How I got my start - Part 5

Chris Zeigler

6 min read
How I got my start - Part 5
Photo by Taylor Vick / Unsplash

I wanted to do a quick recap of my current setup at this point, if not for my own recollection: 2 ReadyNAS servers (4 bay and 2 bay), a Dell XPS 210 (Ubuntu Minecraft Server), Dell XPS 410 (my main desktop), two WRT-54Gs (one as a wifi router, one to bridge wired to wireless connections), and a modded original Xbox running XBMC (connected to my TV on the middle floor). It's still a "flat" network - as in everything is in the 192.168.1.X space.

Burnout was starting to become a big thing at work around this point for me. There was a period of a few months where I was the only sysadmin at Mary Baldwin. The entire IT group had been reduced in size by a couple of positions and everyone (both within and outside of IT) would come straight to me for many of their problems. That can be a cool feeling, but can get overwhelming if you have other projects that need your focus. We still had two managers (the manager and assistant manager), but we also had a new CIO above them (hilarious that we had a management team of three for about seven people).

Talking with my buddies, I idolized the thought of working at a place like JMU - they had money, they had bigger staff, they were far more organized and professional. Amusingly, one of the guys said they preferred my environment. If JMU ran into a problem, they would simply throw money at it. At Mary Baldwin, you really needed to learn how to duct tape and jerry-rig things to make things work. You had to be creative in your solutions. I can understand that this style appealed - you had to really flex your intelligence and experience - but it made it difficult to troubleshoot or document. You became the only one that knew the system. I shutter to think about any security implications of setups like that.

Mary Baldwin really felt "small potatoes" in comparison though. I don't necessarily disagree with that now - IT is tough for places that are small or don't have as much money. There is still plenty I miss about being there, but just as many things I was grateful to get away from.

Being the man in terms of IT definitely exposed to me to plenty. I finally got in the "data center" a bit more. I use "data center" very loosely here. We only have a handful of physical servers and very little networking gear in there. Everything fit in about two racks and it was truly just another room with a raised floor. The core router was a 4500 chassis series and each building had 2950s. If a switch ever died, we would literally buy them on Ebay from whatever Chinese seller was cheapest. Again - it was very difficult to not compare the situation to JMU when times like this came up.

It's no 6509, but still a beast

By this point in my career, I had passed my Net+ certification, but still knew very little about networking. I knew plenty about DHCP and a decent bit of DNS (mostly through work). I had minimal knowledge of VLANs and routing. We had Cisco switches at Mary Baldwin, but a very simple network. The nice thing about a small network is it really takes care of itself and you never have to touch it. Which is also the tough thing, if you want we learn anything. We also used Cisco Clean Access (Cisco NAC) to help secure the ports. I don't remember a ton of how that was setup, but it was still pretty basic.

Speaking of security, I had started learning a good bit more about cybersecurity and hacking during that last year or so. I loved the thought of penetration testing and red teaming and even wanted to do that as my career by that point. At home, I had started watching Burn Notice (a show about a spy that got 'burned' by his agency and started taking solo jobs to help people) and loved all of the little 'when you're a spy' advice segments. One in particular was about having a reliable cover story. I made a fake persona of my own - even going as far to setup a Facebook, Gmail, an LinkedIn account for it. My cover is working in aviation, so I spent some time reading about Pratt and Whitney engines, so I could try and carry a conversation about them. I still have all the accounts for that cover.

Kali didn't exist in its current form at this point, but Backtrack and Knoppix did (Backtrack rebuilt and released as Kali in 2013). I had Backtrack installed on a laptop my dad had given me and started getting into things like hacking WEP wireless at the house. I played with Maltego and SET (Social Engineering Toolkit), started creating encrypted partitions using TrueCrypt, started encrypting emails with GNUPGP, used ophcrack bootable CDs to crack Windows XP passwords. I used Cain and Able (I had played with this for a few years actually) to run man in the middle attacks. I started Googling and reading anything I could find. I remember standing in a Barnes and Noble reading some hacking book that had default passwords for home routers (amusing that so many computer books are out of date by the time you publish them now).

Man what a book

I also greatly enjoyed reading about social engineering. Kevin Mitnick (boy that's a name that's been lost to time) and his book "The Art of Intrusion" was amazing to me. And again, social engineering was something that happened often in Burn Notice or Leverage or similar shows. People are truly the weakest link in security and I loved looking into some of the early OSINT stuff that was available at this time. Spokeo was still free to look up people. Maltego helped a ton to look up info based on email address or domain. Security was a cool thing and still a very early growing field.

I finally got a to see "real" data center when our Blackboard administrator and I got to tour their data center in Northern Virginia. I was completely blown away. Their office area was like something out of a movie. Their NOC had all the big screens with monitoring information and such. The news was playing on some screens. We had our meeting with them in the room with glass walls overlooking the NOC. I honestly felt like I was in an episode of 24.

We then toured the data center itself, which was roughly the size of a Costco. Server racks as far back as you could see. Three generators the size of semis. They showed their core networking racks - dual everything, so anything could go down and still function. Mary Baldwin's data center was two racks total. Blackboard had two racks just for their core networking gear.

In 2011, a network engineer position finally opened at JMU, and I applied. One of the "trio" of my buddies was the lead network engineer, so it was one of the first times that I was able to use my connections to influence a job. I had a phone interview, met with the rest of the staff, then an in person second round interview with the director and CIO. In August 2011, after five years at Mary Baldwin College, I submitted my resignation and moved on to JMU.

It really was the perfect stepping stone for me, but I was always going to outgrow it. I still miss the community there. Being able to directly interact with the faculty/staff/students was such a cool experience and I really felt like I was a part of things. But I would always be limited in what I would learn or work on and there was way too much I was trying to juggle to actually focus on any one topic. Thankfully, my time at JMU would take my career to a whole new level...