CIPS CONNECTIONSINTERVIEWS by STEPHEN IBARAKI, FCIPS, I.S.P., ITCP, MVP, DF/NPA, CNP
Laura Chappell: Internationally Renowned Sr. Protocol/Security Analyst and Founder of the Protocol Analysis Institute
This week, Stephen Ibaraki, I.S.P., has an exclusive interview with Laura Chappell, recipient of the “2005 NPA International Professional Excellence and Innovation Award – Independent Network Contractor” given out at the world’s largest networking industry conference, Networld+Interop Las Vegas. The Award is sponsored by the Network Professional Association with cooperation and support including from Networld+Interop, Microsoft, Que/SAMS (Pearson Technology Group Publishing), Network Computing Magazine, Network World Magazine, Novell Canada.
Laura is the Founder and Senior Protocol/Security Analyst for the Protocol Analysis Institute, LLC,www.packet-level.com. Moreover, Laura is a widely regarded speaker and best-selling author of numerous industry titles on network communications and analysis. Her top-ranking speaking engagements include Microsoft’s Technet and TechEd Conferences, Novell’s BrainShare Conferences, and the HP Enterprise Technical Symposium. Ms. Chappell is also the founder of and Technical Advisor for podbooks.com, an Internet-based publishing company focused on packet-level communications and security. In addition, Ms. Chappell writes and provides content for a number of industry publications. In 2005, Ms. Chappell released her Master Library encompassing all books, self-study courses, video-courses and trace file interpretations. For more information on podbooks.com, visit www.podbooks.com. For more information on the Laura Chappell Master Library, visit www.packet-level.com/library.
Internationally renowned, Laura has trained thousands of LAN/WAN administrators, law enforcement officers, engineers, technicians and developers worldwide. Chappell is a member of the High Technology Crime Investigation Association (HTCIA) and an Associate Member of the Institute for Electrical and Electronic Engineers (IEEE) since 1989.
Through the Protocol Analysis Institute, LLC, Chappell founded the Internet Safety for Kids program in 2005. This program provides education and presentation services on online predators, safe Internet communications and parental and law enforcement resources. For more information on the Internet Safety for Kids program, visit www.packet-level.com/kids or contact Ms. Chappell at firstname.lastname@example.org.
Q: Laura: you have a long and remarkable history of successes in a distinguished career with many notable accomplishments. Congratulations on your fine achievement as the recipient of the networking industry’s highest international award for Independent Network Contractors, the 2005 NPA Professional Excellence and Innovation Award.
Share your thoughts on this honour and your work that led up to receiving this prestigious international award – the highest award for contractors in the trillion dollar global field of the internet, networking, communications, and security.
A: It certainly was an honour to receive this award and I thank the NPA for recognizing the Internet Safety for Kids program and this important topic. Awareness and education are our greatest resources and tasks in protecting children against online predators. We certainly don’t want to protect our children by limiting their safe use of the Internet – we want our kids to grow up as Internet-savvy individuals who can use the internet safely as the tremendous resource that it is.
The Internet Safety for Kids (ISK) program was the positive result of a very negative experience. A law enforcement officer made a presentation on Operation Avalanche at an HTCIA (High Technology Crime Investigation Association) conference. Operation Avalanche was a sting operation that netted Thomas Reedy and his wife, Janice, who ran a child pornography ring that consisted of some 250,000 subscribers. The officer making the presentation described the images of children who had been tortured into committing sexual acts with other children. Those images haunted me – I began having nightmares with those images flashing through my mind. At this point, there was a choice to be made – learn to deal with it or do something about it. After talking over the idea with my business associate, Brenda Czech, who has experience working in children’s shelters and dealing with these horrific events, the ISK program was born. Now, we create and maintain the ISK website, resource and presentation materials. By the time this article is printed, the Internet Safety for Kids book should be completed. This book was developed under the Open Publishing License to allow anyone to access and use the materials free of charge.
Q: You are a leader whose career provides inspiration and mentorship to IT Pros worldwide. What prompted you to get into computing? Describe your journey from the early years to the present.
A: Directly out of high school I started a word processing company with my best friend, Jill Poulsen. We’d both learned to use NBI systems when working in my father’s office. Then the IBM PC was released… I obsessed on it... it was the future in our eyes and we sold the business assets to a client so we could move on.
In order to get as much experience in many different companies, I then decided to do temporary work. Given my fascination and knack with the PC, I was often thrown into the role of installing and troubleshooting systems. Finally one customer (a law firm in Los Angeles) lured me into a full-time position of network administrator when they showed me a big red box of software called NetWare and stacks of IBM PCs and printers. Again, I obsessed over the software – learning everything I could about how it worked and what we could do with an actual network of systems. I decided to take a network administration course from a company called Vitek in San Marcos, California. When the instructor, C.W. Rogers – a retired naval commander, entered the room with booming voice and cutting humor, I practically stood at attention. Throughout the class I was the “student from hell” constantly tapping away at the keyboard during lectures, jumping ahead in the student manual and asking questions that were out of the scope of the class content. More than once, C.W. loudly reprimanded me for being a lousy student.
After getting the network up and running and training all the employees on the new system, I felt it was time to move on. Unsure of what to do, I submitted resumes to a number of groups – one being Vitek, the company I’d taken the NetWare course from. I was surprised one day when Audrey Pine (one of the owners) called me back to ask for an interview. I arrived ready to talk about becoming their best sales phone associate ever – given my experience, I felt I could talk the talk on networking products and possibilities. It was at this moment that she informed me that C.W. had decided that I would be an instructor – not a sales person. I was shocked and had a terrible case of stage fright (from a horrid experience in a musical at school). When C.W. walked in the room, I immediately began to shake (after I saluted him, of course). At that point, he changed my name from Laurie (the nickname I’d grown up with) to Laura (my true name) – he told me I would an instructor and that was that.
C.W. mentored me in teaching – explaining that people wanted to enjoy the course and not be bored by it. His analogies were usually hysterical and not a bit politically correct even in those more relaxed days; and I loved it!
The move to Novell was a natural one. I went to work for JD Marymee (an ex-Vitek instructor as well) in the Networking Technologies group. Our goal was to develop and deliver advanced networking courses to Novell employees, key associates and eventually the world. It was Ray Noorda’s pet project and every day was thrilling. When Novell purchased the Excelan Corporation, their instructors gave us a quick overview of the LANalyzer protocol analyzer they created. One packet appeared and I knew that I would spend the rest of my life working at packet-level. I was hooked. Ray and JD gave me the freedom to stretch my legs and learn, document and teach networking at the packet-level.
When I finally left Novell to start my current business, the Protocol Analysis Institute (which has undergone three name changes before settling in on this one), I had traveled the world to talk about networking. I had worked on a tremendous number of networks and analyzed thousands of trace files.
Although I specialized in network troubleshooting and optimization originally, it became apparent that there were some serious security flaws in many of the networks I examined. Traffic crossed the wire in plain text; unknown applications were hounding servers until they crashed; unauthorized users were spotted lurking on the network. We began to meld security reviews into our onsite analysis work.
Security and packet-level analysis are a wonderful combination – if you really want to secure your network, you really need to understand how the data moves. Where does it enter the network? What should it look like? Where are the vulnerabilities in the TCP/IP stack and the applications? Network and Internet-based attacks are visible in trace files – knowing what to look for is imperative.
Q: What compelling ten attributes provide success for IT Pros?
Q: Why are there so few woman in the field and how can this be changed?
A: Probably because it (a) appears to be male-dominated already (which often scares of women) and (b) women are too smart to get into this mess. (Just kidding.) Actually, if someone had offered me a career path in networking early on I would have passed. Sounds boring. Sounds like math. I think many women are not attracted to the field because they have not seen all the cool sides of it. We probably need to do more to represent the field in its fascinating mind-blowing image – to both men and women.
Q: You are an author and editor of many best-sellers. How did you get into writing and how can aspiring IT Pros become branded as authors?
A: I always dreamed of writing – that was my “life goal” immediately out of high school. Of course, I thought I’d write some trashy novel or maybe a spy thriller. I heard about Novell Press when I was teaching how the packets moved through the network. I figured that I could write a book just simply by putting the class material on paper. After receiving a 6 month window to write the first IPX/SPX book, I sat down one weekend and began just writing down what I would say to someone. By Monday morning, the first book draft was done!
Since then, I have learned that there are two ways to write a book. The first is when the book writes itself in your head – you know a topic well and have experienced life as a typical user of the technology. You make all the mistakes and ask all the questions. One day, you sit and jot down and outline. If there are topics still unanswered, you go study those topics. When you feel comfortable with all the areas of the topic, then begin to describe them on paper – the book eventually is “born.”
The second way is much more difficult for me. This is when you attempt to write a book on a topic you are not familiar with. In this case I find the process to be grueling and painful. More like having your teeth pulled out one by one. For many folks, however, they enjoy this because the goal is before them – they know what they must work on and the focus on the outline to guide them.
I think the IT Pros out there are a wealth of knowledge. The best way to begin a writing career is to go with the first method – write what you know about. We are all dying to hear case studies, so write one. Tell us what your networking challenge was, how you went about finding a solution, how you implemented your solution and what the outcome was. Network troubleshooting case studies are especially compelling reading. Everyone wants to hear how someone else crawled to the top of the dung heap we call network downtime!
Be certain to use your own voice in your first draft. Just “talk” to the paper as you go. If you must swear, then do so (the editors will remove it later). Put your emotions into it so we know how you felt and can emotionally relate to your story. Of course, I relate Appletalk Routing Table Maintenance Protocol traffic to a Chihuahua, and my love of ethical hacking to Sister Gerald at Catholic school, so I’m partial to personal anecdotes.
Q: Share your top ten tips for writing?
Q: Describe the process of producing best-selling courses. What are the key elements in creating a successful course? How can IT Pros get into this field? What qualities make for success?
A: The first element of writing a course is interest. If you aren’t interested in the topic it will come across in your writing and your lab exercises. It will also be an excruciatingly painful process. I know that some of you work for companies that dictate the course topic and I feel for you. You are a better person than I if you can stick with it and produce a golden egg!
Once you have your course topic, list the learning goals. What do you think the student would need to know about this topic. Now start writing to those goals. Hands-on exercises add to the learning experience so remember to include in-class or after-class exercises.
Include real world case studies whenever possible. Relate the material to the students’ world so they know they are learning material they can use.
Ask someone to review the outline before you start – many times I’ve written course outlines that have fallen with a “thud” to the floor in someone’s office. Hey – I thought an “algorithms for mathematically-impaired” course would be a hot topic… thud.
Q: You are a top-ranking speaker. What are some pointers that make for speaking success?
Q: From all the videos, courses, articles, and books you have written, compile your list of the top ten best practices and little known but highly useful tips.
Q: Tell us more about the Protocol Analysis Institute, your vision, mission, goals and objectives in the short, medium, and long term. What prompted you to start the company?
A: Protocol Analysis Institute is dedicated to researching, documenting and training on network troubleshooting, optimization and security. We believe in a full exchange of knowledge. When I do an onsite analysis of a network, I insist that the local team follow along with everything I do so they can learn from onsite. If I’ve done my job well, their network issues should be resolved and they should feel confident finding and identifying the problem by themselves in the future.
Our current goals are to research, develop and deliver new materials on the hot topics of the day. This includes Voice over IP, 802.11, security tools and tricks, network analysis and forensics and host forensics. Much of our time these days is also devoted to the Internet Safety for Kids program. We hear from many individuals and groups who would like access to the materials, have questions on the topic or have suggestions on how to get the word out.
I started the company back in 1993 to offer open training and onsite analysis services to a variety of customers. Although we are a very small company, we have strong alliances with our customers and many of the vendors who produce the tools we use and show in courses.
Q: Share your vision and secrets behind podbooks.com and Laura Chappell Master Library.
A: Podbooks.com was launched because traditional publishing houses are not interested in developing and delivering highly specialized books that may not appeal to the masses. In addition, after writing an 800-page monster, I was burned out with the traditional book writing process and frustrated that my style was often edited out of a book. Just because the topic is technical does not mean it must be dry, boring and politically correct 100% of the time, right? The Laura Chappell Master Library (LCML) gives us an opportunity to bundle all the resources, training and books into a single package. The training is available in multiple delivery formats to address buyers who learn through reading, voice-over demonstrations, or video presentations.
Q: One of the areas you are most proud of is your Internet Safety for Kids program. Why is the program your passion? What do you hope to accomplish and how can the audience participate? Share with us the details behind the recognition from the INP.
A: Internet Safety for Kids is my passion. In an ideal world, I would spend all my time developing materials and delivering this vital information internationally. As the mother of two Internet-savvy children (ages 8 and 10), my heart goes out to the children and the families who have been victims of child luring, child pornography and child sexual exploitation. Our goal is to create a freely-available collection of instructional materials that can be used to teach Internet safety to the adult audience. It is our belief that if the adults know the risks, predator luring techniques, methods of communication and signs of offender manipulation, then they will teach the children.
Q: How do you further plan to make a difference in your workplace, and community, and in academia, industry, and government?
A: Currently we have a pro bono program to provide free training on topics of security and troubleshooting to specific groups. I regularly present courses for the US Court system and various law enforcement and government groups. Often I present to schools who would like to excite their students on the possibilities in the security field. At Microsoft’s TechEd conference, I was a panelist on their Women in Technology luncheon to share some thoughts on how to interest more women in this field.
Q: Describe your responsibilities: day-to-day, tactically, and strategically. What lessons can you share with others?
A: A typical day begins in the role of “Mom.” My business as a protocol and security analyst is secondary to my business as a Mom. This means most days are not very predictable and often my strategy is simply to make it to the business meeting without Rice Krispies stuck to my shirt.
Having a very tolerant and organized associate, Brenda Czech, makes the business run. People have learned that I am often late in answering email because it piles up quickly. They know they can reach Brenda to find me when I travel. My business would not run without such help in coordinating schedules, client requests, and delivery deadlines.
Q: You have an impressive list of clients worldwide. Share with us some case studies that illustrate key philosophies, technologies, and best practices.
A: My clients are so varied in their approach to networking, troubleshooting and security.
One of my more impressive clients have an impressive lab environment that all products must go through before being rolled out on the network. Each application and host system must be checked out completely before they are allowed onto the network. One element of the application testing process requires that the tester perform a trace file analysis of the application’s traffic. This proactive step allows them to analyze and troubleshoot the application faster once it is rolled out.
Another client that supports a desktop group, infrastructure group and security group sets up a cross-training and brainstorming lunch each month for all groups. Each group shares their concerns and issues with other groups.
A medical company client often needs to be on the bleeding edge of technology to support their users and the distribution of medical information on a timely and secure basis. The CTO brings in industry experts during the pre-planning phases to identify key areas of research. They save themselves time and money by building a clear and accurate path to their goals.
Q: Illustrate by using a case study approach, what network analysis and security will look like in 2007, 2010, 2015?
A: I imagine that by 2007, our analysis solutions will become more distributed and more intelligent – offering expert systems that evaluate traffic and alert the analyst to problems in a more proactive manner. For example, continuous processing of traffic may discover that a host is sending traffic to a system that responds with TCP reset packets, a clear indication that the process is not available on the target. Although some manufacturers are moving in this direction, I think we need to see significant technical improvements and price reductions to bring this capability to the small to medium-sized business.
By 2010, we will be seeing more encryption carried up the protocol stack to the applications – I imagine performing upper-layer analysis on a misbehaving application will become more difficult unless these analyzers are able to view the commands and responses before the encryption process begins. Imagine the advantage of an analyzer agent that looks at the pre-encrypted request and compares it to the post-decrypted response to note any errors.
By 2015, we should see tremendously high-bandwidth analyzers that can sift through millions of packets per second and pull out the questionable traffic. For example, imagine being able to place an analyzer on the network backbone and immediately filter out the “known to be good traffic” in order to focus on the unusual traffic patterns. Alerts should be received on mobiles or through email systems while the analyzer begins to build the report and “check in” data for investigation.
Q: What have been your top five challenges over your career? Why are they included on your list and how did you resolve them?
A: I was forced to conquer my fear of speaking in public by being pushed in front of a room to present day after day – teaching up to 20 days a month. Receiving a few positive reviews and finding ways to bring in personal experiences and humor have also helped make presenting more fun each year.
When writers block struck, I learned to record lectures and transcribe the verbiage – a quick clean up left me with some nice articles and book chapters.
Keeping up with email has always been a challenge – empowering my associate, Brenda, to handle most customers and partners requests helped reduce the email queries sent directly to me and provides timely responses.
Traveling and teaching daily can keep me so busy that I miss opportunities and requests because I don’t have the time to follow-up on projects. Partnering with other companies such as Essentialtalk and Institute for Network Professionals enables me to have a team of individuals who identify opportunities and act on them so they won’t slip by.
Balancing family and work has been a tremendous challenge. When I started traveling it broke my heart to leave my kids behind to fly off and stay in hotel rooms night after night. These days however, I schedule my travel around my kids and take them with me whenever possible. They have traveled to Tokyo, Okinawa and Seoul with me for a US Armed Forces training. They traveled all over Australia with me on a conference tour. It can be exhausting to teach all day at a location and then get back to the hotel room to two kids who are thrilled to see Mom and want to play – but it is a good exhaustion.
Q: What are the top ten resources for IT Pros in your profession?
Q: Laura, look into your crystal ball and provide five-to-ten industry predictions. What should IT Pros and businesses look for?
A: Security will remain in the forefront of network concerns as attackers continue to pound away at their defenses. Vendors will begin to build in security mechanisms into their product and tout that as a ‘key feature’ of their software and/or hardware. Security and privacy standards will become commonplace among all countries and I imagine we will see some big corporations fall due to security breaches. Sadly, I also imagine that terrorism will rear its ugly head and cause an emphasis on hardening government and infrastructure networks.
Q: Choose three topics of your choosing and providing commentary.
A: 1) Topic 1: Working with law
2) Topic 2: Internet Safety for Kids:
3) Topic 3: Catholic Boarding School:
Q: Laura, it has been a real pleasure talking with you. Thank you for doing this interview and sharing your invaluable experiences with our audience.
A: Thank you, Stephen. My sincere thanks to the NPA for recognizing the Internet Safety for Kids program – we hope to continue to expand the content and partner with new individuals and corporations to help educate others on ways to protect our kids as they surf the Internet.