Bryan Tobey's blog:

I am posting this as what I hope to be a quick and simple rant/statement on my outlook of information technology certifications.

After speaking with some folks from the Infosecmentors program I decided I wanted to give a small blurb about this topic from my perspective.

First of all no piece of paper proves or guarantees you can do anything in my opinion. Just look at my first marriage certificate and my divorce ten years later. I know first hand people that have no certifications and could admin, support and fix perhaps more than I can or could and faster more than likely. So why do I waist my time and money you may ask? Well certifications are like anything else in the world, they have a place, time and need. I do not believe anyone ever gets hired solely on what certifications they may or may not have. Certifications are not for everyone and I agree that they do not guarantee anything.

In my opinion they provide a way for folks new to the field to prove they are serious and spend the time and money to be certified. I think certifications can get you the interview you may need to prove and back up the certifications you have when not having them may not. Is this fair? No – I do not, but whoever thinks life is fair (and is trying to be in the IT and more specifically the information security field) is long overdue a rude awakening in my opinion.

I will be the first to admit that I have taken some certifications more than once and some I pass right off the bat. Most of the certifications I have taken or attempted to take are in direct relation to my college courses in Information Technology. I took some networking classes I took the CompTIA Network+ certification. I later took a basic security class doing my associates degree that was based around a Security+ book… I failed. I took another class in my Bachelor program based around another Security+ book and I passed. Many variables could have been to blame, the bottom line is for me it was not some easy fun thing to do just to add a bunch of certifications to my collection. Having a class that focused on teaching the RHCT certification and using Linux for years I assumed this would be an easy one…. I passed but it was one of the hardest certifications I have taken yet.

So certifications fit for me. Do they prove that I am better or more fit than anyone else to do a job? Not at all in my opinion. IT and specifically Information security is something I am passionate about and enjoy. I am new to the field and a bit soft spoken and shy at times. Having a few certifications behind me gives me (and hopefully future employers) an idea that I do care about my career field and want to do what I can to further it. Please note this does not mean if you are not taking certifications I think you do not care about your job! You may be some awesome developer, coder, debugger, blogger, writer, mathematician that cares more about what they do than someone with a Christmas list of certifications. I applaud you and all you do and appreciate your contribution to the infosec community. Natural tallent and ability to retain huge amounts of information is something I am envious of and am glad some folks have. To make up for my lack of natural ability I pursue ways to help set me aside from someone who may just think they want to be int he information security field.

Currently I am studying for the CISSP (more specifically in my case the Associates CISSP tell I get the experience needed)

I also would like to finish up my initial goal of MCSE:Security . To finish that I have 3 more certifications to take. (this fits more for my current employment position and in my opinion helps add some diversity).

This semester I am also taking a class that focuses on the RHCE and would like to attempt that depending on how things go.

More than any of these other ones, the one that I am looking the most forward to is PWB and any other coarse I can take with the Offensive-security crew. I emailed them about that class before I even started school for IT back right when they just stared offering the program (if I recall it was like 300-500 to take it online, may be wrong though) and knew it was something I would do one day.

I am also interested in GIAC and any SANS course I can get my hands on and afford.

The Associates Degree program I went through was based on the Cisco security and CCNA stuff. I obtained an entry level position at a employer who currently does not use Cisco devices so it was hard for me to justify it at the time. I do wish I would have stayed persistant with the CCNA and even the CCNP that originally my Bachelors focused on before I switched the classes more towards general Information Security. One of my initial goals before I made the jump from mechanic to I.T. was the CCIE security. Perhaps one day but as you can see for now I have a few hurdles ahead of me that should keep me bussy for some time.

I am not saying my path is the right one or the best, just that….it is mine. I find writing the goals down in an spreadsheet with goal dates help me stay focused and motivated. Short-term goals as well as long term goals. If you are a certification ranger, great! Show us you can do what you say you can and stop boasting your certifications as some magic key that when you wave should just let you do as you please. On the other side of the coin if you are that guy with a great job and a stable IT/Infosec career please stop bashing the people taking certifications and passing them if they can back it up. most of us are trying and the ones who are not and just looking for the high paying job will eventually get weeded out and fail.

Thank you for those that actually read or at least skimmed over this.
~test twitter

Some great talks and contacts made with my first of what I hope to be many trips to Vegas. I will have more details up soon but I have a feeling I will be bussy catching up on school work, work work, organizing the house I moved into the day before flying to Vegas, and many more items.

I am excited and motivated about the Infosec mentors program and seeing how I may help make the great program grow.

Through a series of events I had the oprotunity to support Hackersforcharity.org by bidding the highest on the Defcon scateboard deck signed by Tony Hawk, and a large list of folks from the Defcon as well (will try and get a full list soon).

Also purchased “Hacking The Art of Exploitation” by Jon Erickson and got to meet him and have him sign it! That rocked!

Also got some sweet t-shirts, hats, stickers and the Backtrack 4 r1 BlackHat edition.

One more day in Vegas and then back home to the grind. I do miss and can’t wait to see the fiancee, kids and new house.

OK, a bit late but I get the pleasure of attending Blackhat 2010 briefings also! This is a great opportunity and exceeding my plans of at least seeing Defcon and visiting LV for the first time in. I am not rich and I was lucky enough to get the student rate (now closed sorry, i barely made it in myself honestly), yes sometimes being a student is not such a bad thing! I see now Bsides is a great con also and if I can would like to see some of it as well however I think the dates conflict with BH but I am still trying to see how that will all work out.

Many changes coming my way recently.

The first being, I have taken down the “Hack’n Slash” test lab. This was basically my first attempt to get a large virtual exploitable playground together in the comfort of my own home. Learning and testing with ESXi and Xenserver to get the best bang for the buck (yes I am a p00r white boy). After throwing a bunch of exploitable ISO’s into the Virtual server and having some fun/headaches I am thinking of scrapping what I have and starting fresh with a bit more organization….I know boring right? I would like to add more diversity to the ever-growing pool of fun stuff to play with and learn from. De-Ice series, Webgoat, Metasploitable, Mutillidae, Windows xp – Server 2008 and windows 7 with Linux and hopefully some OSX dabbed in as well just to keep it fun. I will follow up a more detailed list as I re-build my setup and try to document the process better complete with hardware specs and network setup. I did stumble upon a great list of things similar to this and wanted to share them here as well (I hope and assume the author would not mind if you do please let me know)

Here is his link under the practice makes perfect post. I have seen and played with many of the ones listed but much more that I have not and seems to be a great list of resources.

I will be flying into LAS on the 24th for my long anticipated Defcon trip (was trying to get into Blackhat also but looks like that will not be happening this year). CarolinaCon was a blast but I am sure this will be interesting to say the least!

Another update on the SSD issues. After taking the MBP down to Charlotte to get the EFI firmware rolled back I was happy with the fast SSD. No more beach ball of death/waiting (normally). This lasted for only a few short weeks. Random crashes/lockups began more frustration and I reverted back to the 5400 stock drive for now. I upgraded the EFI firmware back to 1.7 and tried the 7200 rpm drive with no luck. After being discouraged I tapped out and installed the 5400 stock drive and installed a clean version of Snow. I ordered a drive bay to see if this will let me run the SSD on the new firmware. If not I will stick with two standard hard drives for now and use the larger SSD in the 1000HE eee. More updates and photos to come when I get the drive bay in.

fmm short for freemymind: yes you could say it was “cooler” back in the Matrix 1 days (or not) but honestly this feeling that I was not doing what I should be doing has been with me for many years. I am not sure when the nick fmm was born however I do know it was at least back in 2004 (see the screen shots if you must) I would assume before that but no solid grasp of time. So call it a midlife whatever or just lame… fine, but it is what it is. So a new look to an old stale unused site and all thanks to The_Eccentric from #SEunited channel over on irc.freenode. Thanks for the invite into yet another awesome chapter of my newfound geekdom and the recommendation to give WP another try.

I encourage each of you to freeyourmind: dig deeper, have fun and enjoy life…. TRY HARDER! ;P

Tell then…. I am still looking for the white rabbit.

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!