Security from the System Administrator’s Lens with Bill Kindle (3/3)

Welcome to episode 182 of the Nerd Journey Podcast [@NerdJourney]! We’re John White (@vJourneyman) and Nick Korte (@NetworkNerd_), two Pre-Sales Technical Engineers who are hoping to bring you the IT career advice that we wish we’d been given earlier in our careers. In today’s episode we share part 3 of an interview with Bill Kindle, discussing cybersecurity as a specialty, resources for pursuing this career path, certifications, and practical advice for gaining proof of work.

Original Recording Date: 07-04-2022

Bill Kindle is a Cybersecurity Engineer and has been in IT over 20 years, doing a little bit of everything over that time period. If you missed them, catch part 1 of our interview with Bill in Episode 180 and part to in Episode 181.

Topics – A New Adventure Awaits, A Different Lens, Advice for Breaking into the Cybersecurity Field, Certifications and Proof of Work, Repetition and Taking Chances, Parting Thoughts

3:17 – A New Adventure Awaits

  • Bill did some presentation work for a local VMUG (VMware User Group) in Fort Wayne, Indiana. This allowed Bill to meet many people in the industry.
    • One person whom Bill considers a friend told him about an opportunity in cybersecurity engineering and asked that Bill try out for the role.
    • Bill was able to meet with his friend and the COO (Chief Operating Officer) for this new company, and he was essentially hired on the spot.
    • Bill had an interest in security and knew his way around some tools already.
    • The job was supporting a SOC (security operations center) team. They wanted someone with a systems administrator background who knew how to deploy security tooling.
  • At this juncture, Bill was really looking to do something different, feeling like he was at a bit of a peak in his previous role.
    • Doing writing and presenting on the side was helping, but Bill felt like he needed to break into a different role / try something different, wanting to put his full effort into it.
    • Previous to this Bill had an interest in security but was more an observer of the industry than an active participant.
    • Bill would implement security into his daily work (as systems administrators should) but tried to take a more holistic approach. He was doing some of this kind of work already.
    • The new role allowed him to flex his systems administration skills and gave him a whole new set of skills on top of those. Bill was able to leverage PowerShell as well as get exposure to a whole new set of tools including some in the realm of configuration management.
  • John mentioned the generalist approach is a good way to enter into something new, and once you enter a more specialized field you begin to understand perhaps you only had a fraction of what people working in that field as specialists have in terms of skills and knowledge.
    • Bill said there were many things he didn’t know / have insight into that were fascinating.
    • At some point Bill realized he was seeing things through the eyes of a security analyst and what was needed to do their job. Once he understood that perspective, he knew where and how to best help (i.e. deploy a logging platform, help deploy endpoint detection and response technologies in a more efficient manner, etc.).

7:38 – A Different Lens

  • Bill was able to build on a lot of the skills he had and really understand the why and the value of the security tooling to those who operated it daily to hunt threats and perform other work.
  • Bill, from a systems administrator perspective, got to see the holes identified by the security analysts and would work with them to explain how to fix the holes, work around them, etc. It was eye opening to see how these folks operated.
    • John says there’s something to that firsthand understanding of someone else’s operational tempo and daily work that better equips us to show empathy and sympathy. This may make a good case for organizations to apply rotations in different departments.
    • Someone who then rotates back into their former position has a way better understanding of what they should be doing.
    • Bill got to see why having a systems engineer turned cybersecurity engineer assist the SOC analysts was necessary. The typical SOC analyst may not have the deep systems knowledge and will have to make certain assumptions, so having a person with the systems background work alongside them is very helpful.
  • In Bill’s experience no two roles are going to be identical when it comes to cybersecurity engineering.
    • Some of the people he has spoken with about cybersecurity engineering were surprised to hear that so much systems administration knowledge was applicable despite the cybersecurity focus.
    • There was a misconception that most cybersecurity engineers were purple teamers or red teamers. Bill shared that he doesn’t do hacking.
    • Bill did engineering work for the SOC to make stuff work properly so security investigations were successful.
    • John classifies this as operating and supporting the platforms upon which the security tools are being used.
    • Bill found excitement in the role, feeling he was "in the thick of it" each day. He needed a deep understanding of how everything worked together to provide a service to his clients (members of the SOC team).
      • When things didn’t work it meant teams could not do their jobs. Bill took great pride in ensuring things were working as needed to support this.
      • Bill has found the role both fun and very enlightening in the last couple of years.
  • Listen to John’s analogy about a heavy machine mechanic who works on diesel trucks vs. someone who specializes in this for fire trucks and adjusting knowledge for the operational needs of a specific platform.
    • Bill says when you see a fire truck, there’s so much more to it than a big truck that shoots water. Many components work together so the fire truck operates efficiently, and every person has a job on the fire truck.
    • Sometimes you have a person who understands every aspect of the fire truck and how it works, which is similar to the role Bill worked as a cybersecurity engineer (know how the tools work together, how to tune them to work together better, spot when they are ineffective and need to be swapped out for something else, etc.).
  • Nick classifies this role as a security systems architect.
    • Bill says one of his co-workers had this title and was in charge of making multiple security platforms work together through back end automation.

14:22 – Advice for Breaking into the Cybersecurity Field

  • Don’t be afraid of writing about your experiences.
  • Build a home lab. You can do it with an old laptop and a cheap network switch. There is also the option to do labs online.
  • Start somewhere. You need to have some activity. Just waiting for a role to come up is not the best way to break into cybersecurity.
  • Put yourself out there, and if you have local communities in the area like a BSides group.
    • Bsides is like a community security conference. Some of the groups have monthly meetings.
    • Security professionals from SOC analysts to C-level executives attend these events.
    • Topics like education, career advice, and general security trends and best practices are usually part of the agenda for these events.
    • Bill’s first involvement in one of these happened in 2022. He joined a local group in Fort Wayne, Indiana with some former co-workers who were SOC analysts.
      • There were a couple hundred people who attended with several vendors as well. The presentations were very good. Bill classifies the event as phenomenal.
      • It was good to see people in person again. Hearing the stories from people in different job roles and what they are doing was exciting.
      • The discussions ranged from job responsibilities for those in the industry to threats attendees were seeing in their own environments and how to thwart them.
      • Good conversations and becoming active in the community is what it is all about. If these groups exist in your area, check them out!
  • Don’t skimp on the fundamentals like how networks and operating systems work.
    • Building blocks like these make up the foundation of what you will need to know to be effective as a cybersecurity engineer, analyst, or architect.
    • Bill has seen a number of people go through boot camps, and they are not as effective as they could have been if they had not skimped on fundamentals in the beginning.
  • John shares a story about someone who says they want to be in animation but who doesn’t have any work to show a potential boss (i.e. proof of work and experience like writing about work done in a home lab might get you).
    • Bill mentions Mike Judge getting his start by going to animation conferences and eventually making some iconic shows.
  • Bill mentions Black Hills Information Security as a great resource for training (called Antisyphon training).

19:52 – Certifications and Proof of Work

  • After being able to sit in on a few interviews, it impressed Bill more when he met people doing things on their own like mentioned above than someone who walked in with a CISSP.
    • The industry sometimes puts too much value on certifications as opposed to demonstrated skills.
    • The CISSP does require documented experience but may not automatically make you as effective at your job as doing some of the hands on activities which demonstrate you are doing the work you’re trying to break into for a job.
  • If you’re building a resume / history of experience that you’ve written about and a deep understanding of the fundamentals to go with it, someone is more likely to take a chance on you in the cybersecurity space than someone who has the certification but none of the experience and documented write ups.
    • An employer may say they want you to pursue the certification and even pay for it after showing what you’re working toward in your writing.
    • The writing is the proof that you can and have learned.
    • Bill says SOC analysts have to be able to tell stories with data and articulate what it is you are seeing, what it is you are seeing, why it is bad, actions needed, etc.
      • If you are doing this with a home lab, it makes the job that much easier.
      • You will know the basics of what you’re looking for, how to articulate the basics, and be better prepared to success.
      • Going to get a CompTIA certification on its own may not make you as ready for the role.
      • It isn’t just responding to threats all the time. There is reporting to be done and analysis that goes with it. There is data analysis, log analysis, and articulating what you see to others (management, other teams, teammates, etc.).
    • Even if you just write a couple paragraphs about something you’re doing in your home lab, do it. Who cares if no one else reads it. Having the evidence of what you’re doing for a hiring manager to see is going to be more impressive than just listing a bunch of certifications.
    • Having a certification does not mean you are competent.
    • Writing samples are things you hardly ever get in a job interview or during the hiring process.
    • If someone is delivering the way they think and communicate in the form of good writing, it seems like this would give the person a leg up at some point in the hiring process.

24:38 – Repetition and Taking Chances

  • Bill does not claim to be a professional writer and doesn’t intend to be. But if he has something to share he will do a write up. We all need to get the repetition in.
    • Bill shares an instance where someone recently reached out to thank him for writing something 2 years ago that solved their problem.
      • He put the article out there to share knowledge and to list on a resume. Bill did it for himself first, and everything else is secondary.
    • Nick references The Practice by Seth Godin and the idea of shipping creative work to be generous and create positive change in the world.
    • Nick shares this quote from Still Alright: A Memoir by Kenny Loggins:
      • "Follow the fun. If you love what you’re doing you’re going to get good at it. If you’re good at it, someone is going to hire you. Get great at it, and someone might pay you a bunch of money to do it. As long as you love it, you will be happy."
  • Nick sees this pattern happening with Bill, a continual following of the things he really enjoys (especially since the discussion with the Troyers at a VMUG).
    • Bill owes a lot of gratitude to that conversation.
  • You have to learn to take chances. Sometimes you get stuck in a rut and just need to make a move.
    • Bill mentions Jocko Willink and the advice to stop, look around, make a call, execute on it, and repeat.
    • This is a good descriptor of Bill’s move into cybersecurity – deciding to do something uncomfortable that it turns out he really enjoyed.
    • It’s easy to get paralyzed by analysis and fear that you’re making the wrong decision or that there’s no way back.
    • You can decide to go in a direction and reflect back (in your own "write up" of the situation) and realize you need to change slightly in your next move (what you decide to do next).
    • You have to iterate, just like DevOps – get through a cycle, evaluate, make adjustments, and keep going.
    • Should the podcast subtitle be "just iterate?" If you can tell us the one episode with the word iterate in the title, DM us on Twitter to get stickers!

28:42 – Parting Thoughts

  • If you have questions for Bill, find him on LinkedIn.

    • You can find some of his writing on Adam the Automator’s website or on 4sysops. Bill should have new content in these areas coming soon!
    • Bill says you cannot burn yourself out doing what you love. He pulled back his writing, but the bug recently hit him again.
    • John makes the distinction between writing for your own blog and for a professional site. If you get good enough at writing you could make extra money.
    • "There are benefits to writing. You just have to start doing it." – Bill Kindle
    • As of this recording Bill is also collaborating on another book. Stay tuned for updates from him!
  • References from the outro

    • For more on the path to a cybersecurity career, check out Episode 133 and Episode 134 with Donovan Farrow
    • Writing is thinking – good advice from Josh Duffney in Episode 156
      • All this talk of writing makes both John and Nick want to write more often

Contact us if you need help on the journey.

Leave a Reply

Your email address will not be published. Required fields are marked *