_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: June 2010 var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Sunday, June 20, 2010

SANS Security 542

I recently attended the SANS Security 542 Web App Penetration Testing and Ethical Hacking
class at SANS Fire. I have to say that this was one of the most energetic SANS classes I have ever taken. Kevin Johnson (hacker princess) did an amazing job of keeping the class engaged and on track. There were a bunch of hands on labs every day, which helped reinforce the material we covered. It also prepared the student for the day 6 Capture the Flag exercises.

In the class I extensively used the Samurai Web Testing Framework (WTF). The great part of this platform is that I became very familiar with its use during the class. The wise student will take Samurai WTF  back to work to help identify the holes that may exist in their own environment before someone else does.

Saturday, June 19, 2010

Goodbye CSA

Cisco recently announced the End of Life for Cisco Security Agent (CSA). CSA was the first security product that I had the primary responsibility of evaluating. This was just after Cisco acquired the product from Okena in 2003.

I really believed in the idea that you could let the agent learn what is "normal" and systematically block everything else. Although I was never able to get it to work as I thought it should, I heard many times that it did meet the needs of others.

This marks both the end of CSA and the end of my first security product evaluation.

SANS 560 Network Penetration Testing and Ethical Hacking -- Free Preview!

My new found friend Doug Burks is offering a free preview of the outstanding SANS course, Security 560, Network Penetration Testing and Ethical Hacking. I have personally taken this course and highly recommend it to everyone who wants to learn how to perform network penetration tests. If you are in the area, I strongly encourage you to attend.

The Greater Augusta ISSA will present a 2-hour preview of the upcoming SANS 560 Mentor class on Thursday, July 15th. Please join us for a FREE preview of this exciting class!
What: The Greater Augusta ISSA presents a SANS 560 Preview
How: This is a FREE public meeting. Please confirm your reservation by sending an email to reservations@augusta.issa.org

When: Thursday, July 15 9:00 AM - 11:00 AM
Where: Augusta State University
2500 Walton Way
Augusta, GA 30904
Allgood Hall E-258

Friday, June 18, 2010

No More Mondays Review

I just finished reading No More Mondays by Dan Miller. What a great book! It gradually moves you to where you will be equipped to identify your Skills and Abilities, Personality Tendencies and most importantly, your Values, Dreams and Passions. It gives real examples of how to get yourself on track to a more meaningful career. Highly recommended!

Thursday, June 17, 2010

SANS Mentor Comes to Chattanooga

Starting August 3rd, I am conducting a SANS Mentor session in Chattanooga, TN. This will be the very popular SANS Security Essentials course. This was the first SANS course I took and still find it to be very relevant to my work. Send me email for a 10% discount.

Cyber-Security for Kids Impact Statement

The following are the results from the first 4-H Cyber Security Poster initiative. This was made possible through a partnership with the Hamilton County UT Extension Office and the SouthEast Tennessee InfraGard Members Alliance.

I guarantee you will be impressed at the direct impact of this program on the attendees. This is an excellent program that really allows our chapter to be involved with increasing the security posture of the community.

• 909 youth in grades 4th – 8th participated in a Cyber-Security educational program.

• 909 youth watched movie clips on the dangers of chat rooms and cyber-bullying.

• 909 youth watched movie clips on the potential outcomes of cyber-stalking and talking to/meeting people they do not know.

• 909 youth were educated on potential hazards of file-sharing, opening attachments, posting pictures, and Malware.

• 546 youth or 60% of youth participated in the “How to Stay Safe Online” poster contest. (The contest was completely voluntary.)

• Two youth reported an incident of cyber-bullying to their guidance counselor through this program.

• Over 50% of youth in attendance had been bullied online.

• Nearly 90% of youth in attendance have established social network identities on sites like, MySpace and Facebook.

• 95% of youth in attendance were unaware that once a file is uploaded to the internet, it cannot be deleted.

• 620 youth in attendance were under the age of 12 and therefore could not legally establish social network identities.

• 100% of youth in attendance learned something about cyber-security that they did not know.