Please allow me to introduce myself. My name is Jon Molesa. I have around 15 years of experience in IT and Information Security. I am local to Charlotte, NC and a North Carolina native.
I became insterested in anything electronic at a very young age. I would tear apart every toy that took batteries or had moving parts. Mostly because I wanted to see how it worked. I also used to tell everyone that I was an inventor and would attempt to reassemble the components into something else more useful for my purposes. Understandly, this really got to my parents. They could not understand why I was destroying toys that they had worked so hard to purchase for me.
After sometime I guess they realized that their oldest son was a geek and they bought me a 180-in-1 electronics kit. This kept me busy for a while building various alarms, motion sensors, fm receivers and broadcasters, and studying diods, resistors, transformers, relays, leds, capacitors, and switches.
Some years after that my parents were offered a time-share sales pitch get-away weekend. For staying the whole weekend they would get a Commadore 16. I now realize that they did this mostly for me. Thanks Mom and Dad. I can’t tell you the number of hours that I spent on that computer hooked up to a really old Television. It had no permanent storage and no Internet. But, I could write programs on it. The libraian at my elementary school learned of my computer and copies a bunch of programs from some where for me.
I would key each one in and then run it. If I made a mistake, I had to retype the whole thing all over again. If I wanted to run the code more than one, I had to type it all over again. Dispite this, I was in love. I couldn’t wait to get home to write code again.
It wasn’t until 1997-1998 that I experienced the Internet. I had purchased my own laptop from Gateway and an account with a local ISP. I would spend every night, until far past everyone else had gone to sleep, surfing the Internet. Downloading content. Reading various pages that interested me. Chatting with new “Internet” friends and girl friends.
I missed the whole BBS era and even AOL. I did try AOL, but quickly determined that it wasn’t for me and was some weird AOL only version of the internet.
After a false start I finally setteled on going back to school. The goal was to become an Architect. I went 2 years to Catawba Valley Community College. I worked hard on my grades and graduated with an Associate Degree in Science. I then went to North Carolina State University. Unfortunately I didn’t get into the School of Design. Which meant that I wasn’t going for Architecture. I thought that I would get a degree, any degree and something easy, and afterward I would go to graduate school for Architecture.
Somewhere early in my first semester I became interested in computers, cryptography, servers, websites, and other creative Internet related technologies. Not only was I interested in it. The knowledge came easy. I could pick up the necessary skills rather quickly compared to my friends. They all would ask me for help.
I looked at switching my major to Computer Science, but I had taken the wrong math classic at the community college. I needed Calculus based math and science credit. Most of the ones that I had were Trig based. I would essentially have to start back at year one to switch to Computer Science. This was something the parent were not willing to pay for.
About that time the NCSU College of Management began offering a concentration in Management Information Systems. I promptly signed up for those classes. It was sold as a ciriculum to teach students how to speak to the geeks and the managers. Kind of like that guy from Office Space. “I’m a people person. Why don’t you understand that?”. I did very well in these computer classes, but the rest of management wasn’t as easy or interesting as I had hoped.
After graduating NCSU I took a couple of job doing Microsoft Access Database development. I worked for a Fortune 100 company. Like most orgs that size they had a web proxy in place. I didn’t like them seeing what I was surfing so I would tunnel my traffic to bypass the filters.
After almost 2 years in that job I decided that I wanted to start my Information Security Consulting business. I opened shop in downtown Taylorsville, NC. The problem was, that no one in that little town needed or was interested in hiring me for security related projects. Everyone wanted a website or viruses cleaned from their computers. So, I changed focus. I started developing php websites. I did it mainly because of customer demand and the need to pay bills.
This continued until around 2007. Two of my largest cleints began having financial troubles and one completely shut down. Eventually I had to look for a full-time job as I know had a wife and a mortgage.
I started working for Classic Graphics, Inc. as a developer/sys admin. Since most of my background was in linux I ended up taking on various responsibilities for our linux servers. I continued to learn all along the way and picked up new skills relatively quickly. I still had a deep interest in infosec and would look to give suggestions or advice for hardening or securing our sevices and servers.
When we became ISO 27001 certified I was offered the job title of “Information Security Manager”. It has been a fun filled 7 years with Classic. I have learned a lot and have certainly grown professionally. All the years of quiet study, following every security related blog or website I could find, and going to conferences on my own dime was paying off.
I then earned my CISSP certificate. And I hope to have soon completed the requirements for the OSCP certification. I now once again attempting to build an Information Security Consulting practice. Rather than focus on the broader scope of Information Security, I am currently only offering penetration testing services.
I have played around with various attacks and techniques over the years. The nice thing about the OSCP is that it brings them all together in a formal program. It has provided the validation that I have needed in this area.