Meet the Security Field Day Delegates: Jeff Wilson

Jeff Wilson is a self-described IT pro by day, tinkerer by night. I had a chance to catch up with Jeff ahead of Security Field Day. We talked about the importance of code integrity, the joy of tinkering, and why you should think twice about all those the smart devices in your home. Follow Jeff on Twitter at @JeffWilsonTech.

Jamie Easily: When you’re not at events like Security Field Day, what’s your day job?
Jeff Wilson:I’ve been an IT Pro for 18 years. I consider myself an IT generalist with a security focus. I’ve got experience in multiple disciplines—storage, networking and virtualization—and in the last two years, I’ve ramped up on security, obtaining my GSEC certification earlier this year. And, I am a senior systems engineer at a company in Los Angeles.

JE: How did you get into IT?
JW: I’ve always had a technical aptitude, but when I went to college, I studied something different—history. But, I needed a job in college, so I went to the helpdesk and got hired as a student worker. The iMac G3 had just come out, and so I spent time in between classes deploying Macs to professors and staff around campus.

After I got out of college, I found IT paid the bills better than being a history teacher, so for the next eight years, I progressed from Level 1 helpdesk person to network technician, database administrator, and finally, systems engineering. In the meantime, I picked up a Master’s in Public Administration while working at a school district. My MPA gave me the framework and ability to understand how people work together and organize inside large organizations, and I feel it’s been very useful in my security work.

JE: What motivates you to do what you do?
JW:I like building and enabling success for users and employees. There’s a feeling of joy when you build something from the ground up, release it into the ‘wild’ and watch it take flight. It’s a bit like being a kid after you’ve finished building a Lego set.

JE: What is the biggest security risk that you think people consistently overlook or don’t know about?
JW: I worry a lot about code integrity. I don’t know if it’s a legacy of our industry, where we shot from the hip. Open source works great, but it’s a little bit cowboy-ish.

I come from a Microsoft way of thinking, and I’m focused on making sure the binaries running on my network haven’t been modified or touched.

JE: There’s a lot of discussion in the industry that there aren’t enough IT security pros to meet the demand. What do we need to do to attract more people to the profession?
JW: The shortage is more than just security. It’s technical people in general. The only way to address it is to grow the pool of people in our industry. We need to attract more women, people of color or people who haven’t been represented in our industry but maybe have equivalent experience in other verticals.

Young girls and young boys of all colors and backgrounds should have the opportunity to learn computing and technology if it sparks their interest.

JE: AI is a hot topic these days. Do you think AI will be used for good or evil in cybersecurity?
JW: AI is about 80% sizzle, and 20% steak.

From my seat, the benefits of AI are mostly in automation. And automation is a large component of security. We in IT are often touching components of our stack that we shouldn’t touch, which affects the integrity of our stack. If AI can automate the busy work such that we don’t feel the need to touch so many things, we’d have high integrity systems that were as sealed as an iPhone or Xbox.

However, there’s a danger of having too much AI or automation in an organization. I feel strongly that a human should be in the loop at some stage, and the law, I think, will eventually require that.

From a consumer and business standpoint, my sense is that it’s becoming increasingly important to understand who designed AI systems, because people code their values, biases, and business models into the software.

When I look at a product advertising AI features, I ask myself who built it, the tooling they used to build it, whether it was built in an open source fashion on Github, and what the algorithms intend to accomplish. Then I think about the price of such a product, and how data from the product might be monetized. Taken together, these are the ‘ingredients’ of many modern AI products, and I think that, as a society, people will eventually want to see them listed in the same way that nutrition labels inform us about the foods we eat.

JE: Do you have a smart home?
JW: I’m not as bold as some of my colleagues, but I do have a Cortana speaker, a Wi-Fi thermostat and some PoE cameras on the outside for security. I think about this space quite often. As more and more sophisticated devices end up inside our private homes, our security boundaries as practitioners expand to our domiciles. We’ve already seen hacks of several consumer-oriented smart devices.

On my home network, which is quite sophisticated, I’ve got micro-segmented VLANs for specific uses. One VLAN is for trusted devices used by my family (computers, Xbox console, and Apple devices). Other devices I trust less, like a set of Sony multi-room speakers (running Android), are segmented to another VLAN. Finally, I put the cloud devices I can access with my phone or my voice on a private VLAN so that they can only reach the internet, but not each other.

This is not something an average consumer could do, but I think the market is responding and we’re seeing some sophisticated home technologies today that borrow a lot of principles from the enterprise.

JE: What is your favorite technology gadget?
JW: I find so much value in the humble PC. One of the things that’s cool about a PC is you can still build one, tinker with it, tear it down, and build it again. I love my iPhone but I can’t tinker with it. Tinkering is what got me into tech.

Another great device I like is my SharkTap. For about $90, you can tap any network link transparently and pipe out wire data to your console for inspection. At home, I have a SharkTap between my modem and my firewall. I use it to monitor inbound/outbound traffic flows to see the same wire data my ISP sees. Lots of fun!

JE: What is your favorite meme these days?
JW: It’s not popular, but I like one which shows Lt. Dan from the Forest Gump film atop Forest’s shrimping boat during a storm. The gif to me speaks of perseverance, bravery and of fighting the good fight.