(Photo courtesy of Phil Hagen)
Phil Hagen has been working in the information security field for over 15 years. Currently, he’s a technology evangelist for Red Canary (a startup specializing in detecting cyber threats). He’s also an instructor for the SANS Institute’s FOR572 course: Advanced Network Forensics and Analysis.
Fighting data breaches requires heavy multitasking and a hyper-focus on minute details — that’s partially why Hagen cofounded Beach Desks.
Hagen enjoys his space in Rehoboth, but he doesn’t like to stay put for long. He’s traveled everywhere, from Bangalore, India and Sydney, Australia to California and D.C., just to name a few.
“As long as I have my laptop and an Internet connection, I can work with the Red Canary and SANS teams the same as if I’m at home,” Hagen says, “I strongly believe the concept of ‘going to an office to do work’ will start to decline steeply in the near future.”
Here’s how Hagen stays focused, wherever he may be.
What’s it like on the day-to-day at work?
I’m behind the keyboard almost constantly. Most days, I’m crossing stuff off my to-do list, testing new technologies, or interacting with the teams from SANS and Red Canary on the next big task at hand.
One day I might be creating new processing platforms and evidence parsing routines to test for the next revision of the FOR572 course, the next I’m updating the course slide material with the latest developments in the forensic field. When I’m teaching, the days are packed with providing the course or traveling to and from the venue.
Depending on where the course is offered, that can mean anywhere from 3 to 30 hours of travel time. Of course, in the middle of all that, I’m talking with perspective Red Canary customers about how we can help them improve their threat detection capability and give them a better advantage against attackers that seek to steal their sensitive and proprietary information. I have to get a solid understanding of their environment — both technology and process — before I can form a credible recommendation on how Red Canary can best support their information security program. Communication — whether in written or verbal form — is probably 50 percent of my day.
How did you end up forming Beach Desks?
Beach Desks was a product of necessity. I was working almost exclusively from my home, which is fairly common in the Rehoboth Beach/Lewes area. This is ideal in many ways, but the lack of human contact is a big drawback. Some people can thrive in that environment, but after four years, it was starting to bother me.
One day, I was talking with my friend Micah Sklut, who runs the SwellInfo.com surf forecasting website — he had the same perspective as I did. After some more discussion, we decided to split the cost of an office with enough extra space to provide on-demand desk space to others in a similar situation.
Now, when someone needs a desk or conference table for a day, week, or month, we can bring them to Beach Desks as a member of the coworking space. We’ve secured a great location that’s close to Rehoboth Beach and Dewey Beach, and provide the basic creature comforts you’d expect of an office environment. Bright walls and an open floor plan keep the human element of the space a primary focus.
How often do you check your e-mail?
More often than I like to admit. However, since both of my jobs are remote work arrangements, that’s still the main means of communications — especially when crossing time zones. I reluctantly admit to keeping mail open most of the day, though I’ve tried to shift my “creating” process away from that application to avoid the distraction of new mail messages.
What is the most gratifying part of your job?
I love seeing the “good guys” gain ground in the digital arena.
For so long, even a moderately-skilled attacker could cause millions of dollars of damages to their victims. Although the news cycle has picked this trend up in the last year or so, it’s been going on for decades. Talking with a future or existing Red Canary client that found a brand new variant of malware a few hours after it executed is a HUGE win in our books — there is an awesome sense of victory.
When I’m teaching students about network forensics and investigations, I love to hear from them when they’re back in the workplace and find ways to apply the course material to their casework. We have alumni around the world, in a wide variety of work environments. Hearing that they use the material to solve electronic crimes is the best validation for the effort it takes to create and maintain the course.
When you need to take a break, what are you turning to?
I like to get up and walk around, even if just for a minute or two. I spend so much time looking at a screen that any “non-screen” time is welcome. My wife works a block away from Beach Desks, so I’ll try to walk to her office for lunch whenever possible.
When I can plan ahead for a break, I like to run or get to a gym, too. It’s too easy to get out of a fitness habit when you’re cooped up at a desk all day. Planning that kind of extended, active break is critical for me.
What’s your design and computer gear (program preference/ones you use the most, Mac or PC)?
I work exclusively from my laptops — both Apple platforms, and my preference for mobile devices is Apple as well.
I was a 100 percent Linux user from 1994 to around 2003, but the mix of usability and power that the MacBook Pro/Air provides is a great fit for me personally. I still use Linux (CentOS, specifically) on all of my server-type instances. However, the biggest thing for me is virtualization. Whether I’m using VMware’s Fusion product or Oracle’s VirtualBox software, I can run a dozen logical systems of any operating system on one physical platform. That gives me the ability to test new software or solutions in an isolated environment without the risk of messing up my main operating platform.
At home, I have anywhere between five and ten virtualized systems running on a single Linux server. Those virtual systems are always running some new tests or continuous processes that feed the FOR572 course content, or give me better perspective on using Red Canary’s service in a real environment. There’s no way I could do this work without virtualization technology.
For other software, I prefer the Chrome browser, but some sites still work better in Firefox. (Despite it being 2014, we still seem to have this problem.) I reluctantly rely on Microsoft Office’s Word, PowerPoint and Excel software mainly because so many of the people I communicate with use it. Despite the LibreOffice suite being a very capable software suite, it would be awkward to try talking to a client through installing and using that — or dealing with the inevitable incompatibilities that it brings.
I’m also a big fan of services like HarvestApp, Remember The Milk, Base Camp and Flowdock for their own functions (time tracking, shared to-do lists, project management and intra-team communication, respectively). There are so many new applications coming online that you can integrate to your own personal workflow — it’s hard to keep track.
Regardless, my position is that you should use what allows you to get things done most smoothly and quickly. It’s been nearly 20 years since I’ve considered myself a Windows user, but I know there are power users that get their work done quickest in that environment, which is great.
What’s one way in which you believe your day-to-day work is better now than it has been in the past? Is there something you do now (or don’t do) that has made a big difference?
Since I travel so much, the ability to take my entire business presence with me in a bag is key. Red Canary is based in Northern Virginia, but the team is scattered in four different locations today — more in the future. It doesn’t matter that I’m in Delaware — I talk with the team via Flowdock and video chat. It’s even more pronounced with the people I work with on the SANS course — they’re in at least a dozen different locations, and my instructor colleagues are teaching in a different city every week sometimes.
It doesn’t matter if I’m in Bangalore, India, Sydney, Australia, California, or D.C. — as long as I have my laptop and an Internet connection, I can work with the Red Canary and SANS teams the same as if I’m at home or Beach Desks in Delaware. I strongly believe the concept of “going to an office to do work” will start to decline steeply in the near future. I can’t wait — it will let us hire talent where it exists, rather than force us to bring that talent to a central location.
I’m incredibly fortunate to have the opportunity to live at the beach in Delaware, and work with exceptional worldwide teams from the information security sector.