I am a big fan of continuing education and have been fortunate to have worked for companies that have provided me with the chance to attend relevant courses and achieve some certifications to supplement my job experience.  Over the last 30+ years, I have taken a decent amount on courses. Over the next few blog entries, I will share some of these experiences. Course material aside, what makes a course go from "good" to excellent is, of course,  the instructor. I have been fortunate to have learned from some of the very best over the years. I only wish I could have been a better pupil.

My "career" in IT is all due to a former boss, Lloyd Wiebe, who changed the work schedule around so I could take a 1 year college entry level programming course back in the mid 1980's. After graduating from the course on a Friday, I started teaching it in another town the following Monday...no kidding. That is all it took back in the day. Thank you Lloyd for your kindness.

During the 1990's I studied for the usual Novell, Microsoft NT4 and 2000 certifications, which reflected my work tasks. In 1999, I was at my first SANS class (NT4 Security) in London, hosted by Allan Paller and Dr. Eugene Schultz. This had a massive impact on my world view about IT courses; all due to the extreme skill of the instructor Dr. Schultz and the passion of Allan Paller. Thank you both for starting my SANS journey.

Due to a job change, I headed into the Information Security area, with a minor in forensics and e-discovery. Starting with the ISC2's  Certified Information Security Professional (CISSP-2002), followed by ISACA's Certified Information Systems Auditor  (CISA-2003), in house ITIL Foundation training(2005) , Certified Information Security Manager (CISM-2007), Guidance Software's EnCASE Certified Examiner (EnCE-2008), and finally Certified in Risk and Information Systems Control (CRISC-2011).  EnCE was a written test followed by an actual forensics examination and report. All the others were rote memorization from PowerPoint Slides. Not my favourite way to do things.

During 2000, I encountered ILOVEYOU, which could be called my first Incident Response case. I spent many long days helping the company recover from this event. Part of my tasks including rebuilding computers with 3.5" floppies; manually, one at a time.

In 2004, I encountered my next IR and forensics case, when a computer was installed outside of the firewall and warez was installed. Fortunately for me, I had purchased Harlan Carvey's book (Windows Forensics Incident Recovery) a few months before. His instructions and scripts got me the answers I needed to explain what happened. Thank you so much Harlen for my start in forensics.

Due to new focus areas at work; I alternated between  vulnerability management, and IT Audit. In 2008, I was in the US performing an IT audit and was able to fit in the NSA IAM / IEM courses, which was the US National Security Agency INFOSEC Assessment and Evaluation Methodology.

During 2012, I was maturing the IT Audit parts of my job and  was working in Disaster Recovery and Business Continuity Planning. I was fortunate to be able to convince a fellow Canadian who was teaching in another part of Europe to come and share his expert skills on Auditing a Business Continuity Management Program, Business Impact Analysis Process and BCP exercises. Thank you Denis for sharing your expertise. https://www.linkedin.com/in/denisgoulet/

Thats all for now. Next entry covers Digital Forensics and ICS.


 

Comments

Post a Comment

Popular posts from this blog

Laid off and Looking for the next interesting job...

 After a short but interesting time at a consulting company, where I focused on IR and dabbled in OT IR, they ran into pipeline issues and I was sent home on "garden leave".  I will miss them, I had great colleagues who amazed and impressed me with their skills. I got to focus on IR and the implications for OT and enjoyed being able to concentrate; make internal presentations, external presentation as well. Then my body told me I was too old for IR and the middle of the night calls, so I asked if it was possible to be moved into detection, where I was supposed to help with that. Maybe see how we could log OT devices etc. This was approved and after a few weeks, I got the call. Something changed I guess.  The last time I was laid off was 1990, so last century. Damn. But math is king and as inexorable as gravity. Neither is personal, shift happens. I reminded the team about the Innuit cultures habit of leaving the old out on the iceflow for the bears ;) The first time it happen
Read more
 Update for 2022 Merry Christmas and a Happy New Year to everyone. Special shout out to those safeguarding civilization in all the many forms this takes. Being on call is not for everyone, is it ?  My last update was a while back and I am clearly overdue for an update we go into 2023. So lets cover some of my observations and personal highlights of 2022: The continued success and growth of EnergiCERT ( https://energicert.dk/ ) is certainly strengthening and benefiting the cyber security of  Danish critical infrastructure. Wonderful team of people, well managed and motivated. Yeah, I am biased ;) Engarde Security continues to grow and be noticed; now has expanded and with an ics range ( https://www.engardesecurity.com/icsrange )  Highly skilled people and the ics range is very well done. Enjoyed an excellent ICS Security conference in Copenhagen in November:  (https://insightevents.dk/isc-cph/ ) But I still miss CS3 (https://cs3sthlm.se/ ) for many non technical reasons. New Job - afte
Read more
Welcome to 2023 During 2022, I was fortunate enough to be able to take a lot of high quality training; some due to work; the rest was online remote training that anyone with a credit card could sign up for. As I like to (try and) keep up with (some) new topics and try to understand them, I signed up for a subscription to Packt Press.The Black Friday sale was irresistible and their library of books and videos is substantial. Another activity I like to do is solving technical challenges. I know there is lot of free events out there, but I am a fan of Blue Team Labs ( https://blueteamlabs.online/ ) as they offer a great set of "Active Investigations" that are DFIR related. Plus there was yet another irresistible offer on Black Friday that was a great price performance. And since we typically work in a Microsoft-concentric world, please do not forget all the resources there. I'm doing this one .. https://learn.microsoft.com/en-us/training/paths/beginner-python/  From  Kevin V
Read more