Transition to Linux – Thoughts & Experience

What follows are some of my experiences with transitioning to Linux, my thoughts & what you should look out for. I decided to transition to Linux due to concerns with malware, vulnerabilities & other issues. I also realized that, by & large I had no real reason to stay on Windows except for using Microsoft Office, which I could replace utilizing CrossOver without much of an issue.

Some things that I dealt with & found a solution to:

  • Replacement for Office wasn’t really necessarily considering CrossOver exists. One thing to note is, I think you have to pay for licensing per year. I haven’t been able to verify this yet, though.
  • If you like messing around with stuff or know Linux well enough? Play around with Wine. If you don’t have the patience & want a UI that combines all of the toolchains you need? Use PlayOnLinux. If you can’t be bothered by that or are having issues that cannot be readily fixed, use CrossOver.
  • The Top Bar/Top Panel is annoying as hell – thankfully there are plenty of extensions to remove it or make adjustments – list of extensions will be later in this post.
  • Finding adequate software replacements can be a pain. There are quite a few solutions out there for any piece of software you could possibly think of. However, the work needed to get some of these installs up & running may  be less than ideal. Many people use https://alternativeto.net/ to help with finding software replacements
  • Thank God for Firefox, FEBE & Firefox Sync. This made the bulk of transitioning fairly easy. When you consider that majority of people use web services like Alphabet/Google, you find you don’t really need to do much to switch. The rest, you can replace with VMs if necessary.
  • No official Google Drive client kind of sucks. However, InSync seems to work well for most – I haven’t had any issue running it for a few months.

Gnome Extensions

Gnome Extensions – 1
Gnome Extensions 2

(Above) are the Gnome extensions I’m currently using. This is the result that these extensions will give you overall:

The task tray after…
The Task Tray
Task Tray, Calendar + Notifications

Some unusual observations I’ve experienced and/or things that I’m dealing with at present:

  • Sometimes, there will be no save dialog in Firefox. I haven’t determined if this is an issue with Firefox, Gnome, or something else. I haven’t found a suitable replacement for tools like Spy++ from Windows. There seem to be some commandline tools that do comparable things, but they aren’t quite as useful.
  • The above can be a problem when say, you’re dragging & dropping an image to your desktop. In a modern OS, this should save whatever image you just dragged to your desktop. This works once in a while in Fedora. It seems very inconsistent & when doing so, causes the entire DE to have issues, forcing either a restart, or logging out/logging in.
  • If you don’t keep up with updates, it can be a pain the manage the OS over time. Updates are so frequent that there’s no real easy to well what is fixed and/or why these updates are being applied. This is probably the downside of picking something that move so fast like Fedora, compared to something more stable & slow moving.
  • I had an issue with there being no package for HipChat. I was able to convert an existing debian package into an RPM using a tool called Alien. Literally no work was required to do this.
  • A lot of my performance issues with Firefox went mostly away with transitioning to Linux. They almost completely went away when I removed a random user-agent string add-on. I’m guessing that’s not the best idea with all the tabs I usually have open. Oops.

I’m sure there are more things to add, but that’s all I can really think of for now.

/r/Sysadmin Frequently Asked Questions – Interviews & Job Searching

In the “this is common” section of the Internet, I’m going to cover my thoughts on interviews & interview threads that crop up often on /r/sysadmin & /r/ITCareerQuestions. Relevant search links: /r/sysadmin , /r/ITCareerQuestions

Moral Support Provided by Pinkie Pie!
Moral Support Provided by Pinkie Pie!

There are typically three or four scenarios in  life which someone will be
interviewing for a job:

1) Employed, Looking for a new job …
Because you want more pay. Because you aren’t respected. Because you’re bored. Because another company looks appealing for XYZ reason.

If this is you, interviews are easy mode because you probably don’t care if you get hired or not because you aren’t necessarily hurting. This is a good thing & can be used to your advantage in the interview. You can exude confidence in the sense that, there’s no penalty for wrong answers — you’re here looking to see if the company is a better organization in terms of compensation, world view, your professional skill growth or other reasons.

2) Currently Unemployed …
You need a job. It may not matter what you’re doing or what the company is about.

If you’re in this boat: learn to give double-speak as to your current situation. Many System Administrators have blogs that they admin — they keep this as one of their current ‘jobs’ at all times on their resume. This is the reasoning why. If someone asks you what you’ve been doing if you’re really unemployed, you can say that you are always re-tooling or improving your skills.

I’m of the opinion that, you shouldn’t necessarily lie about why you were previously let go, but use some logical (see the PDF linked later) on explaining your situation. Never talk down of your previous employer, boss or peers.

3) Returning from Hiatus/Burn Out …
You used to work as a Sysadmin. You took a break for a year or two for health reasons & now need to get back into things.

With technology professionals, it is common for us to burn out. This is generally accepted in the right organizations & work cultures. As such, honesty is probably the best policy here: your mental health is of vital importance. Depending on the length of your absences — they may become harder & harder to explain. This isn’t so if you traveled to a different country for a number of years, given what I’ve seen in threads.

4) First Job/Career Transition …
You currently work as a line cook but your passion is malware analysis. You do construction but you are sick of going home in pain everyday. You don’t want to work at McDonalds for the rest of your life. This is going to be hard for you to prove in an interview, but passion is key. Things will vary greatly for you if you have a degree or not, certifications or not and existing experience you can pass off.

Being nervous & stressed when looking for a job is normal.

Each of these situations is unique when it comes to the interview process, but getting to that point is usually the same. I will give a shout out to an amazing book, Women in Tech — you should read Tarah’s chapters on Resumes, Interviewing & Communication. This covers a lot more detail & in a concise matter than I ever could. Some bullet points to consider that I used to share with others:

-> Try to list only month/year on your resume. Maybe just the year depending on the gaps.

-> When listing what was done at each job, try to show value — “Increased capacity of our server farm by 300% utilizing Docker” sounds much better compared to “Implemented Docker, Ansible & Puppet to create an automated deployment platform” … this will vary from company to company.

-> Add a skill matrix

-> Check out potential co-workers on LinkedIn – what do their profiles, resumes & sites look like? Copy the good parts. You’ll know what they are when you see them. This helps especially after you get a first job because you can quickly update your resume & profiles accordingly.

-> Purge social media – you should know full well that recruiters, potential interview staff & future bosses will comb through your social media looking for potential signs of weakness: this could be disagreements with viewpoints of the company, signs that you are not an ethical individual, partying/drug influences, or other issues. You should be wary of what you post on forums as well, but it’s harder & harder to do this if you want to be involved in any sort of community.  If you want to know why this may be a bad idea (or, why you may want to alternate usernames between forums), check out a company/software suite called RecordedFuture.

-> As far as websites, social media & branding: consistency is key – my friend _r00k_ has an awesome logo that he uses everywhere (and it isn’t a creepy face like mine!) – it’s consistent, high quality & awesome looking. (@_r00k_)

-> To take the cohesive image, your brand further: make sure it is the same on all social networks, business cards & how you carry yourself interacting with other individuals. If & when you finally do get the jobs that you want, other opportunities may lend themselves to you if you show that you produce consistent results. My LinkedIn Profile is a good example, which led to me receiving free training from a company for a year.

-> Any jobs where the previous company is no longer in business, or something happened to the previous owner (e.g. jail or something shady?) may want to list the company name as redacted, blank, omit it entirely depending on when the position was, or give generic names “no such agency”, “a generic software company”

-> Military person? You’ll probably want to highlight condensed skills that you gained in the Armed Services. Unfortunately, this stuff does not translate well into civilian life, is my understanding. You may want to ask someone who you served or who has experience in this sort of thing for more targeted advice. Key things you will want to mention later in an interview or otherwise: discipline, dedication to the company’s goals & mission, tendency for strong OPSEC in all decision making processes, following rules & guidelines when given a task.

-> What do you do if you are here & have none of these things? If you’re one of the few that is unemployed or looking for work & experience is critical, you will want to go through as much gratis material in every waking moment you have. There’s a fascinating list of machines & information that went around on Twitter over here.  In addition, if you’re one of the group that is transition careers or is looking for a new job making a lateral move, I really adore hacks4pancakes megamix set of posts here.

So, now you have a resume. It looks decent. If you don’t have one still & are part of the unemployed crowd, I highly recommend your local Department of Workforce & Labor Office (Unemployment Insurance) – they generally offer gratis workshops on these sorts of things, which can double as a networking opportunity. Further, they have job boards where you can register & provide your e-mail — they’ll e-mail you job listings each time it matches your profile or a predefined set of variables!

If you aren’t able to get to such a workshop, I highly recommend checking out /r/sysadminresumes – we’re a helpful bunch & we don’t bite! You will want to be very clear about what you’re looking for. When when looking at jobs, you’ll want to apply, even if you don’t meet the requirements.

At this point, you need to start looking for a job. Your resume may need to change slightly depending on the roles that you are looking for. I’m of the opinion that, if you have time for whatever reason & getting a job isn’t critical (e.g. rent isn’t due or you aren’t out on the street) you can be picky with the jobs you apply to. Perhaps one company has values in line with your own than another. Perhaps you’ve always wanted to work at (insert cool electric car company here). Apply to the things that fascinate you & let your passion shine that you want to work there.

Always include a cover letter. In the cover letter, use words, language & bullet points from the job posting that you are applying to. In addition, in any job application (see: iCIMS) portal software, be sure to use keywords from the job description into the actual job application — these keywords will put you higher to the top on the pool of applicants.

With determination & some LOUDER cheers – we can all succeed!

If you’re all the way down here, you’re probably at the interview stage! HOORAY!
Before I delve too far, I highly recommend the following before any job interview: Illegal or Inappropriate Interview Questions

You’re now at the important part, the interview!

If you’re freaking out or don’t do well in social situations I highly recommend a public speaking class. Most community colleges offer them & they are cheap & can be taken in the summer. If you have the patience, you can attend a Toastmasters, but the quality of clubs can vary greatly & you might feel overwhelmed by rules & commitment.

One takeaway I can give you from taking a class is to record yourself in a mock interview with another peer who gives you unscripted questions. Play back the video, several times: once at normal speed. Another time, at half (or as slow as you can), speed. Watch for any verbal cues from your own body. Nervous tics. twitches, utterances, body language & so on. These are things you’ll need to iron out or be aware of when you are interviewing.

Interviewing is super stressful. Read up, practice & gain as much knowledge & insight into the process as possible. Twilight Sparkle is constantly researching stuff!

 

The biggest part of interviewing to me, is YOU interviewing the company & finding out if you’ll be a fit & if the company can provide for YOUR goals professional. Do you like what you hear from your boss? Is there upward mobility? What are the perks? Different people have different opinions on all of these things. Frankly, it is important to have just as many, if not more questions for the person interviewing you. Generally, the vibe of the interview should feel like a conversation: if things feel hamfisted or one-sided, something is wrong & you need more practice.

Also, if you find you don’t care about the company mission overall or don’t feel like you can find yourself being passionate about the products & services you are improving (I may be an oddball here) you may want to re-consider applying. When applying or working somewhere, I try to learn a small amount of every facet of the company. At a previous company, I learned about our 3D printer & the basics of Solidworks — this is what helped me with the research behind the 3D printed TSA keys produced alongside J0hnnyXm4s & nite0wl_2600.

(Oh, Yes: research & speaking engagements are encouraged on a resume, however, most jobs will probably not care unless it is related to you working in the industry!)

Some additional books/references (not all these books have had posts written for them yet, this is just a helpful list)
* You, Inc
* Getting More
* What to Say & How to Say It
* FISKE Word Power
* What color is your parachute?
* Body Language
* The Book of Five Rings

These aren’t necessary, but they will help you get into an appropriate (albeit strong) mindset for interviewing. You should be prepared & confident. You should be well read. You should be familiar with what it is like to treat yourself as a company or brand that you are selling to others, companies & businesses. You should be familiar with all the little things that go on in an interview & how to gain a quick rapport with who you are interviewing with. I recommend peeking at these books & looking at all the links prior to going crazy thinking about getting a newer, better job.

After all this hard work, you should have a job in the field that you want. Get out there & be awesome! If you find that you have an existing job & are struggling to advance or make sense of the job, I highly recommend reading some posts by /u/crankysysadmin on /r/sysadmin over here – he is very good at dishing out truth from a management/senior perspective & pulls no punches with what he sees. He’s also willing to debate with people on their perspective if he gets called out. Lastly, if you’re looking for a dose of truth as mentor, just ask him for his perspective. He’s always willing to help people out.

If, after all this hard work, you need more words of encouragement or advice, I suggest giving this post a glance by my friend Matt Simmons (@Standalone Sysadmin)

Note: this post might be updated over time. I generally don’t post ”new” blog posts on the same subject – I just update existing blog posts with changes in my thoughts, perspectives or narrative structure of the post.

Book Review – Essential System Administration

Seeing as I’ve recommended this book several times on Reddit, I figured I would do a brief review of this book. Realistically this will be more of a summation of what to expect/why you should pick this book up.

In short: are you administering a flavor of UNIX or Linux? Do you need to brush up on commands or need to learn the system quickly in a short order of time? Or, are you taking over for someone who recently left, got hit by a bus, ran away, got fired? If any of those are true, (how morbid of me…) you will want this book.

This book covers concepts, command syntax & differences between each flavor of Linux. It is intended for someone who may already know by & large the mechanisms which make these types of Operating Systems work internally (e.g. on a kernel level in some way) but need to know the day to day commands to keep the system running.

Allow me to go into further detail. There is a section on Essential System Administrator commands, covering package management. In this section, commands are grouped into common functions, as such:

* List Installed Packages
* Describe Package
* List Package Contents
* List prerequisities
* Show original package

Next to these sub-headings will be the commands to perform the command that comes closest to accomplishing this task on different Operating Systems. As such:

* List Installed Packages —
-> AIX – lslpp -a all
-> FreeBSD – pkg_info -a -I
-> HP-UX – swlist
-> Linux – rpm -q -a
-> Solaris – pkginfo
-> Tru64 – setld -I

For Linux, Red Hat  is assumed as the distro of choice because of the ability to buy support. As you can see, this book is fairly straight-forward. The entire book is like this, more or less. Some chapters get into the details of certain software packages, administering certain software suites (LDAP, DNS, DHCP and so on) & the differences between the various Operating Systems therein.

I highly recommend this book to round out a System Administrator’s skillset. We can’t remember every command & we won’t remember every trick that is out there — this book helps with that. Before I forget, one of the neat things that is explained fairly simply in here is the ability to set the PAM (Pluggable Authentication Module) to use a 2FA token — I didn’t even know that was possible, let alone common & straight forward on all *NIX platforms back in 2002 (yes, apparently this book is fairly old — but these commands & System Administrator methodology doesn’t change). Buy this book — you won’t regret it.

Book Review – The Art of Deception/Intrusion

At first glance, these books being Kevin Mitnick’s first books published a few years after prison look to be chalk full of knowledge. It has been a few years since I’ve read both of these books (I’ve yet to read his newer books). These books are comparable to the various maxims found in The Art of War — in the sense that, nobody actually remembers the book in detail but recalls key phrases or themes & recites those.

The reason why I say that is, at the time of writing this review, I’m struggling to remember these books as far as actual substance. At the time when I was younger, I was enamored with content & the things I found in this book weren’t necessarily ground-breaking. I enjoyed some of the stories in Art of Deception more than Intrusion — I’ve always had a fascination with social engineering, how people pull things off, being deceptive without any hints of weakness, and so on.

Overall, I feel there’s no harm in reading these books together as a pair. But don’t be surprised if you feel there’s a lot of overlap or familiar concepts. The books are done by the same authors/editors along with having similar page counts. The ends of the book provide a gold mine of ‘cheat-sheets’ if you will, in book form, that are useful for practitioners (attackers & defenders!)

For example, in the end of Art of Deception, there are several pages that cover how to categorize information, detecting attacks against your company, common company nomenclature (I guess this is for someone who has never been in a business setting; or isn’t familiar with what we do?) so the individual can gain an understanding of what the names are of some common, everyday things are that they interact with (e.g. “what is caller ID”, “why do we shred documents”, “don’t overshare”, OPSEC”, etc).

I don’t really have much else to add to this review, just that I had to finish it as it was bugging me, sitting here incomplete. I’ll add more at a later date, but I am hoping that Mitnick’s newer books are an improvement.

 

/r/Sysadmin Frequently Asked Questions – Naming Servers

Here’s another post that’s a frequently asked question on /r/sysadmin – naming of your servers in your infrastructure.

Starting Out…

Generally when someone is starting out as a system administrator, or does not have a lot of experience and/or has control over a network without accountability — many will name servers however they see fit.

A common example of poor naming scheme are: planets, characters from popular TV shows & in some cases, species of a particular plant or animal. You can see an example of that here. Here’s another example.

These naming schemes may be fine if you’re a lone system administrator where, you only have a handful of servers. However, the days of having a small infrastructure like this are long dead.

The search I used for a large amount of the results I found on Reddit is the following: site:reddit.com/r/sysadmin naming servers

More experience…

The most common example of naming schemes, at least in a smaller organization would be short letter codes indicating the company or organization name, short letter site code (airport codes usually), function of the server followed by the number of the instance.

For example, if you were running a company, Contoso, LTD & you have a site/office in New Jersey & within that site, you have a file server & a mailbox server, you might name them in such a way:

CONNJFS01
CONNJMBX01

And so on & so forth.  Another common variation would be using the local airport code as the short-hand for the site, such as CONEWRFS01, CONEWRMBX01, etc. There are variations of this depending on your environment.

For example, in hosting, you may not use all of the codes & just name servers the datacenter the server is in & the number of the server, assuming that you have many, many servers. For example: LA305, NJ908, CA489. Virtual machines, conversely if you don’t care what they are, or if they are all identical cattle fodder, they can be named as such: VM48205, VM57295, and so on.

For additional examples of these naming schemes, the Google search or some variation that I used was this: dns naming convention best practice.

Another popular, related topic, which has changed recently is the proper naming of Windows Active Directory naming schemes. This is a very popular example — however, today, because of all the TLDs that exist today, there are many people that recommend a proper split DNS scenario. Many people used to use a domain name, for example, contoso.local. There used to be concerns that .local could be a purchasable domain name. Here’s an example of this on-going debate.

I may create a follow-up post on this, but that’s a collection of the links & thoughts I have on the topic at this point.

The Confusion of DevOps

After spending a long enough time on /r/Sysadmin, Twitter or in professional Sysadmin communities like LISA & LOPSA, invariably, someone comes across the term DevOps. Here, we will try to demystify this term, cover what it means to the relevant parties & what takeaways there are to be gained so that you can have a better understanding of this concept when people mention it in the workplace.

My first experience with this term was on Reddit & more recently at LOPSA-East a few years ago where, a few System Administrators were talking about their environments & sharing how much of a struggle it is to deal with developers — who, by their nature, either request root on their machines, or spin up their own servers, much to the chagrin of System Administrators.

At the time, I was somewhat confused, as, I didn’t really see the point: Sysadmins use code & they wear many hats. Is that DevOps? Am I a DevOp? Is it a concept? I started to doubt myself & my future in this field. Titles & jobs would pop up commanding ridiculous (e.g. overly inflated) salaries for a ”DevOp” person when, the requirements were standard Sysadmin duties (things we can do with our eyes closed) with some programmer mumbo-jumbo (being comfortable with Ruby, PHP, Docker, Unit Tests, Agile, Configuration Management)

Further, the idea that developers should be in control of things like configuration management to push out changes to infrastructure was asinine to me (it still is). So, I decided to do some research. Breaking down the term, it is generally accepted combination of terms “Software Developer” and “IT Operations” (or Ops)

The confusion should be readily apparent. For someone with a Sysadmin background, this poses a conundrum: why do we need or care for Dev? A Sysadmin (as I’m now learning) should be fairly comfortable at scripting & know how to code at a very basic level – that is to say, be able to read a script & understand what it may be doing.

In a smaller shop where the company in question may not deal with the IT field or industry, they may not have a development team. Non-profits & companies that produce physical goods in some manner are good examples of where DevOps may not be entirely relevant, unless there is a developer team for their website. But in places where you are designing a product or service, either in house to be used by outside users; or developing a platform for scaling applications? DevOps is essential. Let’s look at these two different perspectives, offering myself as an example.

In my first ”real” Sysadmin job, I was a Sysadmin of a small office. There was an IT Director & one other Sysadmin at our HQ. We had no developers, because we didn’t produce any software internally for ourselves or for end users. We are a shop that had no need for a developer team. The Sysadmins took care of everything, as they should.

In a different job as System Administrator, I work with a ticketing system that is coded by a team of developers internally.  The developers control the hardware & the code that runs our infrastructure internally & externally facing. The Sysadmins don’t do any Sysadmin work. We’re just button pushers. There is a literal glass wall between the teams.

In, what I would consider an ideal version of this scenario, the developers would make changes to their code, run unit tests & push it out to production. If they needed hardware, root access to equipment, or additional servers, etc. they would engage the Sysadmin team. This isn’t the case & it makes no sense. Some key developers have root on all systems & make changes that have large effects to our internal ecosystem that change functionality.

For example – a developer may make a code change that causes a function to break. Customers complain. This broken function causes a cascading failure, albeit momentary preventing customers from properly deploying new machines. Assume no change management controls (if there are, we don’t know about it)

A traditional Sysadmin would cringe at the thought of this. However, if you take into consideration a key developer was a Sysadmin first and/or a founder to the organization, would it make a difference?*

Do we need DevOps? Do we benefit from it if there are struggles to an organization internally? I don’t know. Is the person who takes the risk to traverse the glass wall, a DevOp now?

A solid example of applying these Dev & Ops principles is over here — I’ve reached out to the author to see if there are other, good examples of what each team can do to understand the other side. I’ve yet to see such a concise article written about the subject.

Another well written piece on this that I found was here. An individual in the comments seems to have the right idea which seems to coincide with my example/experiences at work. (Reddit thread here) However I would posit that Sysadmins being pushed out of the Operations process entirely & not being trusted (no architecture access, no Puppet access, no router/switch access, etc) is not a way to run an organization.

Unfortunately, the example I explained is a real thing & it happens more & more in shops that develop software products especially. Developers cut out the middle man: they don’t need Operations anymore. They can just grab Docker, run their code & ask Operations to ship it as is, a container with old, crusty, unreliable code. Another fear of DevOps is well amplified in this comment.

If you’re still confused — or don’t necessarily see what I’m getting at, I highly recommend watching the talk “The Future of Sysadmin” by Adam Moskowitz (relevant Reddit thread)– the general concept he describes is identical to the current work environment that I deal with. It shows me, that I need to adapt in some capacity before I die (before I am replaced by a shell script).

The issue, again, somewhat unique to my environment — is that, I am unable, as an individual to effect change where I am unless I make myself a developer/completely different team. I’m sitting here (grumpy Sysadmin), pressing buttons & functions that someone else designed. What if I want to learn how it works? I have no access to that. What if I see something wrong or want to work on implementing something for quality of life for us, internally? Can’t do that unless I am a developer.

If you’re a Sysadmin doing this sort of transition professionally or you understand what I’m getting at, you might find threads like these fascinating, along with the sub-reddit /r/DevOps.

Obviously, the things I mentioned are not relevant to all organizations, applicable to all types of infrastructure or are relevant to each situation. I’m sure I am probably wrong. If I am, or if this post wasn’t clear, let me know. Have you successfully made a transition or are a SRE who plays on both sides? Let me know.

Ideally, I’d love to take some of these concepts & work on creating an environment where people can spin up virtual machines (with some automated tasks) to do malware analysis and/or building a vulnerable lab to emulate SANS/OSCP learning labs. If anyone wants to work on some of this stuff with me, I’d love the help &/or to work along with you on it. I’m already helping one or two people with something similar. 🙂

Thoughts? This is also a useful talk on the subject matter.

 

 

The Training Landscape – Airborne, MOOC, Self & Virtual

In this post, I’ll attempt to demystify the various training options there are out there for individuals looking to get up to speed on a given subject or material. The predominate focus will be on System Administration, Information Security & Physical Security. The organizations you acquire training from may differ as will their subject matter but the general delivery method & how you receive the information will be the same for the type of training listed.

Back in the day before the Internet was popular, if you struggled with a given product, you would need to call the people who designed or created it for training, documentation & support. If that wasn’t available, you would be limited to what resources were provided by your re-seller or, lastly, local consultants.

This form of education was usually costly as you, along with some of your organization or team would either be given training at a remote site where you’d have to be physically present (gasp!). Or, alternatively, the organization would fly specialists out to your site to provide training for your team. This is generally deemed a very dated education approach, but it is still utilized today.

Given* my limited professional experience, one of the largest companies I know that still provides services like these for IT Professionals is Global Knowledge (shorthand, GK). There are other companies that do this, but they teach to their brand (see: Microsoft, Cisco, IBM)

Personal aside on being an Instructor

This type of instruction was very similar to the teaching I used to do. I used to teach people how to use technology (learning Microsoft Office, Windows, Linux) and how to get certified in a particular technology (CompTIA, Microsoft, Linux) along with understanding how to best meet their needs.

Teaching in person is very difficult unless you’ve done it before. You have to be extremely comfortable with the material, confident in your natural speaking ability, have high analytical skills to process information, questions & responses in a quick manner & need to have a thorough understanding of psychology.

I worked toward becoming a trained technical instructor (yes, there’s a certification for this) — the certification is in two parts: a sit down exam along with a video portion. At some point in time, the video portion of exam was waived, but I missed that opportunity.

If this interests you, the certification I sat for was the Certified Technical Trainer exam (CTT+) by CompTIA. The book I used to study for the exam & help me become a better instructor is “How to Become A Successful Technical Trainer: Core Skills for Instructor Certification”

One of the key things I learned is about adult learner theory. The particular concept that I read about boiled down the fact that, if adults aren’t interested in something, they won’t want to pay attention and/or will not retain what is learned (sounds dumb, but it seems logical…) If you want to read about adult learner theories that have some backing to them, you can check out this PDF.

End Personal Aside…

With the explosion of the Internet & storage, bandwidth & network connectivity getting cheaper with time, people have realized that they do not need a physical presence to educate someone. This is where virtual learning — typically eLearning & to a larger extent, MOOC comes in.

Typically you’ll see some of these terms mixed together, although they are fairly distinct:

  • Virtual Classroom – The instructor, from the comfort of their own home or office, utilizes a camera, a headset, microphone, a slide deck they know very well & tons of motivation to teach students in a virtual setting. You may not see the students if they do not have a camera. Teaching like this can be very tough if you are not comfortable with the material. Learning this way isn’t for everyone. You may also see webinars done in this style. A popular software suite for this type of collaboration is e-lecta LIVE – very cool software. Joe McCray (@j0emccray) uses this effectively for webinars where he teaches InfoSec concepts.
  • Massive Open Online CourseYou’ve probably heard of this term by now. Popularized by Khan Academy, MOOCs are essentially courses you can sign up for at any given point in time & complete them at your own pace. There’s so much content out there in terms of MOOCs that it would take some people an entire lifetime to learn all that is out there. Absolutely fascinating things can be found if you look. Some additional resources for these: mooc.org | khan academy | EdX MOOC

    Many IT professionals find that they do not necessary have the time for traditional classroom / course materials, so they go with one of the following routes:
  • Computer Based TrainingGet your mind out of the gutter! Essentially, this type of training is a virtual version of classroom training, combined with no live instructor (e.g., the courses are recorded in advance). These courses have no real exam toward the end & are geared toward getting someone up to speed with a particular subject or concept; or to get them prepared for a certification exam. One of the most popular companies to corner the market with this type of training is CBTNuggets – I cannot say enough good things about this company. They have extremely high quality material of consistent quality, great instructors & an easy to understand format.

CBTNuggets videos are pre-recorded, typically in a WMV/MPG format, with a virtual whiteboard (essentially, a white background in PhotoShop, PaintShop or some art program) where the person draws on the board with their mouse. They will then explain a basic concept, for example, deploying a sample Group Policy. After explaining important gotchas if you will be taking a specific Microsoft exams — a demo of deploying a Group Policy is done on screen, step by step.

Another highly recommend resource that has shown up recently is PluralSight. They have high quality material, comparable to, if not better than CBTNuggets. Their material is slightly different, along with including different instructors & subject matter experts. Their site is here: PluralSight.

  • Self Learning This is by far the most popular way that IT professionals train & learn. Within reason, self learning is the best option. Utilizing servers at home, VMs, virtual private servers & doing things by hand is one of the best ways to learn. This concept is “Learning by Doing“. A future blog post will cover self learning examples, with many, many lists of things that will keep you busy covering the entire scope of Information  Technology.

Most technology professionals use a mixture of all of the above training methods. In addition, many people later in their career go back to get trained or get their degree so they can get paid more, or get promoted. A variation of much of the in-person training are bootcamps which are week-long training courses that cram your brain full of as much information that will fit, to get you to pass a certification exam.

If you enjoyed this particular post, or have suggestions for future blog posts, please don’t hesitate to let me know – I can be reached @DarkSim905 . This post is a work in progress, you may want to check back for changes over the next few days — generally after I post, I make changes over a few days until I am happy with the outcome.

/r/Sysadmin Frequently Asked Questions, an ongoing series …

So, I spend a lot of time on the Internet, like most technical individuals. I spend a lot of time in /r/sysadmin & from time to time, I see questions repeatedly asked that cover the same material, over & over. In this (ongoing) series of posts, I’ll look to tackle those questions, one by one, as best I can. These blog posts will serve as an extension of my primarily website & will be a jumping pad to go to popular resources that I recommend on the Internet, along with giving you what is a generally accepted canonical answer, mixed with my thoughts on the matter.

As I first started on the educational side of information technology, for this first post, I’ll cover what I think are the best (e.g. efficient) ways for you to gauge where you stand as an IT Professional, regardless of your experience level. This post will be through the lens of someone who wants to be on the System Administrator side of the fence. Throughout, I’ll give recommendations to talks you should watch, resources & books you may want to purchase.

In a future installment, I will cover specific resource types (e.g. computer based training) how to determine what’s best for you as an individual & your learning style.

First, what is your goal? Many individuals I’ve instructed & mentored over the years were either out of work (job loss, Military BRAC…) or doing a lateral transition professionally. If your goal is to be a desktop technician & move up the ranks to become a Sysadmin, you will want to look at Network+, Security+, Linux+ & Server+.

Each of these certifications are provided by CompTIA — now, I’m not recommending you get these certifications, however, I do recommend looking at the appendix of each of these exam objectives. They provide a great general baseline on the basics of what these subject matters may entail. This also doubles as a study guide — if you understand many of the terms, acronyms & initialism — then you can skip those & focus on areas that you are weak in.

The reason why I don’t recommend wasting time with the A+ certification is that, it is extremely dated — these days, nobody repairs machines anymore. Further, the skills that this certification teaches you, can be taught in a weekend. A case could be made for Network+ & some of the core concepts of Security+, but that’s a post for another day.

How do you go about acquiring the objectives? Go to CompTIA’s website (for example, Network+ Page) & fill out the information in the field on the right under the box ”Exam Objectives”.  You’ll be provided a PDF link of the exam objectives (permalink here if you don’t want to give up any information).

Do you feel comfortable & confident in the terms & materials presented in the PDF? Then, if you’re given some simple interview questions about the subject you should be able to at least describe how you would use these concepts & technologies in the real world.

What are all these certifications? Do they matter? What will I learn?

I don’t want to veer off the subject of this post, but it is worth covering what these certifications cover. They cover a small piece of information, skills & concepts that it takes to be any of the following: hardware technician, network administrator, system administrator, system analyst.

It used to be that CompTIA certifications were lifetime certifications — they have since moved to a “every 3 years” cycle, meaning that, you have to re-up on taking the certification or else it expires. I do not recommend getting a certification just for the sake of it unless your employer is paying for the certification, the certification is tied to keeping your job/additional merit pay, or other factors.

I recommend looking at the exam objectives, but for a brief rundown of what these certifications cover:
A+ – Basic Computer troubleshooting. What are the ports on a motherboard? What are some basic port numbers? How does everything plug in together? How does the motherboard work? Many repair technicians need this to work on desktops or laptops. The ubiquitous nature of computer devices has made this irrelevant, along with custom designed motherboards that cannot be easily serviced.

Network+ – very basic networking. What is an IP address? CIDR, notation, basic concepts of routing/switching, broadcast storms, DHCP/DNS basics, some very basic Windows commands (e.g. ipconfig). Predominately focuses on IPv4, some IPv6 was introduced when I took the exam years ago. The common path for someone interested in learning networking is to get a vendor specific certification (Cisco, Juniper & Brocade would probably be the largest, followed by Software Defined Networking).

Security+ – this covers the CIA triad (not that CIA, silly!), the basic tenants of network security, lots of concepts & theory. Good for people with a MIL background & understand certain DoD requirements. If this sort of thing interests you, you will want to look into OWASP, OSCP & local information security meetups.

Server+ – this is a great exam for someone who may work in a datacenter & has to rack & stack servers, design a network from the ground up, setup a server from scratch. Some of this is dated (e.g. SCSI) but the concepts give you a good foundation in what to expect when dealing with a server (diagnostics, memory matching, how things differ from desktop hardware)

LiNUX+ – This exam covers the basics of Linux. Very basic command line stuff. Focuses on the init run levels (gross). No real distro specific knowledge is expected. You need to know certain bash esoteric knowledge, file pipes, redirection, error handling, and so on. This cert gives you the LPI Linux certification as well. The common path for someone interested in Linux is to get distro specific certification — the industry standard is Red Hat Linux (RHEL for short) — it is a very well respected certification in the System Administrator industry.

NOTE – There are many many IT certifications, this warrants a separate post — but these are the basics for a lot of people. I’m here to describe what studying for these certifications will teach you & how you can use that knowledge (sans certification) to grow as an individual.

I’m a Help-Desk tech & I understand a lot of what you previously mentioned, or feel I’m ready to be a Sysadmin. What should I look into or research?

I highly recommend purchasing this book & having it by your desk with you. Use it as a reference. I will do a review at a later date about this, but I feel it covers a lot of ground in a condensed form about the vastness of the IT industry.

Another mandatory book to read is Women in  Tech by Tarah (@tarah) – I personally don’t care if you’re a dude who has any opinion at all on the title — you need to read this book. There is an insane wealth of knowledge here (the resume writing suggestions are particularly rock solid).

Something to build upon TPOSANA is The Ops School – this is a project that has exploded over the past few years in terms of content & is absolutely vital for our industry.

Some additional links I think folks find handy, to get them in the right frame of mind & help you think about some of the stuff that keeps Sysadmins up are below.  They are from a friend of mine, Matt Simmon’s blog. Matt is a Sysadmin I met at a conference local to New Jersey, LOPSA-East. A great mentor for sure.

Standalone Sysadmin – The Impostor Effect vs Dunning-Kruger
Standalone Sysadmin – Difference between SRE, Sysadmin & DevOps
Standalone Sysadmin – Three activities that will make you a better Sysadmin

An excellent resource that is great for people of all experience levels is the sub-reddit /r/homelab — I’m a moderator here — so if you have issues, please let me know. In addition, you should check out the Discord chat. There are immensely smart people here & you should learn as much as you can. Learn, give back to the community & enjoy the rewards 🙂

Another blog I really love reading is by Jess Dodson (@GirlGerms) – her blog is here — it’s totes awesome – she is a Microsoft MVP based out of Australia. (There are a lot of wicked smart people out there — you’ll them mentioned more here as opportunity presents itself)

I’m a Sysadmin looking to become a Sr. Sysadmin — what should I look into?

You may want to start by viewing viewing this talk by Adam Moskowitz  – it covers many things that I’m passionate about & try to instill into my peers of admins that I know.

I really like this talk by Shawn Sterling (@systemtemplar).

Check out The Finer Art of Being a Senior Sysadmin by Sheeri Cabral (@Sheeri) which I came across from Tom Limoncelli’s blog, EverythingSysadmin.

I also really heart this ServerFault post — it covers an immense amount of detail & is great for newbies & Sysadmins looking to become Sr. Sysadmins alike.

If you need to learn a lot about some security stuff, and/or Linux things to round out your skill-set, I highly recommend anything written by Daniel Miessler (@DanielMiessler), but in particular, the stuff on his Study Page is rock solid.

If you’ve read this far, what you’ll quickly realize is, with the exception of arguing about DevOps* – there is usually a definitive, proper way to do something. That proper way usually only breaks in very specific circumstances. If you’re wondering what sparked this post, I decided to collect a list of questions that are common to the /r/sysadmin sub-reddit over here. It didn’t do well, as expected.

That’s all I have for this post at this point in time. Note that I did not cover making lateral moves to networking or information security as these are not my specific wheel-house. Some of the suggestions & advice applies, some does not. More on that later, as I learn with you all on this journey! If I think of anything else, I’ll be sure to add it. If you have feedback for this, please let me know on Twitter 🙂

But wait, I actually want to learn about certifications! >:-(

Tune in next time 🙁