As early as my middle school years I’ve wondered when my generation would face its great challenge. We’re in the middle of it right now. This is more than an economic downturn. It’s more than a banking crisis. It’s more than an ill-defined war on terror. The ground under our feet has changed and we’re all trying to figure it out. The rules we were taught by our parents, family, and society have changed, but no one has told us how. I believe this is what the Occupy Wall Street protests are reacting to.

The Old Script

We were taught the script: go to school, do well, go to college, get a good job, do a good job, get married, buy a house, and save for your kids’ education and your retirement. Sure we had to borrow money for college and our mortgage, but we’d make it up over the years of employment with a good company. We’d need a lot of money for our retirement, but many good jobs had pensions and we could make up the difference with our 401Ks. We had hoped Social Security will be there, but we did not count on it.

That script might have worked for my parents’ generation, but it’s proven horribly wrong for mine, and many of us are so far down the road that we don’t have time to make up our financial losses. That’s downright scary for millions of people.

Learn the New Script

You’re an independent agent. You’re the product that you need to develop and market. Like an elite athlete you have to keep yourself in shape, keep your skills sharp, and be versatile doing whatever is needed to contribute to the success of your team. This isn’t easy and it isn’t passive.

You need to learn how to get things done, how to solve problems, and how to work with groups of people. Getting things done, things that show up on the scoreboard (the bottom line) is what gets you more salary. Will college degrees help you with that? If not, then don’t waste your time or money on them.

Find a job where you can learn and develop the skills you need to stay employed or to employ yourself. Keep learning and developing. Keep finding things you’re good at that people will pay you for. Learn how to market yourself and show your value.

Watch your debt. Debt is slavery. Cash gives you freedom to take a job at a lower salary, but one that will teach you valuable skills . Cash gives you the freedom to work the way you want or to walk away from a bad job. Cash gives you the freedom to start your own business.

What Are You Going to Do

That pain, that frustration, that confusion we’re feeling is because reality doesn’t match our frame of reference. It’s time to change our picture to match reality. It’s time to adapt. Those who adapt survive. That’s the way it’s always been.

Cisco Networking Academy Offers Health Information Networking Course

Per an email sent to Academy students, Cisco Networking Academy is offering a specialized Cisco Networking Academy Health Information Networking (HIN) course to help retrain workers in the area of healthcare IT through Cisco’s Workforce Retaining Initiative. This is supplemental material for students in the CCNA and it covers:

• Basic information on healthcare environments
• Principles of security and privacy in healthcare
• Fundamentals of electronic health record (EHR) systems
• Basic information on medical practice workflows and how to adjust workflows for EHR implementations
• Designing a network to support a medical group
• Securing a network for a medical group
• Troubleshooting a network for a medical group

Cisco Network Academy is the best value for your money if you want to get started with computer networking. Learn more and enroll with an Academy school if you are interested.

 ESET Offers Webinars on Securing Your SMB

ESET is celebrating Security Awareness Month by offering 4 free webinars on securing your SMB. Follow the links below to sign up.

• Simple Steps to Secure Your SMB (October 5th)
• Creating and Managing a Cybersecurity Policy (October 12)
• Securing Your Network: Safeguarding Your Business Data (October 19)
• The Impact of SMB Security on Our Nation’s Critical Infrastructure (October 26)

I’ve been in the IT business for a dozen years and in technology for 27 years, and one thing that that I’ve found particularly irritating over the years is the unwarranted arrogance on the part of some. What these folks lack in ability, they make up for in bravado, bluster, and bullying. They fool a few people into believing that they are qualified and capable, but for the most part they reveal themselves to be fools.

In my last post, I wrote that to become a master, you need to learn from a master. Before you can learn, you must be humble. In Kung Fu, you can’t fake that you know more than you do because you get punched in the face. It’s clear who is the better practitioner. You either humble yourself and learn, or you turn to learning from DVDs and YouTube, or quit altogether.

Too often in IT, people are self taught, work in small organizations, or in organizations where IT isn’t valued. These folks usually work in an organization that has poor management and no training budget, so there is no emphasis on learning or development. It’s difficult for these people to get punched in the mouth, metaphorically speaking. They work and train in isolation with no one to gauge their skills against, so they develop a flawed view of their abilities. A former co-worker calls these folks talented amateurs.

If you’re a talented amateur, get some humility and learn from professionals.

• Pay for training yourself. It’s your career, own it.
• Find a job with a company where you can learn from others and work on challenging projects
• Get active with local professional groups in your industry
• Get involved with open source projects

Most professionals are happy to teach you and help you grow, so don’t let your ego hold back your professional development.

We all need help with at least one aspect of our personal or professional development, and the best way to speed our learning is to find a master of that skill to teach us.

I was recently reminded of this fact when attending a Wing Chun Kung Fu seminar. I’ve been practicing Wing Chun for a few years and have made continual progress, but I learned so much more from two days with a Wing Chun master than I have in months of regular classes. That’s no knock on my teachers, it is simply a fact that there are very few masters, and fewer yet who can teach.

The same holds true for any skill. There are those who are masters of their skill and a smaller number of those who can teach that skill. I think you will find that these masters spent time learning from other masters. So if you want to be a master of any skill, find someone who knows that skill better than you and learn all you can.

Have you sat at the feet of a master? I’d love to hear what you learned and from whom you learned.

“The most important single ingredient in the formula of success is knowing how to get along with people.” – Theodore Roosevelt

Look around your workplace. Lots of people have good to excellent technical skills, education, certifications, but how effective are they? How many of them do you want to work with? How many can get management buy-in for making investments in improving your technology or security?

Learn to Get Along with the Business People

If you’re reading this, it’s a good bet that you don’t like sitting in the corner waiting to be told what to do. You would rather have things run smoothly, spend less time fighting fires and spend more time contributing to the success of your business. You may even want a promotion.

Here’s a tip: very few people (including management) understand how to connect technology to the business, and as a technology person you are in an excellent position to provide solutions. How many people on the business side of the house are making an effort to understand technology?

Learn to Speak the Language of Your Business

Do you want to make a real difference and have a real impact? There are simple things you can learn without going to school for a MBA:

• Learn to get along with others. I don’t care what size business you are in, you have to work with other people at some point. No one wants to work with a jerk no matter how smart, gifted, or special they are. Sometimes we have to work with people like that, but no one likes it. When given a choice, we will find someone else to work with even if they are less talented.
• Learn about your business. What does your company sell? Who are its competitors? Where does your company rank against its competitors? What are its strengths and weaknesses? What technologies do your competitors use that give them an advantage?
• Learn what is important to your management. How is your manager scored and evaluated? What gets them a superior evaluation? What are their goals and objectives? Ask them, they will be happy to hear that you are interested.
• Pay attention in meetings. Listen to what the business people are saying. What are their concerns? What is important to them? Ask questions (after the meeting if appropriate). Again, they will be happy that you are interested.
• Learn how you can help (aka: how to add value). Believe it or not, the IT department isn’t there to keep you employed, it exists to help make the business more efficient. You’ve learned how your business works and what’s important to your management, so how can you use technology to help make your business more efficient?
• Get a mentor. Ask someone you trust to mentor you. It doesn’t have to be a technology person either, you may want to talk to the finance, accounting, or product development folks. It is a tremendous help to have someone to talk to as you develop your skills.

Give Yourself a Competitive Advantage

Besides making your work-life easier and more satisfying, you will learn skills that few people have. What is going to make you more valuable and more money, another certification or learning how to translate technology into value for your employer? Lots of engineers will go get another cert, but how many will be able to explain to the business why it should spend money on technology or security?

What advice do you have for people learning the business? Leave a comment or chat with me on twitter @true62 to continue the discussion.

Check out my Resources page for online training classes that can help you improve your communication skills. Please let me know if you have sites that you enjoy and want me to add.

What advice would you give to students just entering the IT / Computer Networking / InfoSec field?

As an adjunct instructor at ITT Technical Institute, students often ask me what they can do to get hired or what certifications they should get. Here’s what I tell them:

1. Do what you enjoy doing. Life is too short and this business is too demanding to spend your time working on things that you don’t enjoy.
2. You’ll spend the rest of your career learning. Technology changes too fast and there’s so much to learn. You can’t learn everything, so you’ll eventually need to narrow your focus. See #1
3. Find people who know more than you about your area of interest and learn from them.
4. Certifications in your area of focus help you get the interview, especially if you have little experience. For example, if your focus is networking, an A+ isn’t that interesting to me but a CCNA is.
5. Show me why I want to hire you and why you’ve got more to offer than the other people competing for the job. Have a portfolio to exhibit your work: Visio drawings, scripts, project time lines, statement of work documents, device configurations. Don’t fake this stuff – make sure it’s yours and that you can back it up!
6. Get a lab at home and use it!! You’re new to a field that requires constant learning; I want to know that you are committed and that you know what it takes to learn. You don’t have to spend a lot of money on a lab. Use virtual machines or GNS3 for networking. See the Helpful Resources section below for more ideas.
7. Have a website where you discuss what you are learning, how you are learning it, and how you overcome obstacles. Besides seeing what and how you learn, I can see how well you communicate in writing.
8. Learn Linux. I can’t tell you how many students interested in security tell me that they hate Linux. Almost every security person I know uses Linux or OS X to run their security tools. Limiting yourself to Windows is a mistake in my opinion.
9. Learn to write useful scripts. Scripting multiplies your effectiveness and makes you more valuable.
10. Keep asking questions. Curiosity is one of the best assets an IT / Networking / InfoSec person can have.

I’ve hired scores of people and sat on more interviews than I can count. These are the traits that I look for in people that I hire, but I’d love to hear what advice others in this industry would give. Leave a comment or send me a tweet @true62 so we can continue the discussion. Also, feel free to send me links to sites  to add to the resources list below.

Helpful Resources

Here are some helpful resources that are relatively inexpensive that will help the student or person new to the technology field:

• O’Reilly School of Technology – Instructor lead certificate programs through the University of Illinois. Programs include system administration (including scripting) and web programming. Classes currently $398

“…unique, online, hands-on courses leading to Certificates of Professional Development from the world-famous University of Illinois, OST will help you gain an edge in your career — on your own time, at your own pace. When you have completed our courses, you will not only have a Certificate, but you will also have a portfolio of completed projects to show for your effort.”

• Cisco Networking Academy – take classes at high schools, community colleges, technical colleges, or universities in your area. Cost is typically the same as tuition for a 4-credit course plus lab fee.

“Cisco Networking Academy is a global education program that teaches students how to design, build, troubleshoot, and secure computer networks for increased access to career and economic opportunities in communities around the world.”

• Internetwork Experts – take instructor led or self-paced CCNA bootcamps. Self-paced CCNA bootcamp currently $495.
• GNS3, Dynagen, and Dynamips, – Cisco router emulator software
• Amazon Compute Cloud – setup servers in the cloud without buying hardware
• Security Onion – bootable DVD with software for installing, configuring and testing Intrusion Detection Systems
• Backtrack – Linux pen testing distribution (thanks Steve)
• Penetration Testing and Vulnerability Analysis – Careers

I thought I’d share the GNS3 files that I used to study for my CCNA. This isn’t based off of any lab that I know of, I just made them up. I created a blank Frame Relay network and a blank router network and practiced configuring them for Frame Relay hub and spoke, NAT, DHCP server, RIPv2, single area OSPF, EIGRP, and security.

GNS3 Frame Relay Network

What You Get

These are blank files in that they are connected, have host names, IP addresses and the DLCIs are configured in the Frame Relay network. They’re basically ready to configure for the items listed above. All passwords are cisco. The drawings have the IP and DLCI information on them.

You can download the zipped file here (7 MB). You can unzip them and copy them to your working file such as /Applications/Dynagen/tmp/ or wherever you put your working files. I used 3640 routers, but you can open the config files and modify them for whichever router you use.

You should be able to save the files, start GNS3, and then start the devices and be on your way. For Mac users, here is a link to setup your default terminal to open new tabs for each device.

Strategy

I did it this way to save time setting up practice networks. I used these blanks to get started, and then I’d configure NAT and EIGRP or maybe just NAT and a DHCP server. These were small, quick setups so I wouldn’t save my work after I made changes. If I were to do this for CCNP or CCIE practice, I’d save a blank file like this and save the work using a new file name. Just my thoughts. Let us know if you have a way that works better for you.

Disclaimers

I don’t think it matters, but these were created on a Mac.

I’m just throwing these out there for your use if you want them, and use them at your own risk. I am not including the Cisco IOS, or any warranties of any kind. I am happy to answer any questions you might have on a best effort basis.

Related Posts

• Mac OSX Leopard Terminal & GNS3 / Dynagen
• Certs!? We Don’t Need No Stinkin’ Certs

Despite the debatable value of certifications, I decided to use my two week school break to study and test for my Cisco CCNA certification.  In this article I’ll discuss why technology leaders should consider getting the CCNA (even if you can’t login to any of your equipment), and I’ll share how I prepared for the exam with links to all the tools I used. After reading this, I hope you’ll be motivated to get your CCNA, and you’ll feel confident that you have the tools you need to pass it.

Why Get a CCNA

I’m in management and don’t even have authorization to log into any of the equipment we operate, so why get a CCNA? Believe me, I asked myself this several times over the last few days when I was tired of studying.

The CCNA is not super tough but the time, effort and knowledge required to pass the exam demonstrates a commitment to your profession and to your people. I think your engineers will appreciate it if you put in the time and effort it takes to get the CCNA. They know what it takes, and they’ll respect your commitment if nothing else.

I decided to get it because as the manager of a group of network engineers, I thought I should have at least the associate level certification. If we’re asking our folks to get certified, shouldn’t we have at least a minimum level certification?

Does the CCNA make me any smarter or validate me in some way? Well, I did learn a few things that I didn’t know before, time based ACLs for example. I also gained a real appreciation for the effort required to get the certification. All of us in the tech industry have to learn continually, but there is a difference between self study with no test versus study followed by a $250 test.

How to prepare for the CCNA?

Preparation

I’ll share my preparation for those who are interested in getting their CCNA.

• I read Exam Cram via my Safari Books subscription and reviewed weak areas multiple times.
• Used the iCOD (see video below) and accompanying books to review ICND2 material. I connected the iPod to my Mac Book Pro so I could view it on a bigger screen. The iPod is good for portability, but given a choice I prefer to watch it on my laptop. Contact the folks at CCBOOTCAMP to get one of your own – you’ll even get lab rack time.
• Review modules on The Cisco Learning Center. There is a ton of good, free information on this site.
• Used GNS3 / Dynagen (on my Mac Book Pro) to practice routing, NAT, Frame Relay and DHCP pool configuration. I love this software and highly recommend it to anyone who wants to be a network engineer or even those who are engineers.
• Took practice tests using Self Test Software and Pass For Sure

Are You Ready to Go For It?

What do you think, is it worth it for someone in management to get their CCNA? I’ve listed several tools here to help you; are you willing to get your CCNA?

Do you think it’s  enough or should mangers go for their CCNP, CCDP or <shudder>CCIE</shudder>?

SANS is offering a free preview of 4 of their security courses:

• Vulnerability Scanning with Eric Cole
• Windows Intrusion Detection with Ed Skoudis
• Cyber Forensics with Rob Lee
• Pen Testing Methodology with Ed Skoudis

Here’s the link: http://www.sans.org/ondemand/spring09.php SANS is offering their On Demand courses at a 25% discount too.

These are just a taste of the full courses, but there is a lot of good information here. A bonus for me is these are topics we will cover in my next MSIA seminar at Norwich.

For 10 days, researchers covertly took control of a botnet and watched how it worked and what information it collected. In the process, they learned that, “the malware problem is essentially a cultural problem.” That’s right folks, it’s not a technology problem, it’s people, it’s us.

While they had visibility to the inner workings of the botnet, the researchers watched the botnet obtain login credentials for more than 300,000 accounts. These credentials gave the botnet owners access to bank and credit card accounts, as well as email, chat, and other social accounts.

Basically, they learned what we’ve all known for awhile now:

• People use easy to crack passwords
• People use the same password for multiple accounts
• People don’t understand how vulnerable they are to attack

Does this sound like you? What can you do to avoid becoming a victim?

Passwords

1. Use passwords that are easy to remember but hard to guess.
2. Use passwords that are at least 8 characters long.
3. Use passwords that use a mix of upper and lower case letters, numbers and symbols
4. One way to do this is to use a pass phrase like, “I like to play golf early in the morning” From this phrase you could create a password such as Il2pg3itm by using the first letter of each word and substitute numbers for words like “to” and 3 for the letter “e”. It’s pretty easy right?

Password Managers

You need to use a different password for each account. This can become tough to manage, so you may want to use a password manager to help make this manageable. That means you had better use a very good password for the manager, or all of you passwords are vulnerable. Here are some password managers you may want to check out:

• Sxipper addon to Firefox browser
• KeePass all platforms
• 1Password OS X
• RoboForm Windows

One of the interesting statistics the researchers published is, “almost 40% of the credentials stolen were from browser password managers.” That means if you are using the built-in password manager on Firefox, Safari, or IE, you may want to think again.

Don’t be a victim. Think of securing your computer and data the same way you remember to secure your home or car. Poor passwords are like leaving the key to your house under the welcome mat. Use a strong password, don’t use the same password for all of your accounts, and use a strong master password for your password manager.

Now you have the tools you need to protect yourself. Take the time to make these simple changes now; it is a lot easier than dealing with theft of your money and identity.

If you are interested in learning more, read the article and the report.