Network Samurai's

I remember vaguely having been rather naive and somewhat untrained early-on in my career. I had a notion that everything could be purchased, and that the intellectual property came more from integration than actual product. Integration is a delicate thing, how do you insert a new gizmo in your architecture without major disruption? It is almost like trying to insert a new section of building in an already constructed tower, without anyone noticing. Although it is a unique challenge, due to the fact every environment is that much different than the others, it is not the same thing as product design. My notions of integration however was not unique, I recall now, that many 'vendors' were calling themselves integrations, hocking their services daily.

One after the other, they would all pitch, product X married to product Y to build a better security construct, a better mousetrap. It was all part of the act wasn't it? My job at the time was engineering and architecture. Suggest it, design it, select it, fit it in, make it bigger, and build it better. Many of my peers felt the same way as I did in the own naivety. They even said, well you don't have firewall from company x? Lets see how well that serves you!' As if say one product would serve as the silver bullet vs. another. Every year that went by it was a new 'flavor of the month'. One year it was stateful inspection firewalls, then it was IDS, then IPS, then UTM, and so and so on and so on. I fool heatedly fell into the widget and gadget to solve all of life's problems. If I purchased now, I can also get another one for half off. I wonder what else they'll throw in! Sometimes, the products we paid hundreds of thousands even got shelved. What a colossal waste of money, and the management would just turn a blind eye to it.

Last week, I was having a conversation with someone in the office asking us to finish the design of the security for a large portion of our network. The conversation started off with the statement, 'I generally don't buy products because often times they will not work for what we are doing and we typically have to build it ourselves'. While most people will not fall into that category, we actually do. Without hesitation I said, you are right, we are going to have to cook something custom. I stopped over the weekend to think about this. It took me almost 10 years to come to the realization that not everything can be purchased. Sometimes, the best investment must come from within you and expressed in your growth.

I can remember a few years ago I felt that I had reached a tipping point in my career. I could go one of two ways, a continual plateaued growth, or, what I felt was the next sharpest level. I decided to pick up some type of programming to be able to build the better mousetrap. I have come to realize a few things in my journey. The biggest thing I'd like to mention to everyone is, invest in yourself and your employees. The way to invest is to work on the foundational knowledge you need to be an outstanding professional. I would tend to ask myself the following questions:

• Do you know fundamentally how computers, networks, and systems work?
• Are you fluent in at least one programming language?
• How well do you network, socialize, present, or peer with others?
• Have you surrounded yourself with like minded individuals to spur thought and growth?

These items above may seem, silly, ridiculous, out of bounds with information security, or even plain dumb to talk about. I would say these are foundational pillars for many years to come. If you believe it can all be purchased then go about your business and see how far it will take you. All I'm saying is, if you did know how things worked, and how to improve on their design, you've just build a better mousetrap. How's that for integration, b*tches!