Chris Gerling

Yeah I haven’t blogged in a bit.. haha.  I’ll get around to some updates this weekend.

I just got up after sleeping a good bit of the day.  I had to red-eye it and fly all night to get home last night.

If you didn’t know, I was up in Portland, OR this week for e-fense’s E103 Live Forensics & Incident Response course.  I had a hell of a time actually getting there, it seemed the travel gods just wanted me to suffer, so after an unexpected overnight stay in Dallas on Monday, I made it into the class at 2pm pacific on Tuesday.  I didn’t miss much, and the fact that I had recently attended the SANS GCFA course made this more of a refresher course with the bonus of getting some goodies.

I was a bit skeptical before about Helix going commercial, but I see who the target audience was with the move, and honestly it looks like the stuff that will be in Pro (due out in May) is worth the subscription cost.  If I recall correctly, dc3dd is the default imaging tool when utilizing the Windows Live Acquisition part of the CD.

Eric Smith was a great facilitator, and the learning environment was great.  I loved the classroom they had setup, there were very few glitches, and the workstations were configured correctly, so diving right into some hands on was very very easy.

Portland is a pretty cool place.  I lucked out and @Jerod on twitter showed me around town Tuesday night.  McMenamins had great beer, and Papa Haydn’s had the best cake I have ever eaten.

Now to get some more sleep.

 There will be a Hak5 Live show this Saturday the 12th, at 7pm EST.  Details will be on http://www.hak5.org and probably hak5live.org too.  I’ve got a couple of goodies to talk about and hopefully announce something pretty awesome.

I can consistently make it to 81% in Green Grass and High Tides by The Outlaws in Rock Band now.  I have to learn how to correctly play those sets of 3 notes which just go up and down the frets during that part.  It’s pretty ridiculous.  I’m very happy though, it’s a tough, tough song and gives me a really fun challenge.

I submitted my CPE’s for the Intrusion Detection Systems training I gave at work the last 2 weeks, which brings me up to a pretty decent number so far since I obtained the CISSP.  I may convert some of my material into a format I can put up on the site here.

This past Sunday I obtained my SANS GCIH certification. That brings me up to four, with two more left in queue (Linux+ and CISSP). I am proud of my 92/91 test scores for it, and plan on taking it Gold along with my GSEC sometime in the next year or so.

I’m presently working on some slides for a course that the command is going to send new personnel through. I will be teaching for a good couple of hours according to the current plan it appears, which is fine by me. I like teaching.

One interesting thing that popped into my mind a little earlier was regarding the knowledge that we all collectively have and share. It’s a little hard to put into words, but the basic premise is that regardless of our level of intelligence, or individual wisdom and experience, there are certain things that we all know, and strangely they are things that at the same time, we don’t know.

We are the masters of our mind and body, yet introspectively know little about how we actually tick. We know how to think and breathe, but we don’t really understand how these actions are actually performed from within ourselves. Obviously there are theories that cover this, like Freud’s Id, but it’s fun to think about being able to know and do things, and yet not at the same time.

Today was just wrapping things up. We checked out of our hotel rooms and stopped by the con, I ducked in on a couple of the presentations going on, and picked up DVDs of the presentations I found to be the most interesting, or most useful for why we were sent there by our command. The plan is to use these to prepare up a full report and perhaps some sort of training to our peers.

What was interesting was that the presentations themselves, while great, were actually not the meat of the conference. It was all about meeting and talking with other people who work in the industry, and actually care about what they do. It felt so awesome to be surrounded by people who actually understood their field, and weren’t in it just for the paycheck (although paychecks are definitely a reason).

I’m definitely going next year.

Recently I have been taking various training courses and tests covering different aspects of computing and network security.  I’d like to share some of my experience and opinions here.

Brainbench:  I took the free Computer Forensics, and Network Security tests they offered.  These were fairly comprehensive tests, and I thought they gave me a pretty decent representation of my knowledge.  As far as the applicability of the tests though, there does not appear to be very much merit as far as a bullet on your resume, so I would reccomend these purely for self-assessment purposes.

SANS:  In prepration for the GSEC test I have taken the practice exams, and they seem to be pretty much what they are advertised to be, not quite as difficult as the real thing, but definitely required knowledge of the material.  I feel more confident in taking my test after taking these practice exams.

CERT VTE:  I completed the Forensic Specialist course on here, and while there is no test, the sheer volume of information is staggering.  There are also extremely detailed labs available which actually put you into virtual machine and let you accomplish a set of tasks.  Absolutely wonderful stuff.