Interviews
Interviews by Stephen Ibaraki, I.S.P.
Laura Chappell: Internationally Renowned Sr. Protocol/Security Analyst and Founder of the
Protocol Analysis Institute; Recipient 2005 NPA International
"Professional Excellence and Innovation Award - Independent Network Contractor"
This week, Stephen Ibaraki, I.S.P., has an
exclusive interview with Laura Chappell, recipient of the “2005 NPA International
Professional Excellence and Innovation Award – Independent Network Contractor”
given out at the world’s largest networking industry conference,
Networld+Interop Las Vegas. The Award is sponsored by the Network Professional Association
with cooperation and support including from Networld+Interop, Microsoft, Que/SAMS
(Pearson Technology Group Publishing), Network Computing Magazine, Network
World Magazine, Novell Canada, … Laura is the Founder and Senior
Protocol/Security Analyst for the Protocol Analysis Institute, LLC, www.packet-level.com. Moreover, Laura is a widely regarded speaker and best-selling author
of numerous industry titles on network communications and analysis. Her
top-ranking speaking engagements include Microsoft’s Technet and TechEd
Conferences, Novell’s BrainShare Conferences, and the HP Enterprise Technical
Symposium. Ms. Chappell is also the founder of and Technical Advisor for
podbooks.com, an Internet-based publishing company focused on packet-level
communications and security. In addition, Ms. Chappell writes and provides
content for a number of industry publications. In 2005, Ms. Chappell released her Master Library encompassing all
books, self-study courses, video-courses and trace file interpretations. For
more information on podbooks.com, visit www.podbooks.com.
For more information on the Laura Chappell Master Library, visit www.packet-level.com/library. Internationally renowned, Laura has trained
thousands of LAN/WAN administrators, law enforcement officers, engineers,
technicians and developers worldwide. Chappell is a member of the High
Technology Crime Investigation Association (HTCIA) and an Associate Member of
the Institute for Electrical and Electronic Engineers (IEEE) since 1989. Through the Protocol Analysis Institute,
LLC, Chappell founded the Internet Safety for Kids program in 2005. This program provides education and
presentation services on online predators, safe Internet communications and
parental and law enforcement resources. For more information on the Internet
Safety for Kids program, visit www.packet-level.com/kids
or contact Ms. Chappell at kids@packet-level.com.
Discussion: Q: Laura: you have a long and remarkable
history of successes in a distinguished career with many notable accomplishments.
Congratulations on your fine achievement as the recipient of the networking
industry’s highest international award for Independent Network Contractors, the
2005 NPA Professional Excellence and Innovation Award.
A: It certainly was an honour to receive
this award and I thank the NPA for recognizing the Internet Safety for Kids
program and this important topic. Awareness and education are our greatest
resources and tasks in protecting children against online predators. We
certainly don’t want to protect our children by limiting their safe use of the
Internet – we want our kids to grow up as Internet-savvy individuals who can
use the internet safely as the tremendous resource that it is. The Internet Safety for Kids (ISK) program
was the positive result of a very negative experience. A law enforcement
officer made a presentation on Operation Avalanche at an HTCIA (High Technology
Crime Investigation Association) conference. Operation Avalanche was a sting
operation that netted Thomas Reedy and his wife, Janice, who ran a child
pornography ring that consisted of some 250,000 subscribers. The officer making
the presentation described the images of children who had been tortured into
committing sexual acts with other children. Those images haunted me – I began
having nightmares with those images flashing through my mind. At this point,
there was a choice to be made – learn to deal with it or do something about it.
After talking over the idea with my business associate, Brenda Czech, who has
experience working in children’s shelters and dealing with these horrific
events, the ISK program was born. Now, we create and maintain the ISK website,
resource and presentation materials. By the time this article is printed, the
Internet Safety for Kids book should be completed. This book was developed
under the Open Publishing License to allow anyone to access and use the
materials free of charge. Q: You are a leader whose career provides
inspiration and mentorship to IT Pros worldwide. What prompted you to get into
computing? Describe your journey from the early years to the present. A: Directly out of high school I started a
word processing company with my best friend, Jill Poulsen. We’d both learned to
use NBI systems when working in my father’s office. Then the IBM PC was
released… I obsessed on it... it was the future in our eyes and we sold the
business assets to a client so we could move on. In order to get as much experience in many
different companies, I then decided to do temporary work. Given my fascination
and knack with the PC, I was often thrown into the role of installing and
troubleshooting systems. Finally one customer (a law firm in Los Angeles) lured
me into a full-time position of network administrator when they showed me a big
red box of software called NetWare and stacks of IBM PCs and printers. Again, I
obsessed over the software – learning everything I could about how it worked
and what we could do with an actual network of systems. I decided to take a
network administration course from a company called Vitek in San Marcos, California. When
the instructor, C.W. Rogers – a retired
naval commander, entered the room with booming voice and cutting humor, I
practically stood at attention. Throughout the class I was the “student from
hell” constantly tapping away at the keyboard during lectures, jumping ahead in
the student manual and asking questions that were out of the scope of the class
content. More than once, C.W. loudly reprimanded me for being a lousy
student. After getting the network up and running
and training all the employees on the new system, I felt it was time to move
on. Unsure of what to do, I submitted resumes to a number of groups – one being
Vitek, the company I’d taken the NetWare course from. I was surprised one day
when Audrey Pine (one of the owners) called me back to ask for an interview. I
arrived ready to talk about becoming their best sales phone associate ever –
given my experience, I felt I could talk the talk on networking products and
possibilities. It was at this moment that she informed me that C.W. had decided
that I would be an instructor – not a sales person. I was shocked and had a terrible
case of stage fright (from a horrid experience in a musical at school). When
C.W. walked in the room, I immediately began to shake (after I saluted him, of
course). At that point, he changed my name from Laurie (the nickname I’d grown
up with) to Laura (my true name) – he told me I would an instructor and that
was that. C.W. mentored me in teaching – explaining
that people wanted to enjoy the course and not be bored by it. His analogies
were usually hysterical and not a bit politically correct even in those more
relaxed days; and I loved it! The move to Novell was a natural one. I
went to work for JD Marymee (an ex-Vitek instructor as well) in the Networking
Technologies group. Our goal was to develop and deliver advanced networking
courses to Novell employees, key associates and eventually the world. It was
Ray Noorda’s pet project and every day was thrilling. When Novell purchased the
Excelan Corporation, their instructors gave us a quick overview of the
LANalyzer protocol analyzer they created. One packet appeared and I knew that I
would spend the rest of my life working at packet-level. I was hooked. Ray and
JD gave me the freedom to stretch my legs and learn, document and teach
networking at the packet-level. When I finally left Novell to start my
current business, the Protocol Analysis Institute (which has undergone three
name changes before settling in on this one), I had traveled the world to talk
about networking. I had worked on a tremendous number of networks and analyzed
thousands of trace files. Although I specialized in network
troubleshooting and optimization originally, it became apparent that there were
some serious security flaws in many of the networks I examined. Traffic crossed
the wire in plain text; unknown applications were hounding servers until they
crashed; unauthorized users were spotted lurking on the network. We began to
meld security reviews into our onsite analysis work. Security and packet-level analysis are a
wonderful combination – if you really want to secure your network, you really
need to understand how the data moves. Where does it enter the network? What should it look like? Where are the
vulnerabilities in the TCP/IP stack and the applications? Network and
Internet-based attacks are visible in trace files – knowing what to look for is
imperative. Q: What compelling ten attributes provide
success for IT Pros? A: Q: Why are there so few woman in the field
and how can this be changed? A: Probably because it (a) appears to be
male-dominated already (which often scares of women) and (b) women are too
smart to get into this mess. (Just kidding.) Actually, if someone had offered
me a career path in networking early on I would have passed. Sounds boring.
Sounds like math. I
think many women are not attracted to the field because they have not seen all
the cool sides of it. We probably need to do more to represent the field in its
fascinating mind-blowing image – to both men and women. Q: You are an author and editor of many
best-sellers. How did you get into writing and how can aspiring IT Pros become
branded as authors? A: I
always dreamed of writing – that was my “life goal” immediately out of high
school. Of course, I thought I’d write some trashy novel or maybe a spy
thriller. I heard about Novell Press when I was teaching how the packets moved
through the network. I figured that I could write a book just simply by putting
the class material on paper. After receiving a 6 month window to write the
first IPX/SPX book, I sat down one weekend and began just writing down what I
would say to someone. By Monday morning, the first book draft was done! Since then, I have learned that there are
two ways to write a book. The first is
when the book writes itself in your head – you know a topic well and have
experienced life as a typical user of the technology. You make all the mistakes
and ask all the questions. One day, you sit and jot down and outline. If there
are topics still unanswered, you go study those topics. When you feel
comfortable with all the areas of the topic, then begin to describe them on
paper – the book eventually is “born.” The second way is much more difficult for
me. This is when you attempt to write a book on a topic you are not familiar
with. In this case I find the process to be grueling and painful. More like
having your teeth pulled out one by one. For many folks, however, they enjoy
this because the goal is before them – they know what they must work on and the
focus on the outline to guide them. I think the IT Pros out there are a wealth
of knowledge. The best way to begin a writing career is to go with the first
method – write what you know about. We are all dying to hear case studies, so
write one. Tell us what your networking challenge was, how you went about
finding a solution, how you implemented your solution and what the outcome was.
Network troubleshooting case studies are especially compelling reading. Everyone
wants to hear how someone else crawled to the top of the dung heap we call
network downtime! Be certain to use your own voice in your
first draft. Just “talk” to the paper as you go. If you must swear, then do so
(the editors will remove it later). Put your emotions into it so we know how
you felt and can emotionally relate to your story. Of course, I relate
Appletalk Routing Table Maintenance Protocol traffic to a Chihuahua, and my
love of ethical hacking to Sister Gerald at Catholic school, so I’m partial to
personal anecdotes. Q: Share your top ten tips for writing? A: Q: Describe the process of producing best-selling
courses. What are the key elements in creating a successful course? How can IT
Pros get into this field? What qualities make for success? A: The first element of writing a course is
interest. If you aren’t interested in the topic it will come across in your writing
and your lab exercises. It will also be an excruciatingly painful process. I
know that some of you work for companies that dictate the course topic and I
feel for you. You are a better person than I if you can stick with it and
produce a golden egg! Once you have your course topic, list the
learning goals. What do you think the student would need to know about this
topic. Now start writing to those goals. Hands-on exercises add to the learning
experience so remember to include in-class or after-class exercises. Include real world case studies whenever
possible. Relate the material to the students’ world so they know they are
learning material they can use. Ask someone to review the outline before
you start – many times I’ve written course outlines that have fallen with a
“thud” to the floor in someone’s office. Hey – I thought an “algorithms for
mathematically-impaired” course would be a hot topic… thud. Q: You are a top-ranking speaker. What are
some pointers that make for speaking success? A: Q: From all the videos, courses, articles,
and books you have written, compile your list of the top ten best practices and
little known but highly useful tips. A: Q: Tell us more about the Protocol Analysis
Institute, your vision, mission, goals and objectives in the short, medium, and
long term. What prompted you to start the company? A: Protocol Analysis Institute is dedicated
to researching, documenting and training on network troubleshooting, optimization
and security. We believe in a full exchange of knowledge. When I do an onsite
analysis of a network, I insist that the local team follow along with
everything I do so they can learn from onsite. If I’ve done my job well, their
network issues should be resolved and they should feel confident finding and
identifying the problem by themselves in the future. Our current goals are to research, develop
and deliver new materials on the hot topics of the day. This includes Voice
over IP, 802.11, security tools and tricks, network analysis and forensics and
host forensics. Much of our time these days is also devoted to the Internet
Safety for Kids program. We hear from many individuals and groups who would
like access to the materials, have questions on the topic or have suggestions
on how to get the word out. I started the company back in 1993 to offer
open training and onsite analysis services to a variety of customers. Although
we are a very small company, we have strong alliances with our customers and
many of the vendors who produce the tools we use and show in courses. Q: Share your vision and secrets behind
podbooks.com and Laura Chappell Master Library. A: Podbooks.com was launched because
traditional publishing houses are not interested in developing and delivering
highly specialized books that may not appeal to the masses. In addition, after
writing an 800-page monster, I was burned out with the traditional book writing
process and frustrated that my style was often edited out of a book. Just
because the topic is technical does not mean it must be dry, boring and
politically correct 100% of the time, right? The Laura Chappell Master Library
(LCML) gives us an opportunity to bundle all the resources, training and books
into a single package. The training is available in multiple delivery formats
to address buyers who learn through reading, voice-over demonstrations, or
video presentations. Q: One of the areas you are most proud of
is your Internet Safety for Kids program. Why is the program your passion? What
do you hope to accomplish and how can the audience participate? Share with us
the details behind the recognition from the INP. A: Internet Safety for Kids is my passion.
In an ideal world, I would spend all my time developing materials and
delivering this vital information internationally. As the mother of two
Internet-savvy children (ages 8 and 10), my heart goes out to the children and
the families who have been victims of child luring, child pornography and child
sexual exploitation. Our goal is to create a freely-available collection of
instructional materials that can be used to teach Internet safety to the adult
audience. It is our belief that if the adults know the risks, predator luring
techniques, methods of communication and signs of offender manipulation, then
they will teach the children. Q: How do you further plan to make a
difference in your workplace, and community, and in academia, industry, and
government? A: Currently we have a pro bono program to
provide free training on topics of security and troubleshooting to specific
groups. I regularly present courses for the US Court system
and various law enforcement and government groups. Often I present to schools
who would like to excite their students on the possibilities in the security
field. At Microsoft’s TechEd conference, I was a panelist on their Women in
Technology luncheon to share some thoughts on how to interest more women in
this field. Q: Describe your responsibilities:
day-to-day, tactically, and strategically. What lessons can you share with
others? A: A
typical day begins in the role of “Mom.” My business as a protocol and security
analyst is secondary to my business as a Mom. This means most days are not very
predictable and often my strategy is simply to make it to the business meeting
without Rice Krispies stuck to my shirt. Having a very tolerant and organized
associate, Brenda Czech, makes the business run. People have learned that I am
often late in answering email because it piles up quickly. They know they can
reach Brenda to find me when I travel. My business would not run without such
help in coordinating schedules, client requests, and delivery deadlines. Q: You have an impressive list of clients
worldwide. Share with us some case studies that illustrate key philosophies,
technologies, and best practices. A: My clients are so varied in their
approach to networking, troubleshooting and security. One of my more impressive clients have an
impressive lab environment that all products must go through before being
rolled out on the network. Each application and host system must be checked out
completely before they are allowed onto the network. One element of the
application testing process requires that the tester perform a trace file
analysis of the application’s traffic. This proactive step allows them to
analyze and troubleshoot the application faster once it is rolled out. Another client that supports a desktop
group, infrastructure group and security group sets up a cross-training and
brainstorming lunch each month for all groups. Each group shares their concerns and issues with other groups. A medical company client often needs to be
on the bleeding edge of technology to support their users and the distribution
of medical information on a timely and secure basis. The CTO brings in industry
experts during the pre-planning phases to identify key areas of research. They
save themselves time and money by building a clear and accurate path to their
goals. Q: Illustrate by using a case study
approach, what network analysis and security will look like in 2007, 2010, 2015? A: I imagine that by 2007, our analysis solutions
will become more distributed and more intelligent – offering expert systems
that evaluate traffic and alert the analyst to problems in a more proactive
manner. For example, continuous processing of traffic may discover that a host
is sending traffic to a system that responds with TCP reset packets, a clear
indication that the process is not available on the target. Although some
manufacturers are moving in this direction, I think we need to see significant
technical improvements and price reductions to bring this capability to the
small to medium-sized business. By 2010, we will be seeing more encryption
carried up the protocol stack to the applications – I imagine performing
upper-layer analysis on a misbehaving application will become more difficult
unless these analyzers are able to view the commands and responses before the
encryption process begins. Imagine the advantage of an analyzer agent that
looks at the pre-encrypted request and compares it to the post-decrypted
response to note any errors. By 2015, we should see tremendously
high-bandwidth analyzers that can sift through millions of packets per second
and pull out the questionable traffic. For example, imagine being able to place
an analyzer on the network backbone and immediately filter out the “known to be
good traffic” in order to focus on the unusual traffic patterns. Alerts should
be received on mobiles or through email systems while the analyzer begins to
build the report and “check in” data for investigation. Q: What have been your top five challenges over
your career? Why are they included on your list and how did you resolve them? A: I was forced to conquer my fear of
speaking in public by being pushed in front of a room to present day after day
– teaching up to 20 days a month. Receiving a few positive reviews and finding
ways to bring in personal experiences and humor have also helped make
presenting more fun each year. When writers block struck, I learned to
record lectures and transcribe the verbiage – a quick clean up left me with
some nice articles and book chapters. Keeping up with email has always been a
challenge – empowering my associate, Brenda, to handle most customers and
partners requests helped reduce the email queries sent directly to me and
provides timely responses. Traveling and teaching daily can keep me so
busy that I miss opportunities and requests because I don’t have the time to
follow-up on projects. Partnering with other companies such as Essentialtalk
and Institute for Network Professionals enables me to have a team of
individuals who identify opportunities and act on them so they won’t slip by. Balancing family and work has been a
tremendous challenge. When I started traveling it broke my heart to leave my
kids behind to fly off and stay in hotel rooms night after night. These days
however, I schedule my travel around my kids and take them with me whenever
possible. They have traveled to Tokyo, Okinawa and Seoul with me for a US Armed Forces training. They traveled all over Australia
with me on a conference tour. It can be exhausting to teach all day at a
location and then get back to the hotel room to two kids who are thrilled to
see Mom and want to play – but it is a good exhaustion. Q: What are the top ten resources for IT
Pros in your profession? A: Q: Laura, look into your crystal ball and
provide five-to-ten industry predictions. What should IT Pros and businesses
look for? A: Security will remain in the forefront of
network concerns as attackers continue to pound away at their defenses. Vendors
will begin to build in security mechanisms into their product and tout that as
a ‘key feature’ of their software and/or hardware. Security and privacy
standards will become commonplace among all countries and I imagine we will see
some big corporations fall due to security breaches. Sadly, I also imagine that terrorism will
rear its ugly head and cause an emphasis on hardening government and
infrastructure networks. Q: Choose three topics of your choosing and
providing commentary. A: 1) Topic 1: Working with law
enforcement: 2) Topic 2: Internet Safety for Kids: 3) Topic 3: Catholic Boarding School: Q: Laura, it has been a real pleasure
talking with you. Thank you for doing this interview and sharing your
invaluable experiences with our audience. A: Thank you, Stephen. My sincere thanks to the NPA for recognizing
the Internet Safety for Kids program – we hope to continue to expand the
content and partner with new individuals and corporations to help educate
others on ways to protect our kids as they surf the Internet. |