Hello and Welcome

Well, Welcome to my 1st blog post. If you here reading this then you’re in good company. At 44 I have decided to move my professional IT career over to a CyberSecurity.

Why CyberSecurity?

I am all too happy to answer that question.

From an early age, I been always fascinated by computers, from the time I could turn on and learned to do basic programming on the Commodore 64. Started this path towards CyberSecurity, always learning something new.

Eventually, I was given a 386 Desktop, I link to think I started out like everyone else. Learning PC’s by gaming and somehow I was given a copy of Wolfenstein, that ran fine and I completed the game. Cool Fun and exciting. Then I started learning to navigate the new World Wide Web, with America Online, and 56K Modem, I learned with others in old chat programs like MICR, ICQ, yahoo, and Instant messager! This strange new world was fun to explore you could find anything you wanted at the time, the world was at my fingertips, fun, exciting, and a little bit edgy. You could find other people or chat rooms for anything from Star Trek to Macgyver, Anything you might want to talk about. N I learned that I could search the web for schoolwork, hobbies like-minded people. Anything right at my fingertips. The would the new world just getting started. Any information I needed.

Back then there was no thought about privacy or security. People exchanged numbers location and information like A/S/L was the 1st question everyone asked etc. I was talking to people around the world, and there was no concern or restrictions out there. The net was an easy place to pretend to be someone you were not. We started hearing that this new world could be a dark and scary place. Stories were circulated around about young kid being targeted by adults pretending to be kids. Parents were being told to start to monitor who and what was being said. Learned to protect myself, early on.

Around 1993, The talk around the town was something called “DOOM” every one of my friends was playing this game! Just as I started in high school, this was the biggest thing out there. My old trusty 386 couldn’t play it. I can’t remember how, but I managed to get my hands on a 486 board! I had to learn about the high mem, autoexec.bat, and config.sys. Tweeting and hacking the machine to make it run this game faster. This was a crash course on RAM, CPU, and graphic cards. It was a crash course, 93 and 94 flew by, then in 1995, Microsoft shows off Windows 95, while my high school had Apple 2e, and nothing PC, I still learned everything I could.

I graduated from HighSchool in 1996, and with the help of friends, I was learning computers on the side. The next years went by faster, Win 98, NT4, Y2K, and Windows 2000. Around 1998 friends and coworkers of mine were asking me to switch to computers, I had better knowledge and was better than the new comp science people at the time. I was teaching people how to use the net and use word, excel, etc. I

The world was changing fast, PC were more widely adopted, it appears that everyone had or was getting one. Then in early 2000, the world screaming for more computer techs. I moved into a formal education on computers, and hacking around the networks, dos, Win 95 to 2k. Swapping things on my friends’ computers in class, changing files and settings without them even knowing! IT school was a blast!! Then the dot.com bust.. Then suddenly the world didn’t want Computer Techs anymore, my computer school was closed (by feds) and went bankrupt! All my friends were unemployed the next day. This was about a day away from graduation.

With the help of the State, and the Department of Ed. In to a new school I went and finished with a college cert.

After that, I started my career in IT by selling and fixing computers and others things in a large big box store. While there I have to say I learned many new things! The number one thing I learned is that! RETAIL SUCKS!!!!! Everyone wants something for nothing. Everyone wants a discount. Paying people scaps will ensure that you get dishonest workers.

I was always told to be honest and I was. But I learned that in retail anyway no matter how hard you try someone will always engineer a way to “Borrow” something without the intent to return it. Every day, I would see new scams, social engineering, counterfeiting, and the brazen theft at their best.

On the same day, I would see people who were just desperate for help, and to come in from the cold. Working retail I say the good and bad in people. Anyway – I was a silent observer, I knew certain people were doing bad things, and I want to understand the how more than the way. Honestly, at the time the Corp office wasn’t overly concerned with what people were doing. They were more concerned with the outward image of the company the what was happing inside. Awful people could get away with everything and the good people who never took anything get screwed there. I learned as much as I could about what was doing and when I reported the bad parties nothing ever happened to them. I was very honest, I never took anything! Aside from maybe a pen. I returned everything that I might have accidentally walked out with, but at that time I think I knew everyone’s side hustle. In the end it didn’t matter to corp, I watch them fire the best people When they had nothing to do with the incident and transfer the manager that did acts that I can not mention.

After retail, I started working as an actual IT person and started learning “IT Security on the Fly” my 1st duty was to filter out not safe for work content. I worked in a public setting where anyone could watch basically anything they wanted. The over-the-shoulder method of hey there are kids around didn’t work. People were assessing content that shouldn’t have been done in a public setting.

We would put in content filtering, and that would block some of the content. Now I am not talking about people accessing the anarchist cookbook online, to hell with the government, faces of death, or I hate you crap. I am talking straight-up hardcore porn movies (with sound), violent and other content involving children, minorities, and god knows what else. I think you get the point by now.

Building a Better Mouse Trap

Nowadays this is what they call this Red Vs Blue Team. But back then it was me, a 22 year old kid. Defending against the dark internet. Every day, I would pour through the logs files, content, and actions of everyone who access this content, I would block a site, and four more would pop up. We would block certain actions and people figured out how to bypass everything. proxies on the fly, and learned how to access a website from a different site. Basically, the stuff Tor is made of now. I was fighting the losing battery every day. At that time, I didn’t have the resources or the leadership and mentorship I so desperately needed. I left that public sector job while leaving it better than I found it. I wasn’t happy.

Key Takeaway!

As this is my very first blog post, I would like the reader to know. I have a learning disability. My ability to write and spell words is skewed at best. Here I talk, about this at some point but for now. Please know this 1st draft of my 1st post might not be easy to read. Trying hard and I will get better and will rewrite this a few more times.

While I’m starting this blog at the suggestion of NetworkChuck, a youtube creator that I have been watching lately, he said that Cyber Security is part of writing reports. I need to get better at this. So here I am now.

LESSONS LEARNED

When I was young and stupid in my first years in IT roles. That idiot who thought I knew about computers and life in general. Yes I was that guy and yes, I was mistaken. Now humbled by the fact that while I was so very dumb, I never did something to put me in jail or blacklist me for life!

Noob in every sense of the word. In the public role I had, I lacked the leadership and the mentor, I so desperately needed at the time. I also lacked maturity and discipline at that time.

I like to think, that if I had a bit of guidance at that time, I would have started this journey into InfoSec earlier than today. Concurrently and prior to my roles in the big box store and the public sector, I was working in the physical security space, monitoring and tracking the movement of people and items.

Some of the infosec things I learned are.

1. A person who is acting strangely or out of place will need to be watched carefully.
   1. In a retail setting when you see a pair of people walk in and one is staying close to the door while the other is walking around, know something is a miss.
2. A vehicle that is out of place will stand out and draw attention to itself!
   1. Don’t park in a fire lane. Not only are you a bad person, but you will be remembered when bad stuff happens, if the place gets robbed you will be the suspect.
   2. Always park under the light poles. When the parking lot clears out, and your car is alone, it stands out and security will take a look. I can’t tell you how many stolen cars I found like this.
   3. I don’t care what you do in your car. As long as you don’t hurt someone.
3. Always watch behind you.
4. Trust your gut. If something doesn’t feel right, walk away and get a better vantage point.
5. Social Engineering is always being done. When someone is going to ask you for something, most of the time they will smile, ask for your name, and how are you.
   1. This is done to establish a rapport to get something for themselves. Honestly try it, before you go in ask for a refund or exchange, walk up to the service desk, with a great big smile, introduce yourself, and if the person has a name tag say their name or ask. Then start a very friendly dialog, Say something like I hope your day is well, however, I hate to ask however I need to exchange this item before I got the wrong thing, and like an idiot, I forgot my receipt. Most of the time this will make the employee relax and come a bit off their guard.
   2. Women especially need to be careful. While the person might seem like they are an awesome person, there is a limited number of bad actors who will ruin it for the nice guys.
   3. If you stop to think about it for a minute, In many cases, I can find out a lot of information about a person with a simple google search of a name and job location. If I need a last name, all I have to do is ask the manager most of the time. Simply say I want to send a letter to your corporate office praising what “insert the first letter of the name” here but I can remember is it this or that? Most managers need the prase going to corporate, they might give you too much info.
6. Watch what you say about where you work and who you work for.
7. Always watch your payment cards. If you don’t have to hand it over really look at the machine.

I hope you enjoyed this post like I saw this is the 1st, I hope to share more of my adventure into CyberSecurity.

Take Care

TRUST YOUR TECHNOLUST!!!