Home / Blog / An Introduction

An Introduction

Posted on

It is polite and proper to introduce oneself when first meeting… Hello, my name is Mark Houpt. I am the owner and operator of CommonSenseSecurity.net. I am not sure how you found this blog, maybe you were invited by me or have been one of the reasons I started this. Maybe you just stumbled across it. Regardless how you got here, I am glad you are here.

About the Blog:

The blog is for the common person to understand and discuss primarily IT security and privacy issues, theory and practice. I say primarily IT because I really want to, and maybe will expand the comments to general security issues. But general security can sometimes be misconstrued as law enforcement, “rent a cop,” or even political issues and that is not our intent.  In this blog you will see things that are general security issues, concepts or thought process, but with the IT slant.

Are you the Target Audience?

The blog is really not designed for the deep knowledge security professional, though if you are you may find it interesting as a skills refresher or grounding rod. It is not designed to compete with the outstanding “KrebsonSecurity” journalistic type security blog or even a company or product specific blog.

Common Sense Security is a blog where a security professional that enjoys teaching and conveying the security message is able to do so to a mass grouping of people. Some have accused or called me a “security evangelist” and that title I will happily wear. However, in doing so I want to ensure that the common person can understand what is being communicated. With that thought process in mind, the blog is designed so that those who desire to apply sound and common sense security principles within their small and medium sized businesses, home or life in general can learn and do so.

The blog is intended to be useful for non-security professionals so that you may understand what we the security geeks are talking about when they spout some regulation you must comply with. It is also intended to be useful for aspiring security and privacy professionals so that you can gain and increase practical knowledge. I hope that it can also be useful for the stay at home mom so that she can protect her computer from the treachery of coupon adware, understand why it is malicious, not just that it slows the computer down.

What this Blog is Not:

The blog is not intended to sell anything or be an advertisement for consulting services. I am, currently, gainfully employed and building a security program in the Baltimore, Md. area.

That said, I am not dumb either. I am sure someone reading this will at some point want me to consider some consulting work. I MAY be able to help you from a distance or on free time. I also may have already developed documents, questionnaires or other materials that could help you and thus be able to sell you. If I were to do consulting it would be limited at this point. For example, I can build and provide you some documents or provide some guidance via email and phone. I cannot, however, do a 3, 6 or 12 month, 40 hrs a week engagement at this time. Feel free to contact me but with realistic expectations.

How Often will I Blog?

That depends. Right now our family is in the middle of a move. There may be some weeks I blog 3-4 times a week, other times maybe once, if we are lucky. This is a hobby and a passion. I am paying for this and developing it on my own. Therefore, what I give is spare time and spare change and you get it when I can (can you tell I am a polite but straight shooter?).

Can you Answer my Questions?

I would love to! In fact, I hope to get to a point where my content is driven by the questions presented. For now, email me your questions and I will try and answer them in the blog. I look at it as if you have the question, then others probably do to.

Who am I Really and What Credentials Allow Me to be the “Security Evangelist?”

The long version of the history…

I have been in the IT industry from before I even graduated from High School. I started by pulling cable for the schools first network in the late ’80’s, programmed moving turtles on an Apple IIe, played ‘Choplifter’ on the Commodore 64. All of those are trivial, I know, but provided a base understanding of computers and their capabilities that led me to a career in IT.

My first real job was as a Cryptologist (CTO) for the United States Navy. We won’t talk about that much on this blog for obvious, national security reasons. But what I will say is that that opportunity was the firm foundation that has developed my security skills. In that role I was exposed to access controls, physical, logical, and network security and much more. I was exposed to the use and theory of encryption how that plays into ensuring communications have integrity and confidentiality. Frankly, and I think most important, it exposed me to and drilled into me the importance of paying attention to detail, documenting what you do following established controls and regulations. Those three items have been keys to my success.

Post my naval career, I spent time working my way up the ranks, starting on a help desk, moving to workstation support, server support and into an operations manager role with an Internet Service Provider. I will be forever grateful for those opportunities as they have provided a rock solid understanding of computing and network technologies that I carry with me to this day.

In the past fifteen years I have dedicated myself to the work of corporate information security. I was fortunate enough to sit under one of the quiet but true masters of our profession while he was CISO of a large, national corporation. In that role I had the opportunity to learn and be exposed to Forensics, Investigations, network security technologies and management, documentation, application security and much more. This learning role for five years allowed me to move into my own role as a CTO / CISO at Lincoln Christian University and experience the struggles of implementing new technologies and controls when new security and controls were shunned.

Most recently I have had the opportunity to learn how to convey and use security and privacy from some of the finest people in the financial industry by my work with a large, Fortune 50 company. I had the distinct pleasure of developing some new programs and working to teach and explain this security “stuff” to some truly professional and good people that previously had very little exposure to security and privacy, yet it was being thrust upon them. In a short six months I watched people grow from seeing security as a hinderance, or not knowing about security, to embracing it and wanting it as part of their everyday work effort. Some of the their comments when my time was up with them, and how the teaching and conversations had changed the way they use and work with security and privacy and made their work more efficient and fulfilling, truly touched me. It was one of, if not the, catalysts for this blog site and opened up a whole new desire within me to teach security and privacy to business professionals. They know who they are, but I will forever be grateful to my friends in the VMO’s – BC, TQ, AL, MS, DS, JM, SK and many others.

The short story…

I have 25 plus years of experience in the IT Industry and hold the CISSP, Security +, Network + and A+ certifications. I am currently working on my Masters degree in Information Security and Assurance from Western Governors University.

Want more, check out my resume.

So, here we go. Off on the journey of blogging, teaching and learning about Security and Privacy in the digital age.


email Mark Houpt at mhoupt AT gmail DOT com



Mark A. Houpt
CISSP | Security + | Network + | A+