How to Make an Index for an Open-Book Exam

The one post on my tiny little blog that get’s way more than attention than any other is my post on passing the GPEN. With that said, I didn’t quite feel comfortable sharing an index with people (so I didn’t). To be honest, I feel that the act of creating the index itself was what prepared me for the exam vs having one provided for me. Therefore, I want you to succeed. I will show you exactly how I created my own open-book index.

For complete transparency, the majority of this is 100% ripped off from Lesley Calhart’s write-up on her Pancakes Index System. You can basically see…it worked for me. I encourage you to stop reading here, and move over to her write-up. It’s more concise and TBH a better read.

Read more “How to Make an Index for an Open-Book Exam”

GIAC – GPEN Certified!

I took my GPEN certification exam on Thursday and I passed. I was rather nervous to be honest about the exam considering two of my fellow co-workers struggled with it. I waited until the very last day to take the exam and I’m glad I did. Luckily I scored a 91%. Even though it was open book, it was a doozy of an exam. I had my notes, index, and the texts to work from…and it was still a challenge. TBH – I’m really proud of my index (no I won’t share it with you). It looks like a unicorn threw-up on a notebook, but it had just about everything I needed. I’m also excited because I scored high enough to be in the advisory council and to possibly be a SANS mentor! I’m very humbled and honored!

Just a little tip thought: I won’t go into specifics, but I would advise anyone taking the exam to brush up specifically on the netcat switches and really learn scapy backwards and forwards. Not only will it help you with the exam, but I’ve found myself using both tool in my day to day roles a lot now.

So…what’s the first thing I do now that I don’t have a certification deadline looming over me? Go pick out another cert to tackle. My wife tells me that I’m goal driven. I need a goal to strive for if I want to be productive. At this point I’m strongly considering either the CCSP from (ISC)2 or one of the Amazon certifications. I need to skill-up on cloud a little bit before I go after the OSCP. So let me know. What do you think? What certification should I go after next?


One last thing….


Dearest people outside of the realm of InfoSec,

Someone mentions the word ‘Penetration’ in proper context, and you folks lose your damn minds. Get your heads out of the gutter. Thanks.

November Fun Times!

This is going to be a fun busy month. Not sure how it’ll all make out, but here’s what we got so far.

November 2-3 is the ISSA International Conference in Dallas Texas. I was asked to be a panelist in one of the panels on the first day. Come see me hopefully not make a fool of myself on on 11/2 at 4:00-4:45pm. Title is: How Effective are Incident Response Plans? It’ll be in Cumberland A/B. I’ll be speaking with some really established professionals. I just hope I don’t make a fool of myself.


On the 4th, I’ll be in D.C. to attend SANS SEC560: Network Penetration Testing and Ethical Hacking. This is a huge opportunity for me. I’m really excited that my employer wants to invest with me. I’ve been preparing for a while now.  My parents will be in town the first night so we’ll try and get together for dinner. Also, we’ll be staying through the election, so being in DC on election night will be quite an experience.  This most exciting thing about this is that the course will be taught by THE Ed Skoudis. The guy literally wrote the book and course. I’ve been following the guy for a while now, and to be taught by him will be a real honor. I only hope I do well.


So yeah, just like always, it’s going to be a busy few weeks. After the course is over, I’ll be headed back to Dallas, Houston, Phoenix, and then the Dominican Republic. Those are the flights I have booked on the calendar so far.

I’ll sleep when I’m dead.