Archive for February, 2017

SANS Dallas 2017 Day 1 – GMON Daily Update

Tuesday, February 28th, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



After helping set up, I am finally in the class!

Great intro so far and setting up the lab so that the hands on portion is good to go later.

One of things I have noticed is that some courses now have the index included. Which is really different from what I remember. I wonder what other courses now include the index?

Also seen at this SANS conference not seen before:

  • MP3s of the course
  • Videos of the labs
  • Index for the course
  • QR codes for links and sources
  • Ways to get material for the class after the class is over

This has completely caught my by surprise!

Something I have not done before is NetWars. It seems that this class has it included! I’m stoked!

Great intro for analyzing the current environment of enterprises. I have some great tips I’m going to take back to work and keep us on the cutting edge!

Worked on NetWars and made it to level 5. Going to cruise these last couple of days to reel in what I learned. Need to tackle out ModSecurity. That’s for sure!




SECFND Passed! Exam Review

Saturday, February 25th, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



I finished the SECFND yesterday (part of the new and upcoming CCNA Cyber Ops). It took me 23 minutes from start to finish, which was a surprise!

The topic centered on basic security principles that an analyst should know. If I had to score the difficulty it would be above Security+ but below CEH. In frank terms, the knowledge is great but if you’re looking into ROI you’re better of waiting until this gets better coverage from employers and HR.

The sources I used for the exam was the Cisco Learning Network (Cisco Partners). Since at the time of this writing there is no Cisco Press book (due in April) and no videos (ITPro is working on their series at the moment but not completed and CBT Nuggets has nothing). This was a concern because I like being able to read a book and then watch a series of videos on the exam before taking it. After taking the exam it is concerning when you can take the training alone and pass. However, I will admit that may be an issue with myself since I am a diehard when it comes to professional development, I work in the industry, and in general like to know. Not with the exam makers.

Overall the content was not bad at all and I was pleasently surprised! After acquiring Sourcefire, Cisco has entered to the foray of security practitioner exams. (I know there is the CCNA Security but that covers more of their ASA line and general security topics). This will also include CompTIA (Security+, CSA+, CASP), SANS (way to many please look at for more info), EC-Council (CEH and CHFI are their popular exams), ISC2 (SSCP, CISSP, CCSP, and others). One of the great things about this exam is since Cisco is coming into an already dominated field there isn’t much of the Cisco way or the highway learning approach. When they introduce topics like packet analysis with Wireshark it feels like an actual topic on the subject. Similar feeling with Snort, although they do want you to look into StealthWatch for Netflow.

My concern with the exam is the rigourous aspect of it. I think of Cisco exams as a little challenging with factors such as no going back in the exam, general understanding of Cisco products, and huge tie in for Cisco protocols. There is not much of that here (except not being able to go back). Some questions made me think of CompTIA while others were refreshing in having you think.

This makes me concerned for the SECOPS exam (second exam for the CCNA Cyber Ops). Because this focuses on the organizational aspect of security analysts. This is a new trend for exam authors as they find new ways to test people. Does there really need to be two exams on cyber security analysts day to day job? Is this a way to cash in on an industry that has way more certs than say something like storage (CompTIA killed their Storage+ late last year)?

To a point I think this is okay but sets up false hopes for those who take the exam. More on this when I take the SECOPS exam, which I plan to take in two weeks. I have the material finished, but still need to finish labs before I can get the voucher.

Full disclosure, I am a part of the Cisco CCNA Cyber Ops scholarship and did not have to pay for the exam or the materials. The exam retails for $300 (and there is still a second one required). If you’re doing self study, there may be a change in materials you use.

Progress Update! GMON, ITIL, SECFND, SECOPS, JIT2, C688, GCED

Tuesday, February 21st, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



SANS Dallas 2017 starts this weekend! Looking forward to the class and prepare for some awesome knowledge!

Taking the SECFND exam this Friday. I have the voucher from Cisco, its time to knock it out so I can free up more of my time.

I have been working on SECOPS from Cisco as well. About halfway through the material. I look forward to finish the reading here in the next day or so. Then I have to finish the labs before I can request the voucher. Then when I get back from Dallas I plan on knocking this out.

Still need to take the exam for ITIL. Plan on doing it when I get back from Dallas and before SECOPS. This will help wrap up the first quarter of this year for certification goals.

Still need to make some more progress on JIT2 and C688. Hope to do this when I have some time in the next coming weeks.

Working on the GCED as well. Have about 100 pages down. Will have to see where this goes from here. Still don’t know with all my time being taken up.

I’m making decent progress if I say so myself. I hope to have by the end of March the following completed: JIT2, C688, ITIL, SECFND, SECOPS, and GCED.

This would allow me to focus on the other two certifications for second quarter of 2017: GMON and either GCIA/RHCSA. We will see. Depends on how much money is left in the budget.


CCDC Competition. Thoughts on how it went!

Monday, February 20th, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



WGU Texas competed in the CCDC competition on Saturday and it was rough.

For a little background we have been working on strategies since November. One of the great benefits of our school is that a lot of our team members have on the job experience when it comes to the material expected in the competition.

We arrived in Austin on Friday and relaxed a little. Met with some of the team to grab a bite to eat, then go see the city for a little bit. On Saturday we arrived saw the offices for the school and set up shop. I brought a bunch of my books in to help as a resource. The competition would start around 2pm.

2pm comes around and due to technical issues the competition was pushed back to around 220pm. From the start we were having issues with the environment. We had two people using Linux VMs (myself included) who could not access the vCenter server to connect to the VMs. We were missing flash and needed to add in the extra repositories to install it. The issue came that since we were using a proxy to connect to the environment the repository updates would fail. Once we figured out how to get the proxy to apply system wide we could finally install flash. This had taken an hour and switching between VMs (Kali and Ubuntu 16.04). I wish it was laid out as a background requirement to have flash installed. It doesn’t detract from the competition and ensure we do not have to face these small config issues when the 4 hours actually matter.

After we resolved that issue the next problem was the firewall. It was not running common software like PfSense so the documentation was few and far between. This made it difficult to gain access because wiping to factory could wipe important network information. Once we figured out the issue it was easy to get into the VM and use the WebGUI.

From there we had access to most of the VMs except for one. However some of the choices for VMs were surprising to say the least. These distracted from actually showing security skills and instead made it to where if we wanted to pivot in the environment we were using busy VMs. These had ongoing tasks that need to be completed and made us choose between a catch-22 type situation.

When we finally started to make headway we were at the end of the 4 hour competition. We ran out of time before we could exploit the final box. After it was done we decompressed a little bit by going to the restaurant across the street and had some dinner.

The next day we had the results and found out that we were not going to be advancing.

Would I do it again? Absolutely! While not an optimal environment it did challenge us in a way that I would love to have a second chance at it. Our team was great and we clicked pretty well for a school that has the main focus of being online only.

I look forward to competing next year and hope to see some of my teammates in conferences around Texas. I know I will be at HouSecCon, Bsides Austin, and potentially NolaCon.

Great work guys! We have work to do but its nice to know that we dont know everything and that we still have learning to do. That’s the best takeaway. Always keep learning because you never know what you might encounter that might test your bedrock of security skills!



CCDC Hotel Booked! Let’s do this!

Wednesday, February 15th, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



Booked the hotel for our CCDC meetup in Austin. I’m ready to flux our cyber muscles and see how well we do in the competition. We’ve got some really decent competition including UH, SMU, and UTSA.

We’ve been practicing quite a bit and I can’t disclose details (yet!). Glad to see that a lot of our practice will come to fruition this weekend. See you guys there!

Progress update for ITIL, JIT2, C688, SECFND, RHCSA, Work Study, GCED

Monday, February 13th, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



I was accepted on Friday to take the SEC511 Continuous Monitoring and Security Operations class that corresponds to the GMON certification. Can’t wait to see you guys in Dallas. This will be the big one for the year!

Still need to work on ITIL. Have not made much progress. Don’t know how much progress I will make with CCDC this weekend.

Also need to take the SECFND class and start working on the SECOPS material.


For school I still need to work on JIT2 and C688. Hope to have some progress on those soon.

Still looking to help my friend on the GCED. Don’t know how this is going to play out since GMON will be starting soon.


Still need to make some progress with school. As I outlined in my last post that is my biggest peeve at the moment. I’ve got a lot of good things going on but need to make sure my head stays in the game.

Mobility+ Passed! Exam Review

Saturday, February 11th, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



I was able to finish the Mobility+ in around 45 minutes. There were 100 question with a total time limit of 90 minutes. My goal when taking the Mobility+ was to get a fundamental level of knowledge for BYOD and the mobile landscape that hits businesses.

To start with the pros:

  • Nice entry level exam for mobile topics
  • Concise material (book was around 450 pages)
  • Not much departure from expected CompTIA format

The negatives:

  • Felt like mobile was tacked on
    • I understand that this is fundamentals however I will probably seek out more material on the subject from here
  • Expected CompTIA format.
    • This is in addition to bullet point #1. There’s a couple sections of basic networking. Closer to the end there is the usual trouble shooting pretty much lifted from the A+ and Network+
  • Mobile material was not super in depth

Overall the exam was not terrible. The process was decent (I’m looking at you CEH). There’s no pain in signing up, heck if you can find a discount code (which you can find on nearly any CompTIA partner), you can knock 15% usually. If I had a friend or coworker who might be interested in learning more, I might recommend them this exam. That is if I don’t find better and just as easily accessible information about mobility.

I am glad this one is done and will probably be the last CompTIA for awhile. I was debating about Server+ but I am trying to limit myself on certifications this year (helps the wallet and budget). If I were to make time for another CompTIA exam it would probably be the CSA+

Where do I go from here? Well I have the SECFND voucher I need to use here in two months and the ITIL voucher. Will probably be knocking these out soon. I will also be focusing on SECOPS to meet the deadline for Cisco’s scholarship.

Mobility+ scheduled! Progress update for JIT2, C688, ITIL, SECFND, RHCSA, GCED

Thursday, February 9th, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



I have the Mobility+ exam scheduled for tomorrow afternoon. Excited to get this one done and over with. I have a couple of practice exams I am going to be working today and tomorrow. Hopefully that should do it!

The next exam I need to take (planning on doing it next week) is ITIL Foundation. Already have the voucher so I just need to sit for the exam.

Cisco gave me the SECFND voucher. I have 60 days to schedule that. Once I finish ITIL I will be knocking this one out.

Received an email from SANS about doing the work study in Dallas. Currently on the waitlist. Hoping to get in because it will be a nice break from work. Looking forward to hearing from them with good news!

Focusing on school at the moment. Still have JIT2 and C688 to complete. Going to be working on those while taking a break from Mobility+ and this weekend. Hope to have some progress with them soon.

Haven’t made much progress when it came to RHCSA lately. I have been spread to far out lately. Once I get some other items done like ITIL, SECFND, or class I will probably pick this up some more. I have the book bought and everything.

Looking to help a friend study for the GCED here soon. That will be a nice series to help out with.

With all of the above being posted, the thing that has been bugging me the most is school. I haven’t been putting much attention into it like I should. I’m going to try and refocus and get that done to where I feel like I’m accomplishing at the rate I’d like.

GCIH Passed! Splunk Admin Passed! ITIL, JIT2, C688, Mobility+, GCED, RHCSA, SECFND, PTP

Saturday, February 4th, 2017

These articles and blog posts are my own opinion and do not reflect the view of my employer.



Passed the GCIH this past friday with an 83% Glad to have that exam completed.

Passed the Splunk Certified Admin on Friday as well. Glad to have that so I can focus on the rest of the Splunk classes

Working on ITIL where I need to do the practice exams and then take the exam. Hopefully that is in the next week or two.

Need to work on reading for Mobility+. Watched the videos and plan on going to take this exam soon as well. The voucher is already bought

Need to focus on school for these next coming weeks. Need to catch up on two classes I’ve been meaning to work on. Now I have the time! JIT2 and C688. You will be mine before the end of the month.

I’ve been watching videos for RHCSA. I know that I want that on my radar but I don’t know where it fits yet. Hope to finish it soon.

Need to schedule to take the SECFND class. I have the voucher but waiting on ITPro.TV to finish their series.

Made some progress on PTP. Once some of the more pressing stuff finishes, this will be on my radar.


Outside of certification talks I am reading books on The Subtle Art of Not Giving a Fuck and Splunk Essentials. These should be quick reads to give the cert books a break.

Once everything dies down a bit plan on taking the GCED and a couple of certification that I have the books for. It depends on what piques my interest.

%d bloggers like this: