I am guest speaker at the Bath Area CyberSecurity Cluster being held in Corsham this week (tomorrow). You can book tickets via Eventbrite. Kicks off 1600hr so if you're coming I will see you there and try not to bore you into a coma. My topic of choice is Insider Threat. Not selling product, educating the masses and doing a favour for the maestro that is Andy Cuff.
Today I lost a good friend from the security community.
Richard James was a security technologist and one of my friends. We first worked together in the fires of what became VirginMedia. I came out of self imposed retirement after selling SmoothWall to head up a fledgling part of NTL the former cable TV telco and broadband provider. Richard worked for the security team at Telewest the other UK cable incumbent provider, the crux being that NTL and Telewest both owned by Barclay Knapp would come together to form VirginMedia.
I joined NTL at a time when I didn't want or intend to be working. I made my money and retired in 2003 and had no reason or intention of being employed having exited SmoothWall and I certainly had no reason to want or need to work with idiots. So imagine my surprise when I got talked into digging NTL out the crap to go in to head up what would not even be know as cybersecurity but as a security customer function. Going to war daily with the existing "hardware network and security guys". Working alongside some great folk many of whom I am still friends with who actually got little credit for keeping a 7m user network alive, whilst their better paid bosses did little of anything credible and took the credit.
I scared the crap out of folk at NTL. I was hired to get them out the proverbial and to realign their MTAs and their caches, their ability to reduce customer services calls from tens of thousands of infected customers and a badly deployed platform that I used to root at will and hence why by the time I left I was reporting direct to the Chairman and was his personal security and goto guy for securing his Gloucestershire mansion and his London townhouse. By the time I left I was part of the team acquiring Telewest and also involved hands on with the merger meetings that very few people knew about at NTL even people who I had to work with every day. Richard came along as part of the acquisition and was part of a small team of security folk who had worked miracles.
Press and customers assume a telco is well organised. Telewest wasn't. It was a sinking technical ship and their mailservers in Liverpool were held together with tape and string and they took our lead in walled gardening customers and understanding how I built out whitelisting and greylisting and replaced Sieve rules and the dumb stuff that we inherited when I joined that made little to no sense.
It was just as hard for the incumbent security staff and management who were mostly traditional Cisco types with almost no useful skillsets and rightly they ran scared, and rallied to kick back and anybody who knows me knows that is when I'm at my best - I genuinely am not going to back down and I don't need the hassle or the money. If I tell you something is broken and it needs fixing or it will be hacked take it as read. If the network team don't rate it as a risk trust them or me.
Difference is I already hacked it and here is your data on a USB key. An exercise we used to play out in the CEO's office whenever the network team would try to ask for my head on a stick whilst I proved them to be old school and lacking in skills useful in dealing with modern cybercriminals. One Sunday I remember rooting an entire platform remotely and copying 300k subscriber bank account details to an external drive and then walking into the CEO's office and putting it on his desk after the network team had told them the platform was secure. Richard wet himself laughing.
It must have been hell for them because with all the CISSPs and certificates in the world they'd never met a hacker before and it was like taking candy off the proverbial baby. Even if I did take a £100k+ paycut to take the job to kill time rather than sit at home it was still hopefully a learning curve for their future careers. Richard got it, he'd back me up regularly.
Luckily NTL had some amazing management in the form of Steve Townsend, Dom Forrest and Justin Leese who would sit back and just let me do whatever I wanted. Consistently I would prove the point that it wasn't about me being right and them being wrong but the fact that I would regularly break into critical systems and platforms, and they wouldn't see me coming. It made life fun, that and the fact I had written into my contract I never had to wear a suit and could work from home.
There is a well known story that during this time I got bored went to Spain for two weeks and replaced myself with a server running Perl scripts outputting Acrobat PDF reports on a cron that created daily emailed management reports and nobody was any the wiser. It was essentially money for old rope and it wasn't hard to shine in a bucket of crap. Richard thought it hilarious someone could drop off the face of the earth and replace himself with nine Perl statements, Postscript and QMail. A fact nobody knew apart from a few other folk in the security team.
Richard got it, he understood the changing face of security. We had long discussions night after night during the acquisition process and we became firm friends at a time when people were reapplying for their jobs. He made himself safe by being honest, stoic and steadfast and able to translate some of the threat management and identification stuff into a platform at Telewest pre acquisition. He even became part of Chatham House rules projects with me with the intelligence services that only senior management at NTL and Telewest had awareness of. Working with the betting industry, the Post Office and major banks on DDoS issues and threat mitigation. One evening Richard and I along with Nigel Beighton (then LastMinute.com) found ourselves sat having dinner in The Dorchester Hotel in London with MI6 and Whitehall security folks, it was hilarious it was like being at school and being invited to sit and eat with the teachers. We felt out of place even though we were there for good reason. After the 7th July attacks on London that feeling accelerated with us both spending time working in London with the intelligence community.
When NTL and Telewest joined forces Richard became part of the host security team. I knew I'd had enough, I was bored. I was exiting stage left knowingly to go do exiting stuff first for Bell Labs in California and Lucent Technologies (pre Alcatel) and then to San Mateo to do Zimbra.
We kept in touch and talked regularly and met up at security shows and were supposed to have dinner this week but my wife and I had tickets to go to a music concert Tuesday night. He was down from Glasgow at Aztec West where he was staying while working for T-Systems in Germany doing security work with their partner EE the multiplay cellular broadband player.
On Wednesday night we talked till 1am. We talked about doing another startup sometime in the distant future to give ourselves something to do when we hit our 50s which isn't too far off and where just like SmoothWall we'd throw the rule book out the window and we'd employ our friends.
We talked about family, he was madly in love with his partner who had been in a massive car accident 18 months ago and was about to have to face court to get damages. How he'd been so grateful that fateful day that she had been driving his BMW which gave her a survival chance in the impact with a commercial goods vehicle. He knew I was happy, he was happy I was finally a dad after having spent the majority of my adult life in a very unhappy relationship where I would never have been one. He told me regularly I was punching above my weight with my amazing wife. We talked and laughed till 1am. He said that he was proud that my name would crop up in conversations and he could say he was my friend. That was one of the last things he said to me less than two days ago. It will stick with me forever.
Thirty six hours later I am sat having lunch when I receive word he had died suddenly this morning.
He was my friend, he liked music I couldn't dance to, he had a sense of humour that would make you laugh till you hurt. He was a talented technologist, a man who loved his family and who was honest decent and true.
Richard James you were part of the change from traditional bricks and mortar security to a time where security is more intrinsic and fluid than ever before. I will do another start up one day and I will do it knowing you'd have been part of it and made it successful. You were one of the good guys, nobody could say a bad word about you. You made a dent in peoples lives and you were the difference I am sure in me not embedding folk in whiteboards back in the day. A constant source of fun, bright eyed, a bundle of fun and utterly reliable to your core. A true friend.
Rest in peace buddy, I am stunned at your passing and bereft that you aren't around to tell me crap jokes and be my DJ.
I keep being asked "how do I get involved with what you're recording and putting out on your podcast ?". Well the simple answer is you have to be brave enough to stand in front of a field recorder in the bowels of The Moscone and talk to me. I'm recording all day today and Wednesday and there are still slots free.
Remember I AM a journalist so you have to treat me as such when we talk, this stuff goes public fast so think about what you're going to say and enjoy the ride.
Usual caveats apply. This podcast is meant for entertainment purposes only. Your mileage may vary. Do not try this at home. Void where prohibited. Some assembly required. Do not use while operating a motor vehicle, heavy equipment or when configuring an OpenStack architecture. Podcasts may be too intense for some listeners and children under 30 years of age. Please remain seated until the podcast has come to a complete stop. Studies have shown regular exposure to these podcasts causes increased weight gain. I am not a professional, I have no training, I'm not even particularly good at horse whispering. Don't believe everything that you know. Please keep your hands in the vehicle at all times. Do not tap on glass. Do not eat anything that has been on the floor for more than 3 days. Keep your hands to yourself. Not to be taken internally etc etc.
I recorded and released a show with the legend that is Josh Bressers from Red Hat and that recording is out now, click below to listen or goto iTunes, Player.FM or Stitcher (links in story below).