About the Author
My name is Aaron and I am a Security Analyst working for a University in the US Midwest.
I decided to finally throw a blog together in the hopes of giving myself an excuse to better document and dig into the various things I'm working on learning and messing around with at any given time in the hopes that it will not only help me, but might serve as a useful assistant to anyone who happens to stumble on whichever random article of mine while searching for a solution to their problem.
I am relatively new to security, having only been in the field for a little over a year now, but it's something that has definitely been an interest of mine for a long time now. I just finally got around to pulling the trigger on learning more about it and getting into the field.
While I'm new to Security, I am at least able to build on a foundation of almost 10 years in IT. I have worked everywhere from restaurant kitchens to warehouses before finally stumbling headfirst into an IT position at a small Medical Billing company, before moving on to work for the University that I'm with now. In that time I've worked with everything from printers (never volunteer to replace the broken part in a printer because it will be "A pretty quick fix". It is never a quick fix...never) to installing and managing around 2,000 security cameras of varying quality and reliability.
Security became an interest back when I was working in medical billing. The nature of the job was very much a lot of "this isn't written down anywhere so figure it out" work, and while frustrating, it was a great way to learn and develop my skills. In the course of looking into things like PCI and HIPAA compliance, things I had never heard of previously, I stumbled onto a video that I'm sure sucked so many people into the field of security. A company talking about their pen test gig, which involved a physical and digital pen test. It looked incredible. These people were basically being paid to be James Bond. I thought the job sounded so fun, but being new to the IT field in general, everything I looked at just felt like an overwhelming amount of information. It felt like trying to fill a Solo cup with a fire hose. My Associates in Graphic Design hadn't prepared me for that moment...hell, I feel like it barely prepared my for Graphic Design (as I'm sure will be plainly apparent from this blog, I took one class that covered HTML/CSS and this was a while ago).
After years of feeling like I wasn't smart enough to make the jump, and feeling like I had pigeonholed myself in the Administrator field by working in a relatively niche field with security cameras, while not doing enough actual server administration to feel comfortable, I finally decided to bite the bullet and try to get into security. My first task was to get something that I could hopefully use as a foothold to a job. I studied for months and finally got my Security+ cert, which felt like a massive accomplishment. I've never been a great test taker (as my two failed attempts at my MCSA can attest to...) and I was incredibly nervous. All of the security terminology was daunting and I was worried I was wasting another day and more money. But I managed to pass. And after 50 or so applications sent out over the span of a month or two to any job posting that seemed even remotely open to taking on a new employee, I got a job in security and soon after I got my GIAC GSEC certification.
Beyond that I'm currently working on hopefully refining my security career and moving towards the Pen Testing roles that looked to interesting and tempting all of those years ago. It's what I end up doing with a lot of my nights, just trying to learn little things here or there, and fill the numerous gaps in my experience.
So, congrats. You've made it to the end of this "About Me" that somehow went on much longer than expected. Feel free to contact me via the email address linked from this blog should you want to know more!