Wednesday, July 22, 2009

31337 Spotlight: "FalconsView"

Welcome back, to the 3rd installment of the 31337 series of interviews. This time I have a real treat for you fans of InfoSec. As you probably already have figured out, it seems that in the security world, the breakers and tinker-ers get the glory... rarely do the guys who think big picture and at layer 8 get their moments to shine... well here's one guy that does just this. With a boatload of experience, a great personality and trained in the Gracie school of Jiu-Jitsu this is one guy who's got no room for random verbal droppings.

He maintains a quality blog over at www.secureconsulting.net where he's addressing the 8th Layer of the OSI Model... the interface between the real world and your systems - so now I turn it over to FalconsView...

  • @FalconsView - tell us something about yourself
Hi, my name is Ben, and I've been in this industry for 15+ years now, but have only in the past couple years started attending events and uncloaking a bit. My background is from the systems and network administration ranks, but have always been obsessed with security, right, wrong, and so on. These days I've abandoned much of the hands-on tech work to focus on fundamental issues (layer 8). When I'm not working, I'm usually reading or writing. I often feel like one big intelligence aggregation system given all that I read on a daily basis. To unplug, I like to hike, camp, travel, snowboard, practice Gracie Jiu-Jitsu, read comics (Nightwing, Batman, etc.), and just generally chill out watching movies or listening to the latest releases from a variety of artists ranging from (speed) metal to rock to folk to country to classical and then some.
  • What types of technologies do you focus your 'hacking' on (and why)?
I don't hack. I used to play with exploits back in the 90s when I was in college, but I grew bored with it. Hacking doesn't really solve problems. Don't get me wrong, it's essential to the security industry -you have to have the "breakers," but I'm not one of them. As is likely evident from most of my writing, I'm far more interested in the larger problems, which today translates directly to the Layer 8 challenge. Instead, as anyone who's read my blog can probably attest, I tend to be very abstract and philosophical. I try to make a concerted effort to focus on fundamental problems and how they might be approached. Too often it seems that we dive into solutions without properly understanding the problem space. That's ok for people who break stuff for a living, but it's not ok for people like me who are trying to turn this industry on edge in order to un-level the field of battle and change the rules of engagement in our favor. I don't like playing games that I can't win, and right now we're in a no-win situation.
  • What your most famous/proud accomplishment over the course of your career?
To date, my most proud accomplishment was completing my Masters degree at The George Washington University in Washington, DC. Specifically, two parts of that experience were really awesome for me. One was taking Intro to Cryptography from Dr. Brent Morris, formerly of the NSA (of Skipjack fame). It as my hardest class, hands down, in the entire curriculum, not the least of which because he used the grading rubric literally and strictly (no curves!), which resulted in his flunking several students unheard of in grad school). The other part was completing my thesis, in which I created a high-level model for structuring security organizations, of which I'm currently working on a second version that accounts for some of the areas I omitted or that are simply infeasible in real life.
  • What got you started in Information Security...
Superhero complex? :) No no, wait - the money! :) haha, just kidding. I got into infosec through tinkering back in the days of TIGER and COPS. I learned how to execute local exploits under UNIX, accidentally learned about DoS (old school resource exhaustion) when I accidentally wrote a rabbit (fork() can be dangerous!:). Around the same time a high school friend was misappropriating resources at the college where my Dad teaches (and where I was taking classes), trading warez back in the day, and I figured out what he was up to and turned over the fix to the sysadmin. Haven't spoken to that "friend" since then (oops), but it led to fighting viruses on floppies and all sorts of fun back in the old school "here's Trumpet Winsock for your Windows 3.11 for Workgroups" days. :) The rest, as they say, is history...
  • Tell us something that people rarely know about you?
This is probably going to sound weird and come off totally wrong, but... contrary to my writing and communication style in public (tending to be direct, witty/sarcastic, etc.), I generally strive to be open, caring, compassionate, humorous, and understanding of all people. And, for the most part, I succeed. There are obviously times when I'm not approachable, or am suffering from the doldrums, but this is hopefully a very small fraction of the time. Given a chance to get to know me, I think people would be surprised by my real life personality. It just takes time to peel the onion.
  • BONUS: What was your first computer system?

The first computer I played on was a Franklin, which was quickly replaced by an Apple II (due to the lawsuit - see http://en.wikipedia.org/wiki/Apple_Computer,_Inc._v._Franklin_Computer_Corp). That's the first platform I programmed on back in the early to mid 80s (1st grade, by my recollection). The first computer we ever had in the house was a Gateway 386SX system that I, over time, completely disassembled and reassembled many times, and it was the first platform I installed FreeBSD on (v1.1, I think?).

No comments:

Google+