Thursday, April 30, 2009

What Tool Should Everyone Know?

I'm always asked "What tool should I learn?". Wireshark is the most flexible tool across the board, no matter what your information technology discipline is. Download Wireshark at For those who don't know, Wireshark is a FOSS network protocol analyzer. I love me some Wireshark! If you aren't experienced with it you need to download now and play. Any questions? Please leave comments. Happy Packet Sniffing :)

Wednesday, April 29, 2009

Hack Your Degree: Secrets of Test Taking

In this video I talk about the secrets of test taking and how I did four years of college credits in 12 months (AKA Hacked my Degree). I received my Regionally Accredited Bachelor's degree from Excelsior College. I followed that up with a Master of Science from Capitol College. Click links for more on CLEP or DSST tests for college credits.

Tuesday, April 28, 2009

DojoSec Monthly Briefings' Talks - May 7, 2009

Location: Capitol College - Laurel, Maryland
Time: 6:00 - 9:30 PM

Please register by clicking the registration tab.

Title: Void Your Warranty

Speaker: Sean Wilkerson, Co-Founder Aplura


Typical enterprise network security architecture includes many solutions
(software and hardware) designed to do things such as enhance
visibility/detection of threats or stop unwanted traffic. Billions of
dollars are spent each year on security products which keep color graphs
on our executives desks, security managers at relative peace, and the
vendors in business, but what are these products missing?

The average IT Security administrator is slowly losing control of their
network with each appliance or turn-key solution they install. We will
discuss how to get back this control, hold your vendors and staff
accountable, and why this is critical.

This won't be nearly as dramatic as a Fox exclusive: "When Security
Products go Bad," however; we will discuss the larger problem and what
you can (and should) do to inspect, audit, and enhance your security

Speaker Bio:

Sean is co-founder, partner, and consultant for Aplura, a DC-area
security consulting company. Sean has spent the last decade managing IT
and Information Security systems. For the last half of that time, Sean
has traveled to several continents for many entities, with a typical
objective to enhance network visibility and reduce analyst reaction time.


Title: FISMA: It doesn't bite

Speaker: Dan Philpott, Founder


In this seminar Dan Philpott will discuss the Federal Information Security Management Act (FISMA) and the compliance regime created for it. Starting with a high level overview of FISMA the problems and possibilities, fallacies and future of the FISMA framework will be explored. The goal of this talk is to present the FISMA framework as it is intended, not a mindless exercise at paper compliance, but as guidance and method to achieve functional security scoped to the risk of operation.

Speaker Bio:

Daniel Philpott is an Information Security Consultant with OnPoint Consulting where he specializes in FISMA compliance. Daniel is founder of the wiki, a guest blogger at and a FISMA instructor with Potomac Forum.


Title: Shining Flashlights in Dark Corners: The evolving role of information security on campus

Speaker: Eric Weakland, Director of Network Security, American University

Eric Weakland will trace his rise through the ranks of an emerging security organization, starting out in the late 1990s and continuing on into the increasingly regulated and formal security environment of the last few years. As concrete examples, Weakland will describe how the AU security team has approached more recent challenges such as encryption and web application security on campus. This interactive talk will include technical lessons learned from over a decade of practice with increasingly sophisticated tools, as well as valuable management lessons on how to best serve multiple, competing constituencies, in a chaotic campus IT environment.

Speaker Bio:

Eric Weakland is the Director of Network Security at American University in Washington DC. Eric has extensive experience in planning strategic initiatives to serve emergent information security needs in the Higher Education market. He holds a Bachelors degree from Carnegie Mellon University and a Masters of Science in Information Technology Management from American University's Kogod School of Business.

Own Your Technical Interview

I mentor tons of colleagues, friends, and former students. A major concern of all is the technical interview. Here's a quick summary of my proven to be effective tips:

1) Don't Lie (Don't be afraid to say I don't know.)
2) Establish Home Field Advantage (Know your resume inside-out.)
3) Practice (Learn applicable stuff for interview if you have to.)

I hope this is helpful. -MJC

P.S. I know "Most biggest" is bad grammar. That's my inner Texan coming out :)

Monday, April 27, 2009

Toot Your Own Horn!

Instead of parroting what others are saying; Why not toot your own horn? There are so many talented people in our field, but only a few voices are heard. We need to change this. Now!

Sunday, April 26, 2009

Sexism in Information Security?

Is there sexism in Information Security? I asked myself this question because I caught myself referring to information security professionals as "Guys". There are brilliant women in our industry, but there needs to be much more. Why aren't there more women in our field? Leave a comment or hit me on Twitter @marcusjcarey.

Saturday, April 25, 2009

That Security Show - Johnny Long Interview

This is more footage from the last That Security Show. In this video Joe McCray of Learn Security Online interviews Johnny Long of Hackers for Charity. Hope you enjoy.

Thursday, April 23, 2009

Secret To Success: Give The People What They Want

In this post, I tell you Zig Ziglar's secret to success. This always works no matter what business you're in. Hope it helps :) -MJC

Sourcefire Seminar with Martin Roesch

Attend a Sourcefire Seminar and Meet Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort®

*TOPIC: Your Network Security Isn't Good Enough Anymore Today’s threats—and networks—are dynamic. Unfortunately, most security offered to date has been static—leaving you blind to the network. *

In this seminar, Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort® will clearly show why /today’s network security isn’t getting the job done/. He will point out why network security must be /intelligent/ to be effective—providing full network visibility, relevant context, and automated impact assessment and IPS tuning. Mr. Roesch will also show why network security must adapt to dynamic networks and threats in real time. Finally, he will share some of his vision on where network security is heading in the future.

Your network security solution may be new, but chances are it is based on outdated assumptions. How can you truly protect your network if you can’t see what is running on it, don’t know what to protect, and can’t identify the threats facing you?

Don’t you owe it to yourself and your organization to attend this seminar and then audit your network security capabilities?

Come see Martin on May 7th in McLean, VA. Register at:

Tenable Network Security releases Nessus 4.0.0

Tenable Network Security is pleased to announce the release of Nessus 4.0.0.

Nessus 4 features major performance improvements, greater scalability and reduced memory usage.

You can download Nessus 4 at

Sourcefire Sponsors DojoSec

We are proud to announce that Sourcefire is sponsoring DojoSec Monthly Briefings.

Sourcefire is the world leader in real-time adaptive network security, giving organizations maximum knowledge to protect against attacks. The company was founded in January 2001 by Martin Roesch, author of open source Snort®, the world’s most downloaded intrusion detection and prevention technology with over 3.7 million downloads to date. In response to increased demand for a commercial version of the popular software, the company developed the Sourcefire 3D® System—Discover, Determine, Defend—a systematic network defense system built on Snort and designed to adapt to dynamic networks and threats in real-time. With 6 patents awarded and 37 patents pending Sourcefire has a strong commitment to innovation and continues to break new ground.

Know-It-All vs. Know-A-Lot

It's cool to know a lot information in your career field. Something I learned a while ago was that no one like a know-it-all. To be an effective information security professional, you can't be a know-it-all.

Wednesday, April 22, 2009

That Security Show - News Segment - Concept Rough Cut

DISCLAIMER: I know the audio and editing may be poor on the show segment, I'm looking for feedback on the concept only. If you can get past the roughness the content is good.

In this post I show rough footage of "That Security Show's News" segment. Even though the audio quality is poor, I'm looking for feedback on the concept. Comment here or drop me a reply on @marcusjcarey.

Shout out to Dr. Infosec, @drinfosec, for selecting the news topics. Thanks to all of the participants in this segment. Thanks for telling me to go forward with the release of this footage. I look forward to crushing this segment at the next taping.

Tuesday, April 21, 2009

That Security Show - Sampler

The studio session went well, but we need to tighten up a couple of things. Here are a couple of sessions that will be a part of the "That Security Show" formula. We will have quality sit-down interviews from industry leaders. We also will talk to security professionals from across the world over the Internet. Hope you enjoy the segments. -MJC

Monday, April 20, 2009

Heard It Through The Grapevine

In this post I talk about the Marvin Gaye song "Heard It Through The Grapevine". In the song Marvin sings "Believe half of what you see and none of what you here. This is a great security industry lesson.

No Such Thing As A Stupid User

There is no such thing as a stupid user, but there are plenty of stupid organizations.

Sunday, April 19, 2009

You Are The Security Industry!

Many complain about the security industry. If you are a security professional, check out this video post. Oh yeah, do something about the problems you see.

Saturday, April 18, 2009

That Security Show's First Taping

Hello world! Yesterday was a good day for the DojoSec movement. We had an an awesome group of people in the studio for That Security Show. Check out the video blog post to find out who was in studio with me.

Friday, April 17, 2009

Ham Security

Are you adding value to your security program? Many in our industry are doing things just because everyone is doing it. Do stuff that works.

Thursday, April 16, 2009

Selling Security

Management won't get the tool you want? You need to give them more information. In this post, I talk about a story Zig Ziglar tells about proposing to his wife. This is how you can sell security.

Wednesday, April 15, 2009

Why Be A Hacker?

Every once in a while we all come to some truths in the Security Life.

Tuesday, April 14, 2009

What Separates DojoSec?

I just love it when someone asks a question that makes me quantify what I'm doing. Thanks to Thomas Nicholson!

Monday, April 13, 2009

The Secret to Troubleshooting: Thin-slicing

This is my secret sauce to troubleshooting. In this post I discuss the concept of thin-slicing which is articulated in Malcolm Gladwell's book Blink. Thin-slicing can help information security professionals solve problems faster. What's funny about thin-slicing, is that is something I always did but didn't even think about it.

Thanks for visiting the blog and checking the video out.


Sunday, April 12, 2009

No One Will Anoint You As An Expert

It's time to step up to the plate and share your knowledge with the world.


Don't Talk About It, Be About It

This is my first attempt at a video blog entry. It's harder than it looks. I hope to keep pumping content out.


Saturday, April 11, 2009

April Videos Online

Go to the Multimedia page for all DojoSec videos.

DojoSec Monthly Briefings - April 2009 - Matthew Watchinski from Marcus Carey on Vimeo.

DojoSec at Capitol College

This month's DojoSec monthly briefings was held at Capitol College. Check out this video below from Rob Fuller AKA mubix. Capitol College is my alma mater, I earned my Master of Science in Network Security from there. They were an awesome host and the facilities were excellent.

Go to: DojoSec's Multimedia page for more videos.

DojoSec Monthly Briefings - April 2009 - Rob Fuller (mubix) from Marcus Carey on Vimeo.

Monday, April 6, 2009

DojoSec April at Capitol College

Capitol College was a fabulous host to DojoSec. I want to thank our sponsors Tenable Network Security and Techguard Security for their support. The Capitol College staff and speakers were awesome. A full wrap-up is on the way.

Wednesday, April 1, 2009

April DojoSec Line-up Change

Small change in the line-up but everything is set for Capitol College. Chris Gates and Vince Marvelli had a schedule conflict and will appear in the next few months. Joseph McCray has stepped up and will deliver a brand new talk that he'll debut at DojoSec.

Speaker: Joseph McCray

Title: Hacking Big Companies Without Getting Caught


This talk will focus on identifying and bypassing enterprise class security solutions such as Load Balancers, Intrusion Prevention Systems (IPSs), and Web Application Firewalls (WAFs).

Speaker Bio:

Joseph McCray is a leader when it comes to penetration testing. Joseph currently acts as Assessment Practice Manager at Rapid7 and is the founder of At Rapid7, he manages and performs Blackbox & Whitebox, Wireless, and VoIP Penetration Testing, as well as performing Social Engineering.