Brian Allen, Certified Information Systems Security Professional (CISSP) and Information Security Director, “plays defense for WashU” by overseeing the Incident Response* and Vulnerability Management teams. Throughout his career, he has fostered connections at WashU and in the InfoSec community at large. Dependable working relationships are essential to Brian because he sees “InfoSec as a department built on trust. If people can trust what I say and what I am going to do, then we can more quickly protect the university.”
Upon completing graduate school, Brian’s friend offered him a job as a Unix System Administrator at the University of Maryland. Brian did not yet have IT experience, but his friend told him not to worry. “This was in January 2000 when it was easier to get into IT.” As a system administrator, he learned how to harden server security and detect security incidents as they occurred. Specifically, he learned how to harden “DNS servers, web servers, Samba, SSH, DHCP, and others.”
Additionally, he learned about networking, host-based and network-based firewalls, Perl, shell scripting, and automation. Eventually, he returned to St. Louis to work as a Unix System Administrator with the University of Missouri St. Louis. In late 2005, he was hired as the first network security analyst at WashU by Matt Arthur. Captivated by our free t-shirts, he stayed with WashU to advance into management in 2014. He has been a director since last year.
Commenting on a tool that makes his life easier, Brian says he values Google searches. “Most of the time, I don’t know the answer to questions that come up, so being able to quickly and accurately search Google is so important today.”
In his free time, Brian likes to cook with his son, a student at the Culinary Institute of America in New York. For Christmas dinner last year, “we made 24 crème brulée. When I say we made, I mean my son made.” As sous chef, Brian’s job was to “buy all the ramekins, the industrial torch, and make sure we don’t burn down the house.”
If you are interested in better understanding the InfoSec mindset, Brian recommends reading The Cuckoo’s Egg by Clifford Stoll and Cryptonomicon by Neal Stephenson.
*The Incident Response team detects and responds to attacks against our users and network. The Vulnerability Management team remediates vulnerabilities before criminals can exploit them.