Archive for Security

New Great Tool – Web Hacking

I am trying to focus on both Web App Security and Threat Intelligence for the next few months.  I would love to work on bug bounties in my spare time, but I am not a programmer and know only just enough web app development stuff to do my job.  That is, I have a base knowledge from my certification studies (and lab work), and from running Burp Suite for pen testing, but I don’t feel ready to participate in any type of bug bounty programs.

So far, I have only signed up for a couple of Udemy Classes and purchased the book that was recommended,  The Web Application Hacker’s Handbook:  Finding and Exploiting Security Flaws, 2nd Edition.  But I was looking around the bugcrowd website  this morning and found a site I love.  Hacksplaining is a great resource and should be included in your learning list if you too need to get up to speed quickly.  The site is awesome, and super easy to follow.  There are pictures and walk-thrus and is really a great way to learn.

Advertisements

May 29-PowerShell and OverTheWire

Today is a short day for me.  I have class tonight for three hours, leaving only 5 for other study and work today.  The CISSP class, which I won via a scholarship, is through CyberVista, and the jury is still out on how good or bad this class may be. . .I am leaning toward not so good, but I need to finish before I judge.

I found a couple of decent PowerShell tutorial options last week that I will be working on for a bit.  I am watching this set of videos to learn PowerShell Scripting.  Then, as a slower more comprehensive look, I am also reading and working through the Manning book here.

I read somewhere recently (forgot to write down where, hence the new focus and me posting my work daily now) that CTF type events are crucial for really learning infosec, so I am having some fun on the OverTheWire site learning how to do this.

For the drive home, I will be listening to several youtube videos on BurpSuite for my external pen testing date tomorrow.  Someday I will know what I am doing, right?!

New Focus For the Blog

Blogging isn’t my favorite, but I need a way to keep track of what I’m doing, where I go each day, what I read, what I try, and what I learn.  My blog, this one here, will be all about what I am learning each day.   It is my goal to blog each day about all I did that day.  I am literally drowning in information since being promoted to Security Analyst and I have to start documenting and making a clear path.  I can’t do that if I can’t see where I’ve been and where I am headed.

I am the lone security person at my organization, I am the first security hire at the non-profit I work for.  The pressure I am putting on myself to become the best security employee I can is great.  I need to be the red team, the blue team, the IR team, the SOC team and the CISO the best I can as quickly as I can.  That leads to days and nights filled with searching and learning, and I am loosing track of what I have completed, and working on and have planned to do.  This is where I will be documenting that for the foreseeable future here.  Just a warning. . .

Time for an update! New Job

It has been a crazy busy wacky kind of fall for me.  It is a long story that no one really needs to know, but to make the story short, I am now an IT Data Security Analyst!  I made a plan a little over a year ago to either move into web design or Security, and all the doors kept opening for security, so I kept going through them, and now here I am, in a security job!!

I have tons of updates to post, and I want to start tracking my progress here even if it only ever helps me remember where I came from and where I am heading.

The first order of business is to pass the CEH v9 exam/certification.  I sat for the class last week and will be studying for the next few weeks in order to hopefully take the test in mid – late January.  Fingers crossed. . .

New Things to See and Do and Learn

Its been a long summer of classes and learning, and instead of being too tired to learn more this fall, I find I am driven to learn and do more.  I want to know more things, I want to learn about the Cloud and Web Development and DevOps while I’m at it.  I am not sure where all of this is leading, but I am mesmerized by what I can do over on AWS (Amazon Web Services).

I found this site, A Cloud Guru, and I really like learning from them, so I have signed up for a couple of their classes.  I chose the Associate Certified Solutions Architect for the long haul, and the Create A Serverless Portfolio with AWS and React for the quick and dirty how to.  I can’t wait to finish both of these and get to work and get certified.  Not only does this address all three areas above that I am interested in, but it is all about building stuff, and I love that so much.

After that. . .on to Azure, Office365 and Google Cloud. . .I am not slowing down or giving up on the dream of more. . .

Final CISSP Class Tonight

About 9 weeks ago I began the CyberVista CISSP Training Course.  I knew going in that I might not be able to sit for the test for a while, mostly due to the fact that I don’t yet have a job in security, and that is a requirement.  I could try and get some entry level security type job, but the fact of the matter is, I’m not ready.

I have been on a couple of interviews, mostly for jobs just outside security, and I realize that the elephant in the room for me is routing and switching.  I am scared to death of it, I am letting it intimidate me, and I am done not knowing all the things I need to know solid.   It is time to face this fear and knock it down.  So I will finish my class this week, but starting today, I am going to start studying for the CCNA Routing & Switching.  I will sit for both tests by the end of January.  After that, I plan to study for and take the CCNA Security test by the beginning of March.  When I have completed that, I will have gotten my CCNA CyberOps, CCNA Routing & Switching and my CCNA Security in a year.  Once I have those certifications in my pocket, I will get a Security job which should then allow me to study for a couple of months and then take the CISSP Exam.  It is then my plan to start focusing on Cloud Technology by getting Amazon Certifications next year.

I will change my future, and I can do this!

CCNA in Cyber Ops, check

I did it. . I got certified this weekend!  After only 3 LONG months of studying every single day I finally took the second test and passed this weekend!

I won’t lie, it was hard for me.  I took a Security+ class back in December and knew that I couldn’t test for that right away because all of those ideas were just bouncing around in my head without any feet to hold them down, if that makes sense.  So I was pretty scared when I started listening to online classes and reading the material for the CCNA test.  I knew I was going to have to supplement and really dig in to understand, and I did.

So now, I am doubling back and re-reading my Security+ book so I can test for that in two weeks.  I also started a 12-week online class to prep for the CISSP Exam that I plan to take in October or November.  I am going to do this Security thing no matter what. . .I may have to start my own company if no one will hire me. . .but watch out. . .I will do this!

Ladies. . do hard things!  If there is something you want, go for it.  You CAN do it no matter what they told you!!  Have confidence, sit down, and do it. . .even if it’s hard and doesn’t click the first time. . .keep trying!!

First step is complete

I haven’t written much lately, have had my nose in either a book or my computer studying to take the two test that will earn me my CCNA in Cybersecurity.  It has been very hard.  I started the adventure back on April 1 and have studied every single day since then.  I has been hard, fun, challenging, exciting, and miserable all together.  I knew next to nothing going into this about security, and I now know a bit more.  I have gone deeper into the Windows OS, worked long hours in Linux, used some awesome OpenSource tools and will now sit for my first of two tests tomorrow morning.

I am nervous, but feel moderately prepared.  I have heard from others that this test is the easier of the two, but that is from people who have been working in Networking for a while so I am not sure their opinions are relevant for me.

I promised myself a bit over a year ago now that I would dive in and try some new tech skills until something stuck that inspired and amazed me.  I have tried web development and security now and I love them both.  Cybersecurity is probably the best fit of all.  Some development with a bunch of security is exactly what I love.  Do hard things, make a change, believe in yourself. . and wish me luck tomorrow!

Firewall video and software – Systm and IPCop

I was surfing around looking for tools to help me learn more about networking and TCP/IP packets and I came across Systm.    It is a DIY show for geeks that has a bunch of shows on how to setup “geeky” stuff, like a home NAS and Media Center and yes, Firewall.  So after listening to the show on firewalls I decided that my very next project will be to setup an IPcop firewall system at home for testing and learning.  I understand from the show and by looking online that there are many people out there using it, so I should be able to setup it up and get help and learn a few things as well. 

Now if I can just dig out a complete system from my closet at home I will be all set. . .

Just Finished My First SANS Training Event

I just finished a week of SANS training in beautiful St Louis, MO and am still digesting all of the information.  I also want to hold off a full assessment until after I have actually taken the test for the GIAC certification in October, but I did want to share some general impressions.

I attended a SANS Community event, which is one of their smaller events that usually consist of just a couple of classes in a given city.  I attended the Security 401:  Security Essentials Bootcamp and got exactly what I expected from it.  I am fairly new to IT Management and even newer to IT Security and I found this class to be an excellent beginning source of information.  I have honestly found it hard to know where to start often in getting training and laying some network and security foundations, and this class did just that.  It was a very wide, or top-level view of IT Security.  I found that I learned a great deal, and came away with some tools that I am learning and will eventually use in my environment.

I was also pleasantly surprised at the knowledge level of our instructor.  I have been to many IT training classes where I have felt that the instructor did a quick reading of the material and knew only a bit more than I did on the given topic.  That was not the case with the SANS Instructor we had.  He definitely knew his material backward and forward, and had used it in the field at a consulting level and on the job.

I will know for sure how well the information was presented when I sit for the GIAC Security Essentials (GSEC) test in a couple of months, so I will post again at that time.  I will be studying for this for the next couple of months by going over the printed material that was handed out at the bootcamp in addition to going over the on-demand class material and taking the practice tests.

« Previous entries