No more mr nice guy 8mile style

So odd title I admit. I wanted to do some sort of update for months now and somehow always came up with some awesome excuse to put it off. Today that changes sort of and though I am sure I will not get everything I need pushed onto this post I figured I will go with it.

Lots of changes have happened between now and my last post 6 Oct 2011 (wow I am a true slacker).

Some Random updates:

• First off I am looking into relocating this site to anything but go-daddy. (I know I am way late on this and must let some things go and this was one of them.

• I moved out of the mountains and though they are only about 2 miles away I do miss the friends and the scenery however I have some new scenery and friends and will be better overall for the career I have chosen to work with.

• I am way behind on one of my first goals of taking the PWB coarse but plan on getting that sorted this year.

• My ESXi/virtual lab is still in a huge heap of mess… usable but not anything close to the level I had envisioned a year ago.

• The past two or more years I have learned more about myself and life than the rest of my like. Some of them hard learned some of them just came easy then others just more re-enforced and strengthened. I believe a positive attitude, music, good friends and starting to focus on me are the things that helped me get to this point.

• It is my firm belief every corp employee one should be required to read the book that Dave Kennedy had recommended at BSidesATL 2011 during his talk (about 18:04 recommended to him by Chris Nickerson). This has become obviously apparent after making my transition into Corp America. The book was “REWORK” by Jason Fried and David Heinemeier Hansson

• Sometimes shit just comes together if you let it. I am not saying not to try harder, but at times you have to try harder at letting go and going with the flow…stop fighting it just let it happen.

• I am not perfect and never will be despite how much I wanted others to believe or think I could be or was.

• I suck with spelling and grammar I do the best I can and try to learn/remember things I should have learned in grade school but again do what I can and move forward.

• I have unintentionally hurt others at times and unfortantly believe that is part of life

• I am shy, I am working on this and in my opinion getting better but damn I was shy.

• I bite my nails and have failed at quitting up tell now (so far) nasty dumb nervous habit but doing better at it

• Apparently I am now a recovering nice guy: No More Mr. Nice Guy by Dr. Robert Glover my life felt off and out of sorts this book helped me put allot of it in a perspective I had trouble grasping. So this was not the first self-help’ish book/audio I have checked out (more on that later…perhaps)

• So I was listening to SE-podcast 030 and heard about Jordan Harbinger and the AOC website/pickup podcast.

• After listening to the 150 or so pod-casts I can say these guys rock. Lots of the theories and information I had collected scattered around was all in this one podcast for the most part. For instance a book that changed my financial status and basically helped me revive my horrible credit and start actually planning and saving money was by Ramit Sethi , author of “I Will Teach You To Be Rich“

• I gave a short talk at a local community college about a year ago on breaking into the information security career field and oddly enough I was not in the field yet technically and made that clear.( I was working as a system/network admin with a strong focus on Information security) Yet I knew it would be only a matter of time and here I am in a fortune 100 company with an entry level security position. In that talk I basically said little about technical information security stuff. Most of it was social (get on twitter, linkedIN, Infosecmentors go to a local conference or travel to one) get motivated, be financially secure (recommended the “I will teach you to be rich” book specifically) and taking care of your body (I recommended “The 4-hour Body” by Timothy Ferriss  and keep a positive attitude/motivation (at the time recommended (Think BIG and Kick Ass in Business and Life (9780061547836): by: Donald J. Trump, Bill Zanker) I also was clear these where MY examples and to find what works for you. My look at this was no matte what you do even if you decide infosec was not for you if you had a healthy body and mind/attitude you will have the tools to succeed and excel no matter what you do.

• Some other examples Dr. Wayne Dyer and Eckhart Toll ANYTHING that gets you motivated and does not hurt or impede on others. If you have recommendations I would love to hear them.

So for now I will leave with this. Perhaps more info on specific points but now back to my Eee PC BT5r2 install

DerbyCon and I

I struggled with many titles for this post. DerbyCon Worlds #1 Infosec conference, DerbyCon and what you missed, DerbyCon why it 0wnz… but in the end I wanted a clearer message. So here is the short version. DerbyCon was the best Information security conference I have attended period. Now take that for what it is worth, I am not some pro infosec con guy. In fact I am realively knew as you can read from my former blogs if you are extremely bored. About the last two years if you rather not. A short quick list: BlackHat, Defcon, BSidesLV, CarolinaCon, ShoeCon, and then a few other ISSA/Infragard things thrown in. All of these cons are great and by no means would I ever say go to one and not the others. In my opinion any conference and information is better than none.

So to try and figure this out I look at what was different between this con and the other major cons I have attended in the past.

• I drove to this con
• I took training at this con
• This was the 1st DerbyCon (perhaps they all start like this)
• I finally met some folks I had known online for a long time
• I focused on the Con and not the drama in personal life

#Derbycon and first con training

Derbycon is right around the corner and I am looking forward to this event. As much as I enjoy traveling and seeing other locations it is nice to have another conference within driving distance.

I will also be experiencing my first con training. I have been in college for the past 5 years, working full time and doing what I can with my ESXi lab and reading on my own. I believe this will be a great experience and I am sure I will learn allot. I signed up for the corelan training see here (the win32 exploit bootcamp). I do enjoy the network aspect but am sure no matter what that I wanted a bit more understanding on the client side exploits and inner workings. This seems like the perfect opportunity to get that and perhaps I will find that I enjoy it and pursue the learning about exploit development and debugging more in depth.

If you will be at Derbycon hit me up on twitter and perhaps we can catch a bite to eat or grab a quick drink between catching up with friends in the industry and the awesome lineup of talks (see schedule).

Back to rechecking my VM’s and making some backups for the Corelan training.

What works for me.

So recently I have gotten many questions and comments about my weight loss and complaints about how picky of an eater I have become. This is far from True but we will get into that more later. Many have asked how I did it and what they can do to get the results. So here is what I did. I am NOT saying this will work for you or that you will have the same results. What I do know is that ANYONE can do this and just like anything else in life you have to want to do it bad enough and put your mind to it.

A few disclaimers. I am not a doctor, health specialist or anything. I am a geek who enjoys staying in a healthy condition and trying to help others if possible. I have read that you should always consult a doctor before starting any kind of new diet/exercise. I did not and I understand the huge risk of dropping dead tomorrow because I did not pay the 150.00 or whatever Dr visit would cost for an official word on the safety of my actions. I have not even read the entire book yet! I have done exactly as Tim says in the book and skipped to the sections I wanted. I assume I could loose more weight or possibly gain weight by doing more of the activities and recommendations in the book.

Back when I was finishing up my Bachelors degree and feeling tired all the time I noticed my weight was also getting a bit out of my comfort zone. Through high school and my military career I maintained on average 150 – 160 lbs. I was hitting the 199+ mark anytime I went over the 200 mark I would do whatever I needed to get back down below 200. (no particular reason just my comfort level. I have nothing against people who weigh much more than that)

I was introduced to the book: The 4-Hour Body: An Uncommon Guide to Rapid Fat-Loss, Incredible Sex, and Becoming Superhuman. I started off slow just eating some of the recommended foods and trimming back on many. This small changed dropped me 15 lbs. in less than 3 weeks. I was not even exercising or starving myself. I realize most of the concepts are not new and many diets share similar traits. I also do not believe anything is a cure all for EVERYONE. What I do know is this worked for me and I liked it. It was quick, easy and showed me results. I could have gotten the same results other ways but the point is this is what I needed to get these results.

Total I have lost 32 lbs. from my highest recent weight I have ever weight to now. I fluctuate through the week but on average loose about another pound a week if I following my pattern with light running/exercising as well.

Breakfast:

May not look good to you but for me it is quick, simple, and effective. I actually enjoy it.

I used to skip this meal…honestly. I had heard thousands of times on how it was the most important meal of the day and I still skipped it. So here is what I have just about every morning.

• 3 hard scrambled Eggs
• about 3 cups of frozen spinach
• 2 sausage patties or chicken
• about  2 cups of black (or some other canned rinsed beans) favorite is the southern style with jalapenos!
• light balsamic viniger mixed into the spinach
• Bonuses not every morning but when I have them: Avocado, Fresh natural salsa, fresh spinach or some other form of salad.

I nuke the spinach for about 2 min in the microwave, cook the sausage in a skillet on the stove, drain most of the grease out then drop in the 3 eggs and scramble them up. I add a splash of balsamic vinegar to the spinach in a bowl as the eggs are cooking. I drop in the beans and warm them up in the skillet also with the eggs. From start to finish takes me less than 7 min and literally takes me longer to eat it than it did to cook it up (and I am one of those fast eaters from back in my Army days that everyone hates to eat with).

So what about lunch and dinner?

Well I basically do not eat pasta, bread, sugar, fruit (yes not even fruit other than my cheat Saturday and that is the day I eat and drink whatever I want and as much as I want). So lots of Salad in different forms (normally little to no dressing) I use salsa for flavor most of the time. Also meet (chicken and steak, beans, tuna, fish, eggs). I will post more pictures and info later. Again I hope this motivates you to find what work for you if you even need anything to do so. If you are happy stay happy. If you want change you cant keep doing what you have been doing and expect things to just happen for you.

I have successfully kept to this diet on multiple out of town conferences. A can opener, canned tuna, fresh salad mix and some eggs normally ends up saving me money and keeping me feeling great. Do I miss the pasta and burgers and fries? hell yes at times but I eat those on Saturday if I really want to.

That is if for now, oh wait also NO SODA!

I am lucky? and not addicted to coffee but even that is OK if done right from what I read. I stick to Yerba Mate from here. Read all about it here or Google is your friend! I was drinking this about a year before I started the diet. Again not for everyone and tons of different flavors/types however all that I have seen more healthy than any soda you could drink.

CarolinaCon and other random updates

CarolinaCon was a blast! Thanks again to all the organizers, speakers and all the attendees. I had a great time catching up with some of the others I have met and meeting new faces/names. The presentations rocked and the knowledge gained was well worth the wait/drive.

I enjoyed all the presentations however a few stuck with me more than some others. Again they all where better than anything I have ever put together and I appreciate the work each speaker put into the talks.

I did pass the Microsoft 70-298 before attending the con and that was about time.

Got the Derbycon standard ticket ordered and hope to upgrade it to some training within the next few weeks or so depending on how the money works out.

It was great to finally meet up with @purehate_, @j0emccray and @DaKahuna2007as well as many others.

Finals are going quick, I have one more to complete and then see how the grades look. I must admit they will not be as high as I would have liked however balancing school, work, newborn, cons, certifications and sanity tend to be a challenge and honestly will be happy gaining the knowledge and having the ability to learn more on my own.

Motivated and inspired with great ideas and the desire to not settle for the norm and make positive changes I look forward to see what the next few months will hold.

Some quick goals (just to keep myself in check)
Finish Bachelors program (graduate)
fund corelan training @ DerbyCon check: w00t this will rock!
Sign up and take PWB online
complete two more MS certs to close out the MCSE (then work on upgrading it to server 08)
update ESXi test lab and some other hardware in home lab setup. (possibly adding an additional ESXi or Xen server)
Finish up Summersec cons and fun
I am sure I missed some stuff but that should keep me going for now

Test images

SummerSec

As if being a fulltime student, father and working was not enough I figured I would cram as much as I could on top of what I hope to be my first summer of freedom in over five years. The past five years I have been enrolled in school at least with two classes every semester and finishing up with 5 this semester to hopefully graduate this May. For a few short months I debated on diving right into the Masters program at ECU however after some more thought I am going to take at least a few months to a year off and re-coupe and hopefully relax… so I thought. What better way to kick off my first summer of no classes than to pack if full with infosec.

Along with the monthly ISSA, 2600 and Infragard meetings this summer looks a bit… full/fun and exciting.

So here is my schedule for the next seven months as of now:
• Tomorrow 16 March 2011 Infragard Charlotte NC
• April 1st ISSA and 2600 monthly meeting Great meetings!
• April 5th AB-Tech SEC220 class presentation with Infosec class Thanks all I had a blast!
• Microsoft cert (I need 3 more for the MCSE, so figure I will do one before CarolinaCon) 28th April passed 70-298
• CarolinaCon 29th April – 1 May (order DerbyCon tickets 29th) Best 20 bucks I ever spent!
• 8th Annual Charlotte ISSA Security Summit 5th May lockFALE, + lots of great talks and information.
• ISSA Upstate SC monthly meeting (not sure if it will be on but will go if so) 6 May (also graduation date?) sorry not making this one
• Techsec Myrtle Beach SC June 5th-8th my first time out, great conference and good info. Like to attend again next year if possible.
• Trip to Las Vegas July 30th – Aug 9th to include:
o BsidesLV Aug 3rd-4th
o Defcon19 Aug 4th-7th What a blast!
• DerbyCon Sep 30th-Oct 2nd

Support Hackers for Charity, add a #twibbon now! HFC on your twitter icon.

Pwned by RHCE and lack of time to prepare

I have been using Linux for many years. I passed the RHCT last year around this time no problem after taking the class through ECU. I had just finished another coarse geared toward the RHCE and as my last post mentioned I got a chance to take the exam free. Boy am I glad it was free, that thing brought the pain down onto my newly found confident ego. I will focus on work and the 5 classes I have to finish up the B.S.I.T. and then try it again before moving onto one of my more early goals of PWB

On a side note I was told by someone at the Veteran’s affairs office that I could park in handy capped parking with my partially disabled Veterans tag in NC. I rarely take advantage of this and only when my back is giving me trouble, and even then I normally park in the farthest off spot. Well I come out of the RHCE and see a parking ticket on my truck issued by the ECU campus security. It is only 35.00 however there where 6 other spots closer to the building than I parked empty. I am appealing the ticket and will see how it goes. The security officer I talked to told me to park on campus I would have to get special permission. Being a DE student that is not needed and if this is the case I will no longer park in handy capped parking spots on ECU campus. Lesson learned.

New look

Ok, working on a new look and updating everything. Hope to have more soon however this semester is going to be a hectic one to say the least.

swim or grind

Long time and no update. Shortly after getting the free retake offer from ISC2 I signed up to resit for the CISSP exam on 18 Dec. They gave me a year but I wanted this behind me and I figured with only having missed passing by four points I figured I had a better chance this time around. Also with the free pre-recorded training they granted me access to as part of the grading error my confidence was boosted.

Two days ago I got the familiar email:
Congratulations! We are pleased to inform you that you have passed the Certified Information Systems Security Professional (CISSP®) examination - the first step in becoming certified as a CISSP.

I had started the endorsement process after my last email stating that I passed so I shot them a quick email making sure they still had the information. They did and shortly after asked for some more detailed information that I gladly supplied.

Today I got a new email:
Congratulations! It gives me great pleasure to be the first to address you with the Certified Information Systems Security Professional (CISSP®) designation! Based upon your examination results, a review of your application and acceptance of your endorsement, the (ISC)2 Board of Directors awarded you with the CISSP designation. By virtue of becoming certified by (ISC)2, you are a member of the (ISC)2 Electorate and have certain voting privileges that are specified in the (ISC)2 Bylaws.

So now I feel like this goal has been completed and just in time. Once again I have seemed to overbook and over promise my time and resources (anyone reading this I am sure can relate)

I was on a nicely paced track for graduating with a Bachelors in Information Technology this May. Averaging about 3 classes every semester including summer sessions if I could get the classes. Well last semester I got behind in my Project management class. I failed the class and I have no-one to blame but myself. I did score and “A” in my Intrusion Detection class and a “B” in my Linux Networking Class. Another semester back I dropped the ball on 1/3 of my classes it was Microeconomics. Similar situation although I do not have an excuse of studying for the CISSP on that one.

Long story short I am taking the three classes and a lab I was originally scheduled as well as the two I failed to meet my goal of graduating May 2011. I also am scheduled to take the RHCE next week. I should pass on the RHCE however the university is offering it FREE as long as I made a “B” or higher on that last Linux class so that is a hard offer to pass up. I know I will not have the time or recourses I would like in an ideal situation but I will adapt and overcome….or fail trying.

I am looking forward to CarolinaCon and DerbyCon and then BH/Defcon in Vegas with hopefully some Bsides mixed in.
The next four months will prove to be challenging I am sure however I have made it this far and life continues. I would like to thank all the support I receive from friends and family IRL and all the great people over in irc.Freenode.net.

This will be most likely the last update for some time not that anyone reads this anyway
Posted on January 13th 2011 in Uncategorized