Archive for the ‘SANS’ Tag

2010 GAWN Job Task Analysis Survey‏

WiFiJedi: The note below was emailed to me today.  This is a great vendor-neutral certification.  I filled out the survey.  If you think you fit the requirements, take a few minutes to fill out the survey yourself!

The GIAC Wireless Penetration Testing and Ethical Hacking (GAWN) JTA committee has recommended an updated set of certification objectives, and we are conducting a formal Job Task Analysis. We are seeking Wireless Security subject matter experts to vote on proposed changes and rate the relevance of each certification objective. If you have wireless security background and experience, especially if the experience involves penetration testing your input will be valuable in shaping this certification. Please note that if your background does not include experience with wireless security, we are unable to use your input for the survey at this time. Your name may be listed in the validation report if this certification is submitted for ANSI accreditation. This survey will take an estimated 15 minutes of your time and can be accessed at the link below. The survey will be available through 12:01 AM on 7/1.

Thank You.

Chris Carboni

GIAC Technical Director



Insider’s Guide to a SANS Conference – Day 5

This was the last day for the Management 512 “Security Leadership Essentials for Manager’s” course.  Day 5 was a Management Practicum.  

The Day 5 material was the most focused on pure management with less attention on technical information.  The topics included understanding legal liability and managing technical employees.

As a management “practicum”, I was hoping for more scenarios, role-play, or exercises.  That being said, the class did have an outstanding discussion on the topics at hand. 

MGMT 512 uses a trademarked feature called “Knowledge Compression”. Most of the full length courses are 6 days.  There are also a handful of one day courses that are being offered, so the conference runs throughout this weekend.

I had a GREAT time participating in the SANS work-study program.  One of the most memorable moments was when the hotel staff asked if we wanted to jump in a bounce house they set up.  Apparently they had it set up to model to a different group and thought someone should get some use out of it before they deflated it.  

We collectively thought it would be a good idea to get a picture of us all jumping around with and post it on the website with a caption of “Volunteering at SANS is fun!”.  Well, the bounce house had a “structural failure”.  To make a long story short, I ended up folded like a taco in a corner of the bounce house with everything collapsing around me.  Needless to say, we were all laughing pretty hard.  Hopefully, I can get a copy of one of the pictures taken.  Check out the SANS website if you are interested in their work-study program I highly recommend it! 

Related Posts: 

Insider’s Guide to a SANS Conference – Day 4

Insider’s Guide to a SANS Conference – Day 3

Insider’s Guide to a SANS Conference – Day 2

Insider’s Guide to a SANS Conference – Day 1

Insider’s Guide to a SANS Conference – Setup

Insider’s Guide to a SANS Conference – Day 3

If you have been following my Twitter hastag for the event (#SANS_PHX), you probably realized that this was my favorite day of course material simply because this is the day we covered WIRELESS.  wOOt!  

SANS should really have a six day track focused on Wireless Ethical Hacking, Pen Testing, and Defenses… oh wait, they do have that and I have already taken it.  😉  

At any rate, the Security Leadership Essentials course material focused on “Communications Security” today with sections on wireless & bluetooth, cryptography, steganography, OPSEC, etc.  

One question that the wireless module brought up in my mind was “how many organizations audit for Bluetooth?”  My guess is that few organizations even scan for Bluetooth.  Even if they do, I think that only a handful doa complete audit that includes more advanced sniffing, pen testing, or vulnerability assessment/exploitation.  

The MGMT 512 course also had a bonus talk from Rich Mogull about the current state of the industry – good stuff! 

Lastly, today’s conference also included a vendor fair.  Michael Farnum just wrote a blog post about how much he enjoys working “booth duty” at such events because it allows him be more of a security evangelist.  As a vendor, I can relate to Michael and his feelings of working the booth.  I also enjoy being a conference attendee on the other side of the booth as it allows me to expand my knowledge and participate in meaningful discussions with people who share my passion for networking & security.  

Sorry, no conference pictures today.  Someone should send me a tweet mid-day to remind me to grab a few for tomorrow’s blog post!  

Related Posts: 

Insider’s Guide to a SANS Conference – Day 2

Insider’s Guide to a SANS Conference – Day 1

Insider’s Guide to a SANS Conference – Setup

Insider’s Guide to a SANS Conference – Day 2

I’ll cut to the chase and give you the bottom line up front…

My favorite part of today’s conference were the SANS @night presentations.  These are optional (and free) presentations that the SANS Institute supports on selected evenings of their conferences.    One of today’s @night talks covered Web App Security and the other covered Man-in-the-Middle Attacks. 


SANS @night Talk

SANS @night Talk


Web App security was given by Rich Mogull (@rmogull) and the MitM Attack talk was given by Bryce Galbraith.  Saying that they were *PACKED* with information is an understatement.   There are many intangible benefits of attending a SANS conference, and the @night presentations definitely top that list!

I also enjoyed my “normal” course, “Security Leadership Essentials for Managers”.  I particularly enjoyed the conversation around malware and endpoint security.   My take-away is that white listing is the future in this area.  I Tweeted about this realization on my Twitter timeline (@wifijedib). 

There were also a few logistical challenges today – the first was that one of the instructors came down with bronchitis and lost his voice.  The SANS conference staff were able to schedule temporary work-around and work in a backup instructor in an incredibly short amount of time.   Also, there was an internet outage at the conference hotel.  Again, the conference staff worked tirelessly to resolve and developed an immediate work around.   I was impressed with their ability to handle these situationshow strong are your business continuity processes

Related Posts:

Insider’s Guide to a SANS Conference – Setup

Insider’s Guide to a SANS Conference – Day 1

Insider’s Guide to a SANS Conference – Day 1

If you are reading this, it means that we both survived Day 1 of SANS Phoenix.  🙂  

My favorite part of the day was helping everyone at the registration desk.  It was fun meeting so many different people. There seemed to be a good mix of people returning to SANS as well as first time conference attendees.  

Stephen Northcutt gave a short “Welcome to SANS” briefing this morning.  I wasn’t able to attend as I was at the registration desk (see above).  

Classes kicked off at 9AM and most ran until approx. 5:30-6:00PM.  I know that we covered a TON of information in the MGMT 512 (Security Leadership Essentials for Managers) course.  We talked about budgeting, project management, vulnerability management, and vendor selection processes.   

Even though I am in a Management course, there was a great deal of technical information covered in Day 1.  We discussed the TCP/IP header, ports/protocols, and packet analysis.  At one point I felt like Neo in The Matrix – (paraphasing more than an exact quote…) “what do you see in the matrix?  ones and zeros?  I see a blonde.  I see a brunette.” 

Logistically, everything seemed to run smoothly.  As always with big conference rooms and theaters, the temperature runs cold, so don’t forget to bring a sweater or light jacket with you tomorrow.  🙂  

There was a SANS@night talk regarding Honeypots, which I missed.  I am excited to see Rich Mogull’s SANS@night talk tomorrow night as he and I are connected on Twitter (@rmogull

Speaking of Twitter, I “tweeted” about the conference at least a half dozen times today.  You can search for the hashtag #SANS_PHX or follow me (@wifijedi) to see the updates.

Insider’s Guide to a SANS Conference – Setup

This is the first blog post in a series, “Insider’s Guide to a SANS Conference”. It corresponds to my attendance at the SANS Phoenix Conference March 23-30, 2009.

As a disclaimer, this “Insider’s Guide” will not provide you confidential information.

Also, you should know that I am “nobody special” within the organization. This is the third conference I have attended, all through their work-study (volunteer) program. I have Mentored the wireless course and taught a wireless Stay Sharp course in Dallas a couple years ago, but that’s it.

The series is meant to be detailed description of my participation and to hopefully encourage others to attend. (I am a big fan!)  I am taking the “Security Leadership Essentials for Managers” course, which is being taught by Stephen Northcutt – the CEO of SANS.  

I am also “micro-blogging” about the conference via Twitter. You can find my updates with the hashtag #SANS_PHXbetter yet, you can “follow me” on Twitter @wifijedi to see all the updates in your own time line!

Today the conference organizers & volunteers set up the conference. Since this is a smaller, regional conference, there are only 5 volunteers (one for each course they are running). Setting up consisted of the following activities:

  • Preparing name badges 
  • Preparing registration folders 
  • Recieving and sorting courseware (books)
  • Stuffing totes with courseware and other inserts 
  • Sorting conference shirt by size 
  • Placing signage throughout facility directing attendees to registration, classrooms, internet cafe, etc.  
  • Setting up registration station 
  • Preparing course evaluation forms & folders 
  • A briefing regarding volunteer duties & expectations
  • Etc. 

I am looking forward to seeing all the attendees at the registration booth from 7:00 – 9:00 AM tomorrow morning!  

Related Posts: 

SANS Phoenix – Upcoming Interview

As many of you already know, I am taking the SANS Security Leadership Essentials course at the upcoming SANS Conference in Phoenix, Mar 23-30th. It is being taught by none other than Stephen Northcutt, President of the SANS Institute.  

I caught up with Stephen earlier this week on LinkedIn and told him that I will be blogging and Tweeting about the event in near real time.  I also asked if I could interview him for, to which he agreed.   

Please leave me a comment or send me an email, Tweet, etc. if you have something specific that you would like me to address in the interview.   

Related Posts: 

Security Leadership Essentials

I am excited to announce that I will be attending the SANS Conference here in Phoenix March 23rd – 30th, 2009.

I have taken several SANS Courses before, including “Wireless Ethical Hacking, Pen Testing, and Defenses” and “Securing Windows”.  This go around I will be taking “SANS Security Leadership Essentials for Managers“.   The course is being taught by the President of the SANS Institute, Stephen Northcutt.

They are actually running 9 different courses in the areas of Management, Audit, Security, and Development.  No promises, but if you are interested in joining me at the Phoenix conference, send me an email at and I will try to hook you up with a 10% discount!

I am taking part in SANS work-study program.  It is where I am going to help them set up the conference, assist with on-site registration, help monitor the book store, and serve as an in-class volunteer.  In exchange, SANS is offering a steeply discounted tuition rate – a great program, especially in this economy!

I plan on blogging about the course, so definitely check back to hear my thoughts on the good, bad, and the ugly!   Have you taken a SANS course? What did you think?  If you haven’t, which of their courses sounds the most interesting to you?   Sound off by submitting a comment below!