! The Lance
Spitzner Interview !
First of all we would like to thank Lance Spitzner for allowing us to
interview him. Lance returned the interview the same day we send it to
him and he is not the kind of man that has much free time so: Thanks !.
Lance Spitzner is well known for his contributions to the security scene.
His papers are read all over the world and the honeynet is currently
a very hot project. Also thanks to Max Vision for being so kind of sending us the following introduction:
Introduction by Max Vision;
"Lance is an absolutely essential leader in the whitehat community. He
infects everyone with his passion and enthusiasm for network security. But
more importantly, he organizes a fairly disparate group of security experts
into a productive, cooperative team. This is no easy feat in an industry
that increasingly favors non-disclosure. Lance is an exemplar of a true
whitehat: curious, intelligent, and honest. He is simply good."
> How old are you ?
> What education did you follow or how did you
get your knowledge ?
Hmm, I received my undergraduate degree in Military history. At
time, I wanted to puruse a career in the military. However, after
years in the army that changed. After getting out, I went to
school and recieved my MBA (Masters in Business). My intent
was to pursue a career in information management. However, I
much fun learning about the technical side that a became a full time
geek instead :)
> How did you get interested in internet security
I began learning about it in while in graduate school. At the time
I interned for a small consulting company. They needed a firewall
administrater and I volunteered for the job. Things just grew
there. I feel my interest is closely related to my military background.
Fighting badguys on the Internet is alot like fighting badguys in
a tank, the only difference is I'm using IPv4 packets as opposed to
120mm tank rounds.
> How much time a day do you spend on internet
security (job / honeynet.. ) ?
Hmm, 40 hours a week with the job, another 20-30 a week with the Honeynet.
> What operating system do you prefer ?
Hmm, I really don't prefer an operating system, I'm just more familiar
with certain ones. I have the most experience with Solaris and
(Red Hat). This doesn't mean to me they are better or worse,
understand them better. I'm also looking forward to playing with
OpenBSD and Trusted Solaris.
> What kind of (operating) systems do you have
at home ?
NT/98, Solaris, Linux, Cisco IOS
> Do yo have a laptop and does this device run
a unix based operating system ?
NT and Linux
> Do you have any unpatched systems ?
Only the ones that I want to get hacked :)
> How do you feel about the internet security
at this moment and its future ?
Hmm, awareness is growing, but not fast enough. We can't keep
up with all
the new people and systems that are connecting.
> How do you see the internet in 40 years from
Seemless part of our lives. We won't notice it becuase it is a
of everything we do. I'm sure something else will be hot and
then (space travel, genetics, etc).
> How much time a day do you spend behind the
Uggh, WAY TOO MUCH. Around 10-14 hours a day.
> What do you do when you're not working with
Right now I play with my four month year old son. My wife and
I also try to get outdoors as much as possible, especially during
> Were you ever tempted to indulge your dark side
Hmm, not really. Don't forget, I come from a different background
then most. I started as an officer in the Army's Rapid Deployment
Force. Besides, that was one of the motivators in building a
Honeynet, I could 'indulge' in an environment for hacking :)
> Have you ever been hacked (besides the honeynet
Hmm, not that I know of. I've helped clients who have been
compromised, but I do not know of any time I have been compromised.
This says less about my skills and more about me being lucky.
> Who are the persons you look up to and why ?
Anyone who contributes to the security community without benefit
to themselves. Within the technical world there are several.
Dan Farmer and Wietse Venema for what they have contributed and what
they continue to contribute, cutting edge tools that are extremely
well designed. David Dittrich, for pushing the cutting edge within
the world of forensics. Marty Roesch for a powerful tool that
anyone can use, and for free. K2, for always reminding me that
you are never secure. RFP, for always pushing the envelope.
Powell, leading by example on how to be a professional.
Thats what I absolutely love about this field, great people
who all want to learn and help others. Its extremely exciting.
> Tell us about your first computer ?
Nothing exciting to report here. I remember playing with Atari
'computers' in the 80's, but I didn't become a real geek until
the mid-90's. Basic intel boxes and BBS connections. Unless
course you consider the 'balistic solutions' systems on our tanks
a computer :)
> What is the best book you have read so far (security
related or not) ?
Stevens, there is no substitue. If you are going to be working
IP, TCP Illustrated, Volume One is where you start (and keep coming
> What kind of car are you driving and what do
you think you should be driving ?
Heh Heh, I've had a Mazda Miata convertible for 10 years now, I love
it. I will always have a convertible, even with a family.
Just it will
most likely be a 4 door instead of my current two door. Either
it MUST be a manual transmission.
> You worked in the army what did you do there
and how do you apply military skills in the IT security world.
I was a Tank Officer for the Army's Rapid Deployment Force, part of
18th Airborne Corp. At the time, we were the only unit in the
that could rapidly deploy 65ton Main Battle Tanks. By the time
out, I was an X0, second in command of a 65man/14tank unit.
Two of the biggest things I got out of it.
- Managing people and projects. How to focus on a simple
and obtain that objective.
- Tactics, engaging the enemy. I was surprised to discover
that a great
deal of the tactics and skills I developed in the military
to the world of information security. In both worlds
we are trying to
protect resources against an extremely resourceful and
> What is your favourite city ?
Chicago in the summer. There is just so much to do. Unfortunately,
one of the worst places to be during winter.
> What is your favourite movie ?
Any old James Bond or John Wayne. Other classics include
Star Wars and The Sting.
> Lance Spitzners favourite food is.... ?
Uggh, just about anything different, I love eating out. I'm
a huge fan of of Middle Eastern/Indian/Asian. At one time I
could even speak Malaysian, but I've forgotten most of that :-0