Clik here to view.
BSides Augusta gallery and pictures
MediaThe gallery for BSides Augusta can be found in my Photography section. BSides Augusta 2015 BSides Augusta, Georgia, September 12, 2015. My Blue Team Starter Kit talk is available on...
View ArticleClik here to view.
DerbyCon talk and impressions
DerbyCon lived up to its top billing as one of the best security conferences to attend. It is amazing how much is going on at the conference the entire time. Five talk tracks, CTF competition, lock...
View ArticleGoing for the CISSP
I've started the process of gathering resources for acquiring a CISSP certification. The CISSP (and certifications in general) have been mocked quite a bit in the security community. What I think most...
View ArticleClik here to view.
The Martian, quick thoughts
I've been talking about The Martian for months now. I've been patiently (and excitedly) waiting for the movie and I finally got to see it last weekend. It's an excellent movie that does a really good...
View ArticleMore resources for IT certifications
The latest Exploring Information Security podcast episode, "What certifications are available for infosec professionals?" released yesterday and I've already started getting some great feedback from...
View ArticleClik here to view.
Investing in the people who work on a security team
I was recently featured in an article title The support security leaders need for better cloud security on CSO Online by fellow palmettoian(?) Michael Santarcangelo. I'm working with Michael on...
View ArticleClik here to view.
Trends 2015 presented by IT-ology wrap-up
Trends 2015 presented by IT-ology was today and I am exhausted.Every year in the fall IT-ology selects a technology topic to hold a conference on. This year was security, so naturally ColaSec was...
View ArticleClik here to view.
Blue Team Starter Kit - Introduction
I recently gave this talk at BSides Augusta and DerbyCon this past September. BSides Augusta is a longer version where I demonstrate each tool. DerbyCon is a shorter version where I talk about each...
View ArticleClik here to view.
Blue Team Starter Kit - Google for research
Google is a powerful tool for information security or IT in general. I was first introduced to Google back in 2003, while serving in the US Navy. Before Google I had used Yahoo, Netscape, and Lycos...
View ArticleClik here to view.
Blue Team Starter Kit - Twitter for intelligence
Twitter is a wonderful tool for getting live streaming information from around the world. This isn’t exclusive to information security. Sporting, political, entertainment, and other types of news...
View ArticleClik here to view.
Blue Team Starter Kit - ZAP for application security
I remember hearing about ZAP on my ride into work, listening to Security Weekly. After a little researched I discovered that it was a tool supported by the Open Web Application Security Project. OWASP...
View ArticleClik here to view.
Blue Team Starter Kit - Forensics with Redline
“I guess we’ll just re-image the box then” is the phrase I often used early in my IT career. That was standing operating procedure for a compromised machine. We would receive a SOC alert. We would go...
View ArticleClik here to view.
Blue Team Starter Kit - Computer hardening with EMET
EMET is awesome.Microsoft's Enhanced Mitigation Experienced Toolkit (EMET) is also free and adds an extra layer of protection to computers. Released in the fall of 2009, EMET is currently at version...
View ArticleClik here to view.
Blue Team Starter Kit - PDQ Deploy for patch management
Patch management is one of the hardest initiatives to solve for an organization. Setting up a Microsoft Windows Server Update Services can help with Windows updates. Third-party software patching is a...
View ArticleClik here to view.
Yet another reflection and look ahead post
2015 was a good year for me. After seven and a half years, I finally graduated from the University of South Carolina. I changed jobs. I spoke for the first time at a conference (three actually). I...
View ArticleClik here to view.
Patreon page setup
I've been toying with the idea of setting up a Pateron page for a while.I don't produce podcasts to make money. I produce them because I enjoy it and I get to have conversations with some really...
View ArticleCSO panel and thoughts on Cardinals-Astros breach
Last month I participated on a panel for CSO on, "The pathway to the security talent we crave." The audio and transcript from that panel is up for those who have a free account with CSO.Former St....
View ArticleClik here to view.
GSEC Analyst 38087
This past Wednesday I took and passed my GIAC GSEC exam. I am now officially GSEC Analyst 38087!SANS 401 - Security Essentials and the GSEC exam are the main reason why I haven't been posting very...
View ArticleClik here to view.
Security and SDLC: Getting started and working with others
Getting security into the software development life cycle (SDLC) seems easy. Just write good code and wallah security is in an application. That would be nice, but unfortunately, it doesn’t work like...
View ArticleNSA TAO Chief Rob Joyce on network defense
The above video is from the USENIX Enigma conference, in which Rob Joyce, Chief, Tailored access Operations, of the National Security Agency spoke. He spoke from the attackers perspective and gave some...
View Article
