|
Stephen Mencik, Senior Principal Systems Engineer, Raytheon Corporation
Stephen Mencik is a Senior Principal Systems Engineer for Raytheon Corporation. He has worked in computer and network security since 1981, and was a charter member of the Department of Defense Computer Security Center. He helped to evaluate and design the security for many major Defense Department systems including the Defense Data Network, Defense Messaging System and the NSA's Electronic Key Management System. He is trained in NSA's INFOSEC Assessment Methodology and is a Certified Information Systems Security Professional.
More about Steve...
How did you get started in security? I was recruited out of college by the National Security Agency. My first day on the job was also the official 1st day for the Department of Defense Computer Security Center, making me one of the charter employees.
What non-IT related job experience have you had? I currently run Mencik's Sportscards, a collectible cards company (mostly baseball cards). As a teenager, I worked as a stock clerk in a bookstore and as a maintenance person at a school. One summer during college I worked on an assembly line making printed circuit cards.
What work-related accomplishment are you most proud of? I have been a security evaluator for many critical systems including the Defense Data Network, the NSA Electronic Key Management System and the Navy's RADIANT MERCURY guard. However, the task that has brought me the most press was the security evaluation of the FBI Internet wiretap tool called CARNIVORE.
Who are your security "heroes," in other words who has influenced you most as a security professional? I'm not sure that I really have any "heroes" that have influenced me. I have had many good teachers and co-workers along the way. The greatest influence would be with my experience at NSA. The basic philosophy for the evaluation group there was "just say no." I never thought that was particularly helpful. I set out to try to change that, by being able to point out to a customer what was wrong with a system and try to suggest changes to make it more secure. The report I wrote on RADIANT MERCURY was the first evaluation report done by NSA's C Group that was completely released to the customer without a caveat that the customer needed to come back to NSA to request further distribution. So, in that sense, the folks I first worked for were kind of negative heroes. If I have to pick a hero, it would be Willis Ware. His pioneering work at RAND and his famous Ware Report are still relevant today and is still a good first read for beginning professionals.
What are your hobbies? Baseball card collecting. I used to bowl regularly until I had my knee torn up 10+ years ago playing softball. I also like English Darts but no longer play in leagues.
What one book would you like to be stranded with on a desert island, and why? The Bible. What other book is there that contains the ultimate message of hope? That is clearly something you'd need if stranded on a desert island.
What do you like the best about your job? Due to the classified nature of the work that I do, I can't take my work home with me. That tends to make for flexible work hours and generally only a 40-hour work week.
What do you like least? Being a government contractor, I can only give advice. I don't have any authority to make things happen. Sometimes the budgetary and other bureaucratic processes tend to make things drag on for much longer than they need to.
What words of wisdom do you give to other security professionals? I'm not much on passing out pearls of wisdom. The basics of computer security are really common sense. If you are in the trenches managing a corporate network, make sure you keep up with all the appropriate security Web sites (like SearchSecurity), vendor mailing lists and CERT advisories. The best thing you can do is to make sure your users and managers really understand that security is a real issue. |
