Information Security resources for beginners

October 16, 2018

I wrote a recommended resources post back in early 2017. I’d like to update that, as the resources I recommend have changed. I try not to think of my podcast as something for new people to the infosec field. However, the people reaching out to me the most are people who are new to the field. So, I’ve given in and I want to start creating a series of posts directed at new people or those trying to get into the industry. These posts are meant as a gateway, not an exhaustive list.

These are the resources I find the most useful. With out further ado.

Websites:

Krebs is considered the public Intrusion Detection System (IDS) for companies. If you’re getting a call from him, it’s probably not good. He covers various topic primarily around breaches, skimmers, and unmasking malicious actors. I’m friends with Steve. He reports on a variety of infosec related topics. When something breaks on Twitter he’s one of the first people I check to get accurate information.

Podcasts:

Risky Business is the best security podcast out there. It’s the podcast with the best content and quality. The podcast allows me to stay up with the latest infosec news. He’s got sponsored (gotta pay dem bills) podcasts that are just as useful. Security Weekly was the first podcast I listened to. It’s great for getting information and gaining an understanding of the hacker culture. After a while, for me, it turned into a bit of a boys club where they go off on tangents and genital jokes. Episodes are usually two hours long which sucks up a lot of podcast listening times. Finally, there’s the Peerlyst list of podcasts. It has an exhaustive list of infosec related podcasts.

Conferences and local user groups:

Conferences and local user groups are a great place to learn, while also meeting people in the field. The security community is inclusive and welcoming if you put yourself out there. That means doing that awkward social thing. There is very likely a BSides near you. Most local user groups can be found on meetup.

Training:

Information security is an ever changing field. To stay relevant in the field requires curiosity and a willingness to learn new things. Before getting to that point, we need to learn the basics. Irongeek and Pluralsight help with the basics and staying up-to-date. SANS SEC401 is a general course that will provide a good foundation for any security professional. I thought I was above the course, as I was taking it three years into my infosec career (and several more in IT). I was so wrong. The course helped fill in a lot of gaps for me from a security and IT perspective. I highly recommend the course for beginners and those already in the field.

This blog post first appear on Exploring Information Security

2018-02-04 11_25_27-social engineering wikipedia - Google Search.png

Social Engineering for the Blue Team

February 4, 2018

I am happy to announce that I will be doing a workshop at Converge and BSides Detroit this year. The conference is May 10-12 in Detroit, Michigan, at Cobo Hall. Tickets are currently available for this event. It's a great conference with some really great trainers and speakers. I am humbled to be a part of the experience again this year.

I decided I wanted to do the training on this topic, because I think it's something our industry needs. Building relationships is very important for security. It's what allows us to get buy in from leadership, probably the most important factor in setting the tone for security at an organization. It's also what allows us to more easily get security implemented from a compliance and technical stand point.

I tried submitting this idea to some conferences (DerbyCon) at the end of the year last year. I wanted to avoid the use of the term social engineering, because I saw it as a sexy word. Something the red team only did. I didn't get any traction on the idea. I had a really long title. Something like, "Building relationships to get more security blah blah blah (boring!)."

After I read, Chris Hadnagy's book, Social Engineering: The Art of Human Hacking I realized that it's more than just a red team activity. In fact Wikipedia has multiple entries on the topic. It's not just security focused. It's also political. Reading the book it's even more than that. Sales and marketing people use social engineering. In fact, we all do it, to varying degrees. Some better than others. The book is focused on red teaming for social engineering. A lot of those concepts, though, I could easily apply and even provide examples of doing on a day-to-day basis.

Maybe I should backup for a moment and explain what I do. I sit with a development team. I don't sit with the security team. I am their security resource. I liaison security needs to them and development needs to security. The role has expanded to working with multiple teams and multiple departments. A large part of that is because I seem to have a knack for getting along with people. And that's because I apply a lot of social engineering techniques that red teamers us to breaking into a building or network. I never truly understood why until I started studying social engineering.

That has resulted in me not only understanding the why, but also how I can be even better at what I do. I would like to share that with the infosec community. I think we can all be better at interacting with other departments. I think using these techniques we can get even more done. We can reduce frustration and stress. We can have more opportunity to talk about security and influence others into a more secure mindset.

I've submitted this topic to multiple conferences. I was accepted as an alternate for BSides Nashville (tickets go on sale February 14.2018). I'm waiting to hear back on others. In the interim, I've started working on my slides and training. I plan to use the podcast and this blog as an opportunity to get my ideas and thoughts out of my head. Feedback is encouraged either in the comment section below, on Twitter, or email (timothy[dot]deblock[at]gmail[dot]com).

This blog post first appear on Exploring Information Security.

GSEC Analyst 38087

January 21, 2016

This past Wednesday I took and passed my GIAC GSEC exam. I am now officially GSEC Analyst 38087!

SANS 401 - Security Essentials and the GSEC exam are the main reason why I haven't been posting very much lately. With the course and exam out of the way, I plan to get back to postng more regularly. Before I do that, I wanted to give some quick thoughts on the course.

When I was told that I would be doing the SANS 401 course back in November, I was a bit annoyed. I was just about to start studying for the CISSP and was essentially told to forget that and focus on this course and the accompanying exam. I thought I was too good for a 401 course. I have 13 years of experience in IT. The last three and half of which I've spent in security. I didn't need some entry level training. Boy was I wrong.

What SANS 401 security essentials did for me, was fill in a lot of holes in my IT and security knowledge. Networking things such as the OSI model, TCP/UDP traffic, and so on. It also introduced me to things at a higher level such as risk management, critical security controls, and so on. I learned new things about Windows, and I've been working on Windows since NT. I also got a better understanding of the Linux operating system.

The course taught me a lot of new things, while giving me a deeper understanding of the things I already knew. It was a very valuable course for me to take and I would recommend it for anyone in security.

This post first appeared on Exploring Information Security.