Lomar Lilly

Part 1: The Beginning – My Journey to InfoSec

I would say my journey to becoming an Information Security (InfoSec) professional started when I got my first computer, which was a Windows 95 machine. Back then, all I knew about computers was how to find PBS kids and play games. Notwithstanding, I grew up watching my big brother doing a lot of programming. He had gigabytes of storage filled with books and videos about programming and different programming languages. He was in University at the time, but seeing him build programs got me interested in developing applications of my own.

As time passed, I began learning different programming languages and built programs I could share with friends that would make our lives a bit easier. I remember back in high school; I developed a voice recognition program that could complete small tasks such as shutting down the computer and telling me the time. This program was a noteworthy achievement, as none of my friends understood how I was doing what I was doing, and I felt like a genius. Wanting to re-live that feeling repeatedly, I began developing my programming skills more and more.

Part 1: The Beginning - My Journey to InfoSec 1
Upgrade From Windows 95 to Xp to Windows 7

In search of knowledge about programming, I came across the terms “hacking”, “cracking”, “hackers” and “crackers”. Based on what I had understood, a hacker is a computer programmer who could manipulate computers to do whatever they wanted them to do, and they are the good guys. Crackers, on the other hand, are the bad guys, and they aim to break into computer systems for personal or financial gain. Armed with this somewhat misguided knowledge, I continued to develop my programming skills so that I could manipulate computers to do whatever I wanted them to do.

As I matured as a programmer in high school, I began to understand how crackers could break into computer systems. By the time I was near graduation, I knew a lot of techniques used by crackers, and I also knew how to mitigate against most of these techniques, and that’s when I started learning secure programming. I wanted the applications I built to be uncrackable! A bold dream at the time, but it caused me to pay attention to how I wrote code. As time went by though, I understood that no computer system or application is entirely uncrackable.

When I started University, I enrolled in the Computing Degree program with my eyes on becoming a Computer Science major and a professional software developer. It was then I began my freelance career as a Software developer, still adhering to and developing secure programming practices. It was during this time I learned that there were three types of hackers, White Hat, Grey Hat, and Black Hat, with Black Hat hackers likened to crackers and White Hat hackers being the good guys.

Journey to Infosec Codesharks
Lomar Lilly & Agyei Masters
Well Known Programmers in University #CodeSharks

Progressing through University, I continued learning different techniques used by Black Hat hackers. I would usually recreate scenarios in which I could use these techniques in a legal and controlled environment. I needed to understand these techniques so that my applications would not be vulnerable to such methods. As I began sharing my knowledge, I landed my very first job as what I know today as an Incident Response Handler.

The company that hired me was a victim of a security breach, and my job was to find out how the hacker(s) got in and remediate the issues identified. Within minutes of reviewing the affected application, I was able to find out how the hacker(s) got in and was able to remediate the issue and provide recommendations on how to prevent a recurrence of this issue. Now, at the time, I did not know what I did had a whole career path to itself. I relied on my skills as a secure programmer to resolve the issue, which made me think that Software development was indeed the career path I should pursue. That thought, however, would quickly change.

In part two, find out what happened that sparked enlightenment and propelled me into a successful career as an Information Security Professional. Also, feel free to leave comments below highlighting the career field you were in before (if any) becoming a Security Professional. If you are aspiring to become a Security Professional, leave a comment about what sparked your interest.

12 Comments

  • Hi Lomar thanks for the inspiring motivating journey, am currently on th firewalls but have started with Cyber training am also learning Python to be able to use scripts ,thanks very much

  • Hi Lomar,

    Thanks for sharing your story. You are truly an inspiration. Learning and understanding programming languages can be quite daunting for a lot of people. Was it something that came naturally to you or did you struggle in getting it? Are there areas of Infosec that you struggle with?? Thanks again.

    • Programming came somewhat natural but It wasn’t without challenges. As for areas in Infosec, there is a ton of stuff I don’t know and that excites me really. Cloud Security is one such area in which I lack experience and deep knowledge. But I tell you Kehinde, Infosec is a huge field, don’t feel bad if you can’t “master” all areas within the field.

  • Lomar your journey is very interesting. I would like to know what is your strategy in regards to certifications. How do you manage work, family and exam preparation? I really want to take the OSCP exam but I don’t know where to start… Please share some tips .God Bless

  • Hello Lomar,

    I have followed you for some time now. I’m in kind of an odd position. I will have my Doctor of IT this June and I work as an IT Operations Manager. I deal with a variety of security, hardware, software, policies, etc. and I’m getting my CEH at the end of this month. My goal is to be a CIO or CISO, but struggle with direction at this point. I am concerned because I fee that my current position is too restrictive and will not get me the experience I need to get to the next level. Thoughts?

  • Hi, thanks for sharing your journey.
    I am a Unix & Linux admin but not with a backgroup of software development. Could you please clarify the programming prereq for info sec role.

    tx

    • Hi Saghar, programming is not a prerequisite for a role in InfoSec. You can land a role in InfoSec with zero programming experience. If you want to have an edge in the field though, it is good to know, Assembly, C, Python, Perl, Javascript, and Bash, and even then you don’t have to be an expert in these languages.

Leave a Reply

Your email address will not be published. Required fields are marked *