Careers: Interviews
Noted Expert in Networking, Security, and Internet Technology, and
Successful Writer, Speaker, and Educator
This week, Stephen Ibaraki, I.S.P.,
has an exclusive interview with Michael Gregg.
Michael Gregg has more than 20 years
experience in the IT field and is an expert on security, networking, and
Internet technologies. He is the president of Superior Solutions, Inc., a
Houston-based security assessment and training firm. He is also a networking
and security expert for searchnetworking.com and searchsecurity.com, where his
weekly column answers questions from readers.
Michael holds two associate�s degrees, a
bachelor�s degree, and a master�s degree.� He presently maintains the following certifications:� CISSP, MCSE, MCT, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES
Advanced Dragon IDS, and TICSA.��
Prior to founding Superior Solutions, Inc.,
Michael was a Senior Computer Security Manager. He is a security consultant and
has also taught for various organizations such as Nortel, Motorola, Adaptec,
Lucent, Fidelity, Kaiser Medical, Southwestern Bell Corp, US Governmental
agencies, and Alaska Communications System and also assisted Foundstone in the
training of NSA employees. With a proven reputation as a dynamic and
influential speaker, Michael�s delivery style is energetic and entertaining,
yet insightful.� He focuses on real life
examples and uses analogies to meet his learning objectives. He is a nine-time
winner of Global Knowledge�s Perfect Instructor Award.�
A prolific writer and security expert, Michael�s
contribution to the IT community includes the development of the Advanced Security
Boot Camp for Global Knowledge, creation of the lab guide for Intense School�s Professional
Hacking Boot Camp, outline editor for The TICSA Security Study Guide,
and creation of Assessing IT
Infrastructure Vulnerabilities class. Michael has acted as technical editor
for several CramSession study guides and wrote the Certified Ethical Hacker CramSession. �His articles have been published on several IT
websites including CetMag.com SearchSmallBizIT.com and GoCertify.com.
He is a member of the American College of
Forensic Examiners, the Independent Computer Consulting Association, and the
Texas Association for Educational Technology. Michael enjoys giving back to the
community and he recently served as a volunteer consultant to help develop the
first certification program for the AISD High School.
His recently released book, �CISSP Practice
Questions Exam Cram 2� (Que) is a highly effective preparation tool which
includes more than 500 practice questions to help readers reinforce their
knowledge of the 10 CISSP domains.
Discussion:
Q:� Thank you Michael, for speaking with us today!
A: Thank you for taking time out to talk
with me, Stephen.
Q: �Your extensive career includes success as an
author, speaker, and educator. You are an acknowledged expert in security,
networking, and the internet. What directed your interest towards security and
networking issues? Can you describe your career and detail the valuable lessons
you have learned from your extensive history of many successes?
A: Well Stephen, you may not believe this,
but I believe that I have learned more from my mistakes than I have from my
successes.� I think one of the valuable
lessons I have learned is that it is important to have mentors.� For those individuals just starting out in
security, find someone that you admire, someone that has achieved success in
the industry.� Don�t be afraid to ask
them for advice.� There are some really
great people in this business and most are more than ready to help others
along.� The other piece of advice I would
offer is to keep learning.� Our industry
is in a state of constant change, you must keep learning or you will fall
behind.� Someone told me long ago that
�growth is optional but change is inevitable, choose �growth,� that is advice
to live by!
Q:� Describe your role at Superior Solutions, Inc. and the
services you provide.
A: My role at Superior Solutions allows me
to wear many hats!� Because we are a
small organization, I am tasked with many different duties.� Primarily, I serve as lead during security
assessments, I also lead the development of new course material, and I try to
find time to teach a class now and then.
Q: With such a rich and varied background,
this would entail exposure to innumerable interesting events. Please share your
most �amazing� experience.
A:� Overall, it is amazing how so many things are tied together in this
life.� Chance meetings turn into future
opportunities that develop into exciting projects.�
I once had the opportunity to help some
friends put together a book of positive quotes and inspirational stories.� This work of charity was at the request of a
friend whose company was being downsized.� Before it was all over, we printed over 1,500 copies of these little
booklets.� Everything that was needed for
the production of the books was donated.� It seemed as if nothing could stop it.� I received emails for the next several years from individuals that ended
up with copies; some were from other states and countries.��
Q: Can you share with us, a humorous story?
A: Years ago, I taught a class in New York
City.� Most of the equipment was lost in
transit.� So, I had the students go in
the telecommunications closet of the training center and remove what we needed
to complete the class.� While it did
negatively effect the training center�s operations, it allowed my class to be
successful and helped them learn real-life skills as we were forced to analyze
what portion of the network to disable and what to leave functional.
Q: �Please
provide an overview of your recently released book, �CISSP Practice Questions
Exam Cram 2.�
A: The CISSP Practice Questions Exam
Cram 2 was designed to be an aid in preparing for the exam.� With more than 500 practice questions, the
detailed explanations of correct and incorrect answers included in CISSP
Practice Questions Exam Cram 2 will ensure that you have a full
understanding of the information covered in the exam. The Quick Check Answer
Key allows you to quickly find answers as you work your way through the
questions. CISSP Practice Questions Exam Cram 2 is a highly-effective,
complementary resource to your exam preparation and studying.
Q: What ten compelling tips can you offer
individuals preparing for the exam?
A: 1) Go to the ISC2 website and download a
copy of the CBK.
2) Read through the ISC2 requirements to
make sure that you meet the requirements.
3) Spend enough money on resources up front
to ensure you'll pass on your first try.
4) Consider teaming up with a group of
friends to help prepare for the exam.
5) Use my book as a study aid.
6) Spend the most time on the domains that
you are least comfortable with.
7) Remember that it is unlike Microsoft and
most other IT vendor exams, as it is not a computer generated test.
8) Pace yourself, you have 6 hours to
complete the exam.
9) For those that lack the depth and
breadth of knowledge in all ten domains, a training class or more intense study
will be required. One good choice would be Villanova University's
CISSP course. I am one of the developers.
10) Make sure you�ve had a good nights
sleep and eat a good breakfast before entering the testing area.
Q: �As a nine-time winner of Global Knowledge�s
Perfect Instructor Award, you have a proven track record of success as a
trainer and educator. What is the secret of your success?
A: Hard work and persistence goes a long
way in this business.� One secret to my
teaching success is to always make sure and give students something they can
relate to.� I have some really crazy
stories.� As an example, I always tell
people how TCP and UDP are like moving companies.� UDP is fast and unreliable just
like my nephew, Mark; he helped me move years ago and lost my dryer!
Giving students something they can relate
to helps them grasp the concept and it makes learning fun.� �
Q:� What valuable experiences can you share from your
speaking experiences?
A: Practice makes perfect.� While we all must sometimes speak at a
moments notice, it takes time to develop outstanding presentations.� You need to know the audience, know the
material, and develop the presentation in a logical, structured way that offers
information that benefits the listener.
Q:� Since
the mainstream usage of computers and the Internet by individuals, businesses
and corporations, security has become a major area of growth. What do you see
as the most compelling security issues in the future and how can they be
resolved?
A: �There are several that offer challenges to the
industry: �
1) Identity Theft � This has the potential
to be a big problem.� Victims are forced
to spend much time and effort trying to clear up the mess left by thieves.
2) Encryption � Encryption is widely used
but not widely used enough.� I am still
amazed by the number of organizations that do not use encryption and use items
such as clear text email.
3) Spam / Viruses / Worms � This will
take increased participation from industry and government to get a real
reduction.
4) Wireless Insecurity � This will be
solved over time.� Primarily, this is an
awareness problem.� Organizations and
home users are practicing better security.
Q: �Tell
us about the various security certifications including CISSP and the benefits
of getting these certifications.
A: �Some of my friends call me a certification
junkie.� I am always quick to tell
individuals that certifications are not a magic bullet for someone�s
career.� However, they can help.� It does demonstrate that you have a minimum
level of understanding of the subject and that you have taken the time to learn
more about the subject.
I believe the CISSP certification is one of
the best in the industry.� It is well
respected, covers many aspects of security, and once individuals are certified,
they will need to gain continuing education credits each year to maintain their
certification. I think this is great, technology changes so fast, we all need
to keep learning to keep current with our skills. ��
Q:� What is computer forensics and how is it related to the security field?
A: Great question.� Historically, forensics was thought of as
being in the exclusive domain of law enforcement.� Computer forensics is something that all
security professionals should have knowledge of as security is all about
prevention, detection, and response.� Forensics equals the response portion of the previous equation.� Security professionals must know to respond
to security incidents, how to handle the evidence, and how to learn from the
situation to prevent it from happening again.�
Q:� Given
the current IT marketplace.....for those relatively new to the computer field
and for seasoned veterans, which areas should they target for future study? For
those interested in pursuing a career in IT, where should they start in terms
of certifications?
A:� For those new to security, I would suggest starting off with the
Security + exam. �For individuals just
starting in IT, I would suggest the Network + exam.
Q:� What are your views on certifications versus formal education versus
experience?
A: I like to see a mix of these three.� In my opinion, this demonstrates a well
rounded individual.� ��
Q:� With
20 years experience in the IT field, how have you been able to leverage your
education and experience, and what 10 career tips would you give to those
considering a career in the computer field? How do you keep up with all the
changes?
A: 1) Never stop learning.� Many surveys show that reading is on the
decline.� If this is true, this is a sad fact.�
2) Write down your objectives, written
objectives have a much higher probability of becoming reality.
3) Look for future trends.� Change is coming, make sure you are ready.
4) Make time to develop profession
relationships.
5) Attend training classes.� You�ll be surprised at what you learn.
6) Join associations.� Find trade organizations you like and become
an active member.
7) Think win-win.� Make time to help others.
8) Build a small home network to practice
skills.
9) Build a list of useful websites that you
can check frequently to keep abreast of changes.
10) Do what you like.� If you pursue what you like in life, it will
not seem like work!
Q: You are also a prolific writer and security
expert and have written a variety of books, courses, and articles especially in
the area of networking and security. What prompted you to start writing?
A: I had a college professor that
encouraged me to write. His advice was that the art of writing is
revision.� �I found writing to be a useful way to learn more about a subject and
to help others learn.
Q: List your 10 best resources for business
and technology professionals interested in certification and security.
A: Here are some of the sites I would
recommend:
1) http://www.cve.mitre.org/
2) http://securityfocus.com/
3) http://slashdot.org/
4) http://www.searchsecurity.com
5) http://www.cramsession.com
6) http://www.isc2.org
7) http://www.gocertify.com
8) http://www.acfei.com/main.php
9) http://www.infragard.net/
10) http://www.nsa.gov/snac/
Q: What do you consider to be the most
important trends to watch, and please provide some recommendations?
A: 1) Look for organizations to put more
emphasis on performing security assessments.� There is a big need to make sure that the organization�s policies are
being complied with and that the organization�s assets are being properly
protected.� Individuals wanting to
capitalize on this should consider gaining knowledge about ethical hacking and
vulnerability assessments
2) The demand for individuals possessing IT
audit skills will continue to grow as companies need to verify they are
compliant with laws such as HIPAA.
3) Programming skills will remain important,
but these jobs will continue to move offshore because of wage pressure.� Individuals with those skills should continue
to broaden their knowledgebase.
Q: What future books can we expect from
you?
A: If I told you, someone might beat me to
press!� All kidding aside, I am just
finishing up a new class that will be offered in conjunction with ISC2 and is
titled, �Assessing Network Vulnerabilities.� �I also just finished up designing a CISSP prep
class that will be offered by Villanova University.� I am also in talks with Que about another
security related title.��
Q: What kind of computer setup do you have?
A: ��In the office, there is a variety of
equipment.� It seems to come and go
depending on the project, however, there is a nice setup for forensics that I
like to work with.� At home, I am running
gigabit Ethernet.� I also have a neat
setup for video and audio editing.� My
project over the holidays was to put together a PVR.� For those of you wanting to capture HDTV, you�ll
need to buy your cards now as they will become illegal after July 2005 due to
changes in federal law.
Q: Michael, thank you again for your time
and consideration in doing this interview.
A: Thank you for taking time out to talk
with me.
|