Well, here it is! Our first newsletter issue!

Firstly, I would like to say a huge thank you; the growth rate of this community in the short space of a week has been incredible. I really appreciate all the feedback, contributions and comments so far.

I want these newsletters to be fun, community-orientated, and educational.

So, if you have any feedback/suggestions, please hit reply and let me know - I’d love to hear from you!

Lurking in InfoSec cert study forums, subreddits, Discords, etc, even if you don’t indend on taking a qualification, is a great way to soak up rich info!

I want to talk about a few things I’ve learned along the way to obtaining my “gray beard” status, after almost 30 years.

These are just some observations and a little wisdom I can hopefully impart on to my IT colleagues - particularly in regard to Networking and Information Security (I’ll call them InfoSec).

The basics of it are, we (network engineers) want to connect everything, that’s what we do.  My friends in InfoSec would feel a lot better if nothing was connected, and everything was secure.

Since we’re both in IT, we’ve both been saddled with the label of “cost centers”, but more on that in a bit.

What I love about networking, is understanding how I’m writing this in Google Docs, on a website, that’s in a physical datacenter server, somewhere, on a physical computer, somewhere, and I understand how my traffic got to that server, across the Internet, out my local connection, across my personal modem, router, and Wi-Fi access point, to this computer. I understand all that network connection, because that’s what I do - I connect this computer to Google, and other destinations…

Along comes InfoSec — who have different priorities & concerns than I do...

They have to make sure the information I’m typing is secure, I’m not stealing company data, make sure the website I connect to is secure, trusted & appropriate, and my connection to the website is secure, trusted, and unchanged from what I sent to what is received, and I don’t get a virus, don’t get malware, etc, etc.

For a long time in my career, I regarded InfoSec as “the department of no” (as my good Infosec Manager friend calls it)

InfoSec has a tough job - convincing people, like me, that “restrictions” and “limitations” are prudent, sometimes. But essentially, we have the same job, to provide VALUE to the business. And we have similar frustrations and challenges - showing value from something that has not happened.

If the website goes down, and there’s an easy way to show $1M in revenue loss per hour, that’s a pretty easy calculation - but what if the headquarters loses Internet, voice calls are dropped, emails can’t be sent, documents can’t be saved to Office365, and code can’t be uploaded to Git - it’s harder to show productivity loss - similar to showing a risk analysis in InfoSec of identifying risks of not implementing a security program, the potential loss, cost of mitigation vs cost (and likelihood) of a potential incident.

Over time, I’ve learned that Networking and Infosec are more alike than I realized when I was a n00b. We both exist to serve the business as professionally, to the best of our abilities, and to the highest of availability as the business will allow - meaning, spending money - on professionals, on training, on applications, on hardware - to provide the “Five 9’s” of business uptime (not system uptime).

InfoSec and Networking are Brothers - securely enabling the business to generate revenue.

InfoSec and Networking write policies which will adhere to industry best practices, state and local regulations, and often are often imposed by third parties which our business wants to conduct its business with, or through.

InfoSec and Networking work together to produce standards which will meet the policies.

Then, Networking (engineering) takes over, and produces procedures and methods which meet the standards which meet the policies.

All this being said - Infosec and Networking work together to enable revenue generation and then we protect the revenue.

Networking and InfoSec - two sides of the business coin - connecting almost everything, securely - in service of our business.