Can you tell us about your professional background and current cyber security role?
I have held a few different roles in the technical world. I have experience in front-line support, quality assurance, engineering, development, and penetration testing. I do not come from a classical computer science background, so developing into a reliable technical resource has been a challenging, oftentimes frustrating, and ultimately fulfilling experience. In my current role as the Director of Technical Services at Pulsar Security, I have the luxury of working with a truly remarkable team. I head our software-development and security-service efforts.
What challenges does your organization face in relation to cyber security?
Technical challenges abound – which isn't news to anyone – but the major impediments we face are all related to people: determining the best ways to attract, train, and retain creative resources; working with clients to fully comprehend and implement multi-layered security programs; dealing with offensive and defensive technologies that tend to keep a tit-for-tat pace with each other; and educating the masses.
Why did you choose SANS training for your personal development and your company’s training program?
It all started when I was trying to decide what conferences I would attend for the year. I realized that while most conferences are great, I did not leave those events with many more skills than before I attended them. So I decided to try and spend my time on things that were more beneficial in a practical way. For this kind of thing, SANS doesn't have much competition. I decided to take as many SANS courses in Penetration Testing as possible, which included SEC560: Network Penetration Testing and Ethical Hacking, SEC542: Web App Penetration Testing and Ethical Hacking, SEC573: Automating Information Security with Python, and SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking. I didn't know about the SANS promise then, but in hindsight I can wholeheartedly attest to the promise holding true.
[Note: The SANS promise states that you will be able to apply your training the day you get back to the office.]
When I was tasked with developing our employee training programs and policies, I decided to prioritize hands-on training that immediately affords new skills and techniques. SANS Pen Test courses were selected due to their overlap with our core business, and because they offer the biggest "bang" for our buck when it comes to developing new employees quickly.
How have your employees, team, and organization benefited from SANS training?
We have sent a significant portion of our overall company to SANS training. We are very open to bringing on new engineers with limited or no experience and starting them on a training path, which includes a handful of SANS courses. This isn't cheap, but the value outweighs the cost in the long run.
Our organization has seen tangible technical benefits from SANS training. For example, we sent three employees (two of whom had only a few months of experience in tech) to take SEC573: Automating Information Security with Python taught by the course author, Mark Baggett, at PenTest Hackfest Summit & Training. This was a great jumpstart for them, as it improved their level of comfort with programming and enhanced their ability to use Python for automating some of the tasks we currently perform manually in our environment.
I also believe the intangible benefits of SANS training are equally important. We go to SANS because we know that the quality of instruction is world-class and fellow students tend to be of the same ilk – they are looking to push their edges, learn new skills, and move the needle for their organizations. Immersion in such an environment can have an enormous benefit, as it reinforces our belief that we can perform and compete with some of the most talented cybersecurity practitioners in the world. This has been really valuable for our organization, especially given that we try to recruit people with non-standard paths to technology.
Do you encourage employees to pursue GIAC certifications with their training? If so, why?
We absolutely encourage (and, full disclosure, require) our employees to pursue GIAC certifications. While certification is not the end-all- be-all validation of one’s skill or ability, it is a great way of gauging what someone has learned, and achieving certification helps build confidence – especially for those with limited experience. Also, having a certified team of security practitioners has helped generate confidence in our organization with potential customers and partners.
Does your organization use any of our free resources?
We are a research-heavy organization and the SANS Reading Room has been a great resource for us to fill in gaps when needed. The free resource that we leverage most often is the ISC StormCast Podcast. Most members of our team are avid podcast listeners, and the daily updates from Johannes Ullrich have helped us stay up to speed with what is going on in the world of cybersecurity.
What is your future training plan with SANS?
For my team, we are sending students to SEC560, SEC504, and SEC660. SANS training is a central pillar of our training paths for both new and seasoned employees, and I have no doubt that it will remain so moving forward.
Completed SANS Courses
- SEC401: Security Essentials Bootcamp Style
- SEC503: Intrusion Detection In-Depth
- SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- SEC505: Securing Windows and PowerShell Automation
- SEC506: Securing Linux/Unix
- SEC511: Continuous Monitoring and Security Operations
- SEC542: Web App Penetration Testing and Ethical Hacking
- SEC560: Network Penetration Testing and Ethical Hacking
- SEC566: Implementing and Auditing the Critical Security Controls - In-Depth
- SEC573: Automating Information Security with Python
- SEC575: Mobile Device Security and Ethical Hacking
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
- SEC617: Wireless Penetration Testing and Ethical Hacking
- SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- FOR500: Windows Forensic Analysis
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- FOR518: Mac and iOS Forensic Analysis and Incident Response
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
- FOR578: Cyber Threat Intelligence
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
- AUD507: Auditing Systems, Applications, and the Cloud
- LEG523: Law of Data Security and Investigations