Today, I was sitting in an awesome class being held at @BSidesHSV, and it got me thinking.

The class entitled “Fundamentals of Routing and Switching for Blue and Red Teams” put on by @paulcoggin was a deep dive into layer 2 and layer 3 configurations and possible means of compromise. The content was outstanding, and Paul did an awesome job communicating a very difficult topic.

Throughout the class, Paul relayed many stories of compromises and attacks (all done in a completely generic manner of course), and I couldn’t help but put myself in the shoes of the poor sap that made the choices leading to the compromise or unexpected result. I thought to myself this could easily be me in a different scenario. In spite of my knowledge and experience, I feel like we are all just one “screw up” away from the unemployment line.

I have over 20 years experience in a multitude of technologies and consider myself to have advanced skills in many areas. That said, I am not deluded. Today’s class served to remind me that no matter how much real world experience I have, there is always something I can learn and something that I don’t know. And its that one thing that I don’t know and don’t implement that could be a career limiting move.

Mulling over those thoughts, I realized that this just should not be. But unfortunately, the world operates this way but why? I think it comes down to this – a moral society is always looking for justice for moral wrongs committed within that society. This is what makes civilized societies stable, safe and orderly. Unfortunately, we have generally adopted that same “justice at all costs” in the InfoSec world when poor security practices lead to compromise or outages, but (Read more...)