Tuesday, September 19, 2017

My first SANS/GIAC certification

I have several infosec certifications, but most are from ISC(2) and ISACA.

This past week I learned that I passed the test I took for a new GIAC certification: the GSTRT, which is for the GIAC Strategic Planning, Policy, and Leadership.  Its tied to SANS's new MGT514: IT Security Strategic Planning, Policy, and Leadership, which I took last year.  At the time there was no cert, so I got to beta test the new exam.

Not having done any of the GIAC certs, this was a new experience for me.  GIAC allows you to bring your books with you, so I knew it was vital to prep for the cert.  I read and re-read my books and also created my own index of the books.  This was vital because one volume was devoted to leadership concepts, and it had a lot, many I wasn't familiar with when I took the course.  In many cases, they almost introduced a new concept every 2-3 pages!

I don't know my score yet, but am curious to learn how well I did.


Monday, September 18, 2017

"Hacker Summer Camp" 2017

This past July I went out to Las Vegas for the first to attend some of the events referred to as "hacker summer camp": Black Hat, BSides, and Defcon.

Now, I did not attend Black Hat as the event was pretty expensive.  I did want to drop by the exhibit hall, but couldn't get in.  I did attend the ISSA and ISC(2) receptions tied to the event.  I was a little disappointed that ISACA made a big deal about being at Black Hat but didn't do a reception of some kind.

I mainly came to attend BSides and Defcon and stayed at the Tuscany Suites where BSides was being held, which I recommend.  This guaranteed you a ticket for BSides.  I also got the meal ticket deal (breakfast & lunch) at BSides, which made me a sponsor and got me earlier checking at the sponsor table.  I also pre-ordered a t-shirt (recommended).

There were a lot of interesting sessions I attended.  I'll need to do another posting on some of the sessions I went thru and give more info on them.

Once BSides was over I attended Defcon.  This event was a bit overwhelming.  There was a big line for the trading post (cash only!), and I mainly wanted to get a t-shirt.  I was a little disappointed that the badge this year was a rubber badge, not an electronic one.  But many others had their own badge and I got a few.

Defcon is almost a collection of conferences.  There are main Defcon sessions, which are in HUGE rooms, four at a time.  Then there are a half dozen or so "villages" which have activities and their own sessions.  Skytalks was a good one, but there are villages for privacy & crypto, car hacking, IoT, and many others.  There was also a vendor area (but not open the first day).  There were many interesting vendors.  One I had met at BSides is HackerBoxes

As I noted, a lot of groups, including some of the villages, had their own electronic badges.  I really wanted a few, but they were cash only.  I didn't consider that and didn't bring a lot of cash with me.  And using ATMs was expensive.  So next time I will bring a lot more cash. 

I did some fun things, like solider a small badge at the Hardware Hacking Village (wasn't their big electronic badge they had, missed out on that).  Had some interesting conversations with several people. Met a few interesting people and groups.

Not sure if I'll go back next year or when I'll go back.  I would probably want to submit some talk proposals to BSides (I had thought of doing some this year, but wasn't certain if any I do would get accepted, but after seeing the sessions I should have submitted some).  I would again get a room at the Tuscany and had debated getting one just in case I decided to go.  Just don't know at this point.

I'll post some pics soon.