April 30, 2007
This is the fourth in a series where I am trying to pin down what the true effect of a given certification is. If you hold a GIAC or other information security certification and are willing to be interviewed by email, send a note to email@example.com
Stephen Northcutt - The SANS Institute
Can you tell us a bit about your mission, what is your office charged to do?
CAIS, Security Incident Response Team, acts in the detection, solution and prevention of security incidents in the Brazilian academic network (RNP). Our team also creates, promotes and spreads security practices for networks.
What courses have you taken and what certs do you have?
I have taken SEC617 (Assessing and Securing Wireless Networks) and earned GAWN Silver certification (GIAC Assessing Wireless Networks). I'm also certified as BS 7799 Lead Auditor by BSi Americas. I'm working as a facilitator for SEC504 (Hacker Techniques, Exploits & Incident Handling) at SANSFire 2007 and I'm planning on going for the GCIH certification (GIAC Certified Incident Handler).
How did you hear about SANS?
I first heard about SANS courses when I began my career in the security field, 5 years ago. Since then, year by year, SANS has become more present in my career. Then, when I arrived at CAIS in 2004, I met a team with members certified with CFIA, GCFA and GCFW certs. I have become more interested in the Internet Storm Center and other great SANS initiatives.
Can you give us some specific examples of how your training and certifications have helped you in your work?
SEC617 put me on the fast track on wireless threats, and I have to mention that Joshua Wright as course author and instructor was priceless. With some personal effort all I had to do after I took the course was to keep myself up to date with wireless news and threats (e.g. RSS feeds, lists, and testing new tools). The training was useful to me immediately when I came back to Brazil: the lectures, courses and projects directly related to my understanding of the wireless networks I was involved with, both inside and outside of CAIS.
Where do you see your office in five years, greater responsibility? How do you expect to meet the challenge?
Greater responsibility, no doubt. Academic networks are well known for their unique environment (e.g. relaxed policies, malicious students), and a national academic ISP with more than 1 million users altogetherbetween students and researchers, is no different. I intend to meet the challenge with continuingeducation, information, proactive actions, and (human) networking.
Can you tell us how you got interested in computer security, what you are most passionate about in the field?
I guess I always had the investigative and self-learning behavior I now consider important for security professionals, but it wasn't until I was a sophomore in college that the computing field really caught my interest. An internship at IBM Brazil IT Security office was my kick-off in the computer security field. What I feel most passionate about in this field is keeping up with its always evolving nature, and realizing how important secure computing is to the community as a whole. I just can't see any limitations for our field in this ever growing networked world.
Last question, can you tell us just a bit about yourself, what do you do when you are not at work?
If I'm not working, I do try to keep myself away from computers and enjoy pentesting my mountain bike helmet on races, weekend and night rides - so far, with successful results! I have maintained a security jobs and career distribution list for Brazil (about 1,100 subscribers) since 2003, and keep up a blog.