! The Lance Spitzner Interview !

First of all we would like to thank Lance Spitzner for allowing us to interview him. Lance returned the interview the same day we send it to him and he is not the kind of man that has much free time so: Thanks !. Lance Spitzner is well known for his contributions to the security scene. His papers are read all over the world and the honeynet  is currently a very hot project. Also thanks to Max Vision for being so kind of sending us the following introduction:

Introduction by Max Vision;

"Lance is an absolutely essential leader in the whitehat community. He infects everyone with his passion and enthusiasm for network security. But more importantly, he organizes a fairly disparate group of security experts into a productive, cooperative team. This is no easy feat in an industry that increasingly favors non-disclosure. Lance is an exemplar of a true whitehat: curious, intelligent, and honest. He is simply good."


> How old are you ?


> What education did you follow or how did you get your knowledge ?

Hmm, I received my undergraduate degree in Military history.  At that
time, I wanted to puruse a career in the military.  However, after four
years in the army that changed.  After getting out, I went to graduate
school and recieved my MBA (Masters in Business).  My intent
was to pursue a career in information management.  However, I had so
much fun learning about the technical side that a became a full time
geek instead :)

> How did you get interested in internet security ?

I began learning about it in while in graduate school. At the time
I interned for a small consulting company.  They needed a firewall
administrater and I volunteered for the job.  Things just grew from
there.  I feel my interest is closely related to my military background.
Fighting badguys on the Internet is alot like fighting badguys in
a tank, the only difference is I'm using IPv4 packets as opposed to
120mm tank rounds.

> How much time a day do you spend on internet security (job / honeynet.. ) ?

Hmm, 40 hours a week with the job, another 20-30 a week with the Honeynet.

> What operating system do you prefer ?

Hmm, I really don't prefer an operating system, I'm just more familiar
with certain ones.  I have the most experience with Solaris and Linux
(Red Hat).  This doesn't mean to me they are better or worse, I just
understand them better.  I'm also looking forward to playing with
OpenBSD and Trusted Solaris.

> What kind of (operating) systems do you have at home ?

NT/98, Solaris, Linux, Cisco IOS

> Do yo have a laptop and does this device run a unix based operating system ?

NT and Linux

> Do you have any unpatched systems ?

Only the ones that I want to get hacked :)

> How do you feel about the internet security at this moment and its future ?

Hmm, awareness is growing, but not fast enough.  We can't keep up with all
the new people and systems that are connecting.

> How do you see the internet in 40 years from now ?

Seemless part of our lives.  We won't notice it becuase it is a part
of everything we do.  I'm sure something else will be hot and heavy
then (space travel, genetics, etc).

> How much time a day do you spend behind the computer ?

Uggh, WAY TOO MUCH.  Around 10-14 hours a day.

> What do you do when you're not working with computers ?

Huh? :)

Right now I play with my four month year old son.  My wife and
I also try to get outdoors as much as possible, especially during
the summer.

> Were you ever tempted to indulge your dark side ;) ?

Hmm, not really.  Don't forget, I come from a different background
then most.  I started as an officer in the Army's Rapid Deployment
Force.  Besides, that was one of the motivators in building a
Honeynet, I could 'indulge' in an environment for hacking :)

> Have you ever been hacked (besides the honeynet hacks ?)

Hmm, not that I know of.  I've helped clients who have been
compromised, but I do not know of any time I have been compromised.
This says less about my skills and more about me being lucky.

> Who are the persons you look up to and why ?

Anyone who contributes to the security community without benefit
to themselves.  Within the technical world there are several.
Dan Farmer and Wietse Venema for what they have contributed and what
they continue to contribute, cutting edge tools that are extremely
well designed.  David Dittrich, for pushing the cutting edge within
the world of forensics.  Marty Roesch for a powerful tool that
anyone can use, and for free.  K2, for always reminding me that
you are never secure.  RFP, for always pushing the envelope.  Brad
Powell, leading by example on how to be a professional.

Thats what I absolutely love about this field, great people
who all want to learn and help others.  Its extremely exciting.

> Tell us about your first computer ?

Nothing exciting to report here.  I remember playing with Atari
'computers' in the 80's, but I didn't become a real geek until
the mid-90's.  Basic intel boxes and BBS connections.  Unless of
course you consider the 'balistic solutions' systems on our tanks
a computer :)

> What is the best book you have read so far (security related or not) ?

Stevens, there is no substitue.  If you are going to be working with
IP, TCP Illustrated, Volume One is where you start (and keep coming
back to).

> What kind of car are you driving and what do you think you should be driving ?

Heh Heh, I've had a Mazda Miata convertible for 10 years now, I love
it.  I will always have a convertible, even with a family.  Just it will
most likely be a 4 door instead of my current two door.  Either way,
it MUST be a manual transmission.

> You worked in the army what did you do there and how do you apply military skills in the IT security world.

I was a Tank Officer for the Army's Rapid Deployment Force, part of the
18th Airborne Corp.  At the time, we were the only unit in the world
that could rapidly deploy 65ton Main Battle Tanks.  By the time I got
out, I was an X0, second in command of a 65man/14tank unit.

Two of the biggest things I got out of it.

 - Managing people and projects.  How to focus on a simple objective
   and obtain that objective.
 - Tactics, engaging the enemy.  I was surprised to discover that a great
   deal of the tactics and skills I developed in the military readily apply
   to the world of information security.  In both worlds we are trying to
   protect resources against an extremely resourceful and dynamic enemy.

> What is your favourite city ?

Chicago in the summer.  There is just so much to do.  Unfortunately, its
one of the worst places to be during winter.

> What is your favourite movie ?

Any old James Bond or John Wayne.  Other classics include
Star Wars and The Sting.

> Lance Spitzners favourite food is.... ?

Uggh, just about anything different, I love eating out.  I'm
a huge fan of of Middle Eastern/Indian/Asian.  At one time I
could even speak Malaysian, but I've forgotten most of that :-0


Fore more information about Lance Spitzner visit one of his web sites:



For defacement information and news join the safemode mailing list here .