IT Industry Aspirants: Interested in an IT Career, or a Refresher...if yes Enter The MATRIX

You may export to a word processor for easier reading.
A long one this one but it might help one or two of you…enjoy
Note: Haven’t heard the time to proof read anything yet, so typos and misplaced utterances may be found here and there.
The vastness IT industry is literally like a basket ball thrown at an arbitrary rim in the milky way galaxy.
It might be ueful for those interested in Networking, to a lesser extent Programming, and to even a lesser extent, and perhaps even the non-IT sectors with curiority, et cetra, but whatever the case you might glean an iota or two that might prove beneficent. Even those Medical Doctors and many other professionals have to learn quite a significant amount of IT stuff to utilize state their state of the art toys at work.

In the various IT industries, you will find that there may be pre-requisite College Degree, Professional Certs, and so forth to break into the system. In many of these cases the College degree tends to be more a filtering mechanism to narrow the candidate pools, more so than direct relevance to the field, but granted some programs like Computer Science might prove relevant for those who take the programming route, and various other fields to a greater or lesser extent.
I am a Network Consulting Engineer with Cisco Systems , which some may have heard abou, and others perhaps never, depending on you interests. It’s perhaps the biggest company that specializes in products aimed at the Networking Industry, but the margins are getting blurry between different fields nowadays. You might assume that I am an expert in 100% of the product portfolios, but that is very far from the truth for anybody, with reality closer to maybe 5 to 10%. This does not mean we only get to work with those 5 to 10 focus areas, but rather, that your focus ast any one time may qualify for that placement. Gone are the days when you would spend maybe 20 to 25 hours and literally grasping the full range of technologies. Nowadays there are PARAGRAPHS inside guides that might take that amount of time to fully comprehend. What is needed is a SOLID FOUNDATION IN THE ESSENTIALS.
The KEY REQUIREMENT of an experienced engineer is to take your understanding of technologies to carefully evaluate solutions that maximize the bottom line for your organization, whereby the priorities might LARGELY vary, e.g. the need for ABSOLUTE accuracy for Banking Industry systems, where as SECURITY will be the focus on a Military network.

ESSENTIALS: These cornerston anchor to any successful career. It is analogous to the significance of Newton’s Law Of Motion
What does it take?
To claim ascendancy to expertise for a specific technology, two surefire tests will do:
=>Be able to explain the technology to someone with absolutely ZERO IT accumen, such that they can clearly visualize the material in simple terms, and this without requiring anti-migraine medication.
=>The ability to provide a detailed step by step process to get a specific technology set up, as well as the proper methodology to troubleshoot the same things go awry. That same ZERO acumen of IT competency person is who the procedures must be executed by.
Medical Doctors maytake a variant of the Hippocrate Oath, whos utterance corresponds to the idea of “Primum Non Nocere” or First Do No Harm.
The Hippocratic auth for learning a technology is the MANDATORY use of ALGORITHMIC vs HEURISTIC reasoning. The two terms are psychological and not technological, with the former entailing a rigorous step by step learning progress to establish competence, while the latter is the use of “mental shortcuts” to the same efffect. The former guarantees success, and the latter certain failure. The heuristic fellaz are those that get a job from a seemingly verbose CV/Resume, that is essentially filled with cobwebs that can’t trap a single housefly.
Four Steps To Mastering Any Technology will now be enumerated:
=>Read up to get a basic understanding of the technology, such that you grasp the specific goal the technology was designed for, and being able to visualize it after closing the book.
=>Conduct basic hands on experiments to solidify your understanding.
=>Read again to get a complex understanding of the theory, and how it relates to interaction with other technologies.
=>Conducting complex hands on experiments to solidify those complex interactions.
If followed to the T, any technology will bow down in your wake.
NOTE: Very experienced Engineers do use “heurisitic” troulbeshooting, as I do almost daily, with a very crucial BUT, and that being that you have enough mastery to quickly narrow down a probklem as effectively as the algorithmic route, and all this from experience. Driving a stick shift car the first few times is a formidable challenge to anyone, and with good instruction, it becomes almost infinitely simpler.
The other week I mentioned something about people peopole having different kinds of brain power, when the story of one Bethuel Mbugua was narrated. The eidetic, or tedency to, in flashes, capture a lot of information in a small time frame, with “crunching” memory being responsible for correlation of comlex constructs. The latter is the most important for the IT industry. The sheer scale of abstraction extant to effect modern technologies is way too bafflin g for simple rote memorization. An experienced manager hiring IT Network Engineer, as in the case of Cisco, would not necessarily have “pre-typed” question lists to conduct an interview, or will loosely follow a vagure script, bu they do interview based on YOUR OWN RESUME. Here, if you think about it, the resume will make or break you. If it is too weak, you might never get considered for an interview, and if too “ambitious” as many people do to “up” their chances, then you are effectively screwed, because you can’t back up your exepertise! Be resourceful but realistic drafting that resume.
Why one would ask? Anyone can quickly google “rote memorization” stuff in a blink of an eye, but the same cannot be said of comprehensively stepping through the DUALalgorithm for EIGRP(an algorithm used by devices to build loop free fowarding paths).

I have already slightly toiuched on this but I will rehash it. For most intent and purposes your professional certs, and infinitely more so, your experience will make or break you, The college education will mostly help to you to escape being flushed out to reduce the number of resumes to focus on. “For every Resume whereby College Education<Bachelor Degree”, send to the bin. Some skills from computer science may translate, and few other degrees here and there but they are not the “meat of the business” as would be the case with Professional Degrees like “Medicine” and “Law”, where your College Work is just about literally what you might expect to do in real life.
The INFORMAL definition of a COLLEGE DEGREE is a piece of paper that is used to get in line for consideration for a job, and to demonstrate you have the discipline to follow through on a project, and in many cases, little beyond that. I don’t much in the way of advanced degrees, but I am always pitted against perdominantly MSc. and few PhD., and decisively crushing maybe 98-99% of them for a job is not difficult for me. But the formal education will provide a certain “well roundedness”, but that is N/A, for people like myself, because I analyze much more than most do in different facets of life as a hobby, second only to cursing out smart assess on Kenyatalk…just kidding…see how fun black humor is?
POINT NUMBER 1: You will need to not only STUDY, but STUDY a lot to remain competitive in IT with the lightning speed with which products hit the market, only to get obsolescent shortly thereafter.
Case in point, I am working ona NAC(Network Access Control Solution) for the theater as a whole, which is a fancy way of “ensuring all that funny stuff you plug into the network gets authenticated BEFORE it goes online”. Ironically, as I prepare to present the information, there is already a wave of EVAS proliferating the markets as a bleeding edge technology(so new it hasn’t faced the scrutiny that only time throws wide ipen). EVAS is End Point Visualization And Security or something of the nature that will simply get the network more agile, and automated, with the potential of entirely GETTING RID of NAC as archaic!!! You will be tortured by technology insofar as remaining compenent contemporarily at any one time.
Take cognizance of the fact that, as you climb the scale in IT, the jobs that place more responsibility on your plate, and that Poxi Preshas OTONGOLO, the tolerance for errors is exponentially REDUCED in execution of you job. If you fumble, and all of a suddeen customers are unable to reach their Amazon AWS services that the customers have paid for, things called Service Level Agreements or SLAs are very constrained demanding as much as 99.999% availability, failure of which, Amazon must pay, often millions of dollars for breachinng the contract, and its not too difficult to imagine the fate of whichever engineer was responsible.
This underscores why it is MANDATORY to grasp funcamentals, because everything else builds on this.
Any one who might have observed my postings and perversions, might quickly pick up the constant accusations of “obsessiveness on issues”, and calls for, “summary summary summarize”, and I laugh, telling them that is my journal, an d not necessarily meant for your consumption. Partly true, but really it is the specific kind of mind that makes excellent engineers, with the ability to tie together complex products. As you advance in your career, more is demanded of you, so you must learn infinitely more!!
There is a latent quiz, which if passed you can straight away graduate to heuristic troubleshooting. All is Binary and variants thereof, e.g. Hexadecimal system in IT, and calling out half of these of your head, for their commonality in our day to day work in our business is mandatory.
2^0 - 16; 2^20, 2^24, 2^32
0 1; 1 2; 2 4; 3 8; 4 16; 5 32; 6 64; 7 128; 8 256; 9 512 ; 10 1024; 11 2048; 12 4096; 13 8192; 14 16384; 15 32768; 16 65536; 20 1048576; 24 16777216; 32 4294967296.
I didn’t look anywhere for the answers but its unlikely they are not 100% accurate. But its a facetious joke nonetheless, part o fmy black humor if so to speak, this is the googlable stuff anyone can check up! I more often than not speak in parables and with sarcasm, and so many come out in attack failing to disambiguate a joke from a declaration in itself.
For various good reasons, I never had that traditional 4 years, mostly hustle free from full time jobs, for many good reasons, but immediately jumped into the blue collar sector in California while my high school classmates enrolled at UON, KU, JKUAT, Moi University et. al, transitioned into the US Airforce, where my IT career began in earnest., stealing few evening classes here and there through some of those years, and entirely cut off the formal education route to focus on my IT work becuase a lot of this stuff was a waste of time for me. I taught myself a lot of that “Basic Education” stuff better and supplant that with classes in Philosophy, Psychology, HRM, History, and a few other ones I might have occasionally stumbled into, up to about 12 or 13 years ago then stopped entirely. When my classmates graduated Unversity I was already a seasoned Network Engineer.
I have since mostly worked as a Senior Level Engineer with various companies, many associated with DOD, as is the case with me, being the Cisco Systems for the Air Force District Of Washington, or rather every major govenment entity you might hear about in the DC Metropolitan Area. Some bases(like where Trump plane sleeps about 0.5 km from my customer site office), Pentagon, NSA, Capitol Hill, and a host of others fall under this umbrella. Months ago I lived just a 3 mintue walk from Capitol Hill but I had to run away, because DC Proper(about 15 by Mile/25KM is very small area ant NOT a State but a Federal District with one city, Washington, so DC and Washington for the better part refer to the same thing) being very crowded and entirely without parking and a nightmare for “Columbuses” like me with no sense of direction and the street mazes are like spaghetti and I hated it then went to NoVA. DC Metropolitan borrowing from Virginia and Maryland(thus parts of VA and Maryland are considered DC Metropolitan Area).

I will: Describe some of the VPN technologies underlying the issue we had, and subsequently describe the problem itself.
There are times when all that you know will be put to to a real test, and not so few times for that matter as you advance. Ironically this example is from long ago, when I was still in the Air Force.
DOD got their own special stuff they run for their secret networks for obvious purposes, through through Type 1 Devices(US DoD and minor exceptions); Suite A or Unpublished Algorithms such as Firefly, Baton, Medley and others, though you may occasionally higher strength of Suite B AES in minor instances.
For those who are network and security engineeers this shold be second nature. Where the blanket IPSEC framework is used for VPNs commercially, there is a colloquial variatnt conforming to HAIPE (HIgh Availability IP Enryptors) pretty mcuh for hardware VPNs though encryptors sucha as the GD KG-175 Taclanes, but the concepts are analogous nonetheless with more stringent margins of course.
Quick Rehashing of IIPSEC:
IPSEC -It’s a framework enccompassing various protocols and technologies effecting VPNs.
In this context a VPN is a secure communication between two nodes used to perform communication between two nodes securely over an insecure medium e.g. the internet.
ISAKMP: Stands for Internet Security Association Key Management Protocol, that is utilized by different crypto end points to generate keying material necessary for a VPN to function properly. IKE(Inetenet Key Exchange Protocol) is a key component for negotiating the various parameters…
VPN formation has got two key Phases of IKE(Internet Key Exchage which are 1 and 2:.
IKE Phase 1:
This creates what you might call a “management encryption tunnel” that is used to facilitate transiotion to IKE phase 2
=>There are two modes for IKE Phase 1:
Parameters negotiated for Phase 1 may include: encryption algorithm(e.g. 3DES and AES) for confidentiality to secure Phase 1 traffic ; hash algorithms (e.g. MD5 and SHA) one way fixed tlength ouput from inputs of different sizxes for non-reputiation>can’t deny you sent a message and integrity>can proof no “tampering” occurred; DH Diffie Hellman algorithm (e.g. DH group 1, DH Group 2, DH group 5 etc.) enables the devices to securely derive a “common secret key” securely which won’t be intercepted en route.
Main Mode- 6 messages for 3 bidirectional exchanges between an initiator and responder. Its more secure because the first two messages is for selecting proposal, the second two for generating a shared key to create a "Phase 1 encrypted Tunnel), and third exchanges mutually authenticate the two crypto end points to each other. Mutual Authentication may be via: preshared key(shared passwords); RSA Nonces(one time passswords akin to token generators); RSA Signatures( or asymmetric algorithm based PKI public key infrastructure) through the use of certificates, wikth the latter most secure, but it comes alopng with the highest overhead of the three.
Aggressive-As suggested by the name the “6 messages” are instead replaced with an aggressive approach using only 1 pair of exchanges. Its faster but less secure, because the end points identify eah other over an insecure tunnel.
IKE Phase 2:
After the phase one has undergone mutual authentication from the 3rd pair of phase 1 exchanges the “encrypted management tunnel” to negotiate parmeters for the “production tunnel” or rather the very VPN that gets your VPN traffic securely over the insecure network.
Parameters may include transforms e.g. AES for encryption and SHA for integrity/non-repudiation/anti-replay etc.
“Production Tunnels” may run with one of two encapsulation methods: ESP (Encapsulating Security Payload or IP Protocol 50) or AH(Authentication Header or IP Protocol 50). The ESP provides CIAN-Confidentiality or encryption; Integrity and anti-replay through hashing like MD5/SHA, etc.
The symptoms presented as failure of a specific program that was used by commanders to track accountability statistics to higher echelon commands for all across the board suddenly STOPPED WORKING. The is VERY LAST kind of thing you want broken in a MILITARY NETWORK for the fall out and pressure will be restless, and merciless even. I was in Okinawa Japan and it was affecting the entire PACAF Command.,
At an experience level of 1.5 to 2 years, I was somewhat experienced but not fully polished. This kind of issue is one of the most difficult one to troubleshoot, where “some stuff works” and “other stuff doesn’t”. When everything else works, you are left scratching your head on where to look. To make factors worse was the fact was that this was a secret network and data is encryptred, so packet captures were only so useful down the line of transmission.
We scratched our heads and combed through the devices for 1.5 full weeks, and the pressure was not letting off.
I was slotted for Help Desk Rotation that weekend, and the actual office was right there the encryptors sat, and I looked around and felt that might be a perfect chance to analyze the issue. Basically those Encryptors are creating a hardware based VPN as you would with a SOHO Router at a branch office or at home forthose telecommuter types in the stead of say “VPN Client VPNs” which may be realized by use of say the Cisco Secure Mobility AnyConnect Client. The hardware VPN s easier at work before it has the abillity to address multiple pools of users by having one VPN front Device and dozena of users behind it.
I went to one of the “Hub Encryptors” and started combing through Menu by Menu, just to see if something might be off. I happenned upon one screen that went along the lines of “MTU By Pass”. MTU is Maximum Transmission Unit or biggest PDU that can be carried by an individual enveloped packet of data. Fragmentation needs to be functional in the event the devices in between have “Low MTU” compared to the “Packet Trying To Pass Through” for obvious reasons. If you can’t chop it up, it will get dropped absent of fragmentation. My started racing immediately and I re-read that configuration settings about 10 times like a mad person, because I had to be very cautious, because ALL EYES WERE ON US.
I realized that the setting in place effectively “Turned off IP Fragmentation” or breaking packets into smaller pieces and repackaging the data for transmission. I immediately concluded that MUST be our problem. The thing is as devices initiate communication, and particularly TCP for erliable flows, there is a 3 way handshake for the devicesd of SYN/SYN ACK/ACK to establish the connection and negotiate the underlying MTUs eetc. then data flows. In this case, the “affeected” systems, if you looket at a “NETSTAT”(netstat on a command prompt on a PC) you could see it was touching bases with the server.
There are several things to consider for encrypted traffic, most relevant of which is to account for the “Overhead” caused by typical commuhnication. I our case it was ESP traffic running in tunnel mode and as such an overhead of about 60 or so bytes was added to allk packets. This means you would need to “reduce the data” portion of intermediary devices so the traffic fits after packing on overhead. In a nutshell, the devices negotiated for the maximum MTUs, which did not take into account the overhead of encrypted traffic, and being coded to drop fragmented traffic., the problem blew wide open.
I reported my findings and an emergency Telecon, with all PACAF representatives on the phone to run through the setting to reverse that specific setting.
The BIG Lessons learng here were two:
=>LEARN your FUNDAMENTALS!!! I knew precisel how MTU and fragmentation functioned, but the problem, before the fact was FAR from obvious,. as such my cummulative experience lit right up thanks to that fundamental competence.
=>Pay very close attention to ANY key changes on your network!!! It turned out that about 2 week prior to the onset of the issue, there was a firmware upgrade on the encryptors that flipped the default of that MTU Bypass Bit and resulted in the dropping of the packets of that “commanders program for accountability”.

Let me quickly run down something they call the OSI Model, which is simply a reference point for beinjg properly able to understand how technologies interact, from one party, and all the way to another, perhaps continents away. It is NOT a strict map, but a visualisation entity. When you text someone, vs email someone, there are two different conversations but they pin points the entiies that are interacting, in this case, the Messaging Client, and the Browser Client.
Each layer provides services to that above them in the hierarchy, and my enumeration will be starting from the bottom towards the top.
I never used a specific mnemonic but it goes PDNTSPA from down to up.
Physicla Layer: Data are signals at this layer. The electrical and mechanical characteristics of the medium forwarding the datal. Examples are voltage, frequency, RJ-11 old school telephones, CAT 7 Lan Drops, fiber optics etc.
Data Link Layer: PDU or protocol data unit here is Frame. it receives packets from network layer and prepares data to be put on the media for transport, some error checking etc. Examples are MAC Laeyr and Logical Level Layer(IEEE 802.3X), 802.11 Wireless, MPLS Shim Layer(2.5) etc.
Network Layer: PDUs are packets. This is the most familiar layer, being the foundation of the Internet, and because if you open a command prompt and type ipconfig /all you see your IP Address, DNS Server and a host of information. There are routed protocols e.g.(IP Address) and routing algorithmse.g. OSPF Open Shortes Path First. Routers forward data from one logical network to another dynamicall/automatically (for devices sharing same mask e.g. 10.0.0.X for range - or 254 hosts are all represented by router where the router forwards information on up to 254 end hosts using 1 condensed address of subnet/network (/24 means 2^8 or 256 ), while routing algorithms like OSPF dynamically exchanges “reachability” or “subnet” info with other routers all through the internet. The subnet or network is reprecented with 1 network address for 254 distinct host addresses to forward for that instead of 1 for ever single host for very efficient forwarding!
Transport Layer: PDUs here are called segments-TCP, or datagrams-UDP. It represents every host to host connection e.g. beteen Google Chrome Web Client to CNN Web Server, and maybe an extra connection tbetween that same client and CNN to retrieve a file(FTP) so FTP Client on host to FTP Server on CNN. You will notice the router will have ONE entry address to represent the network addresses, because it is the same Laptop local Router and CNN remote Router address that crosses the interest, before breaking to specifics i.e. Web and FTP conversations as here. TCP and UDP are examples. TCP is Transport Control Protocol and UDP is User Datagram Protocol. The fomer uses acknowledgements for reliable delivery and the latter unreliable unacknowledged delivery, for light requests e.g. DNS to figure out what IP Address maps to the CNN.COM they just typed because your laptop and routers don’t inherently know what CNN is hence the “DNS mapping”.
Sessiojn Layer: Data here is still a bit stream with no “envelope applied”. All that gibberish love letters by akina Daudi Kabaka to their “babes” but before applying an envelope or wrapping up for transport. It is used for to manage sessions between application to application flows between hosts, much like the transport layer above, but it is simply the case that some implementations “mark the conversations or flows here” at session layer, if the corresponding traqnsport layer CANNOT handle that function. I can’t do it at TCP and therefore I do at session layer. Examples here include the RPC or Remote Procedure Calls, for different types of servers, plus the unfortunate enough Systems Side Engineers who have to deal with some of those disease ridden, especially windows Servers, with endless idiosyncrasies, and such frequent hung processes/frozen ones that Guinness Book Of World Recordes will would be well placed to crown them Kings of such. The simplest visualization is your ATM Transaction. Has the ATM ever robbed your money? Short of tampering the likelihood is so sparce as to be non-existent effectively, because the underlying applications properly delineate transactions, and won’t cough up money to put out 100 instead of the requested 500 for example.
Presentation Layer: Data is still in bit streams at this layer. It encompasses the various encryption algorithms, and encoding that comes with while dealing with diffeerent data.E.g. ASCII formatting, some of the underlying symmetric and aymmetric encryption algorithm functions for say AES, some RSA exchanges etc.
Application Layer: The gibberish you type in your forum discussions via browsers would be would show up here. Its aeteological where say HTTP protocol is used for web and effected by browsers/servers; FTP Servers for pulling files, of SSH Secureshell for secure management of variosu devices remotely.

The IT industry is becoming more and more abstracted, meaning, there are a whole bunch of layers nested upon yet others, so much so, it might be hard to uncover the original pieces of concrete data, but they simply appear to work like magic! Technology hides those complex aspects no one outside the engineers cares about. There are are attendant remifications in light of these developments.
This is a relatively new paradigm software engineering and operations that addresses the challenges posed by the very rapidly increasing demands for business and non-business entities for new technology based products getting to production, while maintaining the highest of stanadards at all poinhts on the premise that increased agility whilst with increased automation, all the while, maintaining high quality often than not increases efficiency ceteris paribas and inevitably profitability. Elements of software engineering and operations will be more and more tightly integrated during the SDLC (Softwae Develop Ment Life Cycle).


Kuna mtu amesoma hii kweli?

Yes I did. Nice read. Iko nini?

1 Like

Dimz fala, ingawa sijaelewa Sana, Nikona Mtu anasomea computer science… I have copied Al this and pasted… Usichoke kutuongezea faida…ahsante