The Confusion of DevOps

After spending a long enough time on /r/Sysadmin, Twitter or in professional Sysadmin communities like LISA & LOPSA, invariably, someone comes across the term DevOps. Here, we will try to demystify this term, cover what it means to the relevant parties & what takeaways there are to be gained so that you can have a better understanding of this concept when people mention it in the workplace.

My first experience with this term was on Reddit & more recently at LOPSA-East a few years ago where, a few System Administrators were talking about their environments & sharing how much of a struggle it is to deal with developers — who, by their nature, either request root on their machines, or spin up their own servers, much to the chagrin of System Administrators.

At the time, I was somewhat confused, as, I didn’t really see the point: Sysadmins use code & they wear many hats. Is that DevOps? Am I a DevOp? Is it a concept? I started to doubt myself & my future in this field. Titles & jobs would pop up commanding ridiculous (e.g. overly inflated) salaries for a ”DevOp” person when, the requirements were standard Sysadmin duties (things we can do with our eyes closed) with some programmer mumbo-jumbo (being comfortable with Ruby, PHP, Docker, Unit Tests, Agile, Configuration Management)

Further, the idea that developers should be in control of things like configuration management to push out changes to infrastructure was asinine to me (it still is). So, I decided to do some research. Breaking down the term, it is generally accepted combination of terms “Software Developer” and “IT Operations” (or Ops)

The confusion should be readily apparent. For someone with a Sysadmin background, this poses a conundrum: why do we need or care for Dev? A Sysadmin (as I’m now learning) should be fairly comfortable at scripting & know how to code at a very basic level – that is to say, be able to read a script & understand what it may be doing.

In a smaller shop where the company in question may not deal with the IT field or industry, they may not have a development team. Non-profits & companies that produce physical goods in some manner are good examples of where DevOps may not be entirely relevant, unless there is a developer team for their website. But in places where you are designing a product or service, either in house to be used by outside users; or developing a platform for scaling applications? DevOps is essential. Let’s look at these two different perspectives, offering myself as an example.

In my first ”real” Sysadmin job, I was a Sysadmin of a small office. There was an IT Director & one other Sysadmin at our HQ. We had no developers, because we didn’t produce any software internally for ourselves or for end users. We are a shop that had no need for a developer team. The Sysadmins took care of everything, as they should.

In a different job as System Administrator, I work with a ticketing system that is coded by a team of developers internally.  The developers control the hardware & the code that runs our infrastructure internally & externally facing. The Sysadmins don’t do any Sysadmin work. We’re just button pushers. There is a literal glass wall between the teams.

In, what I would consider an ideal version of this scenario, the developers would make changes to their code, run unit tests & push it out to production. If they needed hardware, root access to equipment, or additional servers, etc. they would engage the Sysadmin team. This isn’t the case & it makes no sense. Some key developers have root on all systems & make changes that have large effects to our internal ecosystem that change functionality.

For example – a developer may make a code change that causes a function to break. Customers complain. This broken function causes a cascading failure, albeit momentary preventing customers from properly deploying new machines. Assume no change management controls (if there are, we don’t know about it)

A traditional Sysadmin would cringe at the thought of this. However, if you take into consideration a key developer was a Sysadmin first and/or a founder to the organization, would it make a difference?*

Do we need DevOps? Do we benefit from it if there are struggles to an organization internally? I don’t know. Is the person who takes the risk to traverse the glass wall, a DevOp now?

A solid example of applying these Dev & Ops principles is over here — I’ve reached out to the author to see if there are other, good examples of what each team can do to understand the other side. I’ve yet to see such a concise article written about the subject.

Another well written piece on this that I found was here. An individual in the comments seems to have the right idea which seems to coincide with my example/experiences at work. (Reddit thread here) However I would posit that Sysadmins being pushed out of the Operations process entirely & not being trusted (no architecture access, no Puppet access, no router/switch access, etc) is not a way to run an organization.

Unfortunately, the example I explained is a real thing & it happens more & more in shops that develop software products especially. Developers cut out the middle man: they don’t need Operations anymore. They can just grab Docker, run their code & ask Operations to ship it as is, a container with old, crusty, unreliable code. Another fear of DevOps is well amplified in this comment.

If you’re still confused — or don’t necessarily see what I’m getting at, I highly recommend watching the talk “The Future of Sysadmin” by Adam Moskowitz (relevant Reddit thread)– the general concept he describes is identical to the current work environment that I deal with. It shows me, that I need to adapt in some capacity before I die (before I am replaced by a shell script).

The issue, again, somewhat unique to my environment — is that, I am unable, as an individual to effect change where I am unless I make myself a developer/completely different team. I’m sitting here (grumpy Sysadmin), pressing buttons & functions that someone else designed. What if I want to learn how it works? I have no access to that. What if I see something wrong or want to work on implementing something for quality of life for us, internally? Can’t do that unless I am a developer.

If you’re a Sysadmin doing this sort of transition professionally or you understand what I’m getting at, you might find threads like these fascinating, along with the sub-reddit /r/DevOps.

Obviously, the things I mentioned are not relevant to all organizations, applicable to all types of infrastructure or are relevant to each situation. I’m sure I am probably wrong. If I am, or if this post wasn’t clear, let me know. Have you successfully made a transition or are a SRE who plays on both sides? Let me know.

Ideally, I’d love to take some of these concepts & work on creating an environment where people can spin up virtual machines (with some automated tasks) to do malware analysis and/or building a vulnerable lab to emulate SANS/OSCP learning labs. If anyone wants to work on some of this stuff with me, I’d love the help &/or to work along with you on it. I’m already helping one or two people with something similar. 🙂

Thoughts? This is also a useful talk on the subject matter.

 

 

Conquering Tsundoku, Acquiring Discipline & Finding Passion, Together!

Hello again fellow geeks, nerds, misfits & everyone in-between!

For those who don’t know me well, I generally self identify with the INTP personality type. At times, I go so far as calling myself xNTP, because in some social situations, I thrive off of the energy & am looking for more social interactions. This can be observed when I am at a hacker conference, running the TOOOL meetup, organizing the Central NJ Infosec meetup or talking about my interests & passions in general. (Hint: Psychology, Personality & what makes Hackers who they are fascinate me to no end — more on this in the future)

As a ”consequence” of being an INTP, there are some key attributes that we are typecast with having. For a very very rough abstract of the profile of an INTP individual, you can read this forum post, but I’ll be going in quite enough detail in separate blog posts, as there’s so much to get into.

A few key paragraphs from the above forum post are worth nothing when interacting with INTP personality types:

* …abstract in communication and utilitarian in how they implement their goals. They choose to study science, are preoccupied with technology, and work well with systems.

* They would if possible be calm, they trust reason, are hungry for achievement, seek knowledge, prize deference, and aspire to be wizards of science and technology. Intellectually, they are prone to practice strategy far more than diplomacy, tactics, and especially logistics.

* the world exists primarily to be analyzed, understood, and explained. External reality in itself is unimportant, a mere arena for checking out the usefulness of ideas.

* If knowledge can be gathered from observing someone or taking some action, then such is worthwhile

* Architects prize intelligence in themselves and in others, and seem constantly on the lookout for the technological principles … Architects limit their search to only what is relevant to the issue at hand, and thus they seem able to concentrate better than any other type.

*  If left to their own devices, INTPs will retreat into the world of books and emerge only when physical needs become imperative. Architects are, however, eventempered, compliant, and easy to live with—that is, until one of their principles is violated, in which case their adaptability ceases altogether.

The last point is key. If you have never seen this photo before, allow me to show you my book collection:

Pretty crazy, huh? Most of those books can best be described as “in progress”.  Unsurprisingly, there is a Japanese term for this called Tsundoku — although I don’t speak or know much about Japanese language or culture, I can appreciate the wisdom there is in their word choice & some of the concepts they are able to describe, that, otherwise are left as broad sweeping generalizations of a personality type.

One of the motivations I had while starting this blog was, to help people. I think, by proxy, you individuals that choose to read these posts, help me to help you 😉 — one of the goals I’m looking to do, is to review the books that I have thus far in my collection –one at a time. Clearly, this will take a lot of time, which I have plenty of.

Obviously, I won’t be able to properly read each book, but I will do my best to. Some books (such as The Practice of System & Network Administration) are not really meant to be read from cover to cover, although, you could do that. A reference book is just that, a reference. There are more books (several stacks, actually) that aren’t even pictured.

As I review these books, I’ll do my best to post some excepts that I found very useful — I’m hoping to be careful as to avoid any issues with copyright or publishers getting angry — we’ll see. This, is all to overcome this issue of having books left unread, half read, or partially read.

How does this help you, as a technology professional, you might ask? Well, if you’re certified in anything that requires you to maintain the certification (e.g. CISSP, Security+, other things) you may be required to read reviews, training & other articles that quality as credits toward your CPE — continuing professional education. This is a tally point system you have to maintain & show proof of study at the end of a certain period of time.

While doing some searches on tsundoku, I came across this fascinating post — that shares expressions & some of their meanings from different cultures out in the world. There are some interesting ones there & I can come up with descriptions to fit most of them. What about you?

One of my personal struggles has always been a lack of discipline. At least, that’s what a family member told me when I was growing up. I’ve always been conflicted about this: I’m one of the few IT people you will meet that does not drink alcohol, smoke cigarettes or do any sort of recreational drugs. I prefer having sharp wits about me & do not enjoy the feeling of being sluggish mentally in any capacity.

On the other hand, I have a weakness for eating food, even if I’m not hungry. I do not currently* work out (I have plans to change this). I may not always take care of several tasks & go to stops in the most efficient manner as possible when getting errands done. I may drop hobbies if I get bored, or, do not feel like I am progressing well.

Do these mean that, I lack discipline? I don’t know. But I do know I have passion. I do know, that, Americans in general suck with discipline. Perhaps there is bias with influence from many movies, but a common perception (misconception?) I have is that Asian cultures, by their upbringing have much better discipline than we do in the United States as Americans.

Obviously, this varies widely if someone is born in that country, or born in the United States. There’s also bias when you consider how things were done in the old times. I’m always curious & fascinated by Asian cultures, especially in relation to linguistics, philosophy, discipline & martial arts.

Why these things? Well, as an example, the above word (can I use logograph here? glyph?) is the Chinese word for Chi, as in Tai Chi. The meaning in a literal sense is ‘Gas’, ‘Air’ or ‘Breath’ (jokester people may misinterpret it as ‘fart’ for lulz). Figuratively, it is generally accepted to mean ‘life force’, ‘energy’ — for you nerds, midichlorians, yo. This is why you see brands out there like QiWireless — they are using their language as part of branding for a company that ”literally” defines the products they make.

Why do I care about this? Well, because I enjoy learning about the culture. I enjoy learning about the origin of a lot of martial arts, as well. A lot of them have a strong belief in Chi, or some form of it, especially in China. A related concept that comes up in this culture is the idea of balance, ala the famous yin yang symbol.
It’s a symbol that is sometimes misinterpreted or not taken as seriously as it should be. Many people get tattoos of it because it looks cool, or they like it without respecting the deep meaning behind it. There is a vibrant, rich history behind this symbol, what it stands for & what the concept of balance can be applied to.

The idea of ‘balance in all things’ can be applied to just about anything. Firearms for example: grip the weapon too strong, you may visibly shake & struggle to get precise shots — grip too weak & you will not control the weapon when you fire it, having shots go everywhere. Parenting: Too stern & you may not get the intended result, hurting a child’s feelings — too soft & you run the risk of not teaching the appropriate lesson. There are many more examples.

One of movies that ties together some of these concepts, directly & indirectly is the film The One starring Jet Li, Jason Statham & Delray Lindo. The film has some great fighting scenes featuring Baguazhang  — of which, one of the key aspects is turns & walking in circles in contrast to Xingyiquan — which is a very direct fighting style. (If you’re interested in this sort of thing, you should totally watch The Ip Man series of films. They are totally great martial art flicks)

Despite having a strong passion for martial arts, I do not study one current despite attempts from some awesome people (@SecureSamurai , @hacks4pancakes, @alfiedotwtf ) trying to help me find locations near me in styles that I would be interested in studying.  Studying a martial art, requires many things that, I partially lack, or are weak in.

To come full circle (see what I did there?), I hope that by having discipline & passion in blogging about these subjects, books & other things that I’m interested, I can help myself grow as an individual. I hope that through my writings, I can motivate you, the reader to grow personally as well 🙂

The Training Landscape – Airborne, MOOC, Self & Virtual

In this post, I’ll attempt to demystify the various training options there are out there for individuals looking to get up to speed on a given subject or material. The predominate focus will be on System Administration, Information Security & Physical Security. The organizations you acquire training from may differ as will their subject matter but the general delivery method & how you receive the information will be the same for the type of training listed.

Back in the day before the Internet was popular, if you struggled with a given product, you would need to call the people who designed or created it for training, documentation & support. If that wasn’t available, you would be limited to what resources were provided by your re-seller or, lastly, local consultants.

This form of education was usually costly as you, along with some of your organization or team would either be given training at a remote site where you’d have to be physically present (gasp!). Or, alternatively, the organization would fly specialists out to your site to provide training for your team. This is generally deemed a very dated education approach, but it is still utilized today.

Given* my limited professional experience, one of the largest companies I know that still provides services like these for IT Professionals is Global Knowledge (shorthand, GK). There are other companies that do this, but they teach to their brand (see: Microsoft, Cisco, IBM)

Personal aside on being an Instructor

This type of instruction was very similar to the teaching I used to do. I used to teach people how to use technology (learning Microsoft Office, Windows, Linux) and how to get certified in a particular technology (CompTIA, Microsoft, Linux) along with understanding how to best meet their needs.

Teaching in person is very difficult unless you’ve done it before. You have to be extremely comfortable with the material, confident in your natural speaking ability, have high analytical skills to process information, questions & responses in a quick manner & need to have a thorough understanding of psychology.

I worked toward becoming a trained technical instructor (yes, there’s a certification for this) — the certification is in two parts: a sit down exam along with a video portion. At some point in time, the video portion of exam was waived, but I missed that opportunity.

If this interests you, the certification I sat for was the Certified Technical Trainer exam (CTT+) by CompTIA. The book I used to study for the exam & help me become a better instructor is “How to Become A Successful Technical Trainer: Core Skills for Instructor Certification”

One of the key things I learned is about adult learner theory. The particular concept that I read about boiled down the fact that, if adults aren’t interested in something, they won’t want to pay attention and/or will not retain what is learned (sounds dumb, but it seems logical…) If you want to read about adult learner theories that have some backing to them, you can check out this PDF.

End Personal Aside…

With the explosion of the Internet & storage, bandwidth & network connectivity getting cheaper with time, people have realized that they do not need a physical presence to educate someone. This is where virtual learning — typically eLearning & to a larger extent, MOOC comes in.

Typically you’ll see some of these terms mixed together, although they are fairly distinct:

  • Virtual Classroom – The instructor, from the comfort of their own home or office, utilizes a camera, a headset, microphone, a slide deck they know very well & tons of motivation to teach students in a virtual setting. You may not see the students if they do not have a camera. Teaching like this can be very tough if you are not comfortable with the material. Learning this way isn’t for everyone. You may also see webinars done in this style. A popular software suite for this type of collaboration is e-lecta LIVE – very cool software. Joe McCray (@j0emccray) uses this effectively for webinars where he teaches InfoSec concepts.
  • Massive Open Online CourseYou’ve probably heard of this term by now. Popularized by Khan Academy, MOOCs are essentially courses you can sign up for at any given point in time & complete them at your own pace. There’s so much content out there in terms of MOOCs that it would take some people an entire lifetime to learn all that is out there. Absolutely fascinating things can be found if you look. Some additional resources for these: mooc.org | khan academy | EdX MOOC

    Many IT professionals find that they do not necessary have the time for traditional classroom / course materials, so they go with one of the following routes:
  • Computer Based TrainingGet your mind out of the gutter! Essentially, this type of training is a virtual version of classroom training, combined with no live instructor (e.g., the courses are recorded in advance). These courses have no real exam toward the end & are geared toward getting someone up to speed with a particular subject or concept; or to get them prepared for a certification exam. One of the most popular companies to corner the market with this type of training is CBTNuggets – I cannot say enough good things about this company. They have extremely high quality material of consistent quality, great instructors & an easy to understand format.

CBTNuggets videos are pre-recorded, typically in a WMV/MPG format, with a virtual whiteboard (essentially, a white background in PhotoShop, PaintShop or some art program) where the person draws on the board with their mouse. They will then explain a basic concept, for example, deploying a sample Group Policy. After explaining important gotchas if you will be taking a specific Microsoft exams — a demo of deploying a Group Policy is done on screen, step by step.

Another highly recommend resource that has shown up recently is PluralSight. They have high quality material, comparable to, if not better than CBTNuggets. Their material is slightly different, along with including different instructors & subject matter experts. Their site is here: PluralSight.

  • Self Learning This is by far the most popular way that IT professionals train & learn. Within reason, self learning is the best option. Utilizing servers at home, VMs, virtual private servers & doing things by hand is one of the best ways to learn. This concept is “Learning by Doing“. A future blog post will cover self learning examples, with many, many lists of things that will keep you busy covering the entire scope of Information  Technology.

Most technology professionals use a mixture of all of the above training methods. In addition, many people later in their career go back to get trained or get their degree so they can get paid more, or get promoted. A variation of much of the in-person training are bootcamps which are week-long training courses that cram your brain full of as much information that will fit, to get you to pass a certification exam.

If you enjoyed this particular post, or have suggestions for future blog posts, please don’t hesitate to let me know – I can be reached @DarkSim905 . This post is a work in progress, you may want to check back for changes over the next few days — generally after I post, I make changes over a few days until I am happy with the outcome.

On Buying Stuff…

I’m always amazing how complicated people make buying stuff, at least for basic things that they use everyday or  that aren’t part of the “Buy It for Life” category of items. I’m a big fan of the BIFL sub-reddit but it’s suggestions may not always be the best & you’ll have to dig through comments to find things that are gold, or, to your subjective standard of gold.

Generally when I purchase things (in particular tech, automotive or generally expensive things) I want them to last & am usually very picky. Sometimes, you have to learn what a product’s features are first hand — that’s where window shopping comes into play. These days, most people go to Best Buy or any other big box electronics store to handle an item & are able to find it cheaper, online from a reputable resource.

For most items, I generally stick to Amazon, Newegg or physically going to MicroCenter. I generally drill my search filters down as follows, we’ll use SSDs as an example.

You’ll want to pick the largest category that best represents the item you’ll be purchasing. In this case, Amazon is usually pretty good; in some cases, it can be hit or miss (for example, automotive or scientific tools)

I then drill down further.

* Seller – Amazon.com – I’ve had bad experiences with 3rd party sellers. Their packaging, shipping times & the fact I have to share my credit card data with another party are all undesirable attributes.

* Condition – New – this gets rid of any items that are considered ‘Used’ (who would buy a Used SSD anyway?) & in some cases any items that are returns, open boxes, etc. New stuff is good – unless you don’t care, or are buying some egregiously expensive like a camera.

* 4 Stars & Up – it generally isn’t worth searching for items that have less than 4 stars. From here, your selections will get fairly limited. depending on what your buying & the quality of products that exist.

* At this point, if there is a particular brand I want to filter by, I may pick a few options. For most things, people prefer name brands they recognize. This is where you’ll have to do some research depending on the item you’re buying.

– With IT equipment, sometimes several manufacturers may use the same OEM as someone else. It may pay to do research here. From my professional experience with SSDs, you want Intel and only Intel unless you are on a budget & attempting to prove a theory, using the disk for a throwaway laptop, or as a temporary drive/scratch disk. Why? The hosting industry almost exclusively uses Intel, with Samsung coming in at a distant second.

– Lastly, if you read up on wear level indicators, Intel is generally the most consistent with providing this data. For my selections, I went with Intel, Samsung & PNY.

* At this point, what are our technical needs for this project? Let’s assume we’re going for 2.5″ drives, as these are the most common out there.

* Now, my choices are getting limited (less than 50 results) — we want something that is future proof, so we want to go with SATA III

* The rest of the filters are irrelevant (at least for this example) because you can pick any size you want. This is the final point where you will filter all your options, via the upper right drop-down: relevance, price, average customer review, or featured. I heavily prefer average customer review. This is a combination of the number of reviews & how high they are. An item with 1, 5 star review may rank higher than an item that has 2, 4 star reviews.

* At this point, which item is best & what item is good for you? Well, read your reviews & do some research. Do you want what everyone has & is proven & tested? Do you want something that is a bit more expensive, but maybe not many people have tried it?

* Lastly, I take a lot of time reading reviews, especially the negative reviews. I do my best to ignore reviews that were “gift in exchange for review”, reviews that mention packaging or shipping errors (these are generally avoidable, customer issues, or a customer misunderstand that there is a different section to leave remarks on packaging of their order. The negative reviews will tell you what you’re in store for in a worst case scenario. Many times, you’ll see the manufacturer or company reach out to individuals who are extremely unhappy providing advice and/or replacement if a customer was unable to get something working right with a product.

* After all of this, I generally attempt to make my decision. This leaves me with several (A), different (B), options (C)! You’ll want to pay attention, at least with computer hardware that you aren’t buying a ‘pack’, or a set of drives that come with any sort of special care, data services or extra things you don’t need.

* This same process can work for virtually any site & helps narrow things down easily. There are some things that, if you are unfamiliar with the item, you may need to do research, or buy a cheaper version of the item to see what things you want or don’t want/need for a given item.

For example, I want to eventually buy a camera & microphone for YouTube to record videos for lockpicking, projects I’m working on & some of the gear that I have around the house. There are many, many choices out there. But what do I need? Do I need a camera? A camcorder? Is a cellphone sufficient? There are many options out there! Some things have to be attempted before you can create an opinion on what works for you.

I really love watching YouTube reviews for some things that I’m considering purchasing, but as always, it leaves a lot to be desired. For example, even though a person reviewing a camera knows all the functionality, I may not — and may consider the layout of a camera less than optimal. These are all things to think of when purchasing items online.

A good example that shows how purchasing an item can be very involved & personal is bags People love bags. I recently ran into this issue a while back myself — when I went to Hackers on Planet Earth, everyone had a bag they liked, that had cool patches, held all their gear & seemed to have a spot for everything! I needed one too! But how do I go about getting a bag? How do I determine what is good material & what fits my needs?

I know that I wanted something predominately black, red or gray. I know that I wanted something that had a chest strap or harness. It had to have a decent amount of space (it’s a backpack, not a duffle bag or Go bag). I wanted the bag to be made of materials that would last longer than me. I knew from prior experience with range bags that most high quality range bags are made out of ballistic nylon, which is almost impossible to rip or destroy unless you have a sharp knife.

One issue I came across is not a lot of bags had a hard base. Most bags had either a soft base, or no real bag so if you drop the bag on the floor, your stuff may get damaged. I am by no means a klutzy person, but I wanted the reassurance that comes with a hard base. These types of backpacks also ride better on your back when you wear them properly.

I went & did some research & searching. This is what I ended up going with — the Milwaukee Job Site Backpack . You can read my review of the bag here. I’ll have an expanded blog post on this bag & the modifications I made to it in a later post.

One thing you’ll notice is, compared to Maxpedition or other ‘bags’ that people go with, is this bag has no real MOLLE straps — I didn’t really consider having such a system with the bag I purchased. Another negative is, the bag has no velcro for affixing patches to the bag (easily solved). The last negative I had was, due to the bag being designed for job sites, there’s extra fabric & material to hold tools such as screwdrivers, hammers & drills. None of this was necessary for my needs. But, the price (the price keeps dropping), color scheme, materials & workmanship were enough to win me over.

I may consider looking at other bags, but there are many options out there. Using some research & some of the suggestions I provided here, helped me narrow my selection to what was a good fit for me. I have two of the Milwaukee bags & I use them for my meetups & hacker conferences. They carry everything I need — and with the hard base & heavy straps, I can carry a ton of locks without having to worry about hurting myself. I consider that a big plus. 🙂

/r/Sysadmin Frequently Asked Questions, an ongoing series …

So, I spend a lot of time on the Internet, like most technical individuals. I spend a lot of time in /r/sysadmin & from time to time, I see questions repeatedly asked that cover the same material, over & over. In this (ongoing) series of posts, I’ll look to tackle those questions, one by one, as best I can. These blog posts will serve as an extension of my primarily website & will be a jumping pad to go to popular resources that I recommend on the Internet, along with giving you what is a generally accepted canonical answer, mixed with my thoughts on the matter.

As I first started on the educational side of information technology, for this first post, I’ll cover what I think are the best (e.g. efficient) ways for you to gauge where you stand as an IT Professional, regardless of your experience level. This post will be through the lens of someone who wants to be on the System Administrator side of the fence. Throughout, I’ll give recommendations to talks you should watch, resources & books you may want to purchase.

In a future installment, I will cover specific resource types (e.g. computer based training) how to determine what’s best for you as an individual & your learning style.

First, what is your goal? Many individuals I’ve instructed & mentored over the years were either out of work (job loss, Military BRAC…) or doing a lateral transition professionally. If your goal is to be a desktop technician & move up the ranks to become a Sysadmin, you will want to look at Network+, Security+, Linux+ & Server+.

Each of these certifications are provided by CompTIA — now, I’m not recommending you get these certifications, however, I do recommend looking at the appendix of each of these exam objectives. They provide a great general baseline on the basics of what these subject matters may entail. This also doubles as a study guide — if you understand many of the terms, acronyms & initialism — then you can skip those & focus on areas that you are weak in.

The reason why I don’t recommend wasting time with the A+ certification is that, it is extremely dated — these days, nobody repairs machines anymore. Further, the skills that this certification teaches you, can be taught in a weekend. A case could be made for Network+ & some of the core concepts of Security+, but that’s a post for another day.

How do you go about acquiring the objectives? Go to CompTIA’s website (for example, Network+ Page) & fill out the information in the field on the right under the box ”Exam Objectives”.  You’ll be provided a PDF link of the exam objectives (permalink here if you don’t want to give up any information).

Do you feel comfortable & confident in the terms & materials presented in the PDF? Then, if you’re given some simple interview questions about the subject you should be able to at least describe how you would use these concepts & technologies in the real world.

What are all these certifications? Do they matter? What will I learn?

I don’t want to veer off the subject of this post, but it is worth covering what these certifications cover. They cover a small piece of information, skills & concepts that it takes to be any of the following: hardware technician, network administrator, system administrator, system analyst.

It used to be that CompTIA certifications were lifetime certifications — they have since moved to a “every 3 years” cycle, meaning that, you have to re-up on taking the certification or else it expires. I do not recommend getting a certification just for the sake of it unless your employer is paying for the certification, the certification is tied to keeping your job/additional merit pay, or other factors.

I recommend looking at the exam objectives, but for a brief rundown of what these certifications cover:
A+ – Basic Computer troubleshooting. What are the ports on a motherboard? What are some basic port numbers? How does everything plug in together? How does the motherboard work? Many repair technicians need this to work on desktops or laptops. The ubiquitous nature of computer devices has made this irrelevant, along with custom designed motherboards that cannot be easily serviced.

Network+ – very basic networking. What is an IP address? CIDR, notation, basic concepts of routing/switching, broadcast storms, DHCP/DNS basics, some very basic Windows commands (e.g. ipconfig). Predominately focuses on IPv4, some IPv6 was introduced when I took the exam years ago. The common path for someone interested in learning networking is to get a vendor specific certification (Cisco, Juniper & Brocade would probably be the largest, followed by Software Defined Networking).

Security+ – this covers the CIA triad (not that CIA, silly!), the basic tenants of network security, lots of concepts & theory. Good for people with a MIL background & understand certain DoD requirements. If this sort of thing interests you, you will want to look into OWASP, OSCP & local information security meetups.

Server+ – this is a great exam for someone who may work in a datacenter & has to rack & stack servers, design a network from the ground up, setup a server from scratch. Some of this is dated (e.g. SCSI) but the concepts give you a good foundation in what to expect when dealing with a server (diagnostics, memory matching, how things differ from desktop hardware)

LiNUX+ – This exam covers the basics of Linux. Very basic command line stuff. Focuses on the init run levels (gross). No real distro specific knowledge is expected. You need to know certain bash esoteric knowledge, file pipes, redirection, error handling, and so on. This cert gives you the LPI Linux certification as well. The common path for someone interested in Linux is to get distro specific certification — the industry standard is Red Hat Linux (RHEL for short) — it is a very well respected certification in the System Administrator industry.

NOTE – There are many many IT certifications, this warrants a separate post — but these are the basics for a lot of people. I’m here to describe what studying for these certifications will teach you & how you can use that knowledge (sans certification) to grow as an individual.

I’m a Help-Desk tech & I understand a lot of what you previously mentioned, or feel I’m ready to be a Sysadmin. What should I look into or research?

I highly recommend purchasing this book & having it by your desk with you. Use it as a reference. I will do a review at a later date about this, but I feel it covers a lot of ground in a condensed form about the vastness of the IT industry.

Another mandatory book to read is Women in  Tech by Tarah (@tarah) – I personally don’t care if you’re a dude who has any opinion at all on the title — you need to read this book. There is an insane wealth of knowledge here (the resume writing suggestions are particularly rock solid).

Something to build upon TPOSANA is The Ops School – this is a project that has exploded over the past few years in terms of content & is absolutely vital for our industry.

Some additional links I think folks find handy, to get them in the right frame of mind & help you think about some of the stuff that keeps Sysadmins up are below.  They are from a friend of mine, Matt Simmon’s blog. Matt is a Sysadmin I met at a conference local to New Jersey, LOPSA-East. A great mentor for sure.

Standalone Sysadmin – The Impostor Effect vs Dunning-Kruger
Standalone Sysadmin – Difference between SRE, Sysadmin & DevOps
Standalone Sysadmin – Three activities that will make you a better Sysadmin

An excellent resource that is great for people of all experience levels is the sub-reddit /r/homelab — I’m a moderator here — so if you have issues, please let me know. In addition, you should check out the Discord chat. There are immensely smart people here & you should learn as much as you can. Learn, give back to the community & enjoy the rewards 🙂

Another blog I really love reading is by Jess Dodson (@GirlGerms) – her blog is here — it’s totes awesome – she is a Microsoft MVP based out of Australia. (There are a lot of wicked smart people out there — you’ll them mentioned more here as opportunity presents itself)

I’m a Sysadmin looking to become a Sr. Sysadmin — what should I look into?

You may want to start by viewing viewing this talk by Adam Moskowitz  – it covers many things that I’m passionate about & try to instill into my peers of admins that I know.

I really like this talk by Shawn Sterling (@systemtemplar).

Check out The Finer Art of Being a Senior Sysadmin by Sheeri Cabral (@Sheeri) which I came across from Tom Limoncelli’s blog, EverythingSysadmin.

I also really heart this ServerFault post — it covers an immense amount of detail & is great for newbies & Sysadmins looking to become Sr. Sysadmins alike.

If you need to learn a lot about some security stuff, and/or Linux things to round out your skill-set, I highly recommend anything written by Daniel Miessler (@DanielMiessler), but in particular, the stuff on his Study Page is rock solid.

If you’ve read this far, what you’ll quickly realize is, with the exception of arguing about DevOps* – there is usually a definitive, proper way to do something. That proper way usually only breaks in very specific circumstances. If you’re wondering what sparked this post, I decided to collect a list of questions that are common to the /r/sysadmin sub-reddit over here. It didn’t do well, as expected.

That’s all I have for this post at this point in time. Note that I did not cover making lateral moves to networking or information security as these are not my specific wheel-house. Some of the suggestions & advice applies, some does not. More on that later, as I learn with you all on this journey! If I think of anything else, I’ll be sure to add it. If you have feedback for this, please let me know on Twitter 🙂

But wait, I actually want to learn about certifications! >:-(

Tune in next time 🙁

Hello World!

As with all good first things on the Internet, this is my first blog post. I’m using this as a playground to learn how to administer WordPress & hopefully in the long run, write down my thoughts in long form as I often find that I cannot fully express myself on other mediums like Twitter.

Stay tuned 🙂