Sunday, September 12, 2010

Interview with Richard Bejtlich

I had been working on a “guru post” for the longest time where I examined backgrounds of top tier digital forensics people in an attempt to find common trends on how they got to where they did in the field.   I found common paths like obtaining technical degrees from good universities and getting direct job experience in the military or law enforcement. However, no matter how I wrote the post up, it just didn’t work well.  Telling someone to get an electrical engineering degree from the US Air Force Academy and then trying to get assigned to the Air Force Office of Special Operations is an interesting bit of advice, but it’s only going to work for a limited amount of people and it doesn’t provide any broadly applicable lessons for the rest of us.

What I decided to do instead is to just interview some selected gurus and focus on how they decided to go into digital forensics and what paths they took to get there.  I took a page from the British Special Air Service and went with the “Who Dares Wins” approach by asking Richard Bejtlich to be my first interview subject.  Richard was kind enough to agree and what follows is the result. 

Richard went well above and beyond the call of duty with this interview and I’d like to thank him publically for putting up with what essentially turned out to be a beta test of the concept.   He salvaged more than one bad question for me (the Hoover institute one was a dog. I knew what I wanted to do with it, but setting up a question with content unfamiliar to the interview subject is a bad idea) and was very patient with a process that I’m going to make much shorter in the future.

Richard’s bio is available here and it briefly documents his career progression during his Air Force service and into the private sector.  You should also follow his Taosecurity Blog which is a must read for anyone involved in digital forensics.  Lastly, Richard was recently interviewed by Gary McGraw of The Silver Bullet Security Podcast.

The Interview

AFoD: Like many leading digital forensic and information security experts, you chose the United States Air Force as your starting point. Can you describe what motivated you to become an Air Force officer?

RB: After seeing Star Wars in the theater in 1977 I decided I wanted to be an astronaut.  Once my eyesight failed I realized I couldn't be a pilot, so I decided to be a Mission Specialist who designed spacecraft.  I looked for programs in astronautical engineering.  I told my parents I would put myself through college.  An Air Force ROTC program appeared to be my best option.  I wanted to attend MIT and have the Air Force help pay for the program.

AFoD: What was your path to the Air Force Academy?  Did you participate in any programs like Air Force JROTC or anything similar?

RB: I am an Eagle Scout, but I did not participate in JROTC.  My family had very little prior military experience and no awareness of the service academies.  I learned about USAFA while attending an Air Force ROTC event at Hanscom Air Force Base.  Some USAFA recruiter earned his or her pay that night!  The USAFA video they showed hooked my attention, and I applied to USAFA.  I also participated in the "Summer Scientific Seminar," a pre-Academy summer event to recruit cadets. Although MIT accepted me and the Air Force provided a ROTC scholarship, my USAFA acceptance arrived first.  I accepted the appointment and sealed my fate!

AFoD: What was your Eagle Scout project?

RB: A high school friend succumbed to childhood leukemia while we were freshmen in high school.  To honor her memory and to raise awareness and funds for childhood leukemia I organized a road race in 1989 as a high school senior.  I believe 4 to 6 more happened during the 1990s; I helped with a few but was away in Colorado for most.

AFoD: What was it about that USAFA video that so attracted you to the institution?

RB: The tennis courts.  I saw something like 30 of them and thought, "Wow."  On a serious note, USAFA seemed like THE place to go if you wanted to be an officer, and especially if you wanted to be an astronaut.  I didn't apply to any other military academy.  People asked "what if you don't make it?  Shouldn't you apply to West Point and Annapolis too?"  I replied "I don't want to be in the Army or Navy."

AFoD: You're one of the leading digital forensic and information security thought leaders in our community.  Many of your peers who became similarly prominent obtained degrees in disciplines like electrical engineering and computer science from top quality schools like the Air Force Academy, VMI and MIT.  Why did you decide to study history rather than a technical discipline?

RB: I was ready to study astronautical engineering at USAFA.  My placement tests landed me in Calculus 243 with juniors and seniors.  However, my freshman history teacher, Captain Ruffley, made a big impression on me.  He was an intelligence officer who focused on the Soviet Union. His work sounded a lot more interesting.  I also met professors who were officers and who hoped to be astronauts, but they seemed so *old*.  I could do military intelligence right out of the Academy. When we started bombing Iraq during the first Gulf War in early 1991 I knew intelligence was the right role for me.  I selected history as my
major, and later added political science as a second major and French and German as minors.  I was a little too ambitious back then.

AF0D: Can you describe how your studies in history and political science at the USAFA prepared you for your future roles in the Air Force and  the private sector?

RB: These are three of my favorites: 1) People now are NOT smarter than anyone who live before.  People who think they are smarter will likely assume they can overcome history's lessons.  Their hubris enables failure. 2) Writing is very important.  Solid writers often prevail. 3) Nation-states are not monoliths.  Read Essence of Decision: Explaining the Cuban Missile Crisis by Graham Allison.

AFoD: Hoover Institute Fellow Peter Robinson recently conducted an Uncommon Knowledge interview with Ambassador Charles Hill.  The interview was an exploration of Hill's idea that academic institutions are failing to teach "grand strategy" to our future leaders.  He states that students are disappointed when they undertake studying a discipline like political science expecting to be taught how to tackle big problems, but wind up being presented with small problems such as voting trends for a particular congressional district.  Hill also thinks that one can not learn "Grand Strategy" without an appreciation of literature. You are a proven leader who clearly understands how to tackle "grand strategy" type problems.What taught you how to think about how to attack a large problem such as information warfare in a corporate environment? Did learning history at the Air Force Academy and your graduate work at Harvard lay the foundations of where you are today or was is something after your formal education?  Would you recommend the Air Force Academy to a high school student who wants to become a future leader
in private industry?

RB: As a history and political science double-major I confronted lots of "big problems" in school.  After graduation in 1994 I was thankful to be selected to attend the Harvard Kennedy School (as it's called now) to work on a Master's degree in public policy.  As a lieutenant I shared the class with colonels and enjoyed instructors who were former National Security Council advisors, generals, and so on.  My USAFA and Harvard experiences contributed to my development, but everything I needed to know about leadership I learned as a Patrol Leader.

AFoD: Your experiences in the Boy Scouts mirror my own a bit in that one of my formative experiences was as a Police Explorer (which is a  program that is part of the Boy Scouts). I learned a lot about leadership early by being exposed to a program like the Explorers. What would you recommend to someone who is reading this interview while they are in college and doesn't have the opportunity to join an organization like the Scouts or the Explorers, but wants to learn  about leadership first hand?

RB: Lead something, anything -- say, organize an event.  If you're a  security person, organize a group or a con.  There is no substitute  for being on point!

AFoD: The Kennedy School is one of the nation's most prestigious schools of government and public policy. Graduate school tends to come much later in the career process of the average US military officers.  How did a junior officer such as yourself get selected to attend that program?

RB: Since the 1970s USAFA and Harvard have shared an arrangement whereby they accept 4 or 5 graduates each year.  I applied and won a slot.

AFoD: You have a passion for reading, writing and reviewing information security books with Amazon being your chosen platform for your book reviews. What constitutes a five star book?

RB: Five star books 1) change the way I look at a problem, or properly introduce me to thinking about a problem for which I have little or no frame of reference; 2) have few or no technical errors; 3) make the material actionable; 4) include current research and reference outside sources; and 5) are enjoyable reads.

AFoD: What causes you to remove stars from a review?

RB: Failure to meet the previous. I also subtract for plagiarism, poor production quality, and repetition of previously published material.

AFoD: Anyone who follows your blog or your Twitter feed knows that you are less than enthusiastic about Power Point based presentations.  What sort of presentations do you advocate as a replacement?

RB: Focus on the message not the medium.  Don't think "I need to create slides on topic X."  Think "how best can I communicate topic X to the audience?"

AFoD: What advice would you give to someone who is going to give a presentation before a large audience on a technical subject like information security?

RB: Consider using handouts instead of slides.  Attend a class by Edward Tufte.

What I Learned From The Interview

Richard is clearly a very smart and driven person.  I knew that going into the interview, but I really wanted to learn how that manifested itself in his formative academic years.  If you are smart enough and driven enough where you end up with the US Air Force Academy and MIT offering you an opportunity to study with them, you’re clearly someone who will be successful in your chosen field.  That’s an obvious lesson.  Apply yourself and utilize the gifts and opportunities that are available to you and you maximize your chance for success in any field. 

I was also taken by how flexibility was a theme with his professional development.  He didn’t set out to be an information warfare leader, but when presented with setbacks and new opportunities, he readjusted and continued on his path. This is something you’d expect from our war fighters, but it’s a lesson that all of us can learn from and apply to ourselves.

The leadership aspect of the interview was something that resonated with me because of my own experience in law enforcement and police exploring. One of Richard’s most early formative experiences with leadership was his experience in the Boy Scouts.  There are fundamental qualities of leadership that can be learned early in life and do not necessarily require formal training in a service academy to obtain.  While these are qualities that are drilled into those of us who served in the military or law enforcement, they are also attainable by learning from proven leaders like Richard.

Another thing that stands out from both this interview and his professional life is passion.  If you aren’t passionate about something, you are unlikely to reach the top of that profession. Richard shares a quality that appears to be universal with the top tier people in digital forensics and that’s passion for the field.  The top players in our field aren’t people who just punch a time clock and then forget about digital forensics when they go home. Richard is as an excellent example of this.  Not only does he direct the incident response function for one of the biggest corporations in the world, but he reads, writes, and reviews information security books.  He conducts research and teaches.  He also finds time to frequently update his blog and indulge people like me when we ask him to do an interview.

Lastly, his perspective on book reviews is a natural progression of what he spoke about early in the interviews and what I learned from him.  He approaches his book reviews as a learning experience where you can see his intellectual flexibility on display when he speaks about how a good book can change the way he looks at a problem.  This ties into his comments about the study of history earlier in the interview where he stated that “People now are NOT smarter than anyone who live before.  People who think they are smarter will likely assume they can overcome history's lessons. Their hubris enables failure.” This is an important lesson in digital forensics because our field has so much technological complexity.  An open mind and a healthy degree of intellectual honesty will go a long way in allowing one to remain open new ideas and methods in this ever changing field.

1 comment:

  1. Eric,

    Great interview and good questions! I second the recommendation on Edward Tufte. His material on presenting technical material is great.