Rockie Brockway

Passion for Security

Even before my first computer at the age of 12 (Apple II+) I have been fascinated and drawn towards figuring out how things work and if they can be made to do “other” things. Early exposure to a computer quickly led to changing settings on games with sector editors and programming rudimentary programs in BASIC. These gateway drugs led me to Case Western Reserve University to study Computer Science, where I was lucky enough to be introduced to Dr. Peter Tippett and interned at his company Certus International in 1992. Certus was one of the first Anti-Virus companies (later sold to Norton) and once I was exposed to the underground BBS world of computer virus sharing, reverse engineering and creating malicious Assembly code there was no turning back. My Network, Systems and Scripting basics were honed in the 90’s where I was the first employee of one of Ohio’s first ISPs. In 2000, I started my own security services focused company where I honed the higher-level skills of penetration testing, incident response, and forensics as well as jumping into the fire of owning and running a business. After we sold that company in 2007 I continued to hone those technical skills, but my attention started leaning towards the business side of infosec. Why is security so hard? Why does the business look at security as an obstacle rather than an enabler? How does this relate to basic human nature? Risk became an obsession and I started realizing the ties to group theory, natural systems, and adaptation. The past decade I have been working these theories out (with others) and applying them in real-world enterprises as a strategic and tactical advisor. This stuff is fascinating and I believe weaving these theories in with a solid Enterprise Security Architecture model provides the most value to our clients and sets us apart from other consultants who are not looking at the larger client business outcomes. Don’t get me wrong – I still love a good DNS TXT C2 Beacon and the rush of breaching a physical target. Just don’t ask me what 8086 DOS Int 21 does these days unless I can Google it.