Skip to content

Ep 43 Tegora

Hello and welcome back to USB our Guest, Cyber Security tips. I’m Theo, here to help you break down cyber security news and hacks and how they affect you. However, today I am interviewing Tegora, an L3 System Administrator & Senior Technical Leader with technical responsibilities for Networking/Linux/HPC. We recorded the interview in an open discord voice channel with video while monitoring chat with Text-to-speech developed by Security_Live. While this time I had his volume level closer to mine, the music wasn't low enough in some parts.
Tegora became fascinated with computers at an early age, funded his education enlisting in the Army, pursued and obtained multiple degrees, taught and then pivoting into a career in IT. He has an excellent point of view regarding work effort, stepping out of your comfort zone and shares excellent tips on getting started on your path and interviewing. Also, I send people I interview a list of questions to answer, and Tegora did that, offering well thought and candid answers. Find the document linked on the episode page on my Github This is a little longer than my normal format so feel free to speed it up. Thank you for listening and enjoy.

Tegora BIO: This is 21+ years of my life condensed into a couple of paragraphs, but I tried my best to at least speak to the relevant bits of my experience to hopefully stoke further conversation.

I'm a 41 y/o IT Professional. I started my career by enlisting in the US Army at age 18. At that point I knew that I wanted to work with computers and that I was poor. I needed a leg up. So, I joined the Army for the GI Bill so that I could afford college when I got out. During my time as an enlisted member, I learned advanced networking skills, how to be a leader of people, and became a part of the largest naturally occurring professional/social network: US Military Veterans. What's super cool is that during that time in my life, I got to jump from airplanes, travel the world and eventually work for the White House Communications Agency and their secure communications switchboard -- for two different presidential administrations: Both G.W. Bush and B. Obama. After leaving the Army in 2009, I went to college. I had a rough time choosing a major because I had in the interim become interested in health and medicine-- to be Pre-Med, you can choose any degree, so I chose initially Bio-Informatics, then that degree plan was cancelled by the university due to lack of enrollment. Then I chose philosophy, and I think before starting my first term I'd switch at least once more to a Medicinal Chemistry degree -- eventually settling for a degree called Biology & Society at the sort of intersection of Biomedical Ethics and enough Biology to be able to understand and explain to anyone who would listen. I then did a Master's degree focusing on the history and biomedicalization of Autism in the United States. Afterwards, I went to study History & Philosophy of Biology at the University of Toronto with a woman named Marga Vicedo who was working on a history of Autism at that time. I spent a year there and earned a Master's of Arts degree, then returned to Arizona State University to pursue a PhD in History and Philosophy of Biology. In late 2017, I had become disallusioned with what I was up to and decided to return to the working world (rather than the academic world)... I continued working on my dissertation while working but ultimately stopped writing the dissertation in summer 2019 and left that PhD program in ABD (all but dissertation) status. Upon exiting academia, I picked up a job working as a career tech instructor in Information Technology. I taught young people, roughly Juniors/Seniors in high school, how to work on the Infrastructure side of IT (basically help desk, system administration, and networking type roles). I continued in that role for four years, earning a third Master's degree in Education in the process. I worked before and through covid 19, and just after starting the school year in 2022 a recruiter reached out through LinkedIn and I was quickly offered an interview. I interviewed for a Level 2 System Administrator role with my current employer, Belcan LLC, contracted to support GE Aviation. I started working that role in October of 2022. For several months, I was waiting on a security clearance to get approved and thereafter found myself thrown into an ill-defined role and thriving.

Essentially, I would come into work for four straight months, and on Tuesday each week, I'd get assigned a set of audit tasks to complete. The first week, I spent a small period of time trying to understand what was being asked of me and how to do it. By the second week, I thought, can't this be scripted? By the third week of the first month, I had boiled the entire audit tasking down to a small set of scripts that I would kick off and I'd finish a week's worth of assigned work in about 15 minutes. Now, since I was new, this was a good opportunity for me to get to know other people, who the players were, how the environment was structured and how to get access to do more things to be a little more helpful. By the end of the third month, I had developed an anticipatory set of PowerShell and Batch scripts to assist with possible problems with a huge VMware migration effort. Those scripts were written so generally, and repurposed many times, that we were able to address a litany of tickets that probably would have inundated us for several weeks, if not months, otherwise. By February of 2023, I had responsibilities on the Network Team and Linux/HPC Team splitting my time between work and technologies. By the end of March, I was offered a promotion and a leadership opportunity as one of the managers of our service desk. Since taking that role on, I have built a team, established tons of new processes, new training and team development initiatives, and have been recognized for my capability to effect influence far beyond the scope of my job role. In that time, I've also interviewed around 20 job candidates for our entry level (L1) system administrator role.

  • Location: Currently around Cincinnati, Ohio-- spent a great deal of time (years of my life) in North Carolina, Washington-DC, and Phoenix-AZ
  • Age: 41
  • Previous jobs: Staff Sergeant(US Army, White House Comms), Student & PhD candidate/researcher, Career Tech Instructor for IT
  • Education level: I have a BS in Biology, three Masters degrees: Biology, History & Philosophy of Science, Education, ABD for my PhD in History & Philosophy of Science, and recently started working on a second Bachelors degree in Cloud Computing with WGU (which I'll finish mid-2024).
  • Self-Taught Things: Everything to do with IT, Coding, Cybersecurity has been self-taught.

  • Importance of Certs: Two things

    1. Get your foot in the door
    2. regulatory compliance
      • Aside from that, experience is king in the IT/Cyber career space.
      • Small caveat: If you're working in a space within IT that limits your capability to get the kind of experience you need to move forward in an area that you want to work in, Certs can grease the skids.

  • How did I get this job: LinkedIn profile + Speaking Confidently and Competently during technical interview questions AND simultaneously expressing personality characteristics of someone that others would want to work with (FIT!)

  • Networking vs LinkedIn vs In-Person, etc:

    • There's a saying out there... "It's who you know..." Any candidate who has a current employee vouching for them will typically get priority.. For what it's worth, this isn't as damning as it seems for those who don't have that sort of networking going on. Out of several folks we hired over the last year, only one of those individuals fit this description. For entry level roles, surprisingly, a great deal of my attention is focused on an individual's fit with the current team, and secondarily, how much OJT will be required for this person and getting a sense for where we'd need to start. There are some things that people do, either on resumes or during the interview process that are pretty damning: 1. Lying about a certification that you have (Speaks to a lack of integrity) 2. Listing a certification, like the CCNP, and lacking fundamental knowledge and capabilities that someone with that cert should have (Again, integrity) 3. Not trying to think and work through technical interview questions at all -- as I used to tell my students, giving up isn't an option for people in our field, we're the people that folks who have already given up turn to for help... what does it say about you when you're first instinct is to say I don't know, and you won't even try? 4. clearly attempting to google search answers to technical questions during the interview -- regularly, I want you to look to google to see what it says before trying to escalate further, but Interviews aren't about trying to figure out what further OJT that google needs. 5. excessive frustration & lashing out or getting testy/difficult with interviewers... it's critical no matter how nervous you are, to keep your composure. Lack of capability to act professionally under pressure speaks to your ability to work well with others on a team. 6. Have good answers to common questions: Strengths, Weaknesses, Times that you failed, etc. There's nothing more damning than a candidate who can't speak to a single time that they failed at something, and how they overcame... All of these common questions boil down to a single critical thing that employers want to know: What VALUE will YOU bring to the team? That's why even questions that focus on adversity that you've faced, always involve a pivot -- so that you can express what your value is.

  • Stepping out of your comfort zone:

    • This is a double edged sword. For an entry level role, everything will feel uncomfortable... start to finish. You'll feel like an imposter. Frankly, you are one. Accept it. That said, any working professional, regardless of field, had to start somewhere and that somewhere is what I lovingly call "The Zone of Scrap". For two reasons, you're expected to fight for your place and existence on the team... I want someone on the team who wants to be there and will demonstrate their desire to learn and grow every day they come into work. The second reason I call it "The Zone of Scrap": it's important to find yourself "at the right place and right time" to get new experiences and learn new things. To some extent, the L2 and L3 system administrators aren't going to invite you in to learn new things, but then again... you can take advantage of the fact that those same folks aren't typically going to ask you to go away either. Creatively leverage the fact that the leader & manager of your team probably has expectations that the team grow, develop, and promote from within.

  • Current role: L3 System Administrator & Senior Technical Leader with technical responsibilities for Networking/Linux/HPC -- also Service Desk Manager

  • Expectations of my role:

    • PROACTIVELY SOLVE PROBLEMS. DISCOVER PROBLEMS THAT WE CAN'T SEE.
      • Some problems that have to do with technology, can have creative / process oriented solutions... for example, it's not the software install that is the problem, but the way that we go about installing the software (as a standard process) that's a problem? A great deal of my time and effort is spent thinking about ways to manage without managing-- Nobody likes a micro-manager, but it's critical when you do managed service work that as many of your service desk's regular processes are covered by kbs, documentation, or SOPs. One might think that this makes the job kind of trivial, but it also allows members of my team to say: "Look, I was following our approved procedure for this kind of thing." Nobody is getting fired for doing their job, especially when the tasks of that job are etched in stone and approved by management.

  • Hours:

    • I usually get in at 6:30am and leave around 3:30pm. It's 9 hours, but I'm not a time tracker -- I'm a productivity tracker. To some extent, I build in a lot of "down time" during my day. I check in with people, make sure things are running smoothly, anticipate my boss's needs and address problems before he brings them up, and generally I try to make sure my day overlaps with the bulk of our two service desk shifts... (one shift starts at 7am, the second shift starts at 9am).

  • Testing Timeline:

    • I think this interview question is geared toward one of our compliance standards... Our contract has two basic obligations for the first 90 days of employment. The first is that someone must not be a foreign national, and be able to obtain a security clearance (interim within 90 days, full thereafter). The second compliance requirement is the DOD 5870 Baseline certification requirement... depending on the role you work, it could be IAT level II, which is satisfied by the CompTIA Security+ or it could be the IAM level II which requires a certification like CompTIA CASP+ or CISSP. For our entry level system administrators, I believe the standard is IAT2.

  • Working with others:

    • Yes. My success depends on my ability to trust that members of my team will do their job and continue to improve... At the management level, this is a balancing act. I typically say "firm but fair". It's essentially the "I'm not mad, I'm just disappointed" response encapsulated in a people management approach. For instance, it's unfair for me to expect things of my team, when those expectations are never written and/or stated out loud-- if they don't know what to do, I should have no expectation that they do... In instances like this, the only thing to do is write down what needs to be read & heard, and have a conversation with the team about what needs to change. A good recent for instance with this... we drew up a little visual task board that tracks where people on the team are going. At first blush, it may seem a little micro-managey, but we explained... one critical unstated standard on any service desk is that during operating hours, the service desk is never empty. However, many times throughout the day, management would go to our service desk room and notice the room would be empty. We set a minimum standard that at least two people need to be present during our peak hours (10am-2pm). Answering the why question is critical for things like this and making adherence as simple as possible, is also critically important. Our goal with this VTB is not to say "I need to know when you use the restroom", but instead to say... We, as a team, know where all of our team members are right now and that we have minimum personnel present at the service desk.

Career advice for those getting started:

  1. The fundamentals are critically important. There's a cute little meme image going around about people who desire to work in cybersecurity, skipping the first 5 steps of a staircase. This goes back to some advice that I've heard about people who desire to work in Cyber spending a few years, at first, doing their "system time". That system time is basically giving you the opportunity to verify that you're well versed in "the fundamentals" -- we'll go ahead and black-box that term, basically as a stand-in for a bunch of often unstated expectations about technical knowledge that anyone who works in the first is supposed to know and be capable of troubleshooting, de-facto, without the need to google search. i.e. What's an A record or a AAAA record? What's an ARP table? What are the layers of the Network Model (OSI / TCP-IP)?

  2. Treat every problem that you solve like it will need to be solved 500 or 1000 more times. Sure, this once, you used the GUI the first time... but what if 300 tickets came in and you needed to solve each one in that same way. Figuring out how to do things at the command line, with batch/bash/powershell/perl scripting allows you to leverage the logic of code to solve business critical problems efficiently. Also, how awesome does it feel when the first time you do something maybe it takes you 30 minutes or 45 minutes, then you develop a script that allows you to click a button to start the script, specify a computer name or a list of computer names, then you solve the same problem 300 times over in less time than it took you the very first time.

Industry Professional interview outline TimeZone? -
- availability - weekdays ?? - Weekends ?? - voice, tts, video, avatar? - Who are you? background - as much or little as you are comfortable with. - location - age - previous jobs - scripting lang? pearl, bash, batch, powershell - do you worry about being noticed for the extra work you do? toot your horn? - What is your education level (or lack of) - What have you taught yourself? - How important are certs? - How you did you land your job in cyber security to get in the industry? - How necessary is Networking? LinkedIn, Discord, in person? - The importance of stepping out of your comfort zone - What is your current role? - What are your employers expectations in your current role? - Hours - Testing timeline - Working with others - What is advice that you wish you knew when you started on your path in cybersecurity.