Ian Gappinger

Starting at the age of 14, I was introduced to software development through a friend I met on the game “Garry’s Mod”. This friend taught me the basics of Lua development, a very simple language, and I decided I wanted to go and learn more on my own. Over the next 3 years I would spend time learning, creating mods for the game, and publishing them for free community use, as well as taking commissions as a freelance developer.

This introduction to coding got me hooked, I would go on to take computer science classes for my last 3 years of high school, picking up other languages such as Java, JavaScript, Python, C#, and some others. I was able to work on many awesome projects during this time, and met a lot of cool people.

As I graduated high school, I wanted to continue this career of software development, and started my major in computer science. This changed after one semester, as the reality of math set it for me… around that same time, towards the end of my first semester, I had written a paper for a composition class over cybersecurity. The topic interested me, and I wanted to learn more.

As it would turn out, my college had a bachelors degree program for cybersecurity, and I decided to switch my major officially, taking with me all of my computer science knowledge I’d gained those last 3-4 years.

For the next 4 years I would study, learn, and excel where I could. Ultimately I felt understimulated by the program, and decided to go and work on self-study cyber education at the same time. During my 4 years in college, I worked full-time through 3 of them, first as a level 1 technician, fixing Chromebooks all day for a school district, then after a year and a half of that, I was able to move into my first professional cybersecurity role with that same school district, working as a cybersecurity systems administrator for them.

Across my journey of self study in college I picked up many certifications where I was able, a full list is on my LinkedIn, but some of the milestone certifications were CompTIA Security+, CySA+, PenTest+, and CASP+ (now SecurityX), and in my final year of college I managed to pass the CISSP and CISM exam, making me a CISSP-Associate. While I did pass the CISM, I am not fully certified, as I did not have the required years of work experience. Unlike CISSP, there is no ‘Associate’ offering for the CISM certification.

After graduating college with my bachelors in cybersecurity, I have continued to work at the aforementioned school district as a cybersecurity systems administrator. I decided that I wanted an outlet for professional creativity, and to share the knowledge and experience I’ve gained over my 4 year cybersecurity journey as of writing this, and to sprinkle in insights from my time in computer science as well, as the two can be very well interlinked.

My vision for this blog is to be able to share my experience, my knowledge, and my views on various cyber/information security events, global events, the cyber industry and job market as a whole, and other topics. My articles reflect my own views, and not that of any others, unless specifically stated otherwise, or the article was published/authored under a name different than my own.

Professionally, I want to continue to grow my career, learning technical skills, and understanding as much as I can about this industry and the people in it. Ultimately I would like to move my way into a technical leadership position, and I enjoy being a leader, and coordinating individuals, but I also love to solve complex technical problems.

GSRI also serves as a site to host technical tutorials. As I discover new tools and methods for doing things, either in my work, personal projects, or otherwise. If I am allowed to safely disclose it, I will attempt to share that knowledge with others. In doing so, I hope to establish kinship, rapport, and credibility among my peers in the industry, especially the early-career professionals and recent graduates among them.

I believe that many young cyber professionals are being led astray, and being given poor guidance and setting unrealistic expectations for their professional lives, and I want this blog to serve as not only a reality check, but also a platform for those early-career professionals to demonstrate their knowledge, voice their views, and have a professional outlet much like how I use this site.