I’ve been very vocal in the last year about what I do – to the point it manifests itself as talks I give during BarCamp (LA and San Diego), and Refresh San Diego which is held at Qualcomm. Here is my most recent talk

I’ve decided that it’s in everyone’s best interests to at least have a dialog about security. That being said I’m now offering free consultations! To my amazement I’ve even had a few people turn down FREE HOURS from me. For the first time in quite a while I was literally without words.

I thought it best at that point to illustrate exactly what I mean by security.

• This is a screenshot of the last ten days of SQL injection exploits posted to milw0rm.com. This is *ONLY* SQL injections, not any other vulnerabilities (for everyone that thinks using magic_quotes_gpc is safe, think again (and again and again)
• Securityfocus, which is a major vendor for security information has its own section JUST for Microsoft Vista.
• ONE command line will give you a command shell on a vulnerable windows machine. That leads to installing malware, stealing passwords, reading emails – the whole nine yards – just like theyre sitting AT your computer, or on your server.
• Using WEP for wireless security is a joke. If you don’t use WPA you may as well not bother encrypting. That also leads to people sniffing your information out of the air – passwords, credentials, AIM/Yahoo conversations – everything.
• The web2.0 community is just making things worse by being willfully ignorant

The point I’m trying to get across is that security isn’t just installing a virus scanner and an adware scanner and making sure your system is free of viruses. Code is developed every day that exposes crucial information to the world, which is then indexed by google. Security isn’t just about viruses, its about making your private information stay private – in all cases. Error messages that leak information such as filenames, database names, database tables, usernames etc just help attackers gain further entry into systems.

I do more than just security work – I’m a full-fledged Systems Architect with over ten years of experience in the field. Once you build a large scale enterprise environment, it has to be secured, right?
Every once in a while during conversations at meetups I tell people that I’m a Security Researcher and a Systems Architect and they end up asking me later “so what do you actually DO?”. So heres a short list:

• Information Tecnhnology(IT) and Information Security(InfoSec) consulting: working directly with sales, marketing and PR departments to coach bloggers, twitter users and writers on what terminology to use, what new technology is out there, what is safe, what isn’t safe, figures and reports on the latest attacks, bot nets, viruses and other threats influencing the world
• MSSQL and MySQL database administration, design, tuning, and security
• Designing networks: switches, routers, firewalls, intrusion detection, backups, redundancy
• Workflow Management: Setting up HRIS systems, ticketing systems, automating things like installations, software deployments, antivirus and other workstation maintenance procedures, creating a documentation repository using mediawiki
• Emerging Technologies: Staying abreast of all new versions of software and hardware available, defining when and what to upgrade, planning upgrades, defining when and how to scale, choosing the right hardware and software for the job, identifying when to decommission old equipment or software and how execute it
• Security: Staying abreast of all current and anticipated versions of software frameworks, firmwares, networking and phone equipment, defining what software and appliances need to be secured and or upgraded, defining what network resources get deployed where in the clients landscape and subequently documenting everything along the way

There is no environment alien to me, no operating system I do not have experience with, no development/scripting language I have no experience with and there is no limit to what can be done with the proper resources.

The Rates for hours at AtenLabs are fiercely competitive and in our wake we leave nothing but courage, confidence, and smiling clients.

If you’re even thinking about contacting us for us for a free consultation – stop thinking and contact us.