GIAC – GPEN Certified!

I took my GPEN certification exam on Thursday and I passed. I was rather nervous to be honest about the exam considering two of my fellow co-workers struggled with it. I waited until the very last day to take the exam and I’m glad I did. Luckily I scored a 91%. Even though it was open book, it was a doozy of an exam. I had my notes, index, and the texts to work from…and it was still a challenge. TBH – I’m really proud of my index (no I won’t share it with you). It looks like a unicorn threw-up on a notebook, but it had just about everything I needed. I’m also excited because I scored high enough to be in the advisory council and to possibly be a SANS mentor! I’m very humbled and honored!

Just a little tip thought: I won’t go into specifics, but I would advise anyone taking the exam to brush up specifically on the netcat switches and really learn scapy backwards and forwards. Not only will it help you with the exam, but I’ve found myself using both tool in my day to day roles a lot now.

So…what’s the first thing I do now that I don’t have a certification deadline looming over me? Go pick out another cert to tackle. My wife tells me that I’m goal driven. I need a goal to strive for if I want to be productive. At this point I’m strongly considering either the CCSP from (ISC)2 or one of the Amazon certifications. I need to skill-up on cloud a little bit before I go after the OSCP. So let me know. What do you think? What certification should I go after next?


One last thing….


Dearest people outside of the realm of InfoSec,

Someone mentions the word ‘Penetration’ in proper context, and you folks lose your damn minds. Get your heads out of the gutter. Thanks.

November Fun Times!

This is going to be a fun busy month. Not sure how it’ll all make out, but here’s what we got so far.

November 2-3 is the ISSA International Conference in Dallas Texas. I was asked to be a panelist in one of the panels on the first day. Come see me hopefully not make a fool of myself on on 11/2 at 4:00-4:45pm. Title is: How Effective are Incident Response Plans? It’ll be in Cumberland A/B. I’ll be speaking with some really established professionals. I just hope I don’t make a fool of myself.


On the 4th, I’ll be in D.C. to attend SANS SEC560: Network Penetration Testing and Ethical Hacking. This is a huge opportunity for me. I’m really excited that my employer wants to invest with me. I’ve been preparing for a while now.  My parents will be in town the first night so we’ll try and get together for dinner. Also, we’ll be staying through the election, so being in DC on election night will be quite an experience.  This most exciting thing about this is that the course will be taught by THE Ed Skoudis. The guy literally wrote the book and course. I’ve been following the guy for a while now, and to be taught by him will be a real honor. I only hope I do well.


So yeah, just like always, it’s going to be a busy few weeks. After the course is over, I’ll be headed back to Dallas, Houston, Phoenix, and then the Dominican Republic. Those are the flights I have booked on the calendar so far.

I’ll sleep when I’m dead.