After working with my contact at SANS for the last few weeks it’s finally official! From Thursday, April 5, 2007 to Thursday, June 7, 2007 I will be leading the Security 504: Hacker Techniques, Exploits and Incident Handling track here in Fredericton, New Brunswick, Canada.
I see this as a really big deal for the following reasons:
If you live in Fredericton, or the surrounding areas, and want to know more about this training sessions then please take a look at the following links:
If you do register please don’t forget to enter “MENTOR RECRUIT” into the Comments section during their online registration.
Also, if you’d like to learn more about the instructor (me) then please check out my About page and Resume. I look forward to seeing everyone there!
Both Richard Bejtlich and Harlan Carvey have expressed their concerns with the recent SANS NewsBites issue in which the new Certified Malware Removal Expert certification is announced:
Does anyone on your staff do an excellent job of cleaning out PCs that have been infected by spyware and other malicious software. We are just starting development of a new certification (and related training) for Certified Malware Removal Experts and we are looking for a council of 30 people who have done a lot of it to help vet the skills and knowledge required for the certification exam and classes. Email cmre@sans.org if you have a lot of experience.
I understand their concerns with this certification but their comments did make me think of something: “If we don’t need training on this topic what topics do we need training on?”
So these are my questions to you, the security community:
I would appreciate all of your comments and suggestions. If you do not wish to post your comments or suggestions to the blog then please feel free to email me directly at andrewsmhay@gmail.com. Perhaps we can even work together on getting these topics into some formal training.
I’ve decided that 2007 is going to be the year that I expand my horizons and diversify my knowledge. I’m going to get away from product-centric studies and take a more agnostic approach to my continuous learning. To give you some examples, here are some of the things I will be doing in 2007:
Book Description:
Head First Java delivers a highly interactive, multi-sensory learning experience that lets new programmers pick up the fundamentals of the Java language quickly. Through mind-stretching exercises, memorable analogies, humorous pictures, and casual language, Head First Java encourages readers to think like a Java programmer. This revised second edition focuses on Java 5.0, the latest version of the Java development platform.
I am hoping this will take my knowledge of security to the next level by understanding how virus, worms, and bots function at the code level.
I’ve been talking about getting the CISSP since 2003 and I figure I’ve completely run out of excuses for not getting it. So far I have the following books to study from:
Official (ISC)2 Guide to the CISSP-ISSEP CBK (Hardcover) by Susan Hansche (Author)
Book Description:
Official (ISC)2® Guide to the CISSP-ISSEP® CBK® provides an inclusive analysis of all of the topics covered on the newly created ISSEP Exam. The first fully comprehensive guide to the test, this book promotes understanding of the four ISSEP domains. This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process. It also details key points of more than 50 U.S. government policies and procedures, which need to be understood in order to gain ISSEP certification.
Book Description
More and more frequently, corporations are requiring that their employees provide professional certifications to prove that they possess the core competencies to do their technical jobs. The Certified Information Systems Security Professional examination (CISSP) is the industry standard test for IT security professionals administered by ISC2. CISSP-exam experts, Ronald Krutz and Russell Dean Vines, have updated and improved their bestselling The CISSP Prep Guide, complete with inside tips and information on how to master the CISSP certification test.
I am going to a wedding in Cairo, Egypt in August of this year. This is going to be a once in a life time experience and I see it as an opportunity to learn a language which has always interested me. I figure I’m going to start by purchasing an audio package from iTunes so that I can learn while I’m at the gym. I’ve also picked up an Arabic phrase book which should help me look like a tourist quite nicely.
Those are the goals for now but for anyone who knows me, these could change by tomorrow morning 🙂