SANS: What made you choose to work in security?
The choice for me came down to challenging myself to remove the veil of mystery surrounding computer science. Being such a deep field, with so much to learn and know, I always found it exciting to delve deep into one of the many facets of the industry, and I still do.
SANS: What was your first SANS course and GIAC Certification (if applicable)?
I took SEC560 to learn about penetration testing and earned the GPEN as my first certification just over a decade ago now. I can honestly say that I use the information from that course to this day; who doesn’t love nmap?
SANS: What courses do you teach / author?
I am the author for SEC388, “Introduction to Cloud Computing and Security” and I teach SEC488, “Cloud Security Essentials” – both within the cloud curriculum.
SANS: Why do you teach, research and practice information security?
Passion. That’s really what it comes down to for me; I care about the topics, I find them interesting, relevant and of value. Teaching is my way of giving back to the community and sharing my expertise; hopefully to make positive change in the industry/world.
SANS: What tips can you provide newcomers to cyber security and defense?
Cyber security is like no other profession; if you care about the mission, and you care about the inner working of the computer science buttressing the entire security sector, and you have the aptitude to constantly learn new things, then you’ll be just fine. If you’re not willing to work hard and humbly acknowledge that you *may* essentially know nothing to start with, you might find it difficult to be successful; try to keep an open mind.
SANS: Who has influenced your information security career?
Funnily enough, no one has influenced my information security career more than Dennis Nedry.
SANS: What do you want people to know about you?
Select tidbits of curated information.
SANS: Favorite quotes, songs, or books?
1.) You can't win or lose. You can only break even.
2.) You can't break even except at Absolute Zero.
3.) You can't get to Absolute Zero.
SANS: Tell us about things you enjoy that people may not expect.
I enjoy physically building things with my hands in the real world just as much as creating/developing a useful computer program. For example, building a small living space: Concrete work, foundations, framing, plumbing, electrical, roofing, interior finishes, flooring, and so on. For me, it’s all about the joy of creation, and excitement of troubleshooting/thinking trough a solution to a given problem, and then taking the action to turn a vision into a reality.
When it comes to cyber security, Serge is among the best possible instructors to learn from due to his experience, accomplishments, and, quite frankly, his personality. Duplicate badges to walk right through security and access a "secure" facility – did that. Dumpster diving for sensitive information outside of a financial institution – to him, that was “lots of fun.” Create an enterprise-wide, measurably successful security program for a billion-dollar company – one of his many accomplishments. All of them, in scope of the engagements. He’s an instructor for SEC488: Cloud Security Essentials and author for the upcoming SEC388: Introduction to Cloud Computing & Security, a published author, President of the Denver Open Web Application Security Project (OWASP) chapter, founder and CEO of the cyber security consulting firm, SpyderSec, he’s discovered multiple 0-days, written OSINT tools for the community, and is a polished presenter who speaks regularly at national conferences. Truly, an expert in the field. Read his full profile here.