« Tube Troubles
What’s in a name? »

Kevin Riggins – Stuck In The Lift With The Cynic


Kevin_Riggins_Headshot Some say that people should use the stairs more in the new year to burn off the excess calories accumulated over the holiday period. I’m not one of those people so am continuing to take the lift. Lucky for me, Kevin Riggins of infosecramblings.com fame also subscribes to my philosophy, so he has the dubious honour of being in the lift when someone accidently hits the stop button and finds a dictaphone in his face.

You are?
Kevin Riggins. Professionally, I am a Senior Information Security Analyst with a Fortune 500 financial services company. I lead and manage a team of five analysts who are responsible for providing internal information security consulting services and tasked with performing risk assessments for the different business units that make up the company.

Tell me about your career and how you got to where you are today?
I have worked in an extremely broad range of disciplines in information technology over the years. This includes help desk, workstation management, server management, UNIX administration, etc… About 10 years ago, I started becoming very interested in how easy it was for people to get access to information that they weren’t necessarily supposed to have access to. I was able to talk my employer into sending my to my first SANS conference where I went through the Security Essentials course. I came away from that experience knowing that information security was the path I wanted to take.

Your favourite saying is?

"In theory, there is no difference between theory and practice. In practice, there is."

I love this quote. It is full of so much truth. Unfortunately, its attribution is not clear. At various times it has been attributed to Yogi Berra, Jan L. A. van de Snepscheut, and Albert Einstein.

Growing up, what did you want to become?

This is going to sound odd, but I don’t remember. I can’t remember ever wanting to be anything in particular.

What about education? What aspirations did you have whilst at college?

I am a college dropout. Actually, I do have my Bachelor’s degree, a BA in Computer Science, but I did not get it until I was an adult. I decided during my youth that I would rather work than continue to go to college. I don’t regret that decision, but I am also very glad that I went back to school as an adult and finished what I started. I have had more certifications than you can shake a stick at, but the only two that I keep current at the moment are my CISSP and my CCNA.

Do you think going college or attaining certifications has helped your career in any way?

As far helping my career is concerned, college helped me learn how to think better. The actual information wasn’t as important as the process of learning. Regarding certifications, you see quite a bit of disparagement aimed at the CISSP and those who have the cert.

For me, getting my CISSP was a very valuable experience. I spent a significant amount of time self-studying for the exam and I think that really helped me broaden my perspective when it comes to information security. Does that mean I think the CISSP indicates I am some sort of expert? Not at all. Like any certification, the experience of the individual who has those letters behind his name is much more important than said letters. I also self-studied for my CCNA. I think the fact that I have one "management" cert and one "technical" cert helps show that I am not one dimensional.

It also keeps the network folk from trying to pull the wool over my eyes :)

What do you never go into a meeting without?

A willingness to listen. If I am not interested in listening to the others attending the meeting, there really isn’t much point in me attending. Sounds kind of cheesy, but some don’t approach meetings from this point of view.

What would you say the best thing about being an infosec professional is?

Here it comes. You’ve heard it before, but here it is again. Everything changes constantly. I really enjoy that being in information security means that there is always something new to learn and understand. The constant variability is what keeps me engaged and interested.

And the worst thing about being an infosec professional?

Lack of commitment from an organisation to information security. Anybody who has worked in this field for any length of time has worked for the type of company that is only interested in making sure they can get past the audit. It can be a very frustrating experience. However, I feel lucky that I am not in that situation right now.

In your opinion, the next big thing in infosec is?

Everybody is talking about "the cloud." It is coming and there is nothing we can do to stop it. Making risk appropriate decisions and effectively ensuring secure deployments is going to keep infosec folks busy for a bit.

The weirdest security question  you’ve ever been asked was?

I can’t really say what the weirdest security question I’ve ever been asked is. The most annoying is "Why?" :)

When was the last time  you  were  truly amazed ?

When I held my newest nephew over the holidays. I have 16 nieces and nephews ranging from 21 yrs old to a couple months old. Getting to hold them when they are infants and then watch them grow up is one of the most amazing things to experience.

Lying in bed at night  you often wonder ?

Why am I still awake? It frustrates my wife to no end that I fall asleep in about 20 seconds. :)

I wonder about all the common stuff like, am I being a good husband, son, brother, etc. However, something I been spending quite a bit of time thinking about recently is "how can I be a better manager?" When I say that, I am talking about how do I make sure that my employees are getting what they need from me to do their jobs effectively and develop themselves.

When you’re angry you?

Glare.

Realistically, the best thing that could happen tomorrow is:?

That it will be pretty much like today. I have a great life and am surrounded both physically and virtually by wonderful people. What more do I need?

Describe Infosec in three words?

Constantly changing target.

You’d be lost without  your:

Wife. She is my rock.

Where can people go to find out more about you or contact you?

Blog: http://www.infosecramblings.com
Email: kriggins@infosecramblings.com
Twitter: http://twitter.com/kriggins
Flickr: http://www.flickr.com/photos/krandj/
LinkedIn: http://linkedin.com/in/kevinriggins

This entry was posted on January 10, 2010, 3:35 pm and is filed under Interviews. You can follow any responses to this entry through RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.

  1. No comments yet.
(will not be published)