I was putting the finishing touches on a video I was making on Thursday and part of that video included a bit on how I got into security. And it got me thinking about how much my life has changed as a result of that decision.
This was back in 2000, when I was working for EDS. At the time, EDS had this contract with the BC Government to manage the Provincial Learning Network which connected all the elementary, high school, and colleges in BC. It was the largest network in North America at the time and I was the NOC team lead.
Now, as part of that job description, I had a little line that said “… and responsible for security”. Remember, in 2000, security was in it’s beginnings and the impact of security was only just starting to be felt.
Well, EDS had another major contract at the time with a large Forestry company and the Client Executive asked me if I could do a security assessment of some servers of theirs. I said sure, figuring it couldn’t be all that hard. But if I was going to do this, I figured I should use the methodology that EDS uses.
Well, I couldn’t find anything!
EDS was a company with 140,000 employees at the time and I couldn’t find any methodology on how to do security assessments. Imagine that! That, btw, is why I’m making my templates and research available to everyone – there’s still very little “standard” way of doing things available for security people.
At that time, EDS had a CEO by the name of Dick Brown. Now, Dick had this habit of sending out emails from all around the world saying how well the EDS team from that location was doing. So I thought, “what the heck!” and responded back to him.
I said “Gee, thanks for the email, Dick. BTW, can you tell me where I can find information about doing security assessments?”. I didn’t expect any reply but it was worth a shot.
Little did I know, he actually acted on the email. He forwarded it to his VP responsible for setting up the Security group within EDS. EDS had just finished a year before setting up their security group in Herndon, Virginia which is where the NSA, CIA and all the other 3 letter acronym groups are. That VP flew up to Vancouver to meet with me, and I became EDS’ very first Security person in Canada.
I ended up working on all their major contracts in Canada including the Bank of Canada bond selling, the HR outsourcing for the ScotiaBank, the City of Calgary Web Portal, and a bunch of other pieces of work. All because I decided to send an email on a lark.
The lesson to learn from this?
Don’t be afraid to ask for help from ANYONE. You’d be surprised at what will happen and sometimes asking will change your life.
Hope this helps …