This week, Stephen Ibaraki has an exclusive interview with Richard Allan Kelley.
Richard Allan Kelley holds the following certifications: Certified Information Systems Security Professional (CISSP), Cisco Certified Network Professional (CCNP), Cisco Certified Design Professional (CCDP), Microsoft Certified System Administrator (MCSA), Certified Netware Administrator (CNA), and CompTIA Security+.
He has a Masters of Information System Management with a concentration in Information Security from Keller Graduate School, and a Bachelors of Telecommunication Management from DeVry Institute of Technology, (now DeVry University). His education also includes an Associates of Arts degree in Music from Long Beach City College.
He served in the California Army National Guard from 1990-1996, where he was part of the 40th Infantry Division (Mechanized) Band.
He currently works for Harris IT Services, part of Harris Corporation as a systems administrator. Prior to this, he worked as a systems administrator for Cablofil, Legrand, and PW Industries, Inc (2001 – 2009), and a network system administrator for AsiaDemand, Inc (2000-2001).
The latest blog on the interview can be found in the Canadian IT Pro Connection where you can provide your comments in an interactive dialogue.
|Q:|| ||Richard, you have a long success history and so many outstanding contributions. Thank you for sharing your considerable expertise, deep accumulated insights and wisdom with our audience.
A: "Thank you. It is an honor."
|Q:|| ||Our audience is large, encompassing more than 100 countries and spanning governments, industry, business, academia, science and technology, media, and society and there are significant numbers of executives overall, in particular from business and enterprises in the audience. If you think about your responses, what is the value to this audience?
A: "Every voice matters. Even when the individual is a "master" of his or her domain, it comes to sharing ideas that the individual can learn and expand his or her knowledge base or tool kit."
|Q:|| ||From your early years up to the present, share a few notable events leading to your current roles, and lessons you learned for success?
A: "Many opportunities come available because of who you know. A former manager introduced me to a small business, which ended up becoming one of my best work experiences.
Be open to different opportunities, especially opportunities that take one out of one's own comfort zone. It can open the person to many different and rewarding paths."
|Q:|| ||Can you tell us more about the Network Professional Association (NPA) and why you joined?
A: "The Network Professional Association (NPA) is a non-profit all-volunteer organization promoting professionalism in the network and computing industry.
I joined after I read an article about malware published by the Network Professional Association. It was not until the Networld + Interop (now called Interop) conference, where I met fellow members and I learned and understood the value of interpersonal networking. Prior to this, I went to some Cisco users group meetings. I missed the interpersonal networking. The NPA brought this back."
|Q:|| ||What are your goals as Chairman of the Board, and Chair for the Awards for Professionalism program?
A: "As the Chairman of the Board, I want to see the NPA's membership to grow to its past numbers. Over the last five years, the professional membership numbers have dwindled.
My goals include:
- Monthly online meetings where the members discuss a number of topics like computer security, networking, new technologies, and ethics in the workforce.
- Programs such as the Awards for Professionalism, where a person is recognized by his or her own peers.
- Network Professional Journal, where one can be published."
|Q:|| ||As an Information Technology professional what is professionalism?
A: "Professionalism is the quality of a professional, where the individual uses their expertise in an occupation with a focus on standards, ethics, and best practices."
|Q:|| ||You are an international expert in security. What are the top 10 security best practices?
- "Proactive response vs. reactive responses
- Continual testing and monitoring of security
- Certification and education
- Separation of duties
- Defense in depth, or multiple layers of security
- Keep the equipment updated by patching security holes
- When necessary, encrypt the data especially dealing with personal identifiable information.
- Security auditing
- Asset identification"
|Q:|| ||What are the top 10 security threats?
- "System complexity
- Social media causing loss of privacy
- Mobile media and laptops holding personal identifiable information
- Insecure cloud providers, or attacks on cloud providers
- Data remanence on hard drives, flash media, and in the cloud
- Malware for mobile media such iPhones and Android systems
- Social engineering
- Lack of user education on how to protect themselves while on the computer and online
- Computers not being updated with the latest security patches."
|Q:|| ||What are the top 10 security trends
There is repetition of the top tens because each concept can be seen as trends, threats, or best practice. To answer these questions, I had to do my "homework". I went online to review some of the published top tens of 2015. Sources include articles from Sophos.com, blackstratus.com, itnewsafrica.com, cio.com, and dimensiondata.com."
- "Automation of security
- Regulations and compliance
- Proactive vs. reactive security
- Security in the Cloud
- Malware in mobile technology
- The need to move from employee security awareness to security solutions.
- Security is not a single package. It involves a tiered approach where multiple products are involved.
- Endpoint security is not limited to the computers, but includes smartphones and other mobile devices.
- Incident prevention to response
|Q:|| ||You hold the following certifications: Certified Information Systems Security Professional (CISSP), Cisco Certified Network Professional (CCNP), Cisco Certified Design Professional (CCDP), Microsoft Certified System Administrator (MCSA), Certified Netware Administrator (CNA), and CompTIA Security+. How does each certification help you in your work?
A: "Some certifications are job requirements like the CompTIA Security+ and CISSP. These vendor-neutral certifications focus on general best practices and concepts.
The vendor-centric certifications like CCNP, CCDP, and MCSA provide focus on the vendor's technologies and products. They also provide the best-case solutions on how to configure the vendor's products to work with the various technologies supported."
|Q:|| ||How/why does one who studied music as an undergrad get into computing and security?
A: "In 1994, while studying for a music education degree, I had an assignment about using e-mail. This was the beginning of a passion into computers and networking. My interest did not stop at e-mail. I learned about bulletin board services (BBS) and other means of communications. After I stopped going to school, my passion for computers and networking went forward. I read a number of books on web site development, programming, and operating systems. I went to DeVry Institute of Technology to solidify this knowledge. "
|Q:|| ||What is your current job role?
A: "I am a systems administrator for Harris IT Services, which is part of the Harris Corporation."
|Q:|| ||What are the key projects and wins including for 2015 and into 2016? What is the value to stakeholders?
A: "Unfortunately, my job role does not deal with any of the projects and wins for the company. Personally, my key projects are my continual education by updating current certifications and expanding my certification portfolio."
|Q:|| ||What are the key issues with the ICT sector and particularly computing and what are your recommendations?
A: "Security is important from the beginning of every project whether it is a network, computing, or software project. It should not be an afterthought."
|Q:|| ||Please share some stories of "impossible" challenges you were able to master?
A: "Most of the challenges I have encountered are not technology related. How I interact with others is a weakness or challenge I have. At times, I think myself an excellent listener, but people are expecting a response ever so often; I may not give a response quick enough for them while I am "digesting" what was told to me.
There are times where I have to keep my pride in check. I may have many years of experience, and this is the same for my co-workers. I occasionally have been beside myself, and needed a reality check. Sometimes this is on a continuous basis.
Teamwork is important. If there is tension between the members, the team suffers. Not everyone can do everything and be an expert at everything too. Counter to this, every member has their role and can learn from each other through their discussions especially with problem solving and troubleshooting."
|Q:|| ||What important lessons can you summarize from the last question?
A: "There are a few simple lessons. I still have to figure them out though."
|Q:|| ||In your current role, what top resources and lessons can you share with the audience?
- "NIST websites
- ISC2 websites
- Cisco.com websites
- Google.com and other search engines
- Think outside the box, and do not focus on the technologies used.
- Network Professional Association (NPA) websites
- Sharing information ideas with colleagues, and discussing the ideas and information can help each other work as a team.
- Take a break, or a vacation. Refreshing one's mind can help bring focus to the job and eliminate burnout.
- There are times to be serious and times not to be serious."
|Q:|| ||Make 5 predictions for the future?
- "Cybercrime is present and continues to spread.
- Privacy as a concept is outdated.
- There will be more regulations.
- Security will always be important.
- Security solutions will not just one product, but multiple products to provide a tiered defensive solution."
|Q:|| ||How can ICT executives act on your predictions?
A: "Security in all aspects is important, especially when it comes to information security. It should be a high priority and business focus, not just a passing trend. Educate everyone on the necessary means of protecting company and personal data."
|Q:|| ||As a successful executive, what are your best leadership lessons that can be used by executives?
A: "Each individual voice is important and each individual is worthy of one's trust to do his or her job. Many organizational and management courses discuss and touch upon this topic. "
|Q:|| ||Do you feel computing should be a recognized profession on par with accounting, medicine and law with demonstrated professional development, adherence to a code of ethics, personal responsibility, public accountability, quality assurance and recognized credentials?
A: "Yes. How important is the information (possibly including one's own personal identifiable information), stored on the organizations computers and networks? It is important to promote the ethics, responsibility, and accountability in the networking and computing profession."
|Q:|| ||You have many interests. Can you talk further about them?
A: "Photography, model trains, comics and online gaming are a few of my interests."
|Q:|| ||You choose the topic area. What do you see as the three top broader challenges facing us today and how do you propose they be solved?
- "For California, the drought is one broad challenge, which could be part of the global warming. Solution: If possible and does not cause health issues, seed the clouds.
- Traditional wars have moved to the cyber frontier. Solutions can include training people on how to protect themselves on the net, including keeping software updated and keeping their identities safe.
- Technology is everywhere now. Cameras are on every corner it seems. People need to live to the higher standard when with others."
|Q:|| ||If you were conducting this interview, what 3 questions would you ask, and then what would be your answers?
A: "Q1: Of the number of certifications, do you favor one over another? If so, which one?
A1: Unfortunately, yes. I do favor my Cisco certifications and the CISSP over the others. Cisco routers and switches do have a soft spot in my heart. CISSP does too since it is the newest achieved certification.
Q2: Which certification did you find very difficult?
A2: CISSP certification test was difficult due to its length of time. That is the first step. The wait for acceptance confirmation is the most grueling part. Once notified that you have been accepted by ISC2, it comes with much enjoyment.
Q3: What is computing or networking publications do you read?
A3: Internet Protocol Journal and Infosecurity Professional Magazine are the publications I read"
|Q:|| ||Richard, with your demanding schedule, we are indeed fortunate to have you come in to do this interview. Thank you for sharing your substantial wisdom with our audience.