I have been in the IT industry for over 16 years officially and a year prior to that unofficially. I started off building systems with friends and learning about them. I was a late comer to the PC craze. It wasn’t until 1995 that I started playing around with computers. My first system was an 8088 (I can’t remember who made it) and it had two 5 1/4″ drives, one 3 1/2″ drive, no hard drive and a 3 meg memory card. I ran DOS 3.1 (I think) off a floppy disk and had a few programs such as Lotus123 and a word processing app. I played around with that for a while and then finally moved up to a P1 90meg system and windows 95. Thankfully it has gone up hill since then.
I stared in the trenches installing Telephone Banking IVR systems. I moved into Customer Support and lead the upgrade process during Y2K for about 400 banks. Those days our systems ran OS/2 3.x and I had a Windows desktop for email and some office apps. Most of the networks we worked with ran Novell or were AS/400′s with dumb terminals.
My next move was when a Financial Services Holding Company decided to take a chance on me and hired me to be the Network Admin for one of their banks. I knew almost nothing about Windows NT domains nor Exchange (we used Lotus Domino at my previous company). It was here where I also was introduced to Routing, switching and true networking. It was then that I started to understand why I needed to know and understand the OSI model that I had to learn while studying to be a Novel CNE. I then advanced to become the Admin for the entire company network and their security administrator. I kind of fell into this position because I had taken an interest in security and mentioned it to my boss. He then decided to help me in this direction and got me some training and experience.
Every move that I’ve made has served to increase my knowledge in how to secure data and has served to allow me to grow as a security professional and as a person. Recently I have made a change from focusing primarily on network and infrastructure security to application security. I am the chapter leader for the local OWASP chapter and am learning more and more about the importance of AppSec.