Can you tell us about your professional background?
I’ve been working in IT since I graduated college with a B.S. degree in computer science over 25 years ago. My first job exposed me to a myriad of operating systems, including Windows NT, Windows for Workgroups 3.11, Windows 95, AIX, HP-UX and Sun Solaris. It was my first experience working with customers and providing telephone support for the company’s software product. I also set up that company’s first Internet connection, website, and email server.
After leaving that role in 1997, I moved on to a job as a Sun Solaris administrator, concentrating on backups and printing. A few months after I started, a HP-UX system administrator job became available. I applied for an internal transfer and got the job. That was early 1998 and I have not looked back. I’ve been working primarily with HP-UX for 20 years now.
Nowadays, I work for Service IT Direct as a Critical Systems Software Engineer, where I provide HP-UX support to our customers all over the United States.
How did you discover SANS training?
One of my coworkers, who was responsible for information security, gave me a SANS brochure and recommended that I take the SEC506: Securing Linux/Unix course because I was an HP-UX systems administrators. Shortly thereafter, I took SEC506 taught by Hal Pomeranz at a SANS training event in Orlando, FL. I was immediately hooked and have since attended 12 SANS training events.
What types of things have you been able to apply to your job after each course?
I learned to be careful about where and how backup copies of important system files are kept, like /etc/passwd or /etc/shadow, because they contain the hashes of users’ passwords. If there are copies somewhere that a non-privileged user can access, then a hacker can gain access as well. If a hacker obtains a copy of the hashed passwords, they can run a password cracker and likely get some of your users’ passwords.
AUD507: Auditing Systems, Applications, and the Cloud
Unix, specifically HP-UX, has been the primary focus of my career, so I’ve used tips for finding specific types of files (SUID/SGID, for example), finding files around specific dates, and other “find” tricks covered in AUD507 quite often.
SEC545: Cloud Security Architecture and Operations
Throughout this course, we covered a concept or set of concepts and then set up and configured what we had just learned in an Amazon AWS account. This allowed us to see the concept we just covered in action, which is true for all courses that I have taken with SANS.
What advice would you give to others considering SANS cyber security training?
Make sure you start at a level that’s appropriate for you. Every course description on sans.org provides a list of prerequisites. If you take an advanced course without the level of knowledge it requires, you may not get as much out of the course as you would like.
Most SANS courses require you to bring a laptop when working through lab exercises. Make sure your laptop is configured properly. For example, SEC545: Cloud Security Architecture and Operations requires students to have an Amazon AWS account for lab exercises and a specific laptop configuration. Failure to have this set up prior to the start of class could cause a student to lose valuable time during lab exercises on the first day.
Completed SANS Courses
- SEC501: Advanced Security Essentials - Enterprise Defender
- SEC503: Intrusion Detection In-Depth
- SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- SEC506: Securing Linux/Unix
- SEC509: Securing Oracle Databases (retired)
- SEC545: Cloud Security Architecture and Operations
- SEC560: Network Penetration Testing and Ethical Hacking
- MGT414: SANS Training Program for CISSP® Certification
- MGT525: IT Project Management, Effective Communication, and PMP® Exam Prep
- LEG523: Law of Data Security and Investigations
- AUD507: Auditing Systems, Applications, and the Cloud