'm used to looking at security and systems integration from a very large perspective.
Q: What do you like most about your job?
The real work/life balance that you can have here at Brown. I've worked for too many companies where their idea of work/life balance is buying you dinner while you're expected to work 12 hour days.
Q: Looking back, how have security issues changed in the last few years? What kept you busy in 2003, for example?
The biggest change in security over the last few years has been the change in attack focus, from compromising servers via remotely accessible services (web, mail, etc), to compromising end user systems with spyware and botnets that "phone home" and can be remotely controlled. Machines that are compromised with malware generally cannot be detected by an external scan. Rather, we end up detecting them by the outbound traffic they generate. This change has also increased the number of compromised systems that we see. It used to be that you might get a couple of compromised servers a year. Now we see a dozen or more compromised desktops per month.
Q: Computing is changing so fast, especially the field of security. There's so much more at stake to steal or disrupt, and so much more motivation to do so ($$$). How do you keep current? How do you find the time to keep current?
The only way to keep current in security these days is to read a lot of online security news. I use an RSS reader to keep tabs on the fifteen or so security blogs and news sites that I track on a daily basis. If I had to go to all those site individually and sort through what is relevant to me, I'd never get any other work done.
Here's a list of John's
favorite security blogs, including links to Bleeding Snort, PaulDotCom, and TaoSecurity, so that you can subscribe to the RSS feeds of your choice.
Q: Were you always interested in computer issues? When did you have the first inkling that you might someday be an information security specialist?
Yes. From my first experience on a TRS-80 Model 1 in 1982, I was hooked on computers. My interest in security started fairly early on in my professional career while I was working with a smartcard company in Israel.
Q: What keeps you busy when you're not at work?
Working on our house, which we bought as a fixer-upper. My advise to others: unless you're completely handy at all aspects of construction, don't get a fixer-upper. They just turn into a money pit from which you will never get back your investment in time, money, blood, sweat and tears.
Q: What would be the most important piece of advice you'd offer the average user?
Two things: First, be skeptical. If something looks too good to be true, it probably is. Second, keep good backups of your data. You never know when your machine is going to be compromised and you'll have to rebuild it from scratch.