Doc Blackburn has IT experience spanning four decades in application and software design and administration, server and network administration, cloud services, and website development, along with security and compliance management and experience in several other technical disciplines. His interest in computers started in 1982 when he first started programming on the Texas Instruments TI-99 4a console, Bally Home Library Computer, and Commodore 64 systems and had continued as a dedicated computer hobbyist until he decided to make information technology a full-time career in 1998. Doc can be found teaching SEC301: Introduction to Cyber Security and SEC401: Security Essentials: Network, Endpoint, and Cloud.
What made you choose to work in security?
I had many different jobs in IT before. Everything from systems and network administration, to programming and website hosting. Ten years of being an independent contractor made me branch out into a lot of different areas. Clients would assume that if I knew one thing about computers, then I must know all the things! And if I wanted to feed my family, the answer to, “Can you do this?” is always “yes” and then I would learn how to do that thing. But no one single area of IT really stuck out as something I wanted to do with the rest of my life. Then, I discovered security.
The general field of cybersecurity is knowing all the different areas of IT so you can protect them all. The adversary is always looking for the easiest we to achieve their objectives. If they can’t hack your servers, they go after your website. If they can’t hack your website, they go after the workstations (users). If they can’t hack your…well, you get the idea.It was an epiphany for me to discover that I could use my experience from all of these different areas to help secure an organization. Then, I wasn’t performing one of these roles forever. I could play all the roles! Security is knowing all the ways an adversary could hurt the organization and getting in its way. It was truly a cathartic moment in my professional life.
What was your first SANS course and GIAC certification (if applicable)?
My first week at SANS training was not typical. I signed up for SEC301 at Network Security (Las Vegas) 2011. Based on my job description at the time it seemed to be the right course. I quickly realized that with my decades of IT experience the course wasn’t going to deliver what I was looking for. That’s not a criticism of SEC301 at all. It just wasn’t the right level for me given my experience and background. SANS as an organization is awesome to their students. They made it easy for me to move from SEC301 to SEC401 on day one of the training.
I finished the rest of the week in SEC401. I really enjoyed the course and learned a lot. Again, given my background, I felt that I could teach either one of those two courses. I took the GIAC GSEC exam and scored well enough that SANS invited me to try teaching.
What courses do you teach?
As far as my thinking I could teach those courses, it turns out I was right. I currently teach SEC301: Introduction to Cyber Security and SEC401: Security Essentials: Network, Endpoint, and Cloud. One of the best things about SANS is the commitment to quality. I strive very hard to deliver that quality to every student. I love being the first face many new security professionals see in the start of their adventure into security.
Why do you teach, research, and practice information security?
I teach because I really want to make a difference in the world. I find nothing to be more gratifying than to travel the USA and the globe making the world a safer place for everyone. There is something special about a student having that “Ah-ha!” moment in the classroom.
I’m also a lifelong learner. Cybersecurity is still a very new and expanding field with so much to learn and do. There’s so much more we don’t know yet!
Lastly, I’m a security practitioner because the clients I work with are doing important work. I have been fortunate in that I can choose who I work with. I like taking on the challenges of organizations that do good things. I have supported law enforcement, public services, organizations whose work is essential to the internet, government agencies, higher education, non-profits, and healthcare. Where would we be without these good people doing amazing work? I’m just happy to be part of the team supporting them in doing their good work.
What tips can you provide newcomers to cybersecurity and defense?
Welcome! We need you! I have seen an unfortunate misunderstanding in outsiders looking in and believing cybersecurity is out of their reach. We’ll teach you! We’ll show you how it works!
We need people from all sorts of backgrounds. My four-year degree is in psychology, and I use it every day. We need people with different backgrounds and varied industries. We cannot solve today’s complex cyber issues with only people with extensive technical backgrounds. We need business professionals, law enforcement, project managers, and legal professionals just to name a few.
Who has influenced your information security career?
There have been so many people who have helped and inspired me that I can’t possibly name them without leaving someone out. All my fellow SANS instructors have always been amazingly supportive. Many other people in my life have said smart things that have changed the way I view the world. The best work I can do is to repeat those smart things to others.
What do you want people to know about you?
I feel incredibly fortunate to have found what I love to do in life and that others are willing to pay me for it. I love to mix the different technical and non-technical disciplines to make the world a safer place. And what I love more than anything is to teach this to others. If I had a superpower, it would be to break down complex concepts and simplify them for the audience in front of me. I am proud to travel the world helping others make their workforce and organizations more secure.
Favorite quotes, songs, or books?
“Where’s the money Lebowski?” I love sardonic movies and TV shows. The Big Lebowski, Planes Trains and Automobiles, Dogma, Better Call Saul, BoJack Horseman, and too many others to list. My favorite bands are Queen, Tom Petty and the Heartbreakers, Slim Cessnas Auto Club, Green Day, just to name a few. I rarely read non-technical books.
Tell us about things you enjoy that people may not expect.
There’s not much to say here as I keep my life an open book. One of the most effective ways to teach is to share stories of my failures. “Don’t do what Doc did!” But I also use my life’s stories as teaching moments in the classroom. Sometimes in very unexpected ways. Everybody who has sat in one of my classes, or attended one of my many talks, knows that one of my children plays hockey. And that there is a valuable lesson for cybersecurity in the game. What to know more? You’ll have to take a class with me!
Read Doc's full bio here.