[Owasp-alabama] Alabama VP

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Tue Mar 2 12:28:54 EST 2010

Nice.  I wasn't sure if you were going to take the troll bait :) 



owasp-alabama at lists.owasp.org
owasp-alabama at lists.owasp.org
03/02/2010 10:36 AM
Re: [Owasp-alabama] Alabama VP
Sent by:
owasp-alabama-bounces at lists.owasp.org

On Feb 24, 2010, at 4:41 PM, owasp-alabama at lists.owasp.org wrote:

> Dan, can you share some information about yourself?
> What are your hobbies, how long you have been involved in security and 
what are you currently involved with as well as where you see yourself 
going in your information security career?
> :)

Good questions ... 

How long have I been involved in security?
I have been involved on and off since around 97/98. 
Many things have changed a great deal since then , but many things haven't 

My initial goal when I began , was to be a good system administrator and 
learn as much as I could about security, because I thought it was really 
interesting (and I didn't want to get owned).  Moving deeper into system 
administration (Networking, enterprise administration, etc) I felt it was 
a good place to learn as much about as many systems as possible with the 
hopes to be a penetration tester someday. At the time the L0pht and Secure 
Computer were really the only big pentesting shops and to join the ranks 
of those guys required more skill than I had at that time, so I settled 
with exploring what I could with the aspiration of continued education in 
all of this. 

Along the way I had the privilege of meeting many people which helped me a 
great deal in learning new things (and I still do today), as well as being 
partners in the pursuit of knowledge. 
As things progressed in the industry; as well as skill wise , I could 
start to offer penetration testing and brief reviews of the security of 
systems. I guess after 2001 things really started to heat up as network 
security awareness really took off in regards to perimeter security 
(firewalls) as well as IDS, which I had messed with but quickly threw 
myself into on an enterprise level. These two ventures from a job 
perspective also fueled the pursuit of taking on honeynet challenges and 
learning to deal with incident response and eventually digital forensics.

Still as time moved on I had been working for a corporation, working in a 
security team focusing on more penetration testing, risk assessments, web 
application security and general breakage of applications and or systems, 
as well as  forensic reviews/investigations. Working within a large 
corporation for 5 years helped many things that I honestly can't say I 
would have picked up without people pounding me about reporting, proper 
non-geek self expression, etc etc. 

Since I left the .corp world , I have ventured into providing consulting 
on a full time basis which has also been an adventure and once again I 
have had the privilege to work with many great individuals and companies, 
still learning new things. 

I guess its safe to say I have had a good amount of exposure to things in 
an organic way to give different perspectives on things from an enterprise 
level, application level, incident response as well as a business 

What am I currently involved with?
In regards to community involvement for information security,..., for the 
past nine years I have been quietly involved with the local Infragard 
chapter, and mixed in some involvement with ISSA. I have also started a 
small ad-hoc security professionals gathering for the birmingham area 
known as BHSec which offers security professionals a way to meet, greet 
and present and share information and ideas where  the formality of 
powerpoint presentations and a corporate meeting place is discouraged. 
(Eg. We meet at Starbucks). 

On and off, over the years many friends who are apart or have contributed 
to defcon and blackhat have formed a somewhat unorganized group where we 
share information and try to act as a iron-sharpening iron type guild /  a 
place where we  share work on projects for clients has emerged, but I 
would say this is almost entirely organic group and nothing close to a 
formal membership even though it is a community. 

>From time to time I contribute to the emerging threats signature 

Where do I see myself going in my information security career?
 I bend towards curiosity and wanting to know what is behind something as 
well as why something or someone behaves in a certain way. With that said 
mixing aspiration as well as a natural propensity to have more context 
into many things has been pushing me more down a deeper path of analysis 
in regards to source code analysis , as a well as binary analysis in hopes 
to be a better hunter of security problems and finding and solving the 
root of security problems within applications.

I hope this answers the questions without too many run-on sentences :P
If anyone has any other questions please shoot them to the list or to my 
mailbox offline. :)

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851 
"Moments of sorrow are moments of sobriety"

Owasp-alabama mailing list
Owasp-alabama at lists.owasp.org

More information about the Owasp-alabama mailing list