Two of the people I know that have proudly public announced their assault on the GSE exam are Ash* and Dennis I wish them, and their mysterious other exam mates, the very best of luck.

Both will be facilitators after taking the two day GSE hands-on lab; Dennis will be the happy face at the back of the class Forensics 610: Reverse-Engineering Malware: Hands-On Analysis Tools and Techniques with Lenny Zeltser and Ash will Rob Lee’s whipping boy in Forensics 508: Advanced Computer Forensic Analysis and Incident Response

Other than personal drive to pass the GSE, SANS and the GIAC folks GSE qualification has been voted:

GIAC GSE Awarded Best Professional Certification Program by SC Magazine 2011

http://www.sans.org/press/giac-gse-best-professional-certification-program-sc-awards-2011.php

It’s fantastic to be among the few to have achieved the qualification, so why not line it up for your next goal in 2012?

*As Ash is from the far north Australia, he will be hard to understand. Be friendly – pat him on the head and hand a prawn fresh off the “Bar-bee” followed by six strong drinks.

SANS Cyber Guardian Program

I just though this was groovy.

Security 401: SANS Security Essentials Bootcamp Style

Not only can you achieve a top notch security certification, but SEC 401 provides credit towards a Masters degree at Charles Sturt University. Credit can be applied to either the Master of Information Systems Security or the Master of Management degrees at CSU when taking the forensic stream.

See the following links for details:
http://www.itmasters.edu.au/WhichQualification/ITManagement/MasterofManagementInformationTechnology/DigitalForensics.aspx and
http://www.itmasters.edu.au/WhichQualification/MasterofInformationSystemsSecurity/DigitalForensics.aspx

The second class Security 660: Advanced Penetration Testing, Exploits, and Ethical Hacking is designed as a logical progression point for those who have completed SANS SEC560 Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. Students with the prerequisite knowledge to take this course will walk through dozens of real world attacks used by the most seasoned penetration testers.

Taking either class will being an eye-opener given Craig’s knowledge, experience and practical background.

Click on the links to sign up.

This may sound suspiciously like a Vegas show, by I can assure you Bryce is a great speaker and it will be well worth the time to go and listen to his presentation on “Defending Your Weakest Link…End Users”.

Get along there, especially if you’re a AISA member and soak up what he has to say. Don’t be afraid to ask questions and get involved.

Details

Date: Monday, July 11
Time: 17:30 – 19:30
Venue: ANZ Centre – Core B Upper Ground Conference Suites, 833 Collins Street, Melbourne

Abstract:
In most organizations, a single end-user’s click is all it takes to put critical assets at risk. Hackers mercilessly leverage our ignorance, arrogance and apathy. Traditional defenses are failing us. We’re being hit from every angle: anti-virus evasion, full disk encryption bypass, flash drives, drive-by downloads, social networking, resumes, smart phones, web portals (e.g. Outlook Web Access), open wireless networks, attachments, social-engineering and so much more.

We must understand the true risk we face in today’s threatscape if we are to have a chance to defend ourselves.

This presentation will highlight some of the most salient threats our end users face both in and out of the office and what can be done to mitigate them.

Wouter’s got some fantastic experience in this complex and fascinating field, so by mentoring this class he’s sure to share that knowledge he’s sweated to acquire.

Check out his web site here or the SANS mentor page here for details.

I love this course and it helped me reach a deeper understanding a number of aspects of my role as the IT security person charged with incident response and give me the real world, practical skills and tools you need to do this job.

Why SANS Mentor Training?

The SANS Mentor classes are a great training option, in my opinion, for several reasons:

Pace:

The material is covered over a 10 week period which provides lots of time for you to read on your own time and come back to the mentor meetings with questions and get answers. This helps to digest the massive amount of material in smaller, manageable doses. We study 2 or 3 modules each week and that material can be applied immediately on the job. 

Cost:

The cost is significantly reduced. the cost is lower than any other form of SANS training making it very accessible to those who are budget constrained – which these days is many of us. There is an automatic 25% price reduction from the cost of courses delivered at the conferences.  There is no travel or accommodations, so that massive saving in costs.  And finally, I can generally offer an additional discount if you contact me prior to registration.

Networking: 

Don’t overlook this one.  When you are in the 6-day conference courses, you definitely get a change to meet others, talk about your experiences and issues in the field, and maybe even keep in touch via email.  But when meeting for 10 weekly classes with your peers in the same community, that networking experience is enhanced significantly.  You have the chance to really get to know the others in the class by the shared experiences, work through the material and bounce ideas of each other; that’s a great benefit to being part of a local Mentor class.

Size:

Class sizes are typically small – much smaller than what you would find at a SANS conference, which means we can focus more closely on those areas which are difficult for the group

Material:

You get all the same material as you would from the conference course, including the same books, CDs, and even audio files of the full 6-day course lectures.
Hopefully this gives you an idea of why I think the SANS Mentor classes are a terrific training option.  If you live in the Sydney area and are interested in attending SANS classes, please do contact me to get more details!
 

Free free to e-mail me with any questions, or visit the course website here:
http://www.sans.org/mentor/details.php?nid=24644
 

A great guy and friend Wouter, managed to get a room in Sydney’s CBD to hold the training. It’s easy to get to, has parking nearby.

Mentor training location details

Dates: Thursday, June 2, 2011 – Thursday, August 4, 2011
Meeting Time: 6:00 PM – 8:00 PM
Where:
Ernst & Young Centre
680 George Street
Sydney, Australia 2000

The lucky people of New Zealand have Mark Hofman bring SANS Security Essentials curriculum, the GSEC, which covers all the critical points and knowledge needed to kick start any IT security career. This is a brilliant stepping stone for studying for the CISSP, while getting the hands-on skills sadly missing from ISC2 training.

Go to http://www.sans.org/wellington-2011/ and sign up for training that sets the benchmark for all others.

SANS Sydney 2010 is here again, with another four excellent courses to stretch, warp and expand the security mind.

Hello All,

Jeff Frisk and the folks at GIAC have made a significant effort in making the GSE exam available to more of us to attempt.

I have applied for the GSE 2010 challenge and hope to convince a few more of you to sign up with me.

If you have spent the time, energy and money to get pre-requisites for the GSE exam http://www.giac.org/certifications/gse.php#prereq then, from my limit viewpoint, only three things stand in the way: time, money and confidence.

Time:

Good grief, why did no-one warn me about this in the first place?

Time is the most valuable and unforgiving part of this trinity of obstacles.

It’s a lot of time so far and I’m only squaring up for the multiple choice. I’m spending about an hour a day revising and reviewing. Playing with the tools and challenges from the books is pure geek fun, but factor in about six hours a week. These numbers may have to increase, especially on dreaded *nix OS knowledge, which is a bit of – or a gaping hole – a weakness of mine.

None of this time is wasted as it improves on my skills and knowledge, which equates (hopefully) to increased market worth. Yes, it means juggling some of the junk out of my life to make time for study. I, sadly, now don’t watch the Biggest Loser or the Bachelor anymore. I refuse to give up House, 24, the occasional drinks after work and having a life though.

As always, I take my hat off to those with families who still make time to spend time to excel at their profession. It’s not easy to spend so much time lock away in a room away from loved ones and friends. Still, this effort can lead to opportunities in the future that benefit them directly.

Money:

Exam fees, travel, accommodation and time off work are the major financial costs.

With any staff/business cost, it needs to be justified and measured again a return on investment for with the business sees benefit for. For the GSE exam itself, I wrote a business case from my boss in the advantages having me attempt the GSE. As an example, I put forward most of the study effort would be done in my own time and they are directly benefitting from what I’m striving for. By applying my increased knowledge, awareness and skills to our environment I could better serve the security needs of our business. They agreed to pay for the exam fees and time off, but I picked up travel and accommodation to the States. As I live in Australia, that was a fun conversation to convince the better-half of the overseas travel costs, especial to somewhere like Las Vegas.

No certification will magically increase my salary overnight, but it can be a powerful motivator and differentiator at review or interview times. An added bonus, having the GSE avoids needing to recertify in your existing GIAC certifications. That’s a fair cost saving incentive to my company and a significant reduction of study hours.

Confidence:

It’s going to be a tough exam. I might fail. Would failing make me the black sheep of the security community or condemn in to corners at parties?

I think not.

Working on any major project by yourself is awful. However, get a group of determined, motivated, likeminded people working together toward the same goals, Fear, Uncertainty and Doubt (FUD) become distance memories. I found working with others helps me understand issues with greater clarity and removes a great deal of anxiety when dealing with complex topics, questions and problems.

Yes, I’m as nervous as heck and may crash and burn horribly, but if I do, that’s life and that’s an experience to not be forgotten. The more practice with real world challenges, whether I succeed or fail, provides invaluable experience. With a great group of people to training and study with, our chances of passing the GSE are only going to increase.

As a last parting shot to those still on the fence:

Without a critical mass of people having the GSE certification, it’s not going to go anywhere and SANS may have to drop it. We’re then stuck with industry bench marks qualifications that fail to prove anything more than you can pass exams on academic topics. Yes, that’s more than a touch sweeping but when I see hands on security jobs requiring only management orientated security qualifications, I despair; HR/management has once again written the job advert and they’re just using the expected, ill-informed industry base line of security skills. So why not get a some certifications up on the board we can aspire to that have real world value that can be measured?

I hear horror stories of the Cisco’s CCIE final lab exam pass rates. Despite around only 26% (according to Google searches) of first timers pass the $1250 exam, that doesn’t seem to stop them from retaking it and retaking it until they pass. The recognition and value of the exam allows companies to fund their staff until they pass, providing them to be seen as employing the best and brightest. Those that pass the qualification are proudly acknowledged as being top of their game, even by those that don’t know a switch from a box of cheese.

All I’m hoping for is a few people to take this exam with me. To be able to study and learn with and from others is an amazing boost and motivator. The IT security industry is still very young, and certifications may not be the best way forward, but currently they are all we have. Why not get one top end security qualification universally recognised as worthwhile, value for money and hands-on=ability validating by people from inside and outside of the IT industry? The GSE could be the first of those if we, the security community, get it there.

I hope at least a few of you sign up or convince a friend, colleague or fellow student to that step with me.

Sorry for the length of the post. It started out as two paragraphs and then I got caught up….

SANS exams are open book, this means you can refer to the books at any point during the exam. In fact you can refer to any paper notes during the exam, only electronic notes are disallowed. Time is the enemy in open book exams, as spending too much time flipping pages or jumping between books looking for an answer slows you down horribly, eating away at the precious seconds.

The way I use indexing is to jog my memory and note tools, processes, concepts and the like next to the page number it appears on.

I only have page entries when I need to recall something on that page. This saves time when during an exam as I can to jump straight to a reference.

Using a lined book I put down the page number, the title of the page and some key words or details. These details may be a formula, port numbers someone’s name or command line syntax.

At the top of each page I have the course and book number as a title.

As an example

503 Day 2

P99 TCPdump commands -F \location (tcpdump filter expression in a file) -s 0capture full packet -X display in hex& ascii

P130 filter for weird stuff in IP source and dest fieldsIP[12:4] != 127.0.01 and IP[16:4] != 10.10.10.10

Post-it tags can also be very help to mark out section full of tables as another form of reference for quick jump to sections.

As an side, my tutor for 503 was Mike Poor. As I read through the 503 pages making notes, I have him on the iPod. This unfortunately means I unconsciously use him as a narrator for my study notes. Even some of his jokes have started to appear in the notes…. I think I may know some of his stories better than him now