If LAN is legacy, what is the UN-legacy...?

JaredBusch

@scottalanmiller said:

Do you mean about the size of the company, MSP vs. in house and that aspect?

Yes

scottalanmiller

@wirestyle22 said:

My next step has to be making myself marketable if that is the case. Any advice? I have the experience on paper but I definitely need to tighten my knowledge.

Well, the first step, IMHO, is deciding on your career goals. You need to know what will make you happy, what you want to do, where you want to go, what you are willing to do, etc. You need those answers first. Then you need a loose roadmap for education, resume building, experience gathering, etc.

IT is a huge field, lots of ways to get to different places.

http://www.smbitjournal.com/2014/12/its-a-field-not-a-road/

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

I don't know what it would look like, but I really believe that there needs to be some kind of highly visible IT skills market. Something with way, way more info and matchmaking than anything out there today. The ability for companies and IT Pros who need each other to find one another is horrific. If the best job for me was next door, and I was the best candidate for them, the chances that we would find each other is near zero, even if we were both seeking each other at the same time.

I totally agree with you on this. Someone go find some venture capital to start a company. I could work for a startup, but i know myself better than to think I could build a startup.

I can't do either any more. I'm too stodgy for a start up these days.

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

Do you mean about the size of the company, MSP vs. in house and that aspect?

Yes

This is the only one that I have, basically talking about how tiny departments lack the breadth necessary to be useful.

http://www.smbitjournal.com/2013/02/the-smallest-it-department/

I don't know of any publications other than that that have talked about that aspect, I'll keep my eyes open.

wirestyle22

@scottalanmiller said:

@wirestyle22 said:

My next step has to be making myself marketable if that is the case. Any advice? I have the experience on paper but I definitely need to tighten my knowledge.

Well, the first step, IMHO, is deciding on your career goals. You need to know what will make you happy, what you want to do, where you want to go, what you are willing to do, etc. You need those answers first. Then you need a loose roadmap for education, resume building, experience gathering, etc.

IT is a huge field, lots of ways to get to different places.

http://www.smbitjournal.com/2014/12/its-a-field-not-a-road/

I know I enjoy server administration and network administration. I'm not a huge fan of SQL. That's really it. I've operated under the notion that I can learn anything and have adapted to every job I've taken.

scottalanmiller

@wirestyle22 said:

I know I enjoy server administration and network administration. I'm not a huge fan of SQL. That's really it. I've operated under the notion that I can learn anything and have adapted to every job I've taken.

That's pretty broad What geographic region are you in? What industry verticals have you been in? Are you free to relocate?

Few things did more for my career than having no geographic location. I went anywhere for work and that allowed me to be employed faster, at higher rates, more often than most anyone else. I went anywhere for the work. Kind of sucks, also gets you out seeing things. I worked in something like seventy cities between 2004 and 2005 alone! (Cities, large villages, whatever.)

Deleted74295

The biggest problem @scottalanmiller @JaredBusch with a match-making site is how do you sort out the liars?

I'm sure I've not seen even half the candidates you two have, yet when you have a candidate who claims to have done xyz then fails to explain the most basic fundamentals about it.

I'm not talking about "Explain this model to me, or how does this exact thing work" more like general concepts.

wirestyle22

@scottalanmiller said:

@wirestyle22 said:

I know I enjoy server administration and network administration. I'm not a huge fan of SQL. That's really it. I've operated under the notion that I can learn anything and have adapted to every job I've taken.

That's pretty broad What geographic region are you in? What industry verticals have you been in? Are you free to relocate?

Few things did more for my career than having no geographic location. I went anywhere for work and that allowed me to be employed faster, at higher rates, more often than most anyone else. I went anywhere for the work. Kind of sucks, also gets you out seeing things. I worked in something like seventy cities between 2004 and 2005 alone! (Cities, large villages, whatever.)

Tri-state area east coast U.S.
I have worked as desktop support in a major hospital.
Server administrator for a few doctors offices (I am still--sidework)
Everything under the sun for my current job (I am the IT department). I listed my setup here above somewhere. I've been learning as needed but I really need to hunker down and learn everything to my standards--which I haven't yet. I'm an extremely detail oriented person but I don't know where to invest my time.

coliver

@scottalanmiller said:

@wirestyle22 said:

I know I enjoy server administration and network administration. I'm not a huge fan of SQL. That's really it. I've operated under the notion that I can learn anything and have adapted to every job I've taken.

That's pretty broad What geographic region are you in? What industry verticals have you been in? Are you free to relocate?

Few things did more for my career than having no geographic location. I went anywhere for work and that allowed me to be employed faster, at higher rates, more often than most anyone else. I went anywhere for the work. Kind of sucks, also gets you out seeing things. I worked in something like seventy cities between 2004 and 2005 alone! (Cities, large villages, whatever.)

This was one of the things I noticed when looking for a job last year. I was lucky enough to find something local but if I didn't I would have been forced to move to one of the surrounding metro areas. Or try and work remotely, which I'm not sure how well I would have done.

wirestyle22

@coliver said:

@scottalanmiller said:

@wirestyle22 said:

I know I enjoy server administration and network administration. I'm not a huge fan of SQL. That's really it. I've operated under the notion that I can learn anything and have adapted to every job I've taken.

That's pretty broad What geographic region are you in? What industry verticals have you been in? Are you free to relocate?

Few things did more for my career than having no geographic location. I went anywhere for work and that allowed me to be employed faster, at higher rates, more often than most anyone else. I went anywhere for the work. Kind of sucks, also gets you out seeing things. I worked in something like seventy cities between 2004 and 2005 alone! (Cities, large villages, whatever.)

This was one of the things I noticed when looking for a job last year. I was lucky enough to find something local but if I didn't I would have been forced to move to one of the surrounding metro areas. Or try and work remotely, which I'm not sure how well I would have done.

That is where I'm at. I don't think my knowledge is anywhere near strong enough to hold up in a competitive interview. As a matter of fact I know I'm not. That isn't to say I couldn't do any job that I was hired for, but at my current level I have to look a lot of things up and I'm positive that I am missing pieces of knowledge that could make me look less knowledgeable than I actually am.

I guess what I'm asking is what should I be studying? Network+ MCSE CCNA exam study material?

Deleted74295

http://mangolassi.it/topic/7840/how-do-you-find-the-right-employer

Setup a new thread for this topic, we might be able to brainstorm some solutions.

Dashrender

@scottalanmiller said:

Maybe there are, but even in the places where IT Pros feel that there is no work, I often talk to companies that still can't find people.

There are definitely companies like that here, but what they want is someone with 10+ years experience, plus a masters in either electrical or mechanical engineering for their engineers.

Hell for their junior personal they want undergrads with engineering degrees.

Granted this is only one company.

Is the IT Generalist going the way of the dodo?

Dashrender

Relocating would be nearly impossible for me. My wife would hate moving away from her family. Me - I have no family here other than my wife.. so I'll go nearly anywhere.

wirestyle22

@Dashrender said:

Relocating would be nearly impossible for me. My wife would hate moving away from her family. Me - I have no family here other than my wife.. so I'll go nearly anywhere.

I am in the exact same situation.

scottalanmiller

@wirestyle22 said:

I guess what I'm asking is what should I be studying? Network+ MCSE CCNA exam study material?

So the Network+ I recommend to everyone. It's just good base knowledge.

The MCSE is good if you want to work as a Windows Systems Admin or Engineer, but not if you don't.

The CCNA is the first baby step on the path to working as a Cisco-focused network admin. This does not align in any way with your descriptions of jobs you are interested in. This is a wholly different path than you have been alluding to. And on its own it is a useless cert, too junior to get you even an entry level job as a Cisco Admin and too focused to be useful to a generalist.

dafyre

@scottalanmiller said:

@wirestyle22 said:

I guess what I'm asking is what should I be studying? Network+ MCSE CCNA exam study material?

So the Network+ I recommend to everyone. It's just good base knowledge.

The MCSE is good if you want to work as a Windows Systems Admin or Engineer, but not if you don't.

The CCNA is the first baby step on the path to working as a Cisco-focused network admin. This does not align in any way with your descriptions of jobs you are interested in. This is a wholly different path than you have been alluding to. And on its own it is a useless cert, too junior to get you even an entry level job as a Cisco Admin and too focused to be useful to a generalist.

If you get your Network+ certs and decide you want to go more in depth into networking, I'd definitely recommend the CCNA classes. If you get a good instructor, you'll be in good shape. The beauty of things like Network+ and CCNA, is that the ideas are all the same, no matter what networking vendor you ultimately settle on.

I got my CCNA, and a year later landed a job that had 1 Cisco router and 50 HP Switches. Terms change, and a lot of the jargon changed... But the ideas still remained the same.

adam.ierymenko

@scottalanmiller "designed solely around maintaining the LAN ideologically rather than replacing it."

I'd disagree with that, at least insofar as ZeroTier is concerned. It emulates a LAN because it's convenient to do so: everything just works and software can just speak TCP/IP (or any other protocol). But if anything the goal is to embrace the post-LAN world and evolve away from the LAN model. Making LANs work like Slack channels is a step in this direction.

I really like what you wrote above and some of it is exactly what I was thinking when I first started working on ZeroTier years ago.

ZT solves multiple problems: (1) a better p2p VPN/SDN, (2) mobility and stable mobile addressing, (3) providing (1) and (2) everywhere including on vast numbers of WiFi, carrier, and legacy networks that do not permit open bi-directional access to the Internet. Internally we view the existing Internet/Intranet deployment topology with its NAT gateways and such as "the enemy." NAT in particular is the enemy and "break NAT" is an internal development mantra.

An analogy would be RAID, which seeks to achieve reliability using arrays of unreliable disks. In our case we want to achieve a flat reliable global network by running on top of an inconsistent, half-broken, gated, NATed spaghetti mess.

IPv6 should have done these things but didn't and probably won't unless IPv6 mobility becomes a real thing and unless we can convince millions upon millions of IT admins to drop the concept of the local firewall. If IPv6 ever does do these things we'll probably have to wait for the 2030s. If that ever does happen ZT was designed with migration paths in mind. Hint: 64-bit network ID + 40 bit device ID < 128-bit IPv6 address.

Our long term target is not AD or other LAN-centric ways of doing things, which is why we haven't built deeply into AD the way Pertino has. Our long term target is Internet of things, mobile, and apps. If you pull the ZT source you can see this: the ZT network virtualization core is absolutely independent of any os-dependent code and is designed to be able to (eventually, with a little bit more work) build on embedded devices.

Dashrender

The biggest concern I see from something like ZT and Pertino is the breakdown of the protections that users get from simple routers - no even counting firewall features. i.e. ethernet packets (MAC based) traditionally can't traverse routers, therefore devices can't be attacked with these lower level MITM attacks that hear hear about on wireless networks, etc.

Am I concerned for nothing?

adam.ierymenko

@Dashrender The answer is a huge pile of "it depends." It depends on protocol, application, OS, etc.

If you're running a closed/private ZeroTier network, then you're not at much greater risk than if you have a VPN. A public ZeroTier network is obviously exposing you a lot more, but keep in mind that every time you join a coffee shop, hotel, university, or other public WiFi network you are doing the same thing. Every time you join someone's WiFi you are exposing L2.

So the risk is not as great as you might think. A lot of people think "ZOMG! my machine is exposed I will get hax0r3d in seconds!" This is mostly an obsolete fear. OSes today are a lot more secure than they were in the late 90s / early 2000s when we had remote Windows vulnerability of the week and LAN worms were commonplace. You can still have problems if you have a bunch of remote services enabled but most OSes no longer ship this way.

If you have ZeroTier and join 8056c2e21c00001 (Earth, our public test net) and ping 29.44.238.229, that's my laptop. If you don't get a ping reply it probably means it's asleep. Obviously I am not worried about it. Of course the only remote service I run is ssh and I don't allow password auth so there isn't a lot of exposed surface area.

There is still some risk of course. The only way to perfectly secure a computer is to turn it off.

As far as MITM goes, there are a couple answers there and it depends on the nature of the attack. Network virtualization layers like ZeroTier are generally more secure than cheapo switches or WiFi routers in that the MAC addresses of endpoint devices are cryptographically authenticated. It's harder to spoof endpoints, though it's not impossible. On ZT you can't spoof L2 traffic without stealing someone's identity.secret file. It's a bit like a wired network with 802.1X.

The only wrinkle is Ethernet bridging, and that's why bridging must be allowed on a per-device basis. Normal devices are not allowed to bridge.

But... the real answer to MITM is: never trust the network. If you are not authenticating your endpoint cryptographically then you are vulnerable to MITM on every network. Use SSL, SSH, etc. and check certificates or you are not safe.

adam.ierymenko

@Dashrender Finally, you can count me in the "firewalls are obsolete" camp. I've worked infosec before. During my tenure we had many attacks, and zero were naive remote attacks that the firewall did anything to stop.

A short summary of real world attack vectors we saw: phishing, phishing, phishing, phishing, phishing, malware, phishing, drive-by downloads, phishing, and phishing. Did I mention phishing? The least secure thing on the network is the meat bag behind the screen, but in all of the above cases the firewall is worthless. That's because all those threat vectors are "pull" based, not "push" based. We had malware get in through the web, e-mail, Dropbox (with phishing), etc., and in all cases it was pulled in over HTTPS and IMAPS links that happily went right through the firewall.

Firewalls are dead. Thank the cloud.