I’m Steve R. Smith. I live in Houston, where I work in customer success

I still remember when I saw my first computer. It was 1983 and I was 13 years old. I'd never heard of computers but when my friend showed me his Apple IIe, I was blown away. I went home and mentioned it to my dad, hoping that he might pick up my not so subtle hint. Fortunately for me, he did! I remember him bringing home my own Apple IIe and I was thrilled. It was soon set up in my room.

I learned some Apple Basic and started hanging out "online". There were many late-night programming sessions. Back then online meant checking out various Bulletin Board Systems (BBS) via a dialup modem. The AppleCat II was rated for 1200 bit/s at half duplex and 300 bits/s full duplex via twisted pair copper (aka "phone lines").

I vividly remember being impressed by a guy at school's BBS system. He ran it off of two 5.25" floppy drives and a RAM drive. As it gained more visitors, he eventually bought an external Hard Disk 20SC - that's a whopping 20MB of storage. That's just about laughable today but at the time, we thought "how could anyone ever use that much space"?

By the time I went to college, there were IBM as well as IBM clones (aka "the PC") available. I don't remember how I got one, but I did have an IBM clone towards the end of my studies. By the time I finished school in 1996 employers had been realizing the value of computers for years. Unbeknownst to me, the Windows server operating system had been out since 1990.

When I started working for Deloitte and Touche in 1997 and Ernst & Young in 1998, the Windows server operating system had gained significant prominence. This time period was when I first started learning and understanding what server operating systems could do in the workplace.

My first job at E&Y was conducting General Controls Reviews. If the controls were strong enough, the auditors could rely on the system's outputs for their Financial Audit work. GCRs are where I started learning about how servers were backed up, disaster recovery plans, access controls, and patching.

Around 1999, I helped identify the need for a Penetration Assessment aka Ethical Hacking. I asked the Manager running the engagement if I could shadow (meaning - work but don't charge time to the client) the job. I started hanging out nights with the guys assisting with the assessments and performing GCRs during the day.

After a year learning about networking and services like DNS, SMTP, SNMP, NFS, and how to compromise systems, I was able to move into the security group. I stayed at E&Y longer than most of companies I've worked for over the life of my career. I performned Penetration Testing work including internal/external assessments, war dialing, "war driving", social engineering. I was also the lead instructor for Ernst & Young's course, Extreme Hacking: Defending Your Site.

After about 7 1/2 years, I moved on. And really, ever since then I've considered myself a technology guy. The rest is kind of history. I've been a Cybersecurity professional for the last 25 years. I've continued to learn new skills, technology, and challenge myself.

That learning includes building WordPress websites and a static website with Next.js and deploying it to Vercel (this one in fact). I learned how to convert applications from how they may have run to instead running them inside Docker Containers. That usually meant writing my own Dockerfiles and docker-compose files but I've also used those provided by Open Source maintainers.

I've learned how to build software using a CI/CD tool like Jenkins, how to build and operate servers in Amazon AWS EC2, how and why we need Elastic Load Balancers, and how to properly create and manage Security Groups. I have also learned a lot more about how to program using Python, React, and Next.js.

If you are interested in seeing what I've been building recently, head over to my projects page.