I'm always asked "What tool should I learn?". Wireshark is the most flexible tool across the board, no matter what your information technology discipline is. Download Wireshark at http://www.wireshark.org. For those who don't know, Wireshark is a FOSS network protocol analyzer. I love me some Wireshark! If you aren't experienced with it you need to download now and play. Any questions? Please leave comments. Happy Packet Sniffing :)
Thursday, April 30, 2009
Wednesday, April 29, 2009
Hack Your Degree: Secrets of Test Taking
In this video I talk about the secrets of test taking and how I did four years of college credits in 12 months (AKA Hacked my Degree). I received my Regionally Accredited Bachelor's degree from Excelsior College. I followed that up with a Master of Science from Capitol College. Click links for more on CLEP or DSST tests for college credits.
Tuesday, April 28, 2009
DojoSec Monthly Briefings' Talks - May 7, 2009
Location: Capitol College - Laurel, Maryland
Time: 6:00 - 9:30 PM
Please register by clicking the registration tab.
Title: Void Your Warranty
Speaker: Sean Wilkerson, Co-Founder Aplura
Description:
Typical enterprise network security architecture includes many solutions
(software and hardware) designed to do things such as enhance
visibility/detection of threats or stop unwanted traffic. Billions of
dollars are spent each year on security products which keep color graphs
on our executives desks, security managers at relative peace, and the
vendors in business, but what are these products missing?
The average IT Security administrator is slowly losing control of their
network with each appliance or turn-key solution they install. We will
discuss how to get back this control, hold your vendors and staff
accountable, and why this is critical.
This won't be nearly as dramatic as a Fox exclusive: "When Security
Products go Bad," however; we will discuss the larger problem and what
you can (and should) do to inspect, audit, and enhance your security
solutions.
Speaker Bio:
Sean is co-founder, partner, and consultant for Aplura, a DC-area
security consulting company. Sean has spent the last decade managing IT
and Information Security systems. For the last half of that time, Sean
has traveled to several continents for many entities, with a typical
objective to enhance network visibility and reduce analyst reaction time.
--
Title: FISMA: It doesn't bite
Speaker: Dan Philpott, Founder FISMApedia.org
Description:
In this seminar Dan Philpott will discuss the Federal Information Security Management Act (FISMA) and the compliance regime created for it. Starting with a high level overview of FISMA the problems and possibilities, fallacies and future of the FISMA framework will be explored. The goal of this talk is to present the FISMA framework as it is intended, not a mindless exercise at paper compliance, but as guidance and method to achieve functional security scoped to the risk of operation.
Speaker Bio:
Daniel Philpott is an Information Security Consultant with OnPoint Consulting where he specializes in FISMA compliance. Daniel is founder of the FISMApedia.org wiki, a guest blogger at Guerilla-CISO.com and a FISMA instructor with Potomac Forum.
--
Title: Shining Flashlights in Dark Corners: The evolving role of information security on campus
Speaker: Eric Weakland, Director of Network Security, American University
Eric Weakland will trace his rise through the ranks of an emerging security organization, starting out in the late 1990s and continuing on into the increasingly regulated and formal security environment of the last few years. As concrete examples, Weakland will describe how the AU security team has approached more recent challenges such as encryption and web application security on campus. This interactive talk will include technical lessons learned from over a decade of practice with increasingly sophisticated tools, as well as valuable management lessons on how to best serve multiple, competing constituencies, in a chaotic campus IT environment.
Speaker Bio:
Eric Weakland is the Director of Network Security at American University in Washington DC. Eric has extensive experience in planning strategic initiatives to serve emergent information security needs in the Higher Education market. He holds a Bachelors degree from Carnegie Mellon University and a Masters of Science in Information Technology Management from American University's Kogod School of Business.
Time: 6:00 - 9:30 PM
Please register by clicking the registration tab.
Title: Void Your Warranty
Speaker: Sean Wilkerson, Co-Founder Aplura
Description:
Typical enterprise network security architecture includes many solutions
(software and hardware) designed to do things such as enhance
visibility/detection of threats or stop unwanted traffic. Billions of
dollars are spent each year on security products which keep color graphs
on our executives desks, security managers at relative peace, and the
vendors in business, but what are these products missing?
The average IT Security administrator is slowly losing control of their
network with each appliance or turn-key solution they install. We will
discuss how to get back this control, hold your vendors and staff
accountable, and why this is critical.
This won't be nearly as dramatic as a Fox exclusive: "When Security
Products go Bad," however; we will discuss the larger problem and what
you can (and should) do to inspect, audit, and enhance your security
solutions.
Speaker Bio:
Sean is co-founder, partner, and consultant for Aplura, a DC-area
security consulting company. Sean has spent the last decade managing IT
and Information Security systems. For the last half of that time, Sean
has traveled to several continents for many entities, with a typical
objective to enhance network visibility and reduce analyst reaction time.
--
Title: FISMA: It doesn't bite
Speaker: Dan Philpott, Founder FISMApedia.org
Description:
In this seminar Dan Philpott will discuss the Federal Information Security Management Act (FISMA) and the compliance regime created for it. Starting with a high level overview of FISMA the problems and possibilities, fallacies and future of the FISMA framework will be explored. The goal of this talk is to present the FISMA framework as it is intended, not a mindless exercise at paper compliance, but as guidance and method to achieve functional security scoped to the risk of operation.
Speaker Bio:
Daniel Philpott is an Information Security Consultant with OnPoint Consulting where he specializes in FISMA compliance. Daniel is founder of the FISMApedia.org wiki, a guest blogger at Guerilla-CISO.com and a FISMA instructor with Potomac Forum.
--
Title: Shining Flashlights in Dark Corners: The evolving role of information security on campus
Speaker: Eric Weakland, Director of Network Security, American University
Eric Weakland will trace his rise through the ranks of an emerging security organization, starting out in the late 1990s and continuing on into the increasingly regulated and formal security environment of the last few years. As concrete examples, Weakland will describe how the AU security team has approached more recent challenges such as encryption and web application security on campus. This interactive talk will include technical lessons learned from over a decade of practice with increasingly sophisticated tools, as well as valuable management lessons on how to best serve multiple, competing constituencies, in a chaotic campus IT environment.
Speaker Bio:
Eric Weakland is the Director of Network Security at American University in Washington DC. Eric has extensive experience in planning strategic initiatives to serve emergent information security needs in the Higher Education market. He holds a Bachelors degree from Carnegie Mellon University and a Masters of Science in Information Technology Management from American University's Kogod School of Business.
Own Your Technical Interview
I mentor tons of colleagues, friends, and former students. A major concern of all is the technical interview. Here's a quick summary of my proven to be effective tips:
1) Don't Lie (Don't be afraid to say I don't know.)
2) Establish Home Field Advantage (Know your resume inside-out.)
3) Practice (Learn applicable stuff for interview if you have to.)
I hope this is helpful. -MJC
P.S. I know "Most biggest" is bad grammar. That's my inner Texan coming out :)
1) Don't Lie (Don't be afraid to say I don't know.)
2) Establish Home Field Advantage (Know your resume inside-out.)
3) Practice (Learn applicable stuff for interview if you have to.)
I hope this is helpful. -MJC
P.S. I know "Most biggest" is bad grammar. That's my inner Texan coming out :)
Monday, April 27, 2009
Toot Your Own Horn!
Instead of parroting what others are saying; Why not toot your own horn? There are so many talented people in our field, but only a few voices are heard. We need to change this. Now!
Sunday, April 26, 2009
Sexism in Information Security?
Is there sexism in Information Security? I asked myself this question because I caught myself referring to information security professionals as "Guys". There are brilliant women in our industry, but there needs to be much more. Why aren't there more women in our field? Leave a comment or hit me on Twitter @marcusjcarey.
Saturday, April 25, 2009
That Security Show - Johnny Long Interview
This is more footage from the last That Security Show. In this video Joe McCray of Learn Security Online interviews Johnny Long of Hackers for Charity. Hope you enjoy.
Thursday, April 23, 2009
Secret To Success: Give The People What They Want
In this post, I tell you Zig Ziglar's secret to success. This always works no matter what business you're in. Hope it helps :) -MJC
Sourcefire Seminar with Martin Roesch
Attend a Sourcefire Seminar and Meet Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort®
*TOPIC: Your Network Security Isn't Good Enough Anymore Today’s threats—and networks—are dynamic. Unfortunately, most security offered to date has been static—leaving you blind to the network. *
In this seminar, Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort® will clearly show why /today’s network security isn’t getting the job done/. He will point out why network security must be /intelligent/ to be effective—providing full network visibility, relevant context, and automated impact assessment and IPS tuning. Mr. Roesch will also show why network security must adapt to dynamic networks and threats in real time. Finally, he will share some of his vision on where network security is heading in the future.
Your network security solution may be new, but chances are it is based on outdated assumptions. How can you truly protect your network if you can’t see what is running on it, don’t know what to protect, and can’t identify the threats facing you?
Don’t you owe it to yourself and your organization to attend this seminar and then audit your network security capabilities?
Come see Martin on May 7th in McLean, VA. Register at:
http://www.sourcefire.com/news/webinars/
*TOPIC: Your Network Security Isn't Good Enough Anymore Today’s threats—and networks—are dynamic. Unfortunately, most security offered to date has been static—leaving you blind to the network. *
In this seminar, Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort® will clearly show why /today’s network security isn’t getting the job done/. He will point out why network security must be /intelligent/ to be effective—providing full network visibility, relevant context, and automated impact assessment and IPS tuning. Mr. Roesch will also show why network security must adapt to dynamic networks and threats in real time. Finally, he will share some of his vision on where network security is heading in the future.
Your network security solution may be new, but chances are it is based on outdated assumptions. How can you truly protect your network if you can’t see what is running on it, don’t know what to protect, and can’t identify the threats facing you?
Don’t you owe it to yourself and your organization to attend this seminar and then audit your network security capabilities?
Come see Martin on May 7th in McLean, VA. Register at:
http://www.sourcefire.com/news/webinars/
Tenable Network Security releases Nessus 4.0.0
Tenable Network Security is pleased to announce the release of Nessus 4.0.0.
Nessus 4 features major performance improvements, greater scalability and reduced memory usage.
You can download Nessus 4 at http://www.nessus.org/download/
Nessus 4 features major performance improvements, greater scalability and reduced memory usage.
You can download Nessus 4 at http://www.nessus.org/download/
Sourcefire Sponsors DojoSec
We are proud to announce that Sourcefire is sponsoring DojoSec Monthly Briefings.
Sourcefire is the world leader in real-time adaptive network security, giving organizations maximum knowledge to protect against attacks. The company was founded in January 2001 by Martin Roesch, author of open source Snort®, the world’s most downloaded intrusion detection and prevention technology with over 3.7 million downloads to date. In response to increased demand for a commercial version of the popular software, the company developed the Sourcefire 3D® System—Discover, Determine, Defend—a systematic network defense system built on Snort and designed to adapt to dynamic networks and threats in real-time. With 6 patents awarded and 37 patents pending Sourcefire has a strong commitment to innovation and continues to break new ground.
Sourcefire is the world leader in real-time adaptive network security, giving organizations maximum knowledge to protect against attacks. The company was founded in January 2001 by Martin Roesch, author of open source Snort®, the world’s most downloaded intrusion detection and prevention technology with over 3.7 million downloads to date. In response to increased demand for a commercial version of the popular software, the company developed the Sourcefire 3D® System—Discover, Determine, Defend—a systematic network defense system built on Snort and designed to adapt to dynamic networks and threats in real-time. With 6 patents awarded and 37 patents pending Sourcefire has a strong commitment to innovation and continues to break new ground.
Know-It-All vs. Know-A-Lot
It's cool to know a lot information in your career field. Something I learned a while ago was that no one like a know-it-all. To be an effective information security professional, you can't be a know-it-all.
Wednesday, April 22, 2009
That Security Show - News Segment - Concept Rough Cut
DISCLAIMER: I know the audio and editing may be poor on the show segment, I'm looking for feedback on the concept only. If you can get past the roughness the content is good.
Shout out to Dr. Infosec, @drinfosec, for selecting the news topics. Thanks to all of the participants in this segment. Thanks for telling me to go forward with the release of this footage. I look forward to crushing this segment at the next taping.
Tuesday, April 21, 2009
That Security Show - Sampler
The studio session went well, but we need to tighten up a couple of things. Here are a couple of sessions that will be a part of the "That Security Show" formula. We will have quality sit-down interviews from industry leaders. We also will talk to security professionals from across the world over the Internet. Hope you enjoy the segments. -MJC
Monday, April 20, 2009
Heard It Through The Grapevine
In this post I talk about the Marvin Gaye song "Heard It Through The Grapevine". In the song Marvin sings "Believe half of what you see and none of what you here. This is a great security industry lesson.
No Such Thing As A Stupid User
There is no such thing as a stupid user, but there are plenty of stupid organizations.
Sunday, April 19, 2009
You Are The Security Industry!
Many complain about the security industry. If you are a security professional, check out this video post. Oh yeah, do something about the problems you see.
Saturday, April 18, 2009
That Security Show's First Taping
Hello world! Yesterday was a good day for the DojoSec movement. We had an an awesome group of people in the studio for That Security Show. Check out the video blog post to find out who was in studio with me.
Friday, April 17, 2009
Ham Security
Are you adding value to your security program? Many in our industry are doing things just because everyone is doing it. Do stuff that works.
Thursday, April 16, 2009
Selling Security
Management won't get the tool you want? You need to give them more information. In this post, I talk about a story Zig Ziglar tells about proposing to his wife. This is how you can sell security.
Wednesday, April 15, 2009
Tuesday, April 14, 2009
What Separates DojoSec?
I just love it when someone asks a question that makes me quantify what I'm doing. Thanks to Thomas Nicholson!
Monday, April 13, 2009
The Secret to Troubleshooting: Thin-slicing
This is my secret sauce to troubleshooting. In this post I discuss the concept of thin-slicing which is articulated in Malcolm Gladwell's book Blink. Thin-slicing can help information security professionals solve problems faster. What's funny about thin-slicing, is that is something I always did but didn't even think about it.
Thanks for visiting the blog and checking the video out.
-MJC
Sunday, April 12, 2009
No One Will Anoint You As An Expert
It's time to step up to the plate and share your knowledge with the world.
-MJC
Don't Talk About It, Be About It
This is my first attempt at a video blog entry. It's harder than it looks. I hope to keep pumping content out.
-MJC
Saturday, April 11, 2009
April Videos Online
Go to the Multimedia page for all DojoSec videos.
DojoSec Monthly Briefings - April 2009 - Matthew Watchinski from Marcus Carey on Vimeo.
DojoSec Monthly Briefings - April 2009 - Matthew Watchinski from Marcus Carey on Vimeo.
DojoSec at Capitol College
This month's DojoSec monthly briefings was held at Capitol College. Check out this video below from Rob Fuller AKA mubix. Capitol College is my alma mater, I earned my Master of Science in Network Security from there. They were an awesome host and the facilities were excellent.
Go to: DojoSec's Multimedia page for more videos.
DojoSec Monthly Briefings - April 2009 - Rob Fuller (mubix) from Marcus Carey on Vimeo.
Go to: DojoSec's Multimedia page for more videos.
DojoSec Monthly Briefings - April 2009 - Rob Fuller (mubix) from Marcus Carey on Vimeo.
Monday, April 6, 2009
DojoSec April at Capitol College
Capitol College was a fabulous host to DojoSec. I want to thank our sponsors Tenable Network Security and Techguard Security for their support. The Capitol College staff and speakers were awesome. A full wrap-up is on the way.
Wednesday, April 1, 2009
April DojoSec Line-up Change
Small change in the line-up but everything is set for Capitol College. Chris Gates and Vince Marvelli had a schedule conflict and will appear in the next few months. Joseph McCray has stepped up and will deliver a brand new talk that he'll debut at DojoSec.
Speaker: Joseph McCray
Title: Hacking Big Companies Without Getting Caught
Description:
This talk will focus on identifying and bypassing enterprise class security solutions such as Load Balancers, Intrusion Prevention Systems (IPSs), and Web Application Firewalls (WAFs).
Speaker Bio:
Joseph McCray is a leader when it comes to penetration testing. Joseph currently acts as Assessment Practice Manager at Rapid7 and is the founder of LearnSecurityOnline.com. At Rapid7, he manages and performs Blackbox & Whitebox, Wireless, and VoIP Penetration Testing, as well as performing Social Engineering.
Speaker: Joseph McCray
Title: Hacking Big Companies Without Getting Caught
Description:
This talk will focus on identifying and bypassing enterprise class security solutions such as Load Balancers, Intrusion Prevention Systems (IPSs), and Web Application Firewalls (WAFs).
Speaker Bio:
Joseph McCray is a leader when it comes to penetration testing. Joseph currently acts as Assessment Practice Manager at Rapid7 and is the founder of LearnSecurityOnline.com. At Rapid7, he manages and performs Blackbox & Whitebox, Wireless, and VoIP Penetration Testing, as well as performing Social Engineering.
Subscribe to:
Posts (Atom)
