Today, July 23, marks my final day at Code Fellows. Next week I’ll be joining the Amazon Web Services (AWS) security team in Seattle as a Security Engineer, a marked departure from my recent work in the security training side of the industry. My journey to this place has been a fascinating one, full of twists, turns, and surprises. Here’s the rundown.
I never set out to be a paid, professional computer geek. This whole obsession started out when I was a kid, living in an apartment with my family in North Idaho. I got really into computer games during the golden age of Blizzard and the dawn of the internet. My first computer was a hand-me-down from my big brother, a hideous beige custom tower that would stall occasionally until I kicked it (no joke, that actually worked).
One of my formative security experiences was when I was tinkering with email to better understand how it worked under the hood. One of my friends had shared their email address with me, and just for fun/curiosity’s sake I went to see how easy it would be to trick the provider into letting me in. The hack turned out to be shockingly easy; after asking me “What school did you attend?” and “What city were you born in?” I was allowed full access to all their email account’s inbox. Wow. I couldn’t help but wonder why it was so easy, and I also felt bad for doing something so ethically questionable. I logged out right away and never shared this with anybody, as at the time it felt like a gray area.
Fast forward into my post-college years. After working in retail for a few years, I took a job as a Business Analyst for the local university. My supervisor was a seasoned expert in all things Linux and programming. To this day I remember barging into his office with questions like “How does C work?” and “How do you schedule a task in Linux?” which would have annoyed most managers, but he’d taken me on as an apprentice and started showing me all the basics. He’d explained something about how the C language was like a person stacking a “heap” of dishes in “stack” at a restaurant. The analogy puzzled me, but it was a huge leap forward for me to be able to spend time with someone so knowledgeable.
Shortly thereafter I relocated to Western WA and took a job with a local manufacturer to head up their new initiative to launch an internal IT division. It was a thrill of a role, being tasked with so much responsibility over critical systems. After a while I’d noticed scans on the perimeter firewall from suspicious Russian IPs. I started, of course, blacklisting them one by one. But after a while more perimeter scans would start up again from different parts of the world. After a while it felt like I was at the county fair playing whack-a-mole more than administering IT systems.
I’d also been observing the antics of an email hacker at the time, who was repeatedly infiltrating email accounts belonging to other, much smaller industry businesses in order to send out phishing emails to anyone on the victim’s contact list. This hacker had successfully compromised multiple businesses, and I always knew it was them when I’d see the familiar phishing email come from its victim, who was always a small business employee/owner with light security measures in place. At the time I had so much data on this email hacker/phisher, but being in a private company I had to continue focusing on defending its own resources from threats both internal and external, which were plenty. That got me thinking; I can’t be alone. Are there others in the area doing this kind of thing who I could learn from?
Ever since these experiences I’ve earned my Masters degree, a pile of certifications, and been teaching cybersecurity, whether it be on a CSNP webinar or at my most recent role as a security instructor for the Seattle-based coding boot camp, Code Fellows. I’ve met some truly fascinating people along the way, everything from former government or military security professionals all the way to service industry workers looking to break into security for the first time. Throughout all this I’d grown fascinated by cutting edge tooling like Amazon Macie, which innovatively merged the worlds of machine learning and data security with its own form of data discovery automation. I started wondering, what’s next for the security community? How can we bring the latest technologies like blockchain, machine learning, cloud, and AI to bear in the security context? The possibilities seemed, and continue to feel, endless.
After much deliberation about what direction to take my career, I decided that following this new passion made the most sense. In every role I’ve contributed to building something new, or at least massively improving an existing process. With this new technical career trajectory I hope to do the same and push the security world forward. Thanks for reading!
David