Category: News

Hacker Techniques, Exploits and Incident Handling in Fredericton, NB, Canada

pencilAfter working with my contact at SANS for the last few weeks it’s finally official! From Thursday, April 5, 2007 to Thursday, June 7, 2007 I will be leading the Security 504: Hacker Techniques, Exploits and Incident Handling track here in Fredericton, New Brunswick, Canada.

I see this as a really big deal for the following reasons:

  • The population of Fredericton is only around 48000 which is is the size of most big city suburbs. Trying to get this type of training is not easy in Fredericton, let alone the rest of Atlantic Canada.
  • Most organizations in New Brunswick are unable to send their employees for formal training due to the cost of hotels, flights, meals, etc. Having a local training option will drastically reduce this roadblock to quality training.
  • I get to give back to the security community, gain valuable teaching experience, and meet local people in the security field (this is a personal bonus for me!)

If you live in Fredericton, or the surrounding areas, and want to know more about this training sessions then please take a look at the following links:

If you do register please don’t forget to enter “MENTOR RECRUIT” into the Comments section during their online registration.

Also, if you’d like to learn more about the instructor (me) then please check out my About page and Resume. I look forward to seeing everyone there!

What Training is Missing?

training Both Richard Bejtlich and Harlan Carvey have expressed their concerns with the recent SANS NewsBites issue in which the new Certified Malware Removal Expert certification is announced:

Does anyone on your staff do an excellent job of cleaning out PCs that have been infected by spyware and other malicious software. We are just starting development of a new certification (and related training) for Certified Malware Removal Experts and we are looking for a council of 30 people who have done a lot of it to help vet the skills and knowledge required for the certification exam and classes. Email cmre@sans.org if you have a lot of experience.

I understand their concerns with this certification but their comments did make me think of something: “If we don’t need training on this topic what topics do we need training on?”

So these are my questions to you, the security community:

  • What security related topics have not been covered in formal training yet but you feel should be?
  • What topics require revised or better content?
  • How would these topics be best presented? (i.e. self-paced-training, instructor led online training, instructor led classroom training, etc.)

I would appreciate all of your comments and suggestions. If you do not wish to post your comments or suggestions to the blog then please feel free to email me directly at andrewsmhay@gmail.com. Perhaps we can even work together on getting these topics into some formal training.

Expanding my horizons in 2007

I’ve decided that 2007 is going to be the year that I expand my horizons and diversify my knowledge. I’m going to get away from product-centric studies and take a more agnostic approach to my continuous learning. To give you some examples, here are some of the things I will be doing in 2007:

  1. Learning How To Program…Again.

  2. When I was younger I was never able to focus on programming as it bored me. I’m going to take another crack at learning the art of programming by starting with Head First Java, Second Edition by Kathy Sierra, Bert Bates.

    headBook Description:

    Head First Java delivers a highly interactive, multi-sensory learning experience that lets new programmers pick up the fundamentals of the Java language quickly. Through mind-stretching exercises, memorable analogies, humorous pictures, and casual language, Head First Java encourages readers to think like a Java programmer. This revised second edition focuses on Java 5.0, the latest version of the Java development platform.

    I am hoping this will take my knowledge of security to the next level by understanding how virus, worms, and bots function at the code level.

  3. Attain The CISSP Designation

  4. I’ve been talking about getting the CISSP since 2003 and I figure I’ve completely run out of excuses for not getting it. So far I have the following books to study from:
    cissp1Official (ISC)2 Guide to the CISSP-ISSEP CBK (Hardcover) by Susan Hansche (Author)
    Book Description:

    Official (ISC)2® Guide to the CISSP-ISSEP® CBK® provides an inclusive analysis of all of the topics covered on the newly created ISSEP Exam. The first fully comprehensive guide to the test, this book promotes understanding of the four ISSEP domains. This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process. It also details key points of more than 50 U.S. government policies and procedures, which need to be understood in order to gain ISSEP certification.


    The CISSP Prep Guide, Gold Edition (Hardcover) by Ronald L. Krutz (Author), Russell Dean Vines (Author)

    Book Description

    More and more frequently, corporations are requiring that their employees provide professional certifications to prove that they possess the core competencies to do their technical jobs. The Certified Information Systems Security Professional examination (CISSP) is the industry standard test for IT security professionals administered by ISC2. CISSP-exam experts, Ronald Krutz and Russell Dean Vines, have updated and improved their bestselling The CISSP Prep Guide, complete with inside tips and information on how to master the CISSP certification test.

  5. Learn Arabic and Travel to Egypt
  6. pyramids I am going to a wedding in Cairo, Egypt in August of this year. This is going to be a once in a life time experience and I see it as an opportunity to learn a language which has always interested me. I figure I’m going to start by purchasing an audio package from iTunes so that I can learn while I’m at the gym. I’ve also picked up an Arabic phrase book which should help me look like a tourist quite nicely.

    Those are the goals for now but for anyone who knows me, these could change by tomorrow morning 🙂

Scroll to top