[Owasp-alabama] Alabama VP

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Tue Mar 2 11:14:26 EST 2010


On Feb 24, 2010, at 4:41 PM, owasp-alabama at lists.owasp.org wrote:

> Dan, can you share some information about yourself?
>  
> What are your hobbies, how long you have been involved in security and what are you currently involved with as well as where you see yourself going in your information security career?
> :)
> 

David,
Good questions ... 

How long have I been involved in security?
I have been involved on and off since around 97/98. 
Many things have changed a great deal since then , but many things haven't changed. 

My initial goal when I began , was to be a good system administrator and learn as much as I could about security, because I thought it was really interesting (and I didn't want to get owned).  Moving deeper into system administration (Networking, enterprise administration, etc) I felt it was a good place to learn as much about as many systems as possible with the hopes to be a penetration tester someday. At the time the L0pht and Secure Computer were really the only big pentesting shops and to join the ranks of those guys required more skill than I had at that time, so I settled with exploring what I could with the aspiration of continued education in all of this. 

Along the way I had the privilege of meeting many people which helped me a great deal in learning new things (and I still do today), as well as being partners in the pursuit of knowledge. 
As things progressed in the industry; as well as skill wise , I could start to offer penetration testing and brief reviews of the security of systems. I guess after 2001 things really started to heat up as network security awareness really took off in regards to perimeter security (firewalls) as well as IDS, which I had messed with but quickly threw myself into on an enterprise level. These two ventures from a job perspective also fueled the pursuit of taking on honeynet challenges and learning to deal with incident response and eventually digital forensics.

Still as time moved on I had been working for a corporation, working in a security team focusing on more penetration testing, risk assessments, web application security and general breakage of applications and or systems, as well as  forensic reviews/investigations. Working within a large corporation for 5 years helped many things that I honestly can't say I would have picked up without people pounding me about reporting, proper non-geek self expression, etc etc. 

Since I left the .corp world , I have ventured into providing consulting on a full time basis which has also been an adventure and once again I have had the privilege to work with many great individuals and companies, still learning new things. 

I guess its safe to say I have had a good amount of exposure to things in an organic way to give different perspectives on things from an enterprise level, application level, incident response as well as a business perspective. 

What am I currently involved with?
In regards to community involvement for information security,..., for the past nine years I have been quietly involved with the local Infragard chapter, and mixed in some involvement with ISSA. I have also started a small ad-hoc security professionals gathering for the birmingham area known as BHSec which offers security professionals a way to meet, greet and present and share information and ideas where  the formality of powerpoint presentations and a corporate meeting place is discouraged. (Eg. We meet at Starbucks). 

On and off, over the years many friends who are apart or have contributed to defcon and blackhat have formed a somewhat unorganized group where we share information and try to act as a iron-sharpening iron type guild /  a place where we  share work on projects for clients has emerged, but I would say this is almost entirely organic group and nothing close to a formal membership even though it is a community. 

From time to time I contribute to the emerging threats signature repository. 

Where do I see myself going in my information security career?
 I bend towards curiosity and wanting to know what is behind something as well as why something or someone behaves in a certain way. With that said mixing aspiration as well as a natural propensity to have more context into many things has been pushing me more down a deeper path of analysis in regards to source code analysis , as a well as binary analysis in hopes to be a better hunter of security problems and finding and solving the root of security problems within applications.

I hope this answers the questions without too many run-on sentences :P
If anyone has any other questions please shoot them to the list or to my mailbox offline. :)

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851 
"Moments of sorrow are moments of sobriety"













More information about the Owasp-alabama mailing list