• United States



My Mac turned a Mule into an”Ś

Apr 10, 20073 mins
CareersData and Information SecurityIT Leadership

Shortly after I began my job as Chief Information Security Officer at Georgia College, it became clear that I needed to find a new way to manage my files and work papers. I had filled my filing cabinets to burst capacity. I archived what I could but between the policies, procedures, statutes, manuals, I needed to have ready access to many documents in short order.

I plugged on for a few more months and one day I scanned our network only to find a vulnerability that I was told had been handled. I fumbled through notebooks of scan results never finding the notebook that I was looking for. In the south we use a phrase, “grinning like a mule eating briars”. This was the look that our lead System Administrator was sporting. Well, I had had enough of this. I had to find something new.

I poked around looking for an easy to learn, rapid development, database management system for my Mac. Admittedly, though it pains me to say so, this is a shortcoming of the Mac. Apples ship only with the core data service, which is NOT a fully fledged database management system. I finally settled on FileMaker Pro (which has a PC version as well). After a lot of headaches, therapy, and scotch whiskey I managed to complete the task of going digital with all of my work papers. Now I simply search in the appropriate database for a record or set of records that I need and shazaam (imagine a poof of smoke here) there it is.

Now I could turn the tables on the System Administrator. I scanned the network again, input the data into my FileMaker Pro database”Ś and waited. The cunning System Administrator, camouflaged with unix shell commands wouldn’t escape me this time. He responded to all of my posted vulnerabilities. The trap was set. I had documentation that he claimed he had addressed the vulnerability. I scanned again. AHA! It was still there, I had all the proof that I needed.

This time when I brought the ever present vulnerability to his attention he wasn’t smiling like the proverbial mule, but he did look like an a__! I have since used databases in my policymaking and planning efforts because of their innate ability to filter, sort, merge, export, and import data. There is an upfront cost in labor to develop the database, but the rewards, in my opinion are phenomenal.

Chad McDonald, CISSP, CISA, C|EH, PMP is a Senior Professional Services Consultant with Imperva. Chad has worked previously at National Student Clearinghouse, Centers for Disease Control and Prevention, Georgia Department of Audits and Accounts and is the former Chief Information Security Officer at Georgia College & State University. Chad has addressed numerous groups on topics such as business continuity planning, incident response, and information security awareness. Chad has spent the bulk of his career building, managing, and assessing information security for educational and research organizations. Chad has earned multiple professional security certifications. He is a member of the Information Systems Audit and Control Association as well as InfraGard, an FBI Task Force charged with protecting the nation's information infrastructure. Chad is active in the security community He worked with law enforcement agencies to assist in the prosecution of the first computer crime on record in Georgia and continues to assist local and state authorities with computer based investigations. Chad has investigated computer and computer-related crimes for local and state law enforcement agencies. Chad is an avid Mac user, since he was rescued from the dark side eight years ago. He currently conducts the vast majority of his work using a MacBook Pro and a MacBook. Chad looks forward to the day that he can stop referring to himself in the third person and actually pay someone to write his bio for him. The opinions and statements expressed here are those of Chad McDonald and in no way reflect opinions or statements of any employer or organization with which Chad is affiliated.