Shortly after this particular point, about the time that Gloria and I got married (and I'll tell you that story later as well), I noticed, on the Internet, some discussion of some new programs that were being called computer viruses. I got very interested in them. I didn't know you could make an operating system do that! I started collecting all the messages that I could find about these computer viruses. Eventually, on one of the discussion groups, somebody recalled a particular message that spoke about a particular topic about which we he was particularly interested. Did anyone happen to keep a copy? As it happened, I had seen it and I had kept a copy. As well as sending him a copy of the message, I let it be known that I was keeping copies of this traffic and this subject. Immediately I began to receive requests to make this material available . I did not have an FTP site available to me. The World Wide Web had not yet been invented (that wouldn't happen for another four years). I couldn't afford the time that it would take, at the low modem speed which is all I could afford at the time, to upload these messages and email them to the people who wanted them. Various people made suggestions and we fell back on the postal mail system. If people wanted copies of the material, they could send me a sufficient number of floppy disks, a return mailer, and an international postal money order for the amount of the postage to send it back to them. I copied the material onto the discs, headed out to the post office, and sent it back to them. This went on for some years.
I did, shortly after I started researching computer viruses, see a message doing the rounds. It was from a group of people who wanted to create an exam. This exam was to assess those who claimed they knew what they were talking about when they were talking about security. The test would attempt to examine their knowledge, their background, their experience, their judgment, their critical thinking, in regard to information security.
As noted, although I was interested in this project (*very* interested), I had been made aware that many people thought that computer viral programs were not part of security. In fact, when I proposed, to one security conference, that I give a presentation on computer viral programs, I was told, flat out, that that was of no interest to the conference and the attendees. When I questioned this, I was told that computer viruses did not affect mainframe computers. (Obviously, at this point, the organizers of the conference felt that only mainframe computers were important, despite the fact that increasing numbers of users were accessing the mainframes via personal computers and microcomputers, and microcomputers allowed them to do things that they couldn't get done on the mainframe.) I challenged this assertion. I quoted chapter and verse, on a number of computer viral programs that had, in fact, been used on, and penetrated, mainframe computers. There was rather along silence on the phone. However, the conference organizer then reiterated his position that a presentation on computer viruses was of no interest to the conference.
So, having it well and truly demonstrated that I was not welcome in the camps of information security, I did not, in fact, submit any material to the people sending out these emails. They went on to create (ISC)^2 and the CISSP, and I went on to do other things.
I did a lot of data communications consulting. I did a lot of management consulting. I did a lot of security consulting. In fact, eventually, I did so much security consulting, that I felt that I should sit this exam, to see if, in fact, I did know what I was talking about when I was talking about security. (I should also note that, by this time, I had done an awful lot of reviewing of information security books. This was because of DECUS Canada, and the fact that I was producing a newsletter, for the security special interest group. When I asked what people wanted to see in the newsletter, everybody replied book reviews. I couldn't find any, so I did my own. DECUS Canada was very helpful in this regard.)
I studied, terrified, because I had relatively little mainframe experience. I remembered that earlier conference. I studied as much as I could. Obviously I wasn't studying the right stuff, because everything I studied was familiar to me. I was absolutely certain that I was not going to fail the exam.
On the day of the exam, I found the exam rather easy. If these were the questions I was being marked on, I was pretty sure I was going to pass. The only question was, would I make a high enough mark to impress the senior instructor, who had the power to allow me to become an instructor for the CISSP seminars.
It turns out that researching computer viruses gives you a very solid grounding in all of the domains of information security. I had it down cold. It probably didn't hurt that the books that were used to formulate, and verify, the questions on the exam, we're almost all books that I had reviewed. (Two of them were books I had *written*.) I knew all of this material. I passed the exam. And I passed the exam with a high enough mark (nobody is ever actually told what their mark is: the CISSP is a criterion based exam) that the senior instructor did allow me into the instructor corps.
Now remember, if I hadn't gotten fired, I wouldn't have gone back to Vancouver, and gone to UTAC. If I hadn't gone to UTAC, I wouldn't have started doing computer seminars for the unemployed teachers. If I hadn't started doing computer seminars for UTAC, I wouldn't have gotten computer accounts at UBC and SFU, on their computers that were connected to the Internet. If I hadn't been on the Internet, I wouldn't have started doing research into computer viral programs. If I hadn't been doing research into computer viral programs, I probably wouldn't have been as interested in security, and I probably wouldn't have volunteered for the newsletter for the security special interest group, and therefore started reviewing a whole bunch of security books. All of that, because I got fired from teaching.
Anyway, I was in the (ISC)^2 CISSP instructor corps. And, of course, there weren't many CISSP seminars being given in Vancouver. (Still aren't, for that matter.) So, I was teaching in the States. And in Britain. And in Lagos, Nigeria. (Twice. I think they were trying to kill me.) And even sometimes in Ottawa, Toronto, Montreal, Regina, and Calgary. Eventually I taught the seminar on six continents.
Now, this took time. It wasn't too long after I got fired, that I got on to the Internet. But it was probably another four years before I started to see postings about computer viruses, and started researching them. When I started researching them, it was a while before I started doing information security consulting. And it was thirteen years after I started researching viruses, before I took the CISSP exam. It was fairly soon after I took the exam that I started facilitating the seminars. But it was a while before I started teaching them all over the world. And it wasn't until I started explaining to people that I had taught on six continents, that I realized what had happened. I got fired from teaching, so I got to teach on six continents. All over the world. In one of the most interesting subjects that I know.
I got fired from teaching in a small town, so I have had an absolutely wonderful time teaching. Everywhere.
Previous: https://fibrecookery.blogspot.com/2024/03/mgg-45-atwt-data-communications.html
Introduction and ToC: https://fibrecookery.blogspot.com/2023/10/mgg-introduction.html
Next: https://fibrecookery.blogspot.com/2024/03/mgg-500-so-how-was-your-day-at-workhwyd.html
No comments:
Post a Comment