Passing the GDSA exam

Recently, I challenged the GIAC/SANS GDSA exam. And I am excited to say, I passed and have obtained the GDSA certificate!

The course and exam concepts were a mix of things known to many experience cybersecurity professionals. While, at the same time, many new trending topics that a large portion of businesses are pushing towards (Zero Trust). There are many fun labs that challenge you to break into routers in very simple ways. The purpose of these types of challenges is to start thinking about of defenses that can be built to overcome weaknesses. On top of that, it sets a standard to always implement best security practices and keep them in mind for any architectural designs.

SEC530: Defensible Security Architecture and Engineering class

I had taken the full course related to this certification. If you want to read my review of the corresponding course, then check this blog post out –> https://www.stealthbay.com/sec530-defensible-security-architecture-and-engineering/

Prepping for the exam

SEC530: Defensible Security Architecture and Engineering – Zero Trust

Why take this course?

One of the major reasons on why I chose to take SEC530 is due to the class syllabus. A big item that stood out to me was learning more about implementing Zero Trust and an Insider Threat program. The course has a whole day dedicated to just those topics alone. Being in a Security Engineering role, this course is a great way to understand how to assess your current defenses within your organization. But, also allows you to plan ahead for future controls that may need to be built out over time.

If you’ve got an extensive amount of experience already working within the cyber security world. Then, some of the defenses may be items that you have already worked on or have some exposure on. For me personally, a lot of the materials from Day 1-3 were concepts and practical work that I have already experienced. However, Day 4-5 were excellent in learning new topics/ideas that will at least for me lead to fun future projects.

I took the vLive course option, which in my case was also taking place in person. So, it was a hybrid class with students in person, as well as students (such as me) taking it remotely for the week.

Day 1

The start to the course will go over many basic concepts related to best practices for physical and network security. You’ll get to play with the MITRE Framework, and understand the cyber kill chain. There is a good chunk of time dedicated to learning about various types of NetFlow data (on prem networking devices, cloud, endpoint). It’s a great start to the course to warm you up to the good stuff!

Day 2

Hack The Cybersecurity Interview – Book Review

Once of the questions I often get from people that are looking to break into the cyber security field is how they can get a job in the field. I hear about struggles related to, “which role should I apply to”, “what skills/certs do I need or should obtain”, “how do I know what questions I should ask or be prepared to answer”. And I am finally glad to say I have found a new book that was released, that answers all these questions. So, if you have any of the mentioned questions listed above. This book is a must read for you!

Amazon USA: https://www.amazon.com/Hack-Cybersecurity-Interview-jumpstarting-cybersecurity/dp/1801816638/ref=sr_1_1?keywords=hack+the+cybersecurity+interview&qid=1662534007&sprefix=hack+the+c%2Caps%2C145&sr=8-1

Amazon Canada: https://www.amazon.ca/Hack-Cybersecurity-Interview-jumpstarting-cybersecurity/dp/1801816638/ref=sr_1_1?keywords=hack+the+cybersecurity+interview&qid=1662533978&sprefix=hack+the+cy%2Caps%2C131&sr=8-1

Why should you purchase this book?

The title of the book in my opinion is very accurate. This book literally teaches you how to “hack” an interview. It gives you the data and information to really succeed on a cybersecurity interview.

The book has multiple authors (Ken Underhill, Christophe Foulon, Tia Hopkins). They have done an excellent job on building out this book. I’ve been mentioning to a lot of my peers that we have needed a book that explains and prepares interview candidates with the knowledge to ace an interview. And, I think we finally have winner, and a much-needed resource that cyber security enthusiasts can utilize.

Passing the GCTI Exam

Recently, I challenged the GIAC/SANS GCTI exam. And I am excited to say I passed and have obtained the GCTI certificate!!!

The concepts for this course were much newer to me. Threat modelling, researching, and building a threat intelligence tech stack was amazing to learn. Usually, a threat intel program is conducted with very established and mature security programs. So, this is an area I have not seen too many people often get into. However, Threat Intel programs are slowly becoming more common. and knowing your adversary, as well as keeping track of an adversary that could potentially be targeting you is an awesome skill set to accomplish.

FOR578: Cyber Threat Intelligence class

I had taken the full course on threat intelligence. If you want to read my review of it check this blog post out –> https://www.stealthbay.com/a-review-of-for578-cyber-threat-intelligence/

Prepping for the exam

I highly advise everyone take the FOR578: Cyber Threat Intelligence course. You can get more details from here: https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/

The course will prepare you for the exam and cover topics and tools that you will be tested on. There is a lot of material to learn in the course. So, dedicate a good amount of time towards learning the course material and all the concepts. The class was a huge learning experience in the world of Threat Intelligence.

After you take the course try going back to each book and building your index. After this, it is a good time to use up practice exam 1 and see how you fair in it. Use the section at the end, which lists out which sections you were weak in and go study them some more. Take practice exam 2 and hopefully this time you see an improvement. If so, then book your final exam within the next 2-5 days and go for it. This format always has worked well for me.

Making an Index

A Review of FOR578 Cyber Threat Intelligence

Why take this course?

For me Threat Intelligence has been an area of interest.  Many organizations are still in the mindset and position of being very reactive. You notice something odd and investigate it further. However, not a lot of organizations are as proactive, where they go our and research threat actors/adversaries. Or building their own threat intel database that covers incidents within their own org. And, with that not just pulling in public and private threat feeds. But, also building your own indicators, and additional defensive mechanisms. This course will teach you all of that and much more!

Day 1

You will learn about actual incidents and case studies that took place. And, how CTI (Cyber Threat Intelligence) played a huge role in identifying each threat actor.  There are topics just on general “what is threat intelligence”, and different threat models that can be used to develop a program. Overall, day 1 is very much a more theory and introduction type of day.

Day 2

Day 2 things start to get more fun! There is lots of learning about the kill chain life cycle, and really understanding how it functions in respect to threat intel. There are great topics on more detailed threat models, how to apply them and how to analyze various types of logs for key indicators. You also get a good grasp on networking, and forensics analysis techniques.