On Monday I announced my new podcast, Building a Life and Career in Security. As part of the podcast, I ask each guest the same three questions:
- Talk about your journey to your current job
- Talk about a key decision or event that had a positive effect on your career
- Talk about a do-over. Something you’d do differently.
I’ve been thinking about my own answers to these questions. A key part of my journey happened 15 years ago.
2000: A Career Jumping Point
My first job was as a network administrator. In the last year of my job there, I spent a majority of the time helping beef up security. I realized I enjoyed protecting our networks more than configuring and running them. When I was ready to move on from that job, I focused primarily on security jobs. Similar to where we are today with application security, network security jobs in 2000 were focused on finding network administrators who knew how to configure firewalls, lockdown routers and servers. They knew they weren’t going to find career security people.
In the end, I went through the entire interview process with two companies, KPMG and Playboy.
Interviewing with Playboy
I interviewed with Playboy in the summer of 2000. The interview process lived up to everything you’d expect. At the time, they were headquartered in Chicago with Playboy and Playboy.com as two seperate business groups. The office was very casual (especially for 2000) with people walking around in ripped jeans, logo t-shirts, and flipflops. Playboy historically has been a huge collector of fine art and the halls and walls were filled with enough art to start a museum. You got a copy of Playboy just for interviewing.
The HR process was more involved than most companies I’ve interviewed before and since. They wanted to make sure my family was comfortable with me working at Playboy. A majority of the questions were screening me for risk factors for working in a controversial organization.
They also emphasized the first amendment, right to free speech. Something that would come up through the interview process.
The tech screen was very uneventful. The team I’d be working with was very capable and asked all the typical questions you’d expect them to. I’d need to work 1 weekend every 5 weeks as part of their on-call support. “Who are you typically supporting over the weekend?” I asked. *Really, you need to make sure Hef doesn’t have any internet issues. *I still wonder what it would be like walking Hugh through troubleshooting his DSL connection.
Playboy: You need to make sure Hef doesn’t have any internet issues.
The First Amendment vs Security
Some of the issues we talked about beyond standard security was their bandwidth problem. Since they were founded on the first amendment, they refused to filter the internet. If you wanted to download music from Napster, watch ESPN, or check out any number of competitor websites, that was completely acceptable.
In fact, the first amendment was a principal part of their business. As a security person, I couldn’t filter, lockdown, restrict, or do anything that would impact a person’s free speech. In those instances where I’d need to, Christie Hefner, then the CEO, would have to sign off.
As security professionals, then and today, we are often faced with trying to explain the value of implementing security. Playboy understood the value extraordinarily well. Free speech just came first.
Playboy vs. KPMG
You can imagine the thought process. KPMG is an old stogy accounting firm. Casual Fridays meant wearing a polo instead of a button down shirt. Playboy was, well, Playboy.
Ultimately, I felt as though I was going to be a powerless security person at Playboy. They weren’t ready for the threats and vulnerabilities that would soon attack companies and that unfortunately impacted Playboy with a breach in 2001. (I have no idea if the breach was a result of any of the issues I talk about above.)
KPMG provided their offer early in the week. Without waiting for Playboy’s offer, I accepted KPMG’s offer and began what would be a 10 year career (over 13 years) there.
What I Learned
I usually end up telling this story at a happy hour. The reaction typically is *you seriously turned them down? *This includes people I worked with at KPMG.
In my blog post on the equalizers in a job search, there are a set of criteria that are really important to you in a job. For me in 2000 and still in 2015, working for an organization that supports and embraces security is really important to me. There are organizations — due to their overall business or just bias — don’t support security. That’s ok. It’s just not an organization that I’d probably want to work for.
Before you get caught up in the glamour and excitement of a particular company, remember what is important to you in a job.