Artwork

Contenu fourni par John White | Nick Korte. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par John White | Nick Korte ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Player FM - Application Podcast
Mettez-vous hors ligne avec l'application Player FM !

Cybersecurity Breadth and the Ampersand between R and D with Duncan Sparrell (1/2)

53:26
 
Partager
 

Manage episode 381481737 series 2398408
Contenu fourni par John White | Nick Korte. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par John White | Nick Korte ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.

Welcome to episode 248 of the Nerd Journey Podcast [@NerdJourney]! We’re John White (@vJourneyman) and Nick Korte (@NetworkNerd_) – two technology professionals with backgrounds in IT Operations and Sales Engineering on a mission to help others accelerate career progression and increase job satisfaction by bringing listeners the advice we wish we’d been given earlier in our careers. In today’s episode we share part 1 of an interview with Duncan Sparrell, detailing how he became a programmer, the innovations he was a part of at Bell / ATT Labs, what it was like to work between research and development, the work he has done on standards, the breadth of the cybersecurity field and possible roles, why we should keep the big picture in mind, and thoughts on helpful meetup groups.

Original Recording Date: 10-02-203

Topics – A Chief Curmudgeon, Technical Origins at Bell Labs, Learning to Program, Meetup Groups and Lesser Known Cybersecurity Roles, Working on Standards, Cybersecurity Perceptions and Moving Up, Connecting to the Big Picture, Sources of Innovation, Life at The Idea Factory

2:15 – A Chief Curmudgeon

  • Duncan Sparrell is Chief Cyber Curmudgeon at sFractal Consulting, a boutique consulting firm for software and cybersecurity that Duncan founded which helps with his personal mission to make the world a safer place.
    • After retiring, Duncan wanted to give back to the community. He does some consulting, a good bit of pro bono work on standards, and also non-profit work in the area of cybersecurity.
    • Duncan really likes fractals and has a tag line about the closer you look the more you see. He also tells us the name fractal was already taken, so he had to put a letter in front of it (in this case “s” which could align to his last name, security & software work, etc.).
    • As for the curmudgeon label, Duncan says he is old and can be one at times, but he also likes to push back. And rather than refer to himself of the CEO of a one person company, Duncan needed to come up with some other title. Chief Curmudgeon is where he landed.

3:50 – Technical Origins at Bell Labs

  • We’re rolling back well into the last century here. Duncan attended Rensselaer Polytechnic Institute (or RPI), which had only 1 computer at the time.
    • When the school’s computer was upgraded Duncan said they had to build a new building for the new one (since computers were quite large at the time and were programmed with punch cards).
    • Duncan did well in school and stayed for a master’s degree. He only took one computer course, and that was in Fortran. Duncan tells us this was the worst grade in a class received over the course of his academic career.
    • Duncan’s masters thesis was focused on programming an arithmetic processing unit (which was the size of a refrigerator) attached to a mini computer. This had to be programmed using assembly language, and Duncan programmed it to do Fast Fourier Transforms (or FFTs), which was how he learned to program.
      • The mini computer project got Duncan interested in programming.
  • Duncan went to work at Bell Labs (or Bell Telephone Laboratories) after being offered a job there, which was the R&D (research and development) arm of the Bell System of companies. John and Duncan refer to this as the “Ma Bell” days.
    • Bell Labs was a high profile employer, and Duncan mentioned the only way people would get in was right out of school.
    • Duncan’s degree is in electrical engineering, and he got involved in hardware design. Duncan designed and programmed and compiled his own assembler for a specialized processor.
    • Bell Labs had recently invented the C programming language. Duncan has a first edition of the book The C Programming Language and even worked with one of the authors (Brian Kernighan).
    • Duncan got involved in programming electronic switching systems for phone networks.
  • At Bell Labs there was R (Research) and there was D (Development). Duncan says most of it was development, and that is where he worked. But there was a research arm where Kernighan and Ritchie (authors of the above book and inventors of the programming language C).
    • Those in the research arm would publish papers much like those in the academic world, and the papers often contained advanced mathematics equations and calculations.
    • At this time (in 1978) word processors did not yet exist. They would write in pencil on sheets of paper and hand it to someone else who would type up what was written. Fancy equations were a real pain and were not something one could type on a typewriter.
    • Researchers wanted to photo type set their own papers and developed troff to help do that (a simpler version of the text formatting program nroff). The team was trying out different operating systems and different languages to do this. C was the one they liked the best after trying A and B, and the team developed a Unix operating system on which to run it. The origin was really about helping them write academic papers. Duncan knows this from a conversation with those who developed the language.
      • John mentions LaTex as something that was used by certain folks to prepare documents instead of troff. But inside Bell Labs it was only troff.
      • Also, this creation of the C language was different than C++. Duncan mentions C++ as a language was invented later by another person at Bell Labs.

8:51 – Learning to Program

  • After not having a great experience learning Fortran, was it harder for Duncan to get excited about doing development / programming work at Bell Labs?
    • No. For Duncan’s master’s thesis he was able to program with a keyboard as opposed to using punch cards. Also, one was a class, and the other was programming sound to be displayed on a screen (which was actually funded by the Navy).
      • Duncan was working to design sonar screens without realizing it until seeing the technology in movies years later.
    • When Duncan was coming out of school and entering the job market, all the job offers except Bell Labs required a security clearance, which he did not want to have to pursue. And interestingly enough he later spent over half his career with high level security clearances in the intelligence and law enforcement communities.
      • “You don’t always go the way you think you’re going.” – Duncan Sparrell
  • John mentions it seemed like Duncan was able to overcome discouragement from the formal learning process.
    • Duncan says this comes into play in both software development and perhaps even moreso in cybersecurity.
    • Software engineering and development is a new field (came into fruition during Duncan’s career), and cybersecurity is even newer (came in more toward the back half of his career). Because these fields are so new and everyone made it there via a different entry point there are different opinions on what a “right” path into the industry is.
      • “Don’t get disheartened if on the path you’re on it doesn’t look like the right one. There’s probably some other ones.” – Duncan Sparrell, on paths into fairly new fields
      • Some people learn by doing, while others like to get into the theory and background (i.e. the academic side). Both of these are valid.
      • Duncan says both fields are likely new enough that you could pave a totally different path which gets you into one of these two fields. There are far more ways to get into either of these fields (software engineering or cybersecurity) than most people realize.
    • Nick mentions the challenge of hiring managers who could look and see someone’s performance on paper being not so great (i.e. results of the academic side) and wonder if providing the person with hands on opportunities would unlock potential.
      • Duncan says it could be the other way also and calls cybersecurity “a practitioner’s field.” There is a real people shortage in the field, and jobs are found often times by knowing someone.
      • Because of the shortage, most companies want people with experience and not beginners. A clear training path may not exist like it could / should.
      • Duncan says schools are getting better about adding training, but in his opinion these programs can be too academic in nature and do not place enough emphasis on practical learning. Learning on your own, however, may be too practically oriented.
      • Things like meetups and the ability to learn from other practitioners are helpful as are activities like capture the flag.
      • “There are certifications, there are academic courses, and there are ‘hey just go do it,’ and all of them are valid.” – Duncan Sparrell on gaining cybersecurity experience

13:21 – Meetup Groups and Lesser Known Cybersecurity Roles

  • What meetup groups should someone consider attending to get into cybersecurity?
    • Duncan would first encourage people wanting to get into cybersecurity to consider what they want to do. Cybersecurity as a field is quite broad.
    • There are a number of reasons one might want to get into cybersecurity. These could be financial, a love of problem solving, or perhaps altruism. For Duncan, the work he has been able to do since retiring makes him feel that he is making the world a safer place. It’s important to note his successful career to the point of retirement provided stability to be able to do the work he does now.
    • Consider also if you might want to get into the policy aspects of cybersecurity, the legal aspects, or be a salesperson as some examples. Duncan feels with cybersecurity being a large industry and growing the way it is many of the opportunities are in sales (which people do not realize).
      • People don’t often think about these “non-traditional” roles as options and feel they should be a hacker or a pen tester.
      • There is nothing wrong with pursuing being a hacker or pen tester, but they are not the only options. Duncan has a tag line of “think evilly, act ethically” and tells us you need both of these. Thinking evilly isn’t really something that comes naturally to most people. People will do the things we think no one would actually do, and therefore the cybersecurity professional needs to worry about it.
      • Duncan emphasizes after working with law enforcement for years…if want to be a hacker you should pursue being a white hat hacker and not a criminal hacker. That means you really need the act ethically portion of Duncan’s tag line.
    • If you’re interested in the legal side of hacking, there is a group in Washington, D.C. called DC Legal Hackers. Duncan tells us this is interesting if you’re coming from the lawyer side or the technical side because it is a place where they both meet.
    • Because cybersecurity is a new field, there are many meetups run by recruiting firms to promote talent development and encourage more people to get into the field. Attending these types of meetups may be a form of interview without you realizing. Attend meetings like these to learn by doing.
    • Duncan is a fan of BSides, which started up beside DEF CON / between Black Hat and DEF CON.
      • Duncan goes to many of these meetups in different cities and feels each one has its own character because they are run by local professionals.
      • Every BSides Duncan has attended has been focused on helping attendees learn.
      • “You learn not only what you want to do but also what you want to NOT do……Learning to go a different direction is important….If I had to give one single most important thing that you should learn about your career…it’s not going to turn out how you expect, and the world is going to change a lot over the course of your career….You have to be prepared to learn. You have to be prepared to change, and if you are, you’ll be successful.” – Duncan Sparrell, on learning from others and your career
      • Duncan started as a hardware engineer and quickly became a software engineer (a field that did not exist when he was in college right before this). And he later became a cybersecurity engineer, which did not exist at the beginning of his career.
      • Only doing one thing means that the thing may at some point no longer continue to exist.
    • Nick mentions it takes time, investment, and effort to investigate both what you do and do not want to do (which is not a sunk cost). At RSA 2023 where Nick met Duncan he remembers being exposed to the law track. Since this was Nick’s first RSA conference, he went to some of these sessions and found them fascinating even though he realized it would not be something he wanted to pursue in his career.
      • Duncan says there is a law side as well as a policy side to these types of conference tracks. There are lawyers who interpret the laws and policy makers who make the laws.
      • Duncan mentions a group he is part of called Hackers on the Hill in Washington, DC which seeks to educate policy makers and assist them. It was founded based on a request that community members provide help to cybersecurity policy makers.
      • “It is much easier to program than it is to write a law that won’t have unintended consequences.” – Duncan Sparrell, on helping policy makers write laws
      • John ponders whether public repositories might solve some transparency issues with laws.
      • Duncan is also involved in cybersecurity standards and is encouraging the groups to use GitHub for document creation. It makes it easier to see who made which change and who approved it. This might be obvious for source code but becomes very important (and less obvious) when you are writing a standard or law.

20:06 – Working on Standards

  • Duncan has done a great deal of work on standards boards. This allowed him to insist that these adopt something like GitHub or some other repository tool for transparency during standards development. Previous to this these groups were not using such tools.
    • GitHub and other tools like it are not that old.
  • Duncan got involved in standards fairly early in his career.
    • He was working on something called ADPCM or adaptive differential pulse-code modulation. At this time there were mostly phone networks with very little data. Any data transfer being done was referred to as voice band data which was transferred over the voice lines.
    • The network was mostly for analog transfer, but the switches were digital. Duncan was involved in the technology that helped with conversion of analogue to digital.
      • Duncan remembers someone who worked for him having to go before the US FCC (Federal Communications Commission) to confirm it was economically feasible to run fiber optic cables between North America and Europe.
      • One of the things that made this fiber link possible was packetizing the voice traffic, and he shares an example of how packet transfer actually works as we recorded the interview.
      • Duncan and others found a way to change PCM or pulse code modulation into ADPCM.
      • Countries on the same continent often had agreed on what to use to communicate, but not all countries of the world really had to agree on a standard until fiber optic cables were run under the ocean.
      • Even with PCM there were 2 different versions, a European version and a North American version. With ADPCM they were trying to come up with one standard. This effort ran through the ITU or International Telecommunications Union (a UN agency), and Duncan still works with this agency 43 years after his first experience with it.
    • Duncan started attending ITU meetings originally because one of his co-workers didn’t like going to Switzerland to attend. Duncan decided to volunteer for the assignment.
      • Standards have never been part of Duncan’s main job or responsibilities but more of a side job. He refers to it as something which became his “extra thing.”
      • Duncan believes the standards are very much needed, and in the latter half of his career all of his efforts have been toward cybersecurity standards.
      • At present Duncan is serving on the board of directors for a standards development organization called Oasis Open. He is serving as the chair of a technical committee for OpenC2 (Open Command and Control).
      • Early in Duncan’s career at ATT they would put out contracts for a lot of cybersecurity gear. Switching from one vendor to another would require a re-write of all applications. OpenC2 seeks to make it easy to transition between vendors and prevent lock in. With many solutions in the cloud today, this is even more needed.
      • Duncan also mentions STIX, which is a way to share threat information. Duncan says the bad guys are better at sharing this information than the good guys are.
      • Another way to get into cybersecurity is through cybersecurity automation (a booming area). We need to be able to defend at machine speed, and standards like STIX that allow companies to share information about threats are things Duncan is passion about.
  • Is there a vetting process one has to go through to participate and contribute to standards like we’ve discussed?
    • Duncan says it depends. He started doing the standards work in 1980 during his days at ATT. In those days ITU was called CCITT and has changed names along the way. It was a UN agency and a big deal for a company like ATT to be involved.
    • “I was writing the contributions for the guy going to Geneva before I got to be the guy going to Geneva.” – Duncan Sparrell
    • Today it’s a lot easier with the ability to have virtual meetings. You don’t always have to go to Geneva to participate. Also it is in general a more open process.
      • Understand that if you plan to go represent your company in a forum like this there is usually a specific process to follow to do that.
      • Not everyone wants to do this kind of work, and companies may encourage people / beg them to volunteer. It’s not usually anyone’s actual job to participate but more something in addition to their regular job (almost like a hobby). This gets you working with other people in your field at other companies and represents a very diverse group of folks with perspectives from which you can learn.
  • Nick posits some of the work Duncan has done with standards is analogous to being an open source maintainer.
    • Duncan says one could argue open source is a form of standards.
    • If you’re just starting out, there are many ways to help with open source projects – open source software development, open source cybersecurity, or open source standards.
    • You’re not going to be asked to make some kind of policy decision that is above your pay grade. Anyone can help test something or make sure a document / explanation is readable. You do not need to be an expert to help.
    • As we spoke about before, you may find something that isn’t for you. It might just mean one specific project or a specific working group or a specific standard isn’t for you.
    • It’s much easier to dip a toe in and try something than when Duncan started his work in these areas (standards and cybersecurity).

27:33 – Cybersecurity Perceptions and Moving Up

  • John says we can pick a field that on the surface seems quite narrow, but that may not be the case at all. Many feel cybersecurity means penetration testing, which we know is a fallacy. It’s sort of like a fractal in that the closer you look the more you see.
  • The encouragement to join a community is a pattern we see from guests. John likes the encouragement to attend meetings of different community groups and see what is being discussed. These could be in-person meetups or even virtual in many cases. It seems like the possibilities are near endless to create a career if you have the interest and passion.
    • “Find what you’re passionate about because again, if it’s fun to do it’s not work….If you’re not enjoying what you do you probably should be looking to do something else.” – Duncan Sparrell
    • Ideally we would make it a personal objective to enjoy what we do (knowing that we cannot enjoy everything 100% of the time).
  • Movies have affected our perception of hackers and what cybersecurity is as a field. Duncan tells us this term is misused. When he learned about it hacker was the good guy and cracker was the bad guy.
    • A hacker was meant to describe someone who likes to tinker with technology / do things on their own. Duncan refers to himself as a hacker since he likes to play with code. But he’s not a bad person or someone trying to cause harm.
    • The perception around hackers is thinking they are more like penetration testers who break into companies and have to know a number of programming languages.
    • Duncan tells us there are many people who work in a SOC or Security Operations Center who respond to cybersecurity threats. He mentions creating the term SOC and building the first SOC for a government project many years ago.
    • There are also threat hunters who chase the base guys as well as people who focus on legal and policy aspects of cybersecurity as well (discussed earlier). And there are many people in cybersecurity sales (playing the role of the seller or the purchaser). Nick suggests there are roles in between like product maangement.
    • “There’s a lot more to it than people realize.” – Duncan Sparrell, on the field of cybersecurity being broader than most people know
    • “The world is a lot messier. And careers don’t tend to be made up of all the exemplar jobs that people think of.” – John White
  • John mentions the path to careers as electricians, plumbers, or engineers may not be clear to someone outside the industry.
    • Duncan says the path to move up the corporate ladder is not always clear.
    • Another element of being in cybersecurity is the business aspect. We spoke about learning that things will change, but there is another (value to the business).
    • “What is the business your organization is in, and what value do you bring to it? Do everything through that lens….If you want to move up the corporate ladder then you have to think bigger picture than your narrow niche.” – Duncan Sparrell, on advice for the cybersecurity professional
      • Whether a corporation or government agency, the above is driving the senior leaders. If you want to continue to focus only on your narrow niche and are happy there you can certainly keep doing that. But Duncan learned to think bigger picture early on.
    • When Duncan went to work for Bell Labs he was required to take a course called “Engineering and Operations in the Bell System” shortly after starting (in summer of 1978). He still has the book on his bookshelf as a reminder of his roots.
      • The course talked about how the telephone company worked and how it was run. Duncan found this very interesting.
      • Of the 1 million employees of the company at the time, around 400,000 were telephone operators. If they could cut one nanosecond off the average operator connect time it would save the company one dollar. That meant cutting a second off that time would save the company one billion dollars.
      • Learning this helped Duncan understand that business matters, what he did mattered to the company, and his work had the potential to impact the business in a positive way to improve those numbers (the numbers being what the senior leaders and shareholders care about).
      • Looking at things through the lens of what an organization wants to accomplish can help us move up in a company in Duncan’s experience. It has also helped people he has mentored progress at a company. Duncan also mentions some of the people he mentored went on to become his boss at various times.

34:03 – Connecting to the Big Picture

  • John mentions there is an unlocking process here. It seemed like the metrics helped Duncan understand the organizational goals at Bell and how an improvement to current processes could make an impact to the organization as a whole. Should companies share operational processes in this way with incoming employees and how improving these process can lead to big organizational improvements?
    • Duncan happens to be big into innovation and tells us that innovation has some aspects to it which people do not realize.
    • “You can’t be innovative if you’re not looking at the bigger picture.” – Duncan Sparrell
    • You can be innovative in a small area to tune a process, but true, disruptive innovation (what Duncan calls being 10X innovative) requires understanding the bigger picture. Too many people may be focused only on their specific area and in a way hold themselves back from making a wider impact.
    • Duncan speaks to his introversion and that he gets energy from being by himself (i.e. working on some type of coding project perhaps). Interacting with others takes energy away from him. His wife, on the other hand, is an extrovert.
      • Duncan feels many people in the fields he’s worked in are introverts, and he stresses the importance of stepping out of your comfort zone to attend a meetup, for example.
      • “I do because I recognize the long-term value to get over the short-term anxiety of walking into a room full of people that I don’t know.” – Duncan Sparrell, on going to meetups and getting out of his comfort zone / seeing the bigger picture
      • Duncan also mentions the high anxiety he had at a high school reunion despite knowing the people he would see there.
      • Duncan sort of forces himself to do these social type things because he knows it pays off in the end.
      • “You have go out of your comfort zone a little bit. If you stay in your comfort zone you’re going to keep doing what you were doing.” – Duncan Sparrell
    • Maybe the comfort zone idea applies to learning about things that on the surface do not seem extremely interesting, but these things could become part of your range of expertise.
      • Learning about something which ends up not being very interesting can help you learn where to place your focus. You at least understand that something may not be for you and can seek out something more interesting.
      • Duncan recounts his time as a systems engineer and emphasizes the importance of being mindful of things that are requirements as well as those things which are not requirements.

37:35 – Sources of Innovation

  • John suggests sometimes innovation comes from those with operational experience in a different field. He cites watching a PBS series called Connections, which posits real innovation comes from collisions of people doing different work and working together to solve problems (like punch cards coming from the industrial loom industry).
  • Does this kind of thing still happen in highly specialized industries, or might we be losing it today?
    • Duncan says the world is more interconnected now and more possibilities to have what he calls “mash ups.” A mash up is taking two disparate things that get put together to form something new (like the Reese’s Peanut Butter Cup). These come from people with different perspectives looking to solve problems and can happen in technology often.
    • Innovation could also happen in a way that seems small.
      • Duncan recounts the story of his first patent. He was asked his opinion on a problem some engineers were working on, and after giving an answer, they encouraged him to patent the idea. Duncan says this ended up becoming a pretty fundamental patent on which an entire product line was based.
      • “It can be as simple as you just had the right idea because you saw the problem a different way than they saw it and no one else had seen it that way before….Everyone’s perspective is unique. People can be more innovative I think than they realize they can be.” – Duncan Sparrell, on innovation
      • We can be more innovative if we are able to look at things in the bigger picture of what we’re trying to accomplish. Bringing a broad range of experience to something could enable seeing connections no one has previously seen.
  • In response to John’s question above, Nick suggests placing introverts in a new area might not make them feel comfortable enough to suggest a new idea.
    • Duncan feels like this is less to do with introvert / extrovert and is really just change management / how people respond to change.
    • In that light, being in an environment where you are not comfortable means you are less likely to speak out.
    • Duncan tells us there are no dumb questions and that we have to speak up. We can always word something as a question in a group setting.
    • Duncan considers all meetings for him. If he was asked to attend a meeting, Duncan feels he should be contributing to the discussion and ask questions if he doesn’t understand something.
    • Duncan has also had a lot of DEI (Diversity, Equity, and Inclusion) training, which has helped him understand not all individuals are at ease when it comes to speaking up but would still encourage them to strive to speak up and seek to understand the larger business problem at hand.

41:58 – Life at The Idea Factory

  • John read The Idea Factory written about Bell Labs. One idea mentioned in the book was collisions of people working on diverse things (either by design or by accident) may have contributed to the innovations. Was there any truth to this?

    • Duncan thinks there is some truth to it. The company would rearrange people occasionally (move people or entire groups) to possibly keep the from getting stuck in a rut.
    • Duncan was with Bell Labs or some derivative of it for his entire career, but during this time the industry changed quite a bit.
      • For example, the system was broken up after operating as a regulated monopoly for some time.
      • “It was a regulated monopoly in an area where technology was causing the cost to decrease continually. We could basically afford to reduce the phone rates every year and still have a certain amount of money that went into the rate base for this to basically fund The Idea Factory.” – Duncan Sparrell, speaking of Bell Labs and its funding of the idea factory
    • Duncan refers to the Bell Labs during the time he joined (around 1978) as very egalitarian. This was the year Arno Penzias was one of the winners of the Nobel Prize in Physics.
      • Duncan remembers being behind Arno in the lunch line one day (who had the same title Duncan had at the time).
      • Duncan also later got to be on a task force with Brian Kernighan, one of the creators of the C programming language.
      • There were 25,000 employees at Bell Labs, and it felt really cool to run into people like Penzias and Kernighan occasionally.
    • Later in Duncan’s career he ran the organization they called the ampersand of R & D. This was after ATT Labs came to be.
      • Bell Telephone Laboratories morphed into ATT Bell Labs which then split into Bell Labs and ATT Labs. Duncan stayed with the labs organization but ended up in the ATT portion.
      • Within ATT Labs there was a research organization with a number of great ideas. But there was a gap between research and development which was the catalyst for creating the organization called the ampersand (which Duncan led), and its purpose was to help research teams make things develops can accept and start faster.
      • During this time Duncan got to see across the research organization and understand the projects that had the most commercial potential which could be brought over into the development arm.
        • This included things like text-to-speech, voice recognition, and early AI (Artificial Intelligence).
        • Duncan had been doing a lot of government facing work around network security and was able to bring some of it to the commercial side of ATT because of the ampersand role.
    • “I do think they did a lot of things right in that area, but I think it’s because they could afford to. Nowadays businesses are much more ‘this quarter’ oriented. It’s not a regulated monopoly any longer, so they don’t sort of have the cash set aside to do that. I think the world is suffering some for it. I think we could use Bell Labs again.” – Duncan Sparrell on The Idea Factory at Bell Labs
  • To follow up with Duncan on this discussion, you can find him…

  • Mentioned in the outro

    • We’ve talked to at least 4 people (including Duncan) with some measure of cybersecurity experience now, and each of their paths was slightly different.
    • Donovan Farrow now owns a cybersecurity consulting firm.
      • Episode 133 – Forensics and the Boredom of Peacetime with Donovan Farrow (1/2)
      • Episode 134 – Pass down Your Legacy with Donovan Farrow (2/2)
    • Bill Kindle was a systems administrator who took that experience and applied to security engineering.
      • Episode 180 – Hired on the Spot with Bill Kindle (1/3)
      • Episode 181 – Crossing the Burnout Fault Line with Bill Kindle (2/3)
      • Episode 182 – Security from the System Administrator’s Lens with Bill Kindle (3/3)
    • Kenneth Ellington got into cybersecurity and has founded Ellington Cyber Academy, a place that can help others looking to break into the industry.
      • Episode 239 – Introduced to Cybersecurity with Kenneth Ellington (1/2)
      • Episode 240 – Nurturing Cybersecurity Talent Development with Kenneth Ellington (2/2)
    • Remember how broad cybersecurity is!
      • It includes tracks like law and policy. People need cybersecurity expertise in these fields.
      • Duncan also mentions cybersecurity automation, which is a potential path for people who may already be doing automation today.
    • Duncan mentioned contributing to standards development and how it is often in addition to your normal job.
      • Open C2 (mentioned earlier) has its own GitHub page to which you can contribute. Contributing can broaden your skills through exposure to the standards development process and the field in which it is focused as well as get you some experience using GitHub (even if all you did was contribute to documentation). This builds more than one skill at once.
    • We don’t always know what our progression path could be from where we are. Some of this insight can be had at community meetups by having discussions with people.
    • Understanding the big picture or greater context might lead us to a more innovative idea.

Contact us if you need help on the journey.

  continue reading

353 episodes

Artwork
iconPartager
 
Manage episode 381481737 series 2398408
Contenu fourni par John White | Nick Korte. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par John White | Nick Korte ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.

Welcome to episode 248 of the Nerd Journey Podcast [@NerdJourney]! We’re John White (@vJourneyman) and Nick Korte (@NetworkNerd_) – two technology professionals with backgrounds in IT Operations and Sales Engineering on a mission to help others accelerate career progression and increase job satisfaction by bringing listeners the advice we wish we’d been given earlier in our careers. In today’s episode we share part 1 of an interview with Duncan Sparrell, detailing how he became a programmer, the innovations he was a part of at Bell / ATT Labs, what it was like to work between research and development, the work he has done on standards, the breadth of the cybersecurity field and possible roles, why we should keep the big picture in mind, and thoughts on helpful meetup groups.

Original Recording Date: 10-02-203

Topics – A Chief Curmudgeon, Technical Origins at Bell Labs, Learning to Program, Meetup Groups and Lesser Known Cybersecurity Roles, Working on Standards, Cybersecurity Perceptions and Moving Up, Connecting to the Big Picture, Sources of Innovation, Life at The Idea Factory

2:15 – A Chief Curmudgeon

  • Duncan Sparrell is Chief Cyber Curmudgeon at sFractal Consulting, a boutique consulting firm for software and cybersecurity that Duncan founded which helps with his personal mission to make the world a safer place.
    • After retiring, Duncan wanted to give back to the community. He does some consulting, a good bit of pro bono work on standards, and also non-profit work in the area of cybersecurity.
    • Duncan really likes fractals and has a tag line about the closer you look the more you see. He also tells us the name fractal was already taken, so he had to put a letter in front of it (in this case “s” which could align to his last name, security & software work, etc.).
    • As for the curmudgeon label, Duncan says he is old and can be one at times, but he also likes to push back. And rather than refer to himself of the CEO of a one person company, Duncan needed to come up with some other title. Chief Curmudgeon is where he landed.

3:50 – Technical Origins at Bell Labs

  • We’re rolling back well into the last century here. Duncan attended Rensselaer Polytechnic Institute (or RPI), which had only 1 computer at the time.
    • When the school’s computer was upgraded Duncan said they had to build a new building for the new one (since computers were quite large at the time and were programmed with punch cards).
    • Duncan did well in school and stayed for a master’s degree. He only took one computer course, and that was in Fortran. Duncan tells us this was the worst grade in a class received over the course of his academic career.
    • Duncan’s masters thesis was focused on programming an arithmetic processing unit (which was the size of a refrigerator) attached to a mini computer. This had to be programmed using assembly language, and Duncan programmed it to do Fast Fourier Transforms (or FFTs), which was how he learned to program.
      • The mini computer project got Duncan interested in programming.
  • Duncan went to work at Bell Labs (or Bell Telephone Laboratories) after being offered a job there, which was the R&D (research and development) arm of the Bell System of companies. John and Duncan refer to this as the “Ma Bell” days.
    • Bell Labs was a high profile employer, and Duncan mentioned the only way people would get in was right out of school.
    • Duncan’s degree is in electrical engineering, and he got involved in hardware design. Duncan designed and programmed and compiled his own assembler for a specialized processor.
    • Bell Labs had recently invented the C programming language. Duncan has a first edition of the book The C Programming Language and even worked with one of the authors (Brian Kernighan).
    • Duncan got involved in programming electronic switching systems for phone networks.
  • At Bell Labs there was R (Research) and there was D (Development). Duncan says most of it was development, and that is where he worked. But there was a research arm where Kernighan and Ritchie (authors of the above book and inventors of the programming language C).
    • Those in the research arm would publish papers much like those in the academic world, and the papers often contained advanced mathematics equations and calculations.
    • At this time (in 1978) word processors did not yet exist. They would write in pencil on sheets of paper and hand it to someone else who would type up what was written. Fancy equations were a real pain and were not something one could type on a typewriter.
    • Researchers wanted to photo type set their own papers and developed troff to help do that (a simpler version of the text formatting program nroff). The team was trying out different operating systems and different languages to do this. C was the one they liked the best after trying A and B, and the team developed a Unix operating system on which to run it. The origin was really about helping them write academic papers. Duncan knows this from a conversation with those who developed the language.
      • John mentions LaTex as something that was used by certain folks to prepare documents instead of troff. But inside Bell Labs it was only troff.
      • Also, this creation of the C language was different than C++. Duncan mentions C++ as a language was invented later by another person at Bell Labs.

8:51 – Learning to Program

  • After not having a great experience learning Fortran, was it harder for Duncan to get excited about doing development / programming work at Bell Labs?
    • No. For Duncan’s master’s thesis he was able to program with a keyboard as opposed to using punch cards. Also, one was a class, and the other was programming sound to be displayed on a screen (which was actually funded by the Navy).
      • Duncan was working to design sonar screens without realizing it until seeing the technology in movies years later.
    • When Duncan was coming out of school and entering the job market, all the job offers except Bell Labs required a security clearance, which he did not want to have to pursue. And interestingly enough he later spent over half his career with high level security clearances in the intelligence and law enforcement communities.
      • “You don’t always go the way you think you’re going.” – Duncan Sparrell
  • John mentions it seemed like Duncan was able to overcome discouragement from the formal learning process.
    • Duncan says this comes into play in both software development and perhaps even moreso in cybersecurity.
    • Software engineering and development is a new field (came into fruition during Duncan’s career), and cybersecurity is even newer (came in more toward the back half of his career). Because these fields are so new and everyone made it there via a different entry point there are different opinions on what a “right” path into the industry is.
      • “Don’t get disheartened if on the path you’re on it doesn’t look like the right one. There’s probably some other ones.” – Duncan Sparrell, on paths into fairly new fields
      • Some people learn by doing, while others like to get into the theory and background (i.e. the academic side). Both of these are valid.
      • Duncan says both fields are likely new enough that you could pave a totally different path which gets you into one of these two fields. There are far more ways to get into either of these fields (software engineering or cybersecurity) than most people realize.
    • Nick mentions the challenge of hiring managers who could look and see someone’s performance on paper being not so great (i.e. results of the academic side) and wonder if providing the person with hands on opportunities would unlock potential.
      • Duncan says it could be the other way also and calls cybersecurity “a practitioner’s field.” There is a real people shortage in the field, and jobs are found often times by knowing someone.
      • Because of the shortage, most companies want people with experience and not beginners. A clear training path may not exist like it could / should.
      • Duncan says schools are getting better about adding training, but in his opinion these programs can be too academic in nature and do not place enough emphasis on practical learning. Learning on your own, however, may be too practically oriented.
      • Things like meetups and the ability to learn from other practitioners are helpful as are activities like capture the flag.
      • “There are certifications, there are academic courses, and there are ‘hey just go do it,’ and all of them are valid.” – Duncan Sparrell on gaining cybersecurity experience

13:21 – Meetup Groups and Lesser Known Cybersecurity Roles

  • What meetup groups should someone consider attending to get into cybersecurity?
    • Duncan would first encourage people wanting to get into cybersecurity to consider what they want to do. Cybersecurity as a field is quite broad.
    • There are a number of reasons one might want to get into cybersecurity. These could be financial, a love of problem solving, or perhaps altruism. For Duncan, the work he has been able to do since retiring makes him feel that he is making the world a safer place. It’s important to note his successful career to the point of retirement provided stability to be able to do the work he does now.
    • Consider also if you might want to get into the policy aspects of cybersecurity, the legal aspects, or be a salesperson as some examples. Duncan feels with cybersecurity being a large industry and growing the way it is many of the opportunities are in sales (which people do not realize).
      • People don’t often think about these “non-traditional” roles as options and feel they should be a hacker or a pen tester.
      • There is nothing wrong with pursuing being a hacker or pen tester, but they are not the only options. Duncan has a tag line of “think evilly, act ethically” and tells us you need both of these. Thinking evilly isn’t really something that comes naturally to most people. People will do the things we think no one would actually do, and therefore the cybersecurity professional needs to worry about it.
      • Duncan emphasizes after working with law enforcement for years…if want to be a hacker you should pursue being a white hat hacker and not a criminal hacker. That means you really need the act ethically portion of Duncan’s tag line.
    • If you’re interested in the legal side of hacking, there is a group in Washington, D.C. called DC Legal Hackers. Duncan tells us this is interesting if you’re coming from the lawyer side or the technical side because it is a place where they both meet.
    • Because cybersecurity is a new field, there are many meetups run by recruiting firms to promote talent development and encourage more people to get into the field. Attending these types of meetups may be a form of interview without you realizing. Attend meetings like these to learn by doing.
    • Duncan is a fan of BSides, which started up beside DEF CON / between Black Hat and DEF CON.
      • Duncan goes to many of these meetups in different cities and feels each one has its own character because they are run by local professionals.
      • Every BSides Duncan has attended has been focused on helping attendees learn.
      • “You learn not only what you want to do but also what you want to NOT do……Learning to go a different direction is important….If I had to give one single most important thing that you should learn about your career…it’s not going to turn out how you expect, and the world is going to change a lot over the course of your career….You have to be prepared to learn. You have to be prepared to change, and if you are, you’ll be successful.” – Duncan Sparrell, on learning from others and your career
      • Duncan started as a hardware engineer and quickly became a software engineer (a field that did not exist when he was in college right before this). And he later became a cybersecurity engineer, which did not exist at the beginning of his career.
      • Only doing one thing means that the thing may at some point no longer continue to exist.
    • Nick mentions it takes time, investment, and effort to investigate both what you do and do not want to do (which is not a sunk cost). At RSA 2023 where Nick met Duncan he remembers being exposed to the law track. Since this was Nick’s first RSA conference, he went to some of these sessions and found them fascinating even though he realized it would not be something he wanted to pursue in his career.
      • Duncan says there is a law side as well as a policy side to these types of conference tracks. There are lawyers who interpret the laws and policy makers who make the laws.
      • Duncan mentions a group he is part of called Hackers on the Hill in Washington, DC which seeks to educate policy makers and assist them. It was founded based on a request that community members provide help to cybersecurity policy makers.
      • “It is much easier to program than it is to write a law that won’t have unintended consequences.” – Duncan Sparrell, on helping policy makers write laws
      • John ponders whether public repositories might solve some transparency issues with laws.
      • Duncan is also involved in cybersecurity standards and is encouraging the groups to use GitHub for document creation. It makes it easier to see who made which change and who approved it. This might be obvious for source code but becomes very important (and less obvious) when you are writing a standard or law.

20:06 – Working on Standards

  • Duncan has done a great deal of work on standards boards. This allowed him to insist that these adopt something like GitHub or some other repository tool for transparency during standards development. Previous to this these groups were not using such tools.
    • GitHub and other tools like it are not that old.
  • Duncan got involved in standards fairly early in his career.
    • He was working on something called ADPCM or adaptive differential pulse-code modulation. At this time there were mostly phone networks with very little data. Any data transfer being done was referred to as voice band data which was transferred over the voice lines.
    • The network was mostly for analog transfer, but the switches were digital. Duncan was involved in the technology that helped with conversion of analogue to digital.
      • Duncan remembers someone who worked for him having to go before the US FCC (Federal Communications Commission) to confirm it was economically feasible to run fiber optic cables between North America and Europe.
      • One of the things that made this fiber link possible was packetizing the voice traffic, and he shares an example of how packet transfer actually works as we recorded the interview.
      • Duncan and others found a way to change PCM or pulse code modulation into ADPCM.
      • Countries on the same continent often had agreed on what to use to communicate, but not all countries of the world really had to agree on a standard until fiber optic cables were run under the ocean.
      • Even with PCM there were 2 different versions, a European version and a North American version. With ADPCM they were trying to come up with one standard. This effort ran through the ITU or International Telecommunications Union (a UN agency), and Duncan still works with this agency 43 years after his first experience with it.
    • Duncan started attending ITU meetings originally because one of his co-workers didn’t like going to Switzerland to attend. Duncan decided to volunteer for the assignment.
      • Standards have never been part of Duncan’s main job or responsibilities but more of a side job. He refers to it as something which became his “extra thing.”
      • Duncan believes the standards are very much needed, and in the latter half of his career all of his efforts have been toward cybersecurity standards.
      • At present Duncan is serving on the board of directors for a standards development organization called Oasis Open. He is serving as the chair of a technical committee for OpenC2 (Open Command and Control).
      • Early in Duncan’s career at ATT they would put out contracts for a lot of cybersecurity gear. Switching from one vendor to another would require a re-write of all applications. OpenC2 seeks to make it easy to transition between vendors and prevent lock in. With many solutions in the cloud today, this is even more needed.
      • Duncan also mentions STIX, which is a way to share threat information. Duncan says the bad guys are better at sharing this information than the good guys are.
      • Another way to get into cybersecurity is through cybersecurity automation (a booming area). We need to be able to defend at machine speed, and standards like STIX that allow companies to share information about threats are things Duncan is passion about.
  • Is there a vetting process one has to go through to participate and contribute to standards like we’ve discussed?
    • Duncan says it depends. He started doing the standards work in 1980 during his days at ATT. In those days ITU was called CCITT and has changed names along the way. It was a UN agency and a big deal for a company like ATT to be involved.
    • “I was writing the contributions for the guy going to Geneva before I got to be the guy going to Geneva.” – Duncan Sparrell
    • Today it’s a lot easier with the ability to have virtual meetings. You don’t always have to go to Geneva to participate. Also it is in general a more open process.
      • Understand that if you plan to go represent your company in a forum like this there is usually a specific process to follow to do that.
      • Not everyone wants to do this kind of work, and companies may encourage people / beg them to volunteer. It’s not usually anyone’s actual job to participate but more something in addition to their regular job (almost like a hobby). This gets you working with other people in your field at other companies and represents a very diverse group of folks with perspectives from which you can learn.
  • Nick posits some of the work Duncan has done with standards is analogous to being an open source maintainer.
    • Duncan says one could argue open source is a form of standards.
    • If you’re just starting out, there are many ways to help with open source projects – open source software development, open source cybersecurity, or open source standards.
    • You’re not going to be asked to make some kind of policy decision that is above your pay grade. Anyone can help test something or make sure a document / explanation is readable. You do not need to be an expert to help.
    • As we spoke about before, you may find something that isn’t for you. It might just mean one specific project or a specific working group or a specific standard isn’t for you.
    • It’s much easier to dip a toe in and try something than when Duncan started his work in these areas (standards and cybersecurity).

27:33 – Cybersecurity Perceptions and Moving Up

  • John says we can pick a field that on the surface seems quite narrow, but that may not be the case at all. Many feel cybersecurity means penetration testing, which we know is a fallacy. It’s sort of like a fractal in that the closer you look the more you see.
  • The encouragement to join a community is a pattern we see from guests. John likes the encouragement to attend meetings of different community groups and see what is being discussed. These could be in-person meetups or even virtual in many cases. It seems like the possibilities are near endless to create a career if you have the interest and passion.
    • “Find what you’re passionate about because again, if it’s fun to do it’s not work….If you’re not enjoying what you do you probably should be looking to do something else.” – Duncan Sparrell
    • Ideally we would make it a personal objective to enjoy what we do (knowing that we cannot enjoy everything 100% of the time).
  • Movies have affected our perception of hackers and what cybersecurity is as a field. Duncan tells us this term is misused. When he learned about it hacker was the good guy and cracker was the bad guy.
    • A hacker was meant to describe someone who likes to tinker with technology / do things on their own. Duncan refers to himself as a hacker since he likes to play with code. But he’s not a bad person or someone trying to cause harm.
    • The perception around hackers is thinking they are more like penetration testers who break into companies and have to know a number of programming languages.
    • Duncan tells us there are many people who work in a SOC or Security Operations Center who respond to cybersecurity threats. He mentions creating the term SOC and building the first SOC for a government project many years ago.
    • There are also threat hunters who chase the base guys as well as people who focus on legal and policy aspects of cybersecurity as well (discussed earlier). And there are many people in cybersecurity sales (playing the role of the seller or the purchaser). Nick suggests there are roles in between like product maangement.
    • “There’s a lot more to it than people realize.” – Duncan Sparrell, on the field of cybersecurity being broader than most people know
    • “The world is a lot messier. And careers don’t tend to be made up of all the exemplar jobs that people think of.” – John White
  • John mentions the path to careers as electricians, plumbers, or engineers may not be clear to someone outside the industry.
    • Duncan says the path to move up the corporate ladder is not always clear.
    • Another element of being in cybersecurity is the business aspect. We spoke about learning that things will change, but there is another (value to the business).
    • “What is the business your organization is in, and what value do you bring to it? Do everything through that lens….If you want to move up the corporate ladder then you have to think bigger picture than your narrow niche.” – Duncan Sparrell, on advice for the cybersecurity professional
      • Whether a corporation or government agency, the above is driving the senior leaders. If you want to continue to focus only on your narrow niche and are happy there you can certainly keep doing that. But Duncan learned to think bigger picture early on.
    • When Duncan went to work for Bell Labs he was required to take a course called “Engineering and Operations in the Bell System” shortly after starting (in summer of 1978). He still has the book on his bookshelf as a reminder of his roots.
      • The course talked about how the telephone company worked and how it was run. Duncan found this very interesting.
      • Of the 1 million employees of the company at the time, around 400,000 were telephone operators. If they could cut one nanosecond off the average operator connect time it would save the company one dollar. That meant cutting a second off that time would save the company one billion dollars.
      • Learning this helped Duncan understand that business matters, what he did mattered to the company, and his work had the potential to impact the business in a positive way to improve those numbers (the numbers being what the senior leaders and shareholders care about).
      • Looking at things through the lens of what an organization wants to accomplish can help us move up in a company in Duncan’s experience. It has also helped people he has mentored progress at a company. Duncan also mentions some of the people he mentored went on to become his boss at various times.

34:03 – Connecting to the Big Picture

  • John mentions there is an unlocking process here. It seemed like the metrics helped Duncan understand the organizational goals at Bell and how an improvement to current processes could make an impact to the organization as a whole. Should companies share operational processes in this way with incoming employees and how improving these process can lead to big organizational improvements?
    • Duncan happens to be big into innovation and tells us that innovation has some aspects to it which people do not realize.
    • “You can’t be innovative if you’re not looking at the bigger picture.” – Duncan Sparrell
    • You can be innovative in a small area to tune a process, but true, disruptive innovation (what Duncan calls being 10X innovative) requires understanding the bigger picture. Too many people may be focused only on their specific area and in a way hold themselves back from making a wider impact.
    • Duncan speaks to his introversion and that he gets energy from being by himself (i.e. working on some type of coding project perhaps). Interacting with others takes energy away from him. His wife, on the other hand, is an extrovert.
      • Duncan feels many people in the fields he’s worked in are introverts, and he stresses the importance of stepping out of your comfort zone to attend a meetup, for example.
      • “I do because I recognize the long-term value to get over the short-term anxiety of walking into a room full of people that I don’t know.” – Duncan Sparrell, on going to meetups and getting out of his comfort zone / seeing the bigger picture
      • Duncan also mentions the high anxiety he had at a high school reunion despite knowing the people he would see there.
      • Duncan sort of forces himself to do these social type things because he knows it pays off in the end.
      • “You have go out of your comfort zone a little bit. If you stay in your comfort zone you’re going to keep doing what you were doing.” – Duncan Sparrell
    • Maybe the comfort zone idea applies to learning about things that on the surface do not seem extremely interesting, but these things could become part of your range of expertise.
      • Learning about something which ends up not being very interesting can help you learn where to place your focus. You at least understand that something may not be for you and can seek out something more interesting.
      • Duncan recounts his time as a systems engineer and emphasizes the importance of being mindful of things that are requirements as well as those things which are not requirements.

37:35 – Sources of Innovation

  • John suggests sometimes innovation comes from those with operational experience in a different field. He cites watching a PBS series called Connections, which posits real innovation comes from collisions of people doing different work and working together to solve problems (like punch cards coming from the industrial loom industry).
  • Does this kind of thing still happen in highly specialized industries, or might we be losing it today?
    • Duncan says the world is more interconnected now and more possibilities to have what he calls “mash ups.” A mash up is taking two disparate things that get put together to form something new (like the Reese’s Peanut Butter Cup). These come from people with different perspectives looking to solve problems and can happen in technology often.
    • Innovation could also happen in a way that seems small.
      • Duncan recounts the story of his first patent. He was asked his opinion on a problem some engineers were working on, and after giving an answer, they encouraged him to patent the idea. Duncan says this ended up becoming a pretty fundamental patent on which an entire product line was based.
      • “It can be as simple as you just had the right idea because you saw the problem a different way than they saw it and no one else had seen it that way before….Everyone’s perspective is unique. People can be more innovative I think than they realize they can be.” – Duncan Sparrell, on innovation
      • We can be more innovative if we are able to look at things in the bigger picture of what we’re trying to accomplish. Bringing a broad range of experience to something could enable seeing connections no one has previously seen.
  • In response to John’s question above, Nick suggests placing introverts in a new area might not make them feel comfortable enough to suggest a new idea.
    • Duncan feels like this is less to do with introvert / extrovert and is really just change management / how people respond to change.
    • In that light, being in an environment where you are not comfortable means you are less likely to speak out.
    • Duncan tells us there are no dumb questions and that we have to speak up. We can always word something as a question in a group setting.
    • Duncan considers all meetings for him. If he was asked to attend a meeting, Duncan feels he should be contributing to the discussion and ask questions if he doesn’t understand something.
    • Duncan has also had a lot of DEI (Diversity, Equity, and Inclusion) training, which has helped him understand not all individuals are at ease when it comes to speaking up but would still encourage them to strive to speak up and seek to understand the larger business problem at hand.

41:58 – Life at The Idea Factory

  • John read The Idea Factory written about Bell Labs. One idea mentioned in the book was collisions of people working on diverse things (either by design or by accident) may have contributed to the innovations. Was there any truth to this?

    • Duncan thinks there is some truth to it. The company would rearrange people occasionally (move people or entire groups) to possibly keep the from getting stuck in a rut.
    • Duncan was with Bell Labs or some derivative of it for his entire career, but during this time the industry changed quite a bit.
      • For example, the system was broken up after operating as a regulated monopoly for some time.
      • “It was a regulated monopoly in an area where technology was causing the cost to decrease continually. We could basically afford to reduce the phone rates every year and still have a certain amount of money that went into the rate base for this to basically fund The Idea Factory.” – Duncan Sparrell, speaking of Bell Labs and its funding of the idea factory
    • Duncan refers to the Bell Labs during the time he joined (around 1978) as very egalitarian. This was the year Arno Penzias was one of the winners of the Nobel Prize in Physics.
      • Duncan remembers being behind Arno in the lunch line one day (who had the same title Duncan had at the time).
      • Duncan also later got to be on a task force with Brian Kernighan, one of the creators of the C programming language.
      • There were 25,000 employees at Bell Labs, and it felt really cool to run into people like Penzias and Kernighan occasionally.
    • Later in Duncan’s career he ran the organization they called the ampersand of R & D. This was after ATT Labs came to be.
      • Bell Telephone Laboratories morphed into ATT Bell Labs which then split into Bell Labs and ATT Labs. Duncan stayed with the labs organization but ended up in the ATT portion.
      • Within ATT Labs there was a research organization with a number of great ideas. But there was a gap between research and development which was the catalyst for creating the organization called the ampersand (which Duncan led), and its purpose was to help research teams make things develops can accept and start faster.
      • During this time Duncan got to see across the research organization and understand the projects that had the most commercial potential which could be brought over into the development arm.
        • This included things like text-to-speech, voice recognition, and early AI (Artificial Intelligence).
        • Duncan had been doing a lot of government facing work around network security and was able to bring some of it to the commercial side of ATT because of the ampersand role.
    • “I do think they did a lot of things right in that area, but I think it’s because they could afford to. Nowadays businesses are much more ‘this quarter’ oriented. It’s not a regulated monopoly any longer, so they don’t sort of have the cash set aside to do that. I think the world is suffering some for it. I think we could use Bell Labs again.” – Duncan Sparrell on The Idea Factory at Bell Labs
  • To follow up with Duncan on this discussion, you can find him…

  • Mentioned in the outro

    • We’ve talked to at least 4 people (including Duncan) with some measure of cybersecurity experience now, and each of their paths was slightly different.
    • Donovan Farrow now owns a cybersecurity consulting firm.
      • Episode 133 – Forensics and the Boredom of Peacetime with Donovan Farrow (1/2)
      • Episode 134 – Pass down Your Legacy with Donovan Farrow (2/2)
    • Bill Kindle was a systems administrator who took that experience and applied to security engineering.
      • Episode 180 – Hired on the Spot with Bill Kindle (1/3)
      • Episode 181 – Crossing the Burnout Fault Line with Bill Kindle (2/3)
      • Episode 182 – Security from the System Administrator’s Lens with Bill Kindle (3/3)
    • Kenneth Ellington got into cybersecurity and has founded Ellington Cyber Academy, a place that can help others looking to break into the industry.
      • Episode 239 – Introduced to Cybersecurity with Kenneth Ellington (1/2)
      • Episode 240 – Nurturing Cybersecurity Talent Development with Kenneth Ellington (2/2)
    • Remember how broad cybersecurity is!
      • It includes tracks like law and policy. People need cybersecurity expertise in these fields.
      • Duncan also mentions cybersecurity automation, which is a potential path for people who may already be doing automation today.
    • Duncan mentioned contributing to standards development and how it is often in addition to your normal job.
      • Open C2 (mentioned earlier) has its own GitHub page to which you can contribute. Contributing can broaden your skills through exposure to the standards development process and the field in which it is focused as well as get you some experience using GitHub (even if all you did was contribute to documentation). This builds more than one skill at once.
    • We don’t always know what our progression path could be from where we are. Some of this insight can be had at community meetups by having discussions with people.
    • Understanding the big picture or greater context might lead us to a more innovative idea.

Contact us if you need help on the journey.

  continue reading

353 episodes

Tous les épisodes

×
 
Loading …

Bienvenue sur Lecteur FM!

Lecteur FM recherche sur Internet des podcasts de haute qualité que vous pourrez apprécier dès maintenant. C'est la meilleure application de podcast et fonctionne sur Android, iPhone et le Web. Inscrivez-vous pour synchroniser les abonnements sur tous les appareils.

 

Guide de référence rapide