6 days ago
DerbyCon and I
I struggled with many titles for this post. DerbyCon Worlds #1 Infosec conference, DerbyCon and what you missed, DerbyCon why it 0wnz… but in the end I wanted a clearer message. So here is the short version. DerbyCon was the best Information security conference I have attended period. Now take that for what it is worth, I am not some pro infosec con guy. In fact I am realively knew as you can read from my former blogs if you are extremely bored. About the last two years if you rather not. A short quick list: BlackHat, Defcon, BSidesLV, CarolinaCon, ShoeCon, and then a few other ISSA/Infragard things thrown in. All of these cons are great and by no means would I ever say go to one and not the others. In my opinion any conference and information is better than none.
So to try and figure this out I look at what was different between this con and the other major cons I have attended in the past.
- I drove to this con
- I took training at this con
- This was the 1st DerbyCon (perhaps they all start like this)
- I finally met some folks I had known online for a long time
- I focused on the Con and not the drama in personal life
As you can see I have several variables that may not apply to everyone. Honestly I have drove to other Cons (CarolinaCon for instance) and it has not made it this good. Please don’t take me wrong CarolinaCon rocked and the information and value on the money has exceeded all others so far!
It was cool to randomly ask people in the halls and elevator how they are enjoying it and if this was the first conference they have attended. Everyone I spoke to had great things to say and most of them this was the first information security conference they had attended. The ones I asked that had been to others mentioned this was one of the best cons they had been to. The energy, the quality and value for the money, and the size all seemed to fit perfectly in my opinion. I know some people complained about different things and I can see the points being mentioned by some of them however if you just relax and enjoy everything goes so much smoother.
#Derbycon and first con training
Derbycon is right around the corner and I am looking forward to this event. As much as I enjoy traveling and seeing other locations it is nice to have another conference within driving distance.
I will also be experiencing my first con training. I have been in college for the past 5 years, working full time and doing what I can with my ESXi lab and reading on my own. I believe this will be a great experience and I am sure I will learn allot. I signed up for the corelan training see here (the win32 exploit bootcamp). I do enjoy the network aspect but am sure no matter what that I wanted a bit more understanding on the client side exploits and inner workings. This seems like the perfect opportunity to get that and perhaps I will find that I enjoy it and pursue the learning about exploit development and debugging more in depth.
If you will be at Derbycon hit me up on twitter and perhaps we can catch a bite to eat or grab a quick drink between catching up with friends in the industry and the awesome lineup of talks (see schedule).
Back to rechecking my VM’s and making some backups for the Corelan training.
What works for me.
So recently I have gotten many questions and comments about my weight loss and complaints about how picky of an eater I have become. This is far from True but we will get into that more later. Many have asked how I did it and what they can do to get the results. So here is what I did. I am NOT saying this will work for you or that you will have the same results. What I do know is that ANYONE can do this and just like anything else in life you have to want to do it bad enough and put your mind to it.
A few disclaimers. I am not a doctor, health specialist or anything. I am a geek who enjoys staying in a healthy condition and trying to help others if possible. I have read that you should always consult a doctor before starting any kind of new diet/exercise. I did not and I understand the huge risk of dropping dead tomorrow because I did not pay the 150.00 or whatever Dr visit would cost for an official word on the safety of my actions. I have not even read the entire book yet! I have done exactly as Tim says in the book and skipped to the sections I wanted. I assume I could loose more weight or possibly gain weight by doing more of the activities and recommendations in the book.
Back when I was finishing up my Bachelors degree and feeling tired all the time I noticed my weight was also getting a bit out of my comfort zone. Through high school and my military career I maintained on average 150 – 160 lbs. I was hitting the 199+ mark anytime I went over the 200 mark I would do whatever I needed to get back down below 200. (no particular reason just my comfort level. I have nothing against people who weigh much more than that)
I was introduced to the book: The 4-Hour Body: An Uncommon Guide to Rapid Fat-Loss, Incredible Sex, and Becoming Superhuman. I started off slow just eating some of the recommended foods and trimming back on many. This small changed dropped me 15 lbs. in less than 3 weeks. I was not even exercising or starving myself. I realize most of the concepts are not new and many diets share similar traits. I also do not believe anything is a cure all for EVERYONE. What I do know is this worked for me and I liked it. It was quick, easy and showed me results. I could have gotten the same results other ways but the point is this is what I needed to get these results.
Total I have lost 32 lbs. from my highest recent weight I have ever weight to now. I fluctuate through the week but on average loose about another pound a week if I following my pattern with light running/exercising as well.
Breakfast:
May not look good to you but for me it is quick, simple, and effective. I actually enjoy it.
I used to skip this meal…honestly. I had heard thousands of times on how it was the most important meal of the day and I still skipped it. So here is what I have just about every morning.
- 3 hard scrambled Eggs
- about 3 cups of frozen spinach
- 2 sausage patties or chicken
- about 2 cups of black (or some other canned rinsed beans) favorite is the southern style with jalapenos!
- light balsamic viniger mixed into the spinach
- Bonuses not every morning but when I have them: Avocado, Fresh natural salsa, fresh spinach or some other form of salad.
I nuke the spinach for about 2 min in the microwave, cook the sausage in a skillet on the stove, drain most of the grease out then drop in the 3 eggs and scramble them up. I add a splash of balsamic vinegar to the spinach in a bowl as the eggs are cooking. I drop in the beans and warm them up in the skillet also with the eggs. From start to finish takes me less than 7 min and literally takes me longer to eat it than it did to cook it up (and I am one of those fast eaters from back in my Army days that everyone hates to eat with).
So what about lunch and dinner?
Well I basically do not eat pasta, bread, sugar, fruit (yes not even fruit other than my cheat Saturday and that is the day I eat and drink whatever I want and as much as I want). So lots of Salad in different forms (normally little to no dressing) I use salsa for flavor most of the time. Also meet (chicken and steak, beans, tuna, fish, eggs). I will post more pictures and info later. Again I hope this motivates you to find what work for you if you even need anything to do so. If you are happy stay happy. If you want change you cant keep doing what you have been doing and expect things to just happen for you.
I have successfully kept to this diet on multiple out of town conferences. A can opener, canned tuna, fresh salad mix and some eggs normally ends up saving me money and keeping me feeling great. Do I miss the pasta and burgers and fries? hell yes at times but I eat those on Saturday if I really want to.
That is if for now, oh wait also NO SODA!
I am lucky? and not addicted to coffee but even that is OK if done right from what I read. I stick to Yerba Mate from here. Read all about it here or Google is your friend! I was drinking this about a year before I started the diet. Again not for everyone and tons of different flavors/types however all that I have seen more healthy than any soda you could drink.
CarolinaCon and other random updates
CarolinaCon was a blast! Thanks again to all the organizers, speakers and all the attendees. I had a great time catching up with some of the others I have met and meeting new faces/names. The presentations rocked and the knowledge gained was well worth the wait/drive.
I enjoyed all the presentations however a few stuck with me more than some others. Again they all where better than anything I have ever put together and I appreciate the work each speaker put into the talks.
I did pass the Microsoft 70-298 before attending the con and that was about time.
Got the Derbycon standard ticket ordered and hope to upgrade it to some training within the next few weeks or so depending on how the money works out.
It was great to finally meet up with @purehate_, @j0emccray and @DaKahuna2007as well as many others.
Finals are going quick, I have one more to complete and then see how the grades look. I must admit they will not be as high as I would have liked however balancing school, work, newborn, cons, certifications and sanity tend to be a challenge and honestly will be happy gaining the knowledge and having the ability to learn more on my own.
Motivated and inspired with great ideas and the desire to not settle for the norm and make positive changes I look forward to see what the next few months will hold.
Some quick goals (just to keep myself in check)
Finish Bachelors program (graduate)
fund corelan training @ DerbyCon check: w00t this will rock!
Sign up and take PWB online
complete two more MS certs to close out the MCSE (then work on upgrading it to server 08)
update ESXi test lab and some other hardware in home lab setup. (possibly adding an additional ESXi or Xen server)
Finish up Summersec cons and fun
I am sure I missed some stuff but that should keep me going for now
SummerSec
As if being a fulltime student, father and working was not enough I figured I would cram as much as I could on top of what I hope to be my first summer of freedom in over five years. The past five years I have been enrolled in school at least with two classes every semester and finishing up with 5 this semester to hopefully graduate this May. For a few short months I debated on diving right into the Masters program at ECU however after some more thought I am going to take at least a few months to a year off and re-coupe and hopefully relax… so I thought. What better way to kick off my first summer of no classes than to pack if full with infosec.
Along with the monthly ISSA, 2600 and Infragard meetings this summer looks a bit… full/fun and exciting.
So here is my schedule for the next seven months as of now:
• Tomorrow 16 March 2011 Infragard Charlotte NC
• April 1st ISSA and 2600 monthly meeting Great meetings!
• April 5th AB-Tech SEC220 class presentation with Infosec class Thanks all I had a blast!
• Microsoft cert (I need 3 more for the MCSE, so figure I will do one before CarolinaCon) 28th April passed 70-298
• CarolinaCon 29th April – 1 May (order DerbyCon tickets 29th) Best 20 bucks I ever spent!
• 8th Annual Charlotte ISSA Security Summit 5th May lockFALE, + lots of great talks and information.
• ISSA Upstate SC monthly meeting (not sure if it will be on but will go if so) 6 May (also graduation date?) sorry not making this one 
• Techsec Myrtle Beach SC June 5th-8th my first time out, great conference and good info. Like to attend again next year if possible.
• Trip to Las Vegas July 30th – Aug 9th to include: What a blast!
o BsidesLV Aug 3rd-4th
o Defcon19 Aug 4th-7th
• DerbyCon Sep 30th-Oct 2nd
Support Hackers for Charity, add a #twibbon now! HFC on your twitter icon.
Pwned by RHCE and lack of time to prepare
I have been using Linux for many years. I passed the RHCT last year around this time no problem after taking the class through ECU. I had just finished another coarse geared toward the RHCE and as my last post mentioned I got a chance to take the exam free. Boy am I glad it was free, that thing brought the pain down onto my newly found confident ego. I will focus on work and the 5 classes I have to finish up the B.S.I.T. and then try it again before moving onto one of my more early goals of PWB
On a side note I was told by someone at the Veteran’s affairs office that I could park in handy capped parking with my partially disabled Veterans tag in NC. I rarely take advantage of this and only when my back is giving me trouble, and even then I normally park in the farthest off spot. Well I come out of the RHCE and see a parking ticket on my truck issued by the ECU campus security. It is only 35.00 however there where 6 other spots closer to the building than I parked empty. I am appealing the ticket and will see how it goes. The security officer I talked to told me to park on campus I would have to get special permission. Being a DE student that is not needed and if this is the case I will no longer park in handy capped parking spots on ECU campus. Lesson learned.
New look
Ok, working on a new look and updating everything. Hope to have more soon however this semester is going to be a hectic one to say the least.
swim or grind
Long time and no update. Shortly after getting the free retake offer from ISC2 I signed up to resit for the CISSP exam on 18 Dec. They gave me a year but I wanted this behind me and I figured with only having missed passing by four points I figured I had a better chance this time around. Also with the free pre-recorded training they granted me access to as part of the grading error my confidence was boosted.
Two days ago I got the familiar email:
Congratulations! We are pleased to inform you that you have passed the Certified Information Systems Security Professional (CISSP®) examination - the first step in becoming certified as a CISSP.
I had started the endorsement process after my last email stating that I passed so I shot them a quick email making sure they still had the information. They did and shortly after asked for some more detailed information that I gladly supplied.
Today I got a new email:
Congratulations! It gives me great pleasure to be the first to address you with the Certified Information Systems Security Professional (CISSP®) designation! Based upon your examination results, a review of your application and acceptance of your endorsement, the (ISC)2 Board of Directors awarded you with the CISSP designation. By virtue of becoming certified by (ISC)2, you are a member of the (ISC)2 Electorate and have certain voting privileges that are specified in the (ISC)2 Bylaws.
So now I feel like this goal has been completed and just in time. Once again I have seemed to overbook and over promise my time and resources (anyone reading this I am sure can relate)
I was on a nicely paced track for graduating with a Bachelors in Information Technology this May. Averaging about 3 classes every semester including summer sessions if I could get the classes. Well last semester I got behind in my Project management class. I failed the class and I have no-one to blame but myself. I did score and “A” in my Intrusion Detection class and a “B” in my Linux Networking Class. Another semester back I dropped the ball on 1/3 of my classes it was Microeconomics. Similar situation although I do not have an excuse of studying for the CISSP on that one.
Long story short I am taking the three classes and a lab I was originally scheduled as well as the two I failed to meet my goal of graduating May 2011. I also am scheduled to take the RHCE next week. I should pass on the RHCE however the university is offering it FREE as long as I made a “B” or higher on that last Linux class so that is a hard offer to pass up. I know I will not have the time or recourses I would like in an ideal situation but I will adapt and overcome….or fail trying.
I am looking forward to CarolinaCon and DerbyCon and then BH/Defcon in Vegas with hopefully some Bsides mixed in.
The next four months will prove to be challenging I am sure however I have made it this far and life continues. I would like to thank all the support I receive from friends and family IRL and all the great people over in irc.Freenode.net.
This will be most likely the last update for some time not that anyone reads this anyway 
Posted on January 13th 2011 in Uncategorized
Try Harder..yes, I get to
So i sat for the CISSP exam in Atlanta , GA , USA (ISC)2 Examination – September 15 , 2010
I waited and waited for the results.
Oct 21 I got the great news:
Congratulations! It gives me great pleasure to inform you that you have passed the (ISC)2 credential examination and are now an Associate of (ISC)2.
I tweeted, I posted on my school Infosec class forums and even started providing the documentation for finishing up the process. My IDS instructor reviewed my documentation and signed the Endorsement documentation.
Nov 9th:
This email confirms that (ISC)2 has received your endorsement documentation and placed it in queue to be reviewed.
Nov 23rd I make a 11 hour drive down to FL for Turkeyday. My phone wakes me from a nap after the long drive. ISC2 representative letting me know they made a mistake and I did not pass. She mentioned an email they sent me:
We regret to inform you that due to a technical error, (ISC)² sent you an incorrect exam result notification. You did not pass the CISSP exam for the Associate of (ISC)² designation, and we will not be able to identify you as an Associate of (ISC)² until such time as you have passed the exam.
The error arose when we implemented a new scoring interface as part of our transition to a new exam delivery and scoring provider. Some candidates whose exam results were scored between October 15 and 21, 2010 received an inaccurate test result notification. We have verified through rigorous testing and data review processes that the problem has been corrected, and we have since enhanced our quality assurance procedures to mitigate the possibility of the error occurring again. We have also verified that exam results scored before and after the period of October 15-21, 2010 are unaffected by the issue. The problem has been corrected, and we do not expect to encounter any further issues.
On behalf of all (ISC)² employees and board members, we offer our heartfelt apologies to you for this error. We understand the high-level of difficulty the CISSP exam presents to professionals and how hard candidates work to obtain their certifications to reap its many benefits, including better job opportunities and salaries. During this tough economic climate, we realize that the certifcation has become even more desired by information security professionals and critical to obtain. We deeply regret any personal distress that may have been caused by these erroneous notifications.
We are happy to offer you a full refund of your exam fee and the opportunity to retake the exam at no charge. Customer Support Advisors are standing by in each regional (ISC)² office to assist you with the reimbursement process or to help you register for an upcoming exam at no cost. You may also access a complimentary archived Live OnLine CISSP CBK Review Seminar session in an effort to further help you study for your complimentary exam retake. The session contains 20 two-hour sessions that provide a thorough review of the 10 domains of the (ISC)² CISSP CBK. Please find these materials at the following link: www.isc2.org/cbksessions. We will provide you the password to access the materials in a separate message should you decide to avail yourself of this offer. (ISC)² is also happy to send a letter signed by Executive Director Hord Tipton to your employer explaining the reason for the error.
Further, we are in the process of creating venues for closed exams for affected candidates should they wish to retest before the end of the year. We will follow up with affected candidates to get them into these events.
It is our intent to ensure the integrity of the certification and hope you understand that these corrective measures are absolutely necessary. We are standing by to assist you as you move forward in your quest to become an (ISC)² credential holder.
Sincerely,
(ISC)² Management
I quickly emailed my instructor apologizing for the mishap and expressed my intent to pursue the next available exam.
Also after getting back home I found this on ISC2 official blog.
I also actually got some helpful information on my results and what areas I need to improve on.
Along with seeing how close (or how un-prepared for the exam I was the first time around)
We are sorry, however, to inform you that you did not achieve a passing score. Your scaled score
on the examination was 696.00. A scaled score of 700 or higher is required to achieve a PASS status on the examination.
I am trying to look at this in a positive light, I am thankful for the free retest and also the online CISSP CBK Seminar. I feel confident with that and my previous studies I will be able to put this behind me and score much higher than I originally did.
I intend to take this exam again before the end of the year and with a full school, work, and home schedule (not to mention the cons and other certifications I had planned on taking) I am sure this will be fun to say the least.
So to the family and friends…. please be patient with me.
