SANS GC-PT/EH

I am very excited to announce I completed my Graduate Certificate Studies in Penetration Testing and Ethical Hacking (GC-PT/EH) through the SANS Technology Institute (STI) this Month! 

"The SANS Technology Institute's post-baccalaureate certificate program in Penetration Testing & Ethical Hacking is based entirely upon four courses already available as an elective path through its graduate program leading to a Master of Science Degree in Information Security Engineering.

As an independent offering, the graduate certificate in Penetration Testing & Ethical Hacking is a highly technical, 13 credit hour program with a cohesive and progressive set of learning outcomes. These learning outcomes are focused on developing the student's capability to discover, analyze, and understand the implications of information security vulnerabilities in systems/networks/applications in order to identify solutions before others exploit these flaws.

Because the certificate program is based on the courses that may be chosen by a master's candidate during the normal course of studies, all credits earned while completing the Penetration Testing & Ethical Hacking certificate program may be applied directly in fulfillment of the master's degree requirements should the student matriculate in the master's program afterwards."

Continue reading at: 

https://www.sans.edu/academics/certificates/penetration-testing

Cloud IR Resources - Sky-hi IR: IR at cloud scale

Talk slides here:

Recording here: https://www.youtube.com/watch?v=Q8hfcBJVKq8&t=15s

Big "Thanks!" to BsidesRDU.org and Adrian Crenshaw (@irongeek_adc)

Data costs:

https://azure.microsoft.com/en-us/pricing/details/bandwidth/
https://aws.amazon.com/blogs/aws/estimate-your-c/

Tools:

SIFT Workstation
Getting Data from S3 via Python
AWS Montoring and Alerting 3-rd party tools:

• Cloud-Custodian
• Cloud-Inquisitor
• CloudTracker
• Security Money
• StreamAlert
• Wazuh

Related Talks:

Logging, Monitoring, and Alerting in AWS (The TL;DR) - SANS DFIR Summit 2018 - Jonathan Poling (@JPoForenso)

Automating Incident Response and Forensics in AWS - Ben Potter - AWS Security Lead


How-Tos:
How to copy a VMDK to image

SIFT Workstation How-Tos

Whitepapers

Incident Handler's Handbook by Patrick Kral - February 21, 2012

What I Hope to Get out of My Masters Degree in InfoSec Engineering

I have shared with some of you that I am continuing my graduate studies, which I began in the Graduate Certificate Program in Penetration Testing and Ethical Hacking, in the Masters of Science in Information Security Engineering. This is a transition I have been planning for a couple years and I'm excited to get started.

For the time, money, and effort I invest in this degree program I expect to obtain expert deep technical knowledge in information security and critical leadership tools. I will apply these elements as I acquire them, both on the job and within the community. Through this process, I hope to make a positive impact on the security industry through sharing knowledge, experience, and information.

From the government sector to private industry, to managed services my experiences in information security have been broad. Recognition of this has led me to pursue deep technical knowledge of information security topics. I began this journey by pursuing a Graduate Certificate in Penetration Testing and Ethical Hacking (GC-PT/EH) from the SANS Technology Institute and will continue that effort as a student of the Master's of Science in Information Security Engineering (MS-ISE) program. Finally, I am also very excited about preparing for and pursuing GIAC Security Expert (GSE) certification As a result of my desire for continual learning, I want deeper technical knowledge resulting in degree completion and GSE Certification.

I am excited that I will receive leadership development through the MS-ISE program. These skills are critical for influencing decision makers and colleagues in healthy and productive ways. I hope to gain greater planning, writing, and speaking skills. These will allow me to express the need for greater focus and support on security issues by making them continually more relevant to the business.

In conclusion, I expect to gain deep technical knowledge and leadership abilities through this program. I intend to apply these immediately as a practitioner in this industry. Finally, I intend to apply these by giving back to the community through mentoring and instructing.

Lastly, but perhaps most importantly, I want to do these things in order to give back to the community. There has never been a greater need for mentors and skilled instructors in this industry. Budding and neophyte professionals alike need more mature and experienced colleagues to step up and share their knowledge and lessons learned in order to be successful in continuing to shape the understanding of the risks and impacts related to security issues.

How to Get into Infosec: InfoSec Career Path Hacking

Maybe you've always dreamt of getting into the InfoSec field, and have been thinking about getting into information security for a while, or it's just coming to mind now. Regardless of where you are in your journey, welcome to the InfoSec community! In the words of the great Kung Fu Master, Shifu, “There is no level zero.”

If you’ve seen Kung Fu Panda, you may recall that Po is a panda who eats, sleeps, and breathes Kung Fu, yet finds himself outside that community. He dreams of being a warrior. One day, he sees an opportunity to witness a significant moment in Kung Fu history and so he sets out on his journey.  But first, he must climb to the temple. It would have been easy for him to zig-zag his way to the top of the mountain, though it might have taken longer. Instead, he started with the logical place... the stairs - a much shorter path. You too will have to choose your path... read more (external link to guest blog post) 

The Importance of Leadership in InfoSec

       Over the years I have had the privilege of being a member of many organizations that put a great emphasis on leadership. From those experiences, both educational and military, I have grown to appreciate several characteristics of a leader, whom I prefer to define as someone who uses influence to bring people together and contribute to a common goal. I have seen that leaders must be high-integrity, honest, relational, respectful, skilled communicators, and very competent.

Foremost among leadership traits, a leader is high-integrity. Leaders must be honest and do what is right without regard for personal expense, time or effort. They are honest. They must do so in order to garner and preserve the respect and credibility required to lead effectively. They must be accountable to high standards in this area. Flaws in this area quickly lead to a loss of influence for leaders.

Leaders are relational and place a high degree of value on people. They operate from a transformational perspective rather than a transactional one. They communicate and relate to others with respect and don’t lower their own standards for communication when others stoop low. They put others’ needs ahead of their own and treat them with dignity and kindness.

Finally, leaders are highly competent. They know how far their own abilities go and where to draw on the greater abilities of others. No one looks up to or is willing to follow someone who doesn’t know what he or she is doing or talking about. Conversely, someone who has a command of a body of technical knowledge quickly gains credibility as an expert. People come to them for advice, thought leadership, and critical task handling.

In working toward my goal of becoming a better leader through training, I have realized both some strengths and the need for further development of several competencies. I desire to give back to the community and industry at the highest quality level possible and believe an important part of having recognition and a platform to communicate from is using those as opportunities for positive effect. The SANS MS-ISE program will greatly enable and support these efforts, taking me beyond the scope of my current graduate certificate studies in penetration testing and ethical hacking.

I feel I have strong suits in being self-directed, developing teams, building relationships, coaching, and training. I take initiative in my own work efforts, professional development, and personal pursuits by looking for a need and then meeting that need. I also enjoy bringing others together to work on projects in a healthy, relational manner. I enjoy sharing ideas and experiences for the benefit of others. Finally, I seek to help others make sometimes difficult career decisions, identify areas to invest study time, and pass on knowledge through presentations.

       I am investing in developing my verbal communication skills further, including presenting and instructing. I have dabbled in this arena by seizing the opportunity to speak at SANS lightning talks, security bsides conferences, as well as participating in Toastmasters International. I am taking this to the next level and look forward to utilizing the SANS masters program to accomplish this through the coursework and practicums.

I am also developing my skills in setting and communicating vision effectively. I am being called upon more and more frequently to write or present on security topics in a way that decision-makers can easily digest, buy into, and implement. There is a clear gap between the language of these decision makers and that of the industry as a whole. I, as an information security leader, must be prepared to bridge this gap in addition to offering the expected engineering or management skills.

I am investing in greater project planning skills. This is a very important aspect of gaining the confidence of stakeholders toward project pick-off. No smart business owner is going to buy into a poorly planned project. They know all too well the consequences of doing so. I am working toward a greater grasp of project management fundamentals that will enable me to more accurately and efficiently estimate, plan, present, and manage projects in my day-to-day work.

I am also investing in developing skills in leading change. I have seen first-hand some big organizational changes go horribly wrong. I am excited about exploring this area and adding it to my toolkit for future use. By being as well prepared for this need as possible I hope to help bring about organizational change through individual interactions.

Leadership, rather than engineering or management skills, are needed more than ever because of the growing communication gap in the information security industry. As I mentioned earlier, this language gap creates a disconnect between the business and technical efforts. This is particularly important because the information security knowledge domain, like technology as a whole, is broadening and deepening rapidly. So, it’s likely that this communication gap is widening as well. CIOs and CISOs have never been more challenged to impress upon business owners the implications of technological decisions. This communication dynamic will surely shape the future of our world for decades as a result. Therefore, the onus is on us to pursue excellence in this area and to exercise it appropriately.

In summary, I am continuing graduate studies at the SANS Technology Institute as a student in the Masters of Science in Information Security Engineering program in order to further develop as a leader. Leaders are high-integrity, respectful and competent individuals who use their influence to better the world around them. I will use this program to build on my current strengths, strengthen weak areas, as well as discover other areas I was not yet aware of - for the benefit of myself, the community and industry.

Change the Way You Talk Change the Way You Think

Quick, think of a word that describes a combination of letters and numbers that can be used to login to your system...

What came to mind? Was it "password"?

One of the greatest problems in our industry may be the use of the word "password." The origination and proliferation of this word has led us to believe that we must construct this security device using such things as words rather than by some other means. 

If you really think about it the paradigm of a passphrase is better in almost every way. After all, many common passwords can be rapidly and effortlessly cracked with a simple dictionary. If we simply take the first letter of each word of a phrase and modify them slightly we have exponentially increased the difficulty of breaking that passphrase.

Having said this let's talk for a moment about how the words we say and what we do affect our thinking. Aristotle said this, "Excellence is an art won by training and habituation. We do not act rightly because we have virtue or excellence, but we rather have those because we have acted rightly. We are what we repeatedly do. Excellence, then, is not an act but a habit."

Whether you look for positive or negative occurrences of this, you don't have to look too far to see the practical examples of how this manifests itself. Self-realizations, self-fulfilling prophesies, and liars who believe what they have repeated so many times all attest to this. However, we have seen that the fact of the matter is that passphrases are without question more secure. So, why should we not reinforce this truth by using the appropriate term in our speech and login interfaces?

Stay Secure!

Not a conference conference

This week many people are at RSAC for the week gaining knowledge and a ton of vendor swag.

Believe me when I say I am not bitter about not being there. But watching from the sidelines got me thinking...    What if we took all the time and resources we spend on conferences and put them into security improvements? 

What would that look like? Well, surely you've been to working meetings where everyone brings their gear and talents and you collaborate on tasks. Sometimes this doesn't happen until a "crash team" is needed. Other times it more proactive. 

Food for thought.