On Community, Conferences & Philosophies of Hackers –

The title of this post was a draft I started several months ago & didn’t make any notes of what I was going to blog about at the time. As of late, chatter around Codes of Conduct has been making the rounds & I think the blog title is quite appropriate.  I feel now is a good as time as any to add my 30 cents of diatribe into the ring.

In the interest of full disclosure, I’ve never actually been to DEFCON. My involvement with some in the community is by & large through social media & my close friends have all been met through events with an organisation I’ve involved with (see also: Hacked by DEFCON). Throughout, I may make reference to the following articles & posts:  AwfulyPride’s Post on the Matter, GeekFeminismWiki, DEFCON Code of Conduct,   This Reddit post on /r/DEFCON & some stuff here .

My experience with any sort of public display of Code of Conduct goes back a few years to the conference LOPSA-East. LOPSA-East was meant to be one of the main conferences on the east coast for System Administrators, by System Administrators (this was when DevOps was a bit less encroached & right around or before Tom Limoncelli left Google). Note that, the first year I went in

The first year (that I went to) LOPSA East (2012 when it was still called PICC), there was no Code of Conduct that I recall at the conference. Now, keep in mind: these are Sysadmins, not hackers. There are people who geeks & hackers at the conferences & within the community, but by & large, we dressed professionally & acted professional. Also note that as this was the first year, there wasn’t necessarily much of a vendor area.

The second year I went (2013), there was a Code of Conduct right by the entrance of the conference – I was going to include a photo here, but I can’t seem to find the photo. There was quiet chatter & people wondering what caused the necessity of requiring a Code of Conduct, especially considering how few women went to the conference (I recall a decent amount & they are all awesome!)

I don’t know how long LOPSA-East had been going on prior to my involvement, however, it looks like it started in ~2011. Also note, I’ve never seen a photo of the DEFCON physical CoC — just that it is on their website. I’m of the belief a lot of people don’t know this exists.

What I don’t understand is, if a professional conference can get this done in a relatively short order & make people feel safe, respected & comfortable knowing that any issues that arise will be taken care of, why can’t hacker conferences do the same thing? Outside of a conference, you all remain professionals in your daily lives – that professionalism & how we treat others should trickle down to conferences as well.

Taken further, what changes & why when it translates to a hacker conference? The addition of booze? The fact your company paid for it & you get absolved of responsibility due to the high & mighty status of being a hacker with moral superiority of others & thinking the rules don’t apply to you because you have a problem with authority like the kids of yesteryear?

You, the conference attendee have to understand that, yes, despite us being a Nation of Freedom — we have to be adults. This means being respectful, abiding by rules although we may disagree with them, much like law. And the golden rule of treating people the way we want to be treated.  Lastly, it’s not so evil to reassure individuals who may not have the same support networks as everyone else that if issues crop up, they will be handled accordingly.

The post that AwfulyPrideful made here is wonderful because it goes into some facets I hadn’t fully considered & does a far better job of it than I ever will. Keeping all these points in mind thus far & the arguments, backlash & frustrations I’ve seen on social media, I it’s clear there are distinct groups in this Code of Conduct debacle:

The Old Guard – These are people that have been part of the conference/community since the beginning. They may be aware of previous shenanigans but they may have made a name for themselves & are known for being respectful. They treat people the way they wanted to be treated & are very welcoming to the community & welcome people into the fold. These individuals will welcome a CoC but may not have an opinion on it one way or the other.

‘Hack the Planet!’ Types – These individuals may be an off shoot of the group above it. They may not be in for the long haul – they just care about l337 hacking, possibly anarchy & little else. If you aren’t talking about 0-days & amazing exploits, they don’t want to deal with you. They may see a Code of Conduct as oppression to their ideals: Information wants to be free man! Why do I need a Code of Conduct? We didn’t need one for the past 10 years! They may make fun of another group: “Words don’t stop the bad!”

The Next Generation – These people realize that we want progress in the community (read as: disenfranchised groups feeling they can contribute without repercussions & harassment), rules need to be implemented & enforced, much like the rest of society. These people realize the harm we do when women, people of color, or other groups do not contribute or do not feel comfortable being part of the community due to harassment.

If you didn’t see what I did there…

I’m of the belief that, this is on a continuum – a spectrum of thoughts & beliefs, if you will. You may not fit in one small box or you may be a part of multiple groups throughout your life.  The fascinating thing about this issue is, we’re all In This Together – we need to start acting like it, frankly.

I get it: you’re a hacker. You hate authority although you respect it when you are out & about in society. You like breaking the mold. You like doing your own thing & not letting anyone stop you. You probably see a Code of Conduct as some sort of affront to your sensibilities & that you are being oppressed in some way. Unfortunately for you, put your feels aside, be an adult & be helpful to people who need it at conferences: the people these Codes of Conduct were written for.

For all it is worth, you can tell me I’m wrong. I’m generally in favor of balance in all things, so I understand where the “We don’t need a Code of Conduct!” is coming from, but my female peers & other individuals’ comfort & willingness to come to the con is more important. The disarray & varying opinions on this can be seen clearly in the Reddit thread I linked at the top of this post. Hackers among themselves disagree & get into fights about if something is necessary or not.

Again, I see both sides of it. However, I think it makes a lot more sense to have one, both for the protection of the conference & you the attendees. There’s a part of me that wants to say that it’s a mark of a modern society to be all inclusive, as well.

Disagree with me all you want. It’s a free country. I love learning from other perspectives. 🙂

You can feel free to disagree with me or not. Or you can do what your freedom allows & give me one of these. I’ll be pleased either way, as long as you give me feedback on my writing.

Note: I highly recommend checking out AwfulyPrideful’s post above & some links within their post. They have a guide on Code of Conduct if you need one for your organisation. I also linked to a site that had some useful information as well.  There’s also ConfCodeOfConduct.com

Also, I realize that there are many other facets of this issue & there are people that agree to disagree to a fault. People are welcome to their opinion & if they have a solution to the problems we face in the community that doesn’t splinter us further & further or causes arguments, I’d love to hear it. Regardless of your thoughts, we’re in this together.

Conquering Tsundoku, Acquiring Discipline & Finding Passion, Together!

Hello again fellow geeks, nerds, misfits & everyone in-between!

For those who don’t know me well, I generally self identify with the INTP personality type. At times, I go so far as calling myself xNTP, because in some social situations, I thrive off of the energy & am looking for more social interactions. This can be observed when I am at a hacker conference, running the TOOOL meetup, organizing the Central NJ Infosec meetup or talking about my interests & passions in general. (Hint: Psychology, Personality & what makes Hackers who they are fascinate me to no end — more on this in the future)

As a ”consequence” of being an INTP, there are some key attributes that we are typecast with having. For a very very rough abstract of the profile of an INTP individual, you can read this forum post, but I’ll be going in quite enough detail in separate blog posts, as there’s so much to get into.

A few key paragraphs from the above forum post are worth nothing when interacting with INTP personality types:

* …abstract in communication and utilitarian in how they implement their goals. They choose to study science, are preoccupied with technology, and work well with systems.

* They would if possible be calm, they trust reason, are hungry for achievement, seek knowledge, prize deference, and aspire to be wizards of science and technology. Intellectually, they are prone to practice strategy far more than diplomacy, tactics, and especially logistics.

* the world exists primarily to be analyzed, understood, and explained. External reality in itself is unimportant, a mere arena for checking out the usefulness of ideas.

* If knowledge can be gathered from observing someone or taking some action, then such is worthwhile

* Architects prize intelligence in themselves and in others, and seem constantly on the lookout for the technological principles … Architects limit their search to only what is relevant to the issue at hand, and thus they seem able to concentrate better than any other type.

*  If left to their own devices, INTPs will retreat into the world of books and emerge only when physical needs become imperative. Architects are, however, eventempered, compliant, and easy to live with—that is, until one of their principles is violated, in which case their adaptability ceases altogether.

The last point is key. If you have never seen this photo before, allow me to show you my book collection:

Pretty crazy, huh? Most of those books can best be described as “in progress”.  Unsurprisingly, there is a Japanese term for this called Tsundoku — although I don’t speak or know much about Japanese language or culture, I can appreciate the wisdom there is in their word choice & some of the concepts they are able to describe, that, otherwise are left as broad sweeping generalizations of a personality type.

One of the motivations I had while starting this blog was, to help people. I think, by proxy, you individuals that choose to read these posts, help me to help you 😉 — one of the goals I’m looking to do, is to review the books that I have thus far in my collection –one at a time. Clearly, this will take a lot of time, which I have plenty of.

Obviously, I won’t be able to properly read each book, but I will do my best to. Some books (such as The Practice of System & Network Administration) are not really meant to be read from cover to cover, although, you could do that. A reference book is just that, a reference. There are more books (several stacks, actually) that aren’t even pictured.

As I review these books, I’ll do my best to post some excepts that I found very useful — I’m hoping to be careful as to avoid any issues with copyright or publishers getting angry — we’ll see. This, is all to overcome this issue of having books left unread, half read, or partially read.

How does this help you, as a technology professional, you might ask? Well, if you’re certified in anything that requires you to maintain the certification (e.g. CISSP, Security+, other things) you may be required to read reviews, training & other articles that quality as credits toward your CPE — continuing professional education. This is a tally point system you have to maintain & show proof of study at the end of a certain period of time.

While doing some searches on tsundoku, I came across this fascinating post — that shares expressions & some of their meanings from different cultures out in the world. There are some interesting ones there & I can come up with descriptions to fit most of them. What about you?

One of my personal struggles has always been a lack of discipline. At least, that’s what a family member told me when I was growing up. I’ve always been conflicted about this: I’m one of the few IT people you will meet that does not drink alcohol, smoke cigarettes or do any sort of recreational drugs. I prefer having sharp wits about me & do not enjoy the feeling of being sluggish mentally in any capacity.

On the other hand, I have a weakness for eating food, even if I’m not hungry. I do not currently* work out (I have plans to change this). I may not always take care of several tasks & go to stops in the most efficient manner as possible when getting errands done. I may drop hobbies if I get bored, or, do not feel like I am progressing well.

Do these mean that, I lack discipline? I don’t know. But I do know I have passion. I do know, that, Americans in general suck with discipline. Perhaps there is bias with influence from many movies, but a common perception (misconception?) I have is that Asian cultures, by their upbringing have much better discipline than we do in the United States as Americans.

Obviously, this varies widely if someone is born in that country, or born in the United States. There’s also bias when you consider how things were done in the old times. I’m always curious & fascinated by Asian cultures, especially in relation to linguistics, philosophy, discipline & martial arts.

Why these things? Well, as an example, the above word (can I use logograph here? glyph?) is the Chinese word for Chi, as in Tai Chi. The meaning in a literal sense is ‘Gas’, ‘Air’ or ‘Breath’ (jokester people may misinterpret it as ‘fart’ for lulz). Figuratively, it is generally accepted to mean ‘life force’, ‘energy’ — for you nerds, midichlorians, yo. This is why you see brands out there like QiWireless — they are using their language as part of branding for a company that ”literally” defines the products they make.

Why do I care about this? Well, because I enjoy learning about the culture. I enjoy learning about the origin of a lot of martial arts, as well. A lot of them have a strong belief in Chi, or some form of it, especially in China. A related concept that comes up in this culture is the idea of balance, ala the famous yin yang symbol.
It’s a symbol that is sometimes misinterpreted or not taken as seriously as it should be. Many people get tattoos of it because it looks cool, or they like it without respecting the deep meaning behind it. There is a vibrant, rich history behind this symbol, what it stands for & what the concept of balance can be applied to.

The idea of ‘balance in all things’ can be applied to just about anything. Firearms for example: grip the weapon too strong, you may visibly shake & struggle to get precise shots — grip too weak & you will not control the weapon when you fire it, having shots go everywhere. Parenting: Too stern & you may not get the intended result, hurting a child’s feelings — too soft & you run the risk of not teaching the appropriate lesson. There are many more examples.

One of movies that ties together some of these concepts, directly & indirectly is the film The One starring Jet Li, Jason Statham & Delray Lindo. The film has some great fighting scenes featuring Baguazhang  — of which, one of the key aspects is turns & walking in circles in contrast to Xingyiquan — which is a very direct fighting style. (If you’re interested in this sort of thing, you should totally watch The Ip Man series of films. They are totally great martial art flicks)

Despite having a strong passion for martial arts, I do not study one current despite attempts from some awesome people (@SecureSamurai , @hacks4pancakes, @alfiedotwtf ) trying to help me find locations near me in styles that I would be interested in studying.  Studying a martial art, requires many things that, I partially lack, or are weak in.

To come full circle (see what I did there?), I hope that by having discipline & passion in blogging about these subjects, books & other things that I’m interested, I can help myself grow as an individual. I hope that through my writings, I can motivate you, the reader to grow personally as well 🙂

The Training Landscape – Airborne, MOOC, Self & Virtual

In this post, I’ll attempt to demystify the various training options there are out there for individuals looking to get up to speed on a given subject or material. The predominate focus will be on System Administration, Information Security & Physical Security. The organizations you acquire training from may differ as will their subject matter but the general delivery method & how you receive the information will be the same for the type of training listed.

Back in the day before the Internet was popular, if you struggled with a given product, you would need to call the people who designed or created it for training, documentation & support. If that wasn’t available, you would be limited to what resources were provided by your re-seller or, lastly, local consultants.

This form of education was usually costly as you, along with some of your organization or team would either be given training at a remote site where you’d have to be physically present (gasp!). Or, alternatively, the organization would fly specialists out to your site to provide training for your team. This is generally deemed a very dated education approach, but it is still utilized today.

Given* my limited professional experience, one of the largest companies I know that still provides services like these for IT Professionals is Global Knowledge (shorthand, GK). There are other companies that do this, but they teach to their brand (see: Microsoft, Cisco, IBM)

Personal aside on being an Instructor

This type of instruction was very similar to the teaching I used to do. I used to teach people how to use technology (learning Microsoft Office, Windows, Linux) and how to get certified in a particular technology (CompTIA, Microsoft, Linux) along with understanding how to best meet their needs.

Teaching in person is very difficult unless you’ve done it before. You have to be extremely comfortable with the material, confident in your natural speaking ability, have high analytical skills to process information, questions & responses in a quick manner & need to have a thorough understanding of psychology.

I worked toward becoming a trained technical instructor (yes, there’s a certification for this) — the certification is in two parts: a sit down exam along with a video portion. At some point in time, the video portion of exam was waived, but I missed that opportunity.

If this interests you, the certification I sat for was the Certified Technical Trainer exam (CTT+) by CompTIA. The book I used to study for the exam & help me become a better instructor is “How to Become A Successful Technical Trainer: Core Skills for Instructor Certification”

One of the key things I learned is about adult learner theory. The particular concept that I read about boiled down the fact that, if adults aren’t interested in something, they won’t want to pay attention and/or will not retain what is learned (sounds dumb, but it seems logical…) If you want to read about adult learner theories that have some backing to them, you can check out this PDF.

End Personal Aside…

With the explosion of the Internet & storage, bandwidth & network connectivity getting cheaper with time, people have realized that they do not need a physical presence to educate someone. This is where virtual learning — typically eLearning & to a larger extent, MOOC comes in.

Typically you’ll see some of these terms mixed together, although they are fairly distinct:

  • Virtual Classroom – The instructor, from the comfort of their own home or office, utilizes a camera, a headset, microphone, a slide deck they know very well & tons of motivation to teach students in a virtual setting. You may not see the students if they do not have a camera. Teaching like this can be very tough if you are not comfortable with the material. Learning this way isn’t for everyone. You may also see webinars done in this style. A popular software suite for this type of collaboration is e-lecta LIVE – very cool software. Joe McCray (@j0emccray) uses this effectively for webinars where he teaches InfoSec concepts.
  • Massive Open Online CourseYou’ve probably heard of this term by now. Popularized by Khan Academy, MOOCs are essentially courses you can sign up for at any given point in time & complete them at your own pace. There’s so much content out there in terms of MOOCs that it would take some people an entire lifetime to learn all that is out there. Absolutely fascinating things can be found if you look. Some additional resources for these: mooc.org | khan academy | EdX MOOC

    Many IT professionals find that they do not necessary have the time for traditional classroom / course materials, so they go with one of the following routes:
  • Computer Based TrainingGet your mind out of the gutter! Essentially, this type of training is a virtual version of classroom training, combined with no live instructor (e.g., the courses are recorded in advance). These courses have no real exam toward the end & are geared toward getting someone up to speed with a particular subject or concept; or to get them prepared for a certification exam. One of the most popular companies to corner the market with this type of training is CBTNuggets – I cannot say enough good things about this company. They have extremely high quality material of consistent quality, great instructors & an easy to understand format.

CBTNuggets videos are pre-recorded, typically in a WMV/MPG format, with a virtual whiteboard (essentially, a white background in PhotoShop, PaintShop or some art program) where the person draws on the board with their mouse. They will then explain a basic concept, for example, deploying a sample Group Policy. After explaining important gotchas if you will be taking a specific Microsoft exams — a demo of deploying a Group Policy is done on screen, step by step.

Another highly recommend resource that has shown up recently is PluralSight. They have high quality material, comparable to, if not better than CBTNuggets. Their material is slightly different, along with including different instructors & subject matter experts. Their site is here: PluralSight.

  • Self Learning This is by far the most popular way that IT professionals train & learn. Within reason, self learning is the best option. Utilizing servers at home, VMs, virtual private servers & doing things by hand is one of the best ways to learn. This concept is “Learning by Doing“. A future blog post will cover self learning examples, with many, many lists of things that will keep you busy covering the entire scope of Information  Technology.

Most technology professionals use a mixture of all of the above training methods. In addition, many people later in their career go back to get trained or get their degree so they can get paid more, or get promoted. A variation of much of the in-person training are bootcamps which are week-long training courses that cram your brain full of as much information that will fit, to get you to pass a certification exam.

If you enjoyed this particular post, or have suggestions for future blog posts, please don’t hesitate to let me know – I can be reached @DarkSim905 . This post is a work in progress, you may want to check back for changes over the next few days — generally after I post, I make changes over a few days until I am happy with the outcome.

On Buying Stuff…

I’m always amazing how complicated people make buying stuff, at least for basic things that they use everyday or  that aren’t part of the “Buy It for Life” category of items. I’m a big fan of the BIFL sub-reddit but it’s suggestions may not always be the best & you’ll have to dig through comments to find things that are gold, or, to your subjective standard of gold.

Generally when I purchase things (in particular tech, automotive or generally expensive things) I want them to last & am usually very picky. Sometimes, you have to learn what a product’s features are first hand — that’s where window shopping comes into play. These days, most people go to Best Buy or any other big box electronics store to handle an item & are able to find it cheaper, online from a reputable resource.

For most items, I generally stick to Amazon, Newegg or physically going to MicroCenter. I generally drill my search filters down as follows, we’ll use SSDs as an example.

You’ll want to pick the largest category that best represents the item you’ll be purchasing. In this case, Amazon is usually pretty good; in some cases, it can be hit or miss (for example, automotive or scientific tools)

I then drill down further.

* Seller – Amazon.com – I’ve had bad experiences with 3rd party sellers. Their packaging, shipping times & the fact I have to share my credit card data with another party are all undesirable attributes.

* Condition – New – this gets rid of any items that are considered ‘Used’ (who would buy a Used SSD anyway?) & in some cases any items that are returns, open boxes, etc. New stuff is good – unless you don’t care, or are buying some egregiously expensive like a camera.

* 4 Stars & Up – it generally isn’t worth searching for items that have less than 4 stars. From here, your selections will get fairly limited. depending on what your buying & the quality of products that exist.

* At this point, if there is a particular brand I want to filter by, I may pick a few options. For most things, people prefer name brands they recognize. This is where you’ll have to do some research depending on the item you’re buying.

– With IT equipment, sometimes several manufacturers may use the same OEM as someone else. It may pay to do research here. From my professional experience with SSDs, you want Intel and only Intel unless you are on a budget & attempting to prove a theory, using the disk for a throwaway laptop, or as a temporary drive/scratch disk. Why? The hosting industry almost exclusively uses Intel, with Samsung coming in at a distant second.

– Lastly, if you read up on wear level indicators, Intel is generally the most consistent with providing this data. For my selections, I went with Intel, Samsung & PNY.

* At this point, what are our technical needs for this project? Let’s assume we’re going for 2.5″ drives, as these are the most common out there.

* Now, my choices are getting limited (less than 50 results) — we want something that is future proof, so we want to go with SATA III

* The rest of the filters are irrelevant (at least for this example) because you can pick any size you want. This is the final point where you will filter all your options, via the upper right drop-down: relevance, price, average customer review, or featured. I heavily prefer average customer review. This is a combination of the number of reviews & how high they are. An item with 1, 5 star review may rank higher than an item that has 2, 4 star reviews.

* At this point, which item is best & what item is good for you? Well, read your reviews & do some research. Do you want what everyone has & is proven & tested? Do you want something that is a bit more expensive, but maybe not many people have tried it?

* Lastly, I take a lot of time reading reviews, especially the negative reviews. I do my best to ignore reviews that were “gift in exchange for review”, reviews that mention packaging or shipping errors (these are generally avoidable, customer issues, or a customer misunderstand that there is a different section to leave remarks on packaging of their order. The negative reviews will tell you what you’re in store for in a worst case scenario. Many times, you’ll see the manufacturer or company reach out to individuals who are extremely unhappy providing advice and/or replacement if a customer was unable to get something working right with a product.

* After all of this, I generally attempt to make my decision. This leaves me with several (A), different (B), options (C)! You’ll want to pay attention, at least with computer hardware that you aren’t buying a ‘pack’, or a set of drives that come with any sort of special care, data services or extra things you don’t need.

* This same process can work for virtually any site & helps narrow things down easily. There are some things that, if you are unfamiliar with the item, you may need to do research, or buy a cheaper version of the item to see what things you want or don’t want/need for a given item.

For example, I want to eventually buy a camera & microphone for YouTube to record videos for lockpicking, projects I’m working on & some of the gear that I have around the house. There are many, many choices out there. But what do I need? Do I need a camera? A camcorder? Is a cellphone sufficient? There are many options out there! Some things have to be attempted before you can create an opinion on what works for you.

I really love watching YouTube reviews for some things that I’m considering purchasing, but as always, it leaves a lot to be desired. For example, even though a person reviewing a camera knows all the functionality, I may not — and may consider the layout of a camera less than optimal. These are all things to think of when purchasing items online.

A good example that shows how purchasing an item can be very involved & personal is bags People love bags. I recently ran into this issue a while back myself — when I went to Hackers on Planet Earth, everyone had a bag they liked, that had cool patches, held all their gear & seemed to have a spot for everything! I needed one too! But how do I go about getting a bag? How do I determine what is good material & what fits my needs?

I know that I wanted something predominately black, red or gray. I know that I wanted something that had a chest strap or harness. It had to have a decent amount of space (it’s a backpack, not a duffle bag or Go bag). I wanted the bag to be made of materials that would last longer than me. I knew from prior experience with range bags that most high quality range bags are made out of ballistic nylon, which is almost impossible to rip or destroy unless you have a sharp knife.

One issue I came across is not a lot of bags had a hard base. Most bags had either a soft base, or no real bag so if you drop the bag on the floor, your stuff may get damaged. I am by no means a klutzy person, but I wanted the reassurance that comes with a hard base. These types of backpacks also ride better on your back when you wear them properly.

I went & did some research & searching. This is what I ended up going with — the Milwaukee Job Site Backpack . You can read my review of the bag here. I’ll have an expanded blog post on this bag & the modifications I made to it in a later post.

One thing you’ll notice is, compared to Maxpedition or other ‘bags’ that people go with, is this bag has no real MOLLE straps — I didn’t really consider having such a system with the bag I purchased. Another negative is, the bag has no velcro for affixing patches to the bag (easily solved). The last negative I had was, due to the bag being designed for job sites, there’s extra fabric & material to hold tools such as screwdrivers, hammers & drills. None of this was necessary for my needs. But, the price (the price keeps dropping), color scheme, materials & workmanship were enough to win me over.

I may consider looking at other bags, but there are many options out there. Using some research & some of the suggestions I provided here, helped me narrow my selection to what was a good fit for me. I have two of the Milwaukee bags & I use them for my meetups & hacker conferences. They carry everything I need — and with the hard base & heavy straps, I can carry a ton of locks without having to worry about hurting myself. I consider that a big plus. 🙂

/r/Sysadmin Frequently Asked Questions, an ongoing series …

So, I spend a lot of time on the Internet, like most technical individuals. I spend a lot of time in /r/sysadmin & from time to time, I see questions repeatedly asked that cover the same material, over & over. In this (ongoing) series of posts, I’ll look to tackle those questions, one by one, as best I can. These blog posts will serve as an extension of my primarily website & will be a jumping pad to go to popular resources that I recommend on the Internet, along with giving you what is a generally accepted canonical answer, mixed with my thoughts on the matter.

As I first started on the educational side of information technology, for this first post, I’ll cover what I think are the best (e.g. efficient) ways for you to gauge where you stand as an IT Professional, regardless of your experience level. This post will be through the lens of someone who wants to be on the System Administrator side of the fence. Throughout, I’ll give recommendations to talks you should watch, resources & books you may want to purchase.

In a future installment, I will cover specific resource types (e.g. computer based training) how to determine what’s best for you as an individual & your learning style.

First, what is your goal? Many individuals I’ve instructed & mentored over the years were either out of work (job loss, Military BRAC…) or doing a lateral transition professionally. If your goal is to be a desktop technician & move up the ranks to become a Sysadmin, you will want to look at Network+, Security+, Linux+ & Server+.

Each of these certifications are provided by CompTIA — now, I’m not recommending you get these certifications, however, I do recommend looking at the appendix of each of these exam objectives. They provide a great general baseline on the basics of what these subject matters may entail. This also doubles as a study guide — if you understand many of the terms, acronyms & initialism — then you can skip those & focus on areas that you are weak in.

The reason why I don’t recommend wasting time with the A+ certification is that, it is extremely dated — these days, nobody repairs machines anymore. Further, the skills that this certification teaches you, can be taught in a weekend. A case could be made for Network+ & some of the core concepts of Security+, but that’s a post for another day.

How do you go about acquiring the objectives? Go to CompTIA’s website (for example, Network+ Page) & fill out the information in the field on the right under the box ”Exam Objectives”.  You’ll be provided a PDF link of the exam objectives (permalink here if you don’t want to give up any information).

Do you feel comfortable & confident in the terms & materials presented in the PDF? Then, if you’re given some simple interview questions about the subject you should be able to at least describe how you would use these concepts & technologies in the real world.

What are all these certifications? Do they matter? What will I learn?

I don’t want to veer off the subject of this post, but it is worth covering what these certifications cover. They cover a small piece of information, skills & concepts that it takes to be any of the following: hardware technician, network administrator, system administrator, system analyst.

It used to be that CompTIA certifications were lifetime certifications — they have since moved to a “every 3 years” cycle, meaning that, you have to re-up on taking the certification or else it expires. I do not recommend getting a certification just for the sake of it unless your employer is paying for the certification, the certification is tied to keeping your job/additional merit pay, or other factors.

I recommend looking at the exam objectives, but for a brief rundown of what these certifications cover:
A+ – Basic Computer troubleshooting. What are the ports on a motherboard? What are some basic port numbers? How does everything plug in together? How does the motherboard work? Many repair technicians need this to work on desktops or laptops. The ubiquitous nature of computer devices has made this irrelevant, along with custom designed motherboards that cannot be easily serviced.

Network+ – very basic networking. What is an IP address? CIDR, notation, basic concepts of routing/switching, broadcast storms, DHCP/DNS basics, some very basic Windows commands (e.g. ipconfig). Predominately focuses on IPv4, some IPv6 was introduced when I took the exam years ago. The common path for someone interested in learning networking is to get a vendor specific certification (Cisco, Juniper & Brocade would probably be the largest, followed by Software Defined Networking).

Security+ – this covers the CIA triad (not that CIA, silly!), the basic tenants of network security, lots of concepts & theory. Good for people with a MIL background & understand certain DoD requirements. If this sort of thing interests you, you will want to look into OWASP, OSCP & local information security meetups.

Server+ – this is a great exam for someone who may work in a datacenter & has to rack & stack servers, design a network from the ground up, setup a server from scratch. Some of this is dated (e.g. SCSI) but the concepts give you a good foundation in what to expect when dealing with a server (diagnostics, memory matching, how things differ from desktop hardware)

LiNUX+ – This exam covers the basics of Linux. Very basic command line stuff. Focuses on the init run levels (gross). No real distro specific knowledge is expected. You need to know certain bash esoteric knowledge, file pipes, redirection, error handling, and so on. This cert gives you the LPI Linux certification as well. The common path for someone interested in Linux is to get distro specific certification — the industry standard is Red Hat Linux (RHEL for short) — it is a very well respected certification in the System Administrator industry.

NOTE – There are many many IT certifications, this warrants a separate post — but these are the basics for a lot of people. I’m here to describe what studying for these certifications will teach you & how you can use that knowledge (sans certification) to grow as an individual.

I’m a Help-Desk tech & I understand a lot of what you previously mentioned, or feel I’m ready to be a Sysadmin. What should I look into or research?

I highly recommend purchasing this book & having it by your desk with you. Use it as a reference. I will do a review at a later date about this, but I feel it covers a lot of ground in a condensed form about the vastness of the IT industry.

Another mandatory book to read is Women in  Tech by Tarah (@tarah) – I personally don’t care if you’re a dude who has any opinion at all on the title — you need to read this book. There is an insane wealth of knowledge here (the resume writing suggestions are particularly rock solid).

Something to build upon TPOSANA is The Ops School – this is a project that has exploded over the past few years in terms of content & is absolutely vital for our industry.

Some additional links I think folks find handy, to get them in the right frame of mind & help you think about some of the stuff that keeps Sysadmins up are below.  They are from a friend of mine, Matt Simmon’s blog. Matt is a Sysadmin I met at a conference local to New Jersey, LOPSA-East. A great mentor for sure.

Standalone Sysadmin – The Impostor Effect vs Dunning-Kruger
Standalone Sysadmin – Difference between SRE, Sysadmin & DevOps
Standalone Sysadmin – Three activities that will make you a better Sysadmin

An excellent resource that is great for people of all experience levels is the sub-reddit /r/homelab — I’m a moderator here — so if you have issues, please let me know. In addition, you should check out the Discord chat. There are immensely smart people here & you should learn as much as you can. Learn, give back to the community & enjoy the rewards 🙂

Another blog I really love reading is by Jess Dodson (@GirlGerms) – her blog is here — it’s totes awesome – she is a Microsoft MVP based out of Australia. (There are a lot of wicked smart people out there — you’ll them mentioned more here as opportunity presents itself)

I’m a Sysadmin looking to become a Sr. Sysadmin — what should I look into?

You may want to start by viewing viewing this talk by Adam Moskowitz  – it covers many things that I’m passionate about & try to instill into my peers of admins that I know.

I really like this talk by Shawn Sterling (@systemtemplar).

Check out The Finer Art of Being a Senior Sysadmin by Sheeri Cabral (@Sheeri) which I came across from Tom Limoncelli’s blog, EverythingSysadmin.

I also really heart this ServerFault post — it covers an immense amount of detail & is great for newbies & Sysadmins looking to become Sr. Sysadmins alike.

If you need to learn a lot about some security stuff, and/or Linux things to round out your skill-set, I highly recommend anything written by Daniel Miessler (@DanielMiessler), but in particular, the stuff on his Study Page is rock solid.

If you’ve read this far, what you’ll quickly realize is, with the exception of arguing about DevOps* – there is usually a definitive, proper way to do something. That proper way usually only breaks in very specific circumstances. If you’re wondering what sparked this post, I decided to collect a list of questions that are common to the /r/sysadmin sub-reddit over here. It didn’t do well, as expected.

That’s all I have for this post at this point in time. Note that I did not cover making lateral moves to networking or information security as these are not my specific wheel-house. Some of the suggestions & advice applies, some does not. More on that later, as I learn with you all on this journey! If I think of anything else, I’ll be sure to add it. If you have feedback for this, please let me know on Twitter 🙂

But wait, I actually want to learn about certifications! >:-(

Tune in next time 🙁