Going for the CISSP

I've started the process of gathering resources for acquiring a CISSP certification. The CISSP (and certifications in general) have been mocked quite a bit in the security community. What I think most people are bothered by with certifications is that some see it as a finish line to their knowledge. In reality certifications are just the beginning.

After discharging from the Navy, I found myself out in the hot South Carolina sun that summer pulling cable for a company that, today, no longer exists. I was not getting to where I needed to be job wise. So I quit my job, spent two weeks studying, and got my CompTIA A+ certification. Within a month I was hired to fill a systems analyst level two role, in an air condition office inside a manufacturing plant. Since then, I acquired my CompTIA Network+ certification and a media arts degree from the University of South Carolina. Now it's time to shift gears and really get serious about security.

A lot of the appealing job postings I've looked at prefer (sometimes require) a CISSP certification. There are other certifications in those job postings, but the CISSP is pretty standard. Now I'm not just doing this for career advancement, I also want to explore areas of security that I haven't yet explored or haven't explored deep enough. The CISSP should give me some structure to do that. Over the next few weeks (as long as the Astros are playing baseball) I intend to collect resources on passing the CISSP examination. If you have anything to share I would love it if you would contact me via email (timothy.deblock[at]gmail.com) or on Twitter (@TimothyDeBlock). I intend to document those resources here on my website for the benefit of others.

Looking for more OWASP chapter in Columbia, South Carolina

Frank Catucci and I are looking for at least one more person passionate about web application security to spin up an OWASP chapter in Columbia, South Carolina.

BSides Nashville 2014

BSides Nashville 2014

Frank is veteran in the web application space and I am at the early stages of my career in web application security. We're looking for one more to help us stand up a chapter, because quite frankly it is A LOT of work. We are both dedicated to making the chapter a success but we feel that we need one more person to help shoulder the load and make an OWASP chapter in Columbia a success.

If you have interest in helping getting a chapter started, please read the OWASP Chapter Leader Handbook. After reading the handbook if you are still interested contact me at timothy.deblock[at]gmail[dot]com.

Media links December 9, 2014

In honor of knocking out yet another final project for this semester I present some media links. I've got two finals down and one to go. This last one might be the most fun one of them all, since it's a sound project.

Dear Podcasters - Chris Brogan

Dear podcaster: I’m really glad that you were kind enough to invite me to be a guest on your show. It means a lot that you think my ideas will be of value to the community you serve. I really want to share a few things with you before we get started.

Star Wars: X-Wing Special Edition - gog

I remember playing this game for hours. If someone is looking for a Christmas gift idea for me, this would be a pretty good one.

This Artist's Images Integrate Code From Malware Like Stuxnet and Flame - Andy Greenberg - WIRED

Hoff creates his malware-glitched works, which have all already been sold, by dropping digital paintings into a hex editor that converts it to text. Then he intersperses randomly chosen chunks of code from malware files, and reconstitutes the data as an image file. The code corrupts the image in unexpected ways, adding chromatic streaks, blotches, and static. In two of the images, Hoff used code from the NSA-created software Stuxnet, built to destroy centrifuges at Iranian nuclear facilities. The other 14 images use code from Flame, which Hoff calls by its alternate name Skywiper, an older NSA-created spyware program.

Tweets worth mentioning September 8, 2014