Brought To You By Peter Black, CCIE #20896 (Security)
 

 

After over 11 years in the networking & security fields, Peter achieved the mostly highly coveted certification in the technology world - Cisco Certified Internetwork Expert.

In addition to the Security CCIE certification, Peter has combined his experience, training, and drive to achieve several other highly sought after certifications:

  • CCIE #20896
  • CCSP - Cisco Certified Security Professional
  • CCSE - Checkpoint Certified Security Expert
  • CCDP - Cisco Certified Design Professional
  • CCNP - Cisco Certified Network Professional
  • ECSA - EC-Council Certified Security Analyst
  • Q/SA - Qualified Security Analyst
  • CEH - Certified Ethical Hacker
  • Q/EH - Qualified Ethical Hacker
  • LPT - Licensed Penetration Tester
  • Q/PT - Qualified Penetration Tester

According to Peter, the best way to approach a solid, secure infrastructure is to "...Implement multiple layers of security, and use multiple vendor solutions..."  The reasoning behind this thought process is validated by an old saying, "Don't put all of your eggs in one basket."

Therefore, Peter has taken all opportunities afforded him to learn, design, implement, and support many types of products and their various features.  In addition to fine-tuning the products, Peter also does Vulnerability Assessments and Active Penetration Testing to validate a network's security controls and mechanisms, and find any previously unknown weaknesses.

The end result of Peter's experience is his ability to find out what a customer needs, then design and implement an appropriate solution.

Another facet to Peter's success is his constant ongoing training:  "In our business, you can't get complacent and be satisfied with where you're at.  As soon as you get just a little bit relaxed is when you let your guard down, and thus end up suffering network outages, or worse.  There's nothing like getting a call at 4:58 on a Friday afternoon with questions as to why your executive management's salary figures have been emailed to every employee in the company.  This type of 'stuff' tends to roll down hill rather quickly

Training is especially important in the network security realm.  If you look at all of the different vendors, different technologies, different features, and different methodologies currently available today, it's easy to see how someone could pair the wrong solution at the wrong place, at the wrong time.  Training starts with daily upkeep of current events.  There are many online magazines, news stories, and vendor notes that will help keep you updated as to new attacks and new defenses.  (see http://www.slashdot.org or http://www.securityfocus.com  or  http://www.securitynewsportal.com )

Once you've developed a habit of reading security related articles on a near-daily basis, it's time to consider formal classroom training.  With the rate of change in our industry, it's a very good idea to attend at least one training class per quarter (if at all feasible).  There many technologies and training offerings out there.  Even though the variety is vast, finding a good training institution that you can rely on is difficult, at best.  Peter explains:   "During the last 10 years, I've attended more classes, seminars, and conventions than I could possibly list.  It's very difficult for security professionals to consistently arrange for time out of the office for training purposes.  Once you've allotted your time, and adjusted team schedules to afford proper coverage, you need to go through the rigmarole of booking flights, renting cars, reserving hotel rooms.... etc, etc...  The absolute worst thing is to have a class cancelled after you've made all of your arrangements.  The most mind boggling thing to me is the fact that some training institutions just don't care.  So, if you find one you can depend on... stick with them.  One of my favorite places to go is Security University (www.securityuniversity.com)  They've never cancelled a class on me, and they've never let me down."

The value of long-term business relationships.  As a business owner, Peter understands the value of long-term professional relationships.  As a customer, he knows how he should be treated, which translates directly into superior customer service for his clients.  There are a number of companies out there that profess their commitment to service and customer satisfaction.  Unfortunately most don't deliver on their promises.  When Peter is on a project, you can expect 100% effort and be assured of great service, in addition to his expertise in several security areas.  He is well aware of the fact that every $1000 customer should turn into a $100,000 customer over a period of time due to excellent service and support.

Reluctant Public Speaker.  In February 2007, Peter was the guest speaker at Denver's chapter of the ISSA (Information Systems Security Association).  He gave an in depth look at the similarities and differences in Vulnerability Assessments and Penetration Testing.  "I'm not much a public speaker, so I was very nervous about the whole deal.  But, I had committed to it, so it was important that I followed through.  The beginning of the speech was pretty rough, just due to the fact I was almost physically ill from nerves.  After I got into the material, it went much better.  I was pleasantly surprised by the number of questions asked in the Q&A portion, and of the number of people that approached me after the presentation.  More then anything, I learned that clients don't always want what they need, or need what they want.  As a Security Professional, it's my job to educate them as much as possible before they spend time and money on a solution."

You may view the contents of the aforementioned presentation here:  ISSA Presentation

Brutally Honest.  This is how most people describe Peter in his business dealings.  Whether Peter is the customer, or the provider, he's conducts himself professionally, but honestly.  "We're all very busy.  In this business, we don't have a lot of time to waste.  I let my vendors know exactly what I want, how I want it, and when I expect it.  If I'm not sure, I ask.  If I feel projects are not happening like they should, in the proper timeframe, I let them know immediately.  Most of them appreciate that.  It's much easier for me to decide on solutions because I've seen so many successful and failed solutions.  I've dealt with vendors and contractors ranging from the very best in the industry to the folks I wouldn't pay a wooden nickel to.  Customers often don't have the experience or expertise to choose the best solution for their environment.  That's what people like me are for.  Based on these ideas, I know it is all that more important to blend honesty / professionalism / efficiency  and service.  1+1+1+1 will always equal 4"

Solutions done right, the first time.  This is how Peter does business.  Whether he's developing training labs for CCIE candidates, doing a penetration test, or designing a security solution for a client,  Peter knows the value of doing things right the first time.  "Ultimately, it's cheaper for both client and consultant to do it right the first time.  It's known as the ' 7 P's of Business '  :   Prior Proper Planning Prevents Pretty Poor Performance"

Educating the Client.  Peter is more than your every day security professional.  He's a teacher, a mentor, and a trusted advisor.  "You can show most any entry-level network engineer how to configure an interface in a firewall.  The trick is to teach that engineer, or customer, what the firewall does, where it resides in the network, how it defends against attacks, and how to maximize it's usefulness.  That's all part of providing solutions."

30,000 foot view, with a 2 inch zoom.  Peter has an uncanny knack for combining the overall picture with the smallest technical details.  Whether you're re-designing a current network, implementing a new network, or just adding additional security solutions to an existing network, Peter understands the needs for all parties concerned.  From the CEO, to the summer intern, Peter is there to help.  "If a consultant is working on a project, he'd better have a very good grasp on all facets of the environment.  Regardless of whether or not he/she may be interfacing at those levels, they need to understand the different drivers of the decision making process: technical, business, and political.  This will determine WHAT solution is implemented, HOW it's implemented, and WHY it's implemented."

What's next for Peter?

"There are definitely more certifications to pursue in the near future.  The more I do on that end, the more value I present to clients.  I'll probably pursue my Routing & Switching CCIE next year, then maybe the Service Provider CCIE.  Also in the mix:  CISSP (Certified Information Systems Security Professional), some wireless certifications like CWNA & CWSP (Certified Wireless Network Administrator & Security Professional).  The last two certifications I'll probably try to fit into my life somewhere would probably be CISA & CISM (Certified Information Systems Auditor & Certified Information Security Manager).