Jesse Schibilia

So much has gone on in the last month or so that I haven’t had time to sit down and sort out my thoughts.

In July, I took a job at Rutgers University in the Office of Instructional and Research Technology. I am working on the Sakai Project. Sakai is an open source course management system similar to WebCT or eCollege.

For approximately five weeks, I worked to develop a series of technical documentation to help our users understand how Sakai works. It was a great experience that let me learn the insides of Sakai. Click here to see the web version of my documents.

Now that I have ostensibly completed that project, I am working on user support for Sakai. For the last few weeks, I have been learning JIRA (the bug tracking system that the Sakai Project uses), and OTRS, our local user support ticketing system. I have also been taking help desk calls. I am learning a lot and enjoying what I am doing. I recently tracked down a bug that was affecting how users were uploading files to the system. I tracked the bug all the way from taking the symptoms from the user, testing the behavior, reporting to the developers, and working with the CTO of Rutgers to deploy the code fix that will go into effect tonight. Seeing the entire process was a great experience and I thank my supervisors for giving me this opportunity to learn.

The Office of Instructional and Research Technology happens to share an office building with the Rutgers Information Protection and Security. I have been learning from some of the individuals here, taking any chance I can get to speak with them about my interests in security. They have given me a lot of great resources and guidance as I pursue my goals in information security.

I will be starting on my Rutgers IT Certification tomorrow. There are some parts of this certification that involve information security, so I am really excited to start. I will also be learning UNIX during three of the workshops. I have been offered so many learning opportunities here. It has been a great place to start my career.

I will be attending a Career Day this Friday. There will be a lot of companies there, so I hope to make a lot of good contacts. Now that I have some solid work experience, I know that I have something to offer a company.

I have an interview coming up with a large auditing firm. I am really excited because I will be interviewing with the Information Risk Management department. I have been doing a lot of research in preparation for the interview and I plan on knocking this one out of the park.

This is the first post in what will hopefully be many regarding information security. As previously mentioned, my interview with an Information Security division is fast approaching. I was thinking today about what actually makes me interested in information security and why I don’t think I will lose interest in the subject. I would like to share some of my thoughts.

1. I have actually read some really good books about information security. Neal Stephenson’s novel Cryptonomicon is an amazing book that centers around code breaking during World War II. Cryptography during this time was essential during the war. Potential reactions to a broken code were taken very seriously. If Germany, for example, realized that their efforts were being thwarted too often, they might change the encryption key, fearing that their enemies were intercepting and decrypting their transmissions. If they did this, it meant alot more work for the Allied Forces to decrypt any new code. The Allied Forces had to pick carefully which transmissions they reacted to; lives hung in the balance. This was an exciting book by a great author. I am in the middle of Snow Crash, one of his other works. I highly recommend his books to any other geek out there.
2. The Cuckoo’s Egg by Cliff Stoll is another exciting book regarding information security. I believe it takes place at UC Berkley in the 1970’s. The main character in this story is working at an astrophysics lab during the earlier times of the Internet when it was primarily used by educational and government institutions. A small accounting error in one of the log files clues him to a hacking attempt and he spends the next several years of his life trying to track down the hacker on the other end of the line. I read this thriller in two days, it really kept me hooked.
3. The market for information security is so hot right now. There are a lot of holes out there that need to be fixed or watched. People need assurance that their data will not be compromised. Any company doing business on the web cannot afford to lose their data in an attack. Some of the fines for negligence with credit card data, for example, are in the hundreds of thousands of dollars per incident. Even internally, companies need to be careful how their employees handle customer data as well as company secrets. There have been a few companies in the recent past who have caught a lot of flak for an employee losing a laptop with customer data on it. Companies need to set strict policies regarding how data is handled.

So I guess you can say that I am attracted to the opportunities within the discipline. I can see myself concentrating on policy development later on down the line. It seems like I will be doing a lot of auditing early on to get my feet wet. I can’t wait until I get my first certification.