Buwahahahahahahaha!!!

By far the area of this crazy infosec world of ours that I find the most fun. Probably due to the fact that my technical skills have atrophied a bit since moving into more managerial type roles...that and people tend to believe me. Guess I have one of those faces.

The amount of data you can gather, though, just through apparently casual observation is mind boggling. Even those folks who consider themselves "security aware," don't realize how much they tell about themselves just through their everyday actions.

OK, now I feel like a bit of a jerk for my tiny little comment. I was not attacking Lewis or your company. I would suggest in the future, however, if posting to a forum such as this, to just be honest and up front about who you are. Please do not assume this to mean that I'm saying Lewis was DIShonest.

Please accept my apologies for any offense taken. I certainly didn't mean any, nor do I wish to unintentionally disuade an advertiser from working with Don. This is a pretty great, friendly community on the whole. Something I'm sure you'll find should you join the many other discussions.

I think that in the interest of full disclosure, Lewis should have included (though it was easy enough to guess) that he is an employee of 7Safe.

I've read that book, probably 50 times in my life, and seen the movie more times. I'm a bit embarassed that I didn't nail that one.  Nurse Ratched's gonna get me!

You're ALL winners! Kevin now owns all of your FB accounts 

Wish I would have seen this one sooner. I usually just jump straight into the forums...BAD oneeyedcarmen!!!

And, Don, I believe you're referencing the Michael Keaton/Christopher Lloyd classic, "The Dream Team."

Cheesy as it may be, there's a pretty large InfoSec community on the Twitter. A bunch of the guys local to me have started up a group called Charmsec. I know in Boston there's BeanSec, and NYSec in, well, you can probably guess.

Poke around a little bit, and you're sure to find people who share your interests. Have you heard of the freaks that wear diapers or furry costumes? If they can find people to hang out with, a couple of geeks that like to break and fix shit shouldn't have a problem 

This thread has me itching to spend some time playing on HTS...my technical skills, crypto in particular, have a thick coat of rust on them. Time to break out the WD-40

I actually put one together about two years ago at the last job. I might have it saved somewhere. If I do, it's yours.

Congrats! I've been trying to decide between going for the CISA or one of the GIACs. (If I can get the boss to pay for both, I'd be cool with that, too!)

Very nice write up, Adriano! I've also been moving more into a less technical role, doing more audit  and C&A type work of late.

Oh, and I, too, have now added your blog to my subscriptions.

Sure, I'll hop on this dead horse and whip it some more

I would definitely say that using the (ISC)² material, dry as it may be, is the best way to go to start of. Struggle through it. I read it twice through, sometimes feeling like doing the old Clockwork Orange to keep my eyes open. Then read another book. I didn't really like Shon's big book, but Mike Meyers has a series out called "Passport" or something like that, and Shon did a CISSP book for him. It's a bit shorter (ONLY 500 pages or so!), but much more relaxed.

Best thing to do is definitely to look at the (ISC)² website and book a test several months out. That will not only give you time to get your studying in, but also put just a little pressure on you not to slack off.

Following my own advice, I felt pretty confident going into the test. Then I was surprised by my in-laws with the gift of a last minute bootcamp with Larry Greenblatt. I'm not sure that I learned anything NEW from Larry (other than Tai Chi, a joke you'll get if you've had Larry as an instructor), but he definitely reinforced the training I'd given myself.

Good luck!

As usual, ShmooCon was a blast, this time with ShmooSnowballs and sledding (never mind the occasional broken arm).

Was anyone else able to attend in the tundra? Please share some of your thoughts. Best/worst talks, meet & greets, drunken debauchery, etc.

Thanks to @quine and Intrepidus Group for putting on (and paying for) the SecurityTwits lunch Friday. It was great to see everyone again, and get to put a few faces to names finally.

It's always humbling (but a lot of fun) being around so many brilliant folks, even if they scare the bejeezus out of you.

I just came across this great blog post by Dave Shackleford over on ShackF00 about getting started in the infosec biz. It's great advice for the n00bs, and reminds everyone else that they should be helping and encouraging them in their growth.

Check it.

Thanks, Don, for the opportunity to attend my first Black Hat event. I gotta say, it was a little different. Playing "Spot the Fed," is a lot less fun when it's so blatantly obvious 

There were some great speakers, some great information, and every once in a while you got both of those things in the same talk! One of the more interesting talks I attended was "Physical Security in a Networked World: Video Analytics, Video Surveillance, and You," presented amazingly by Josh Marpet. Very cool stuff reminding us that the physical security side of things is just a BIT behind the times, and that phys & info sec really need to come together.

I know that vijay2 was also in attendance, but my cell reception was so bad that whenever I tried to call him to meet up...no dice. I did get to run into Chris Gates (aka carnal0wnage) and Rob Fuller (aka mubix. They're both great guys who are all about teaching others...and calling bull$hit when they see fit.

As I've found with most conferences, you tend to get the most benefit from the "Hallway Talks." I got to spend the better part of two hours hanging out with HD Moore, Egypt, Rob and Chris just soaking in some fu. Good times indeed.

Those Metasploit guys are scary, and it sounds like they've got some pretty cool stuff coming down the line.

Again, thank you, Don!