RSSEditor-In-Chief

Interview: Dave Chronister of Parameter Security

| May 5, 2015

Dave ChronisterHave you ever seen a speaker at a security conference, an expert being interviewed on television about the latest cyber attack or an instructor at a whiteboard with the breadth of knowledge one should have when putting your career in their hands? Have you ever wondered what it took for those people to get where they are? Now just imagine all of those people wrapped up into a single individual, add into the mix the extra duties of business owner and husband, and you start to get a picture of Dave Chronister of Parameter Security, HackerU and ShowMeCon.

Covering everything from his first programming project as a child and his BBS days through his first ‘real’ IT job and into how he became who he is today, read on for a fascinating interview. Dave also shares his thoughts on helping you get that job in InfoSec, hiring someone for your next security project and some great general advice. In anticipation of ShowMeCon 2015 June 8 – 9, get to know a little more about the man (and woman) behind St. Louis’ ONLY Premier Hacking & Offensive Cyber Security Conference.

Continue Reading

Interview: Ilia Kolochenko, CEO of High-Tech Bridge

| January 15, 2013

Ilia Kolochenko TalkThe Ethical Hacker Network is an online magazine with a focus on those in the profession. It’s wonderful to have technical content, videos, book reviews and an active discussion forum, but what good does it do if we can’t help our readers achieve their career goals? Being an “online” magazine also means that we have a wide audience not confined within the borders of the United States. How can we also help our international audience? One way to answer both questions is to continue our ongoing series of interviews with ethical hacking movers and shakers. So here is another conversation with someone who can provide some quality insight to the questions posed above, because he did it. Ilia Kolochenko became a professional ethical hacker in Europe.

Ilia is the CEO of High-Tech Bridge, a security services and research outfit in Geneva, Switzerland. But clearly he wasn’t born a chief executive. Just like most of us, he grew up dreaming of being a hacker, even if he had no idea it was an actual profession. This is his story, and it was quite surprising to see just how similar it sounds. But that’s not a bad thing. He took his passions, combined them with his military skills, added in a little workplace frustration, and… Well you’ll just have to find out for yourself.

Continue Reading

Interview: Barry Cooper of FishNet Security Training

| August 27, 2012

barry_cooper.pngWe describe ourselves as The Ethical Hacker Network, a free online magazine for security professionals. With that in mind, we try to have a wide range of topics of varying difficulty, all with an aim towards helping the readers on their chosen career paths. As the Editor-in-Chief of EH-Net, I am constantly asked online and off about the best way to get into the field, how to get a job and most often about the value of certifications, experience and education. Long-time colleague, Barry Cooper of FishNet Security Training & iSWAT 2012 in September, not only has an abundance of each but also works in the security and training fields. So who better to offer up some advice?

For a little background information, Mr. Cooper has over 25 years of experience in information technology and security designing, developing, and delivering technical training courses for over 15 years. He has significant expertise in systems analysis, computer programming, information security, instructional design, and network engineering.  Mr. Cooper is responsible for the vision, operation, and management  of the FishNet Security Training organization. In addition, he manages vendor, security, and distance learning product development. Under his guidance, FishNet Security’s training LOB now include 10 national training centers and offers well over 100 courses. He also developed FishNet Security’s eLearning capability and remote live training delivery systems from the ground up. Barry has attained over 70 high-level security and technical certifications including CISSP, JNCI, CCSI and CTT+.

And we are lucky to have him answer some questions and offer some great advice.

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Editor-In-Chief}

Continue Reading

Interview: Smart Grid Security Expert Justin Searle

| February 20, 2012

searle_pic.pngWith the changing landscape of warfare away from nation-states only utilizing conventional means to the addition of mobile rogue outfits utilizing cyber-attacks, not only countries but also organizations of all shapes and sizes now need to concern themselves with a new threat. Slowly but surely, the real vulnerability to the power grid is starting to grab the attention of both the public and private sectors. Along with that comes more media attention and in turn pressure to make sure these systems don’t come crashing down affecting hundreds of millions citizens dependent on today’s modern conveniences.

With the need to secure such systems also comes the need for expertise and education. Enter Justin Searle, Managing Partner at UtiliSec.  UtiliSec provides security consulting services to utilities and vendors in the energy sector.  Some of the services offered include security assessments, guidance on regulatory issues like the NERC CIPs, participation in standards work and security training services. So who better to interview in order to shine a light on some of the many aspects of this burgeoning field of security? Here’s several questions to get us all up to speed.

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Editor-In-Chief}

Continue Reading

CASP – The Evolution of Technical Security Certifications?

| November 27, 2011

casp_logo.gifCompTIA has been a stalwart in the IT certification arena for quite a number of years. They have dominated the space with such recognized credentials as A+, Linux+, Security+ and many others. Their certifications have been highly recommended by The Ethical Hacker Network (EH-Net) as well as countless others as an entry-point into a given area of IT. But can CompTIA help advance the careers of those already in the field of their choice within IT?

Enter CompTIA’s newest line of industry credentials, the Mastery Series of Certifications. The first offering from this new line is the CompTIA Advanced Security Practitioner, CASP (pronounced C-A-S-P like an acronym as opposed to ‘casp’ like a word). At first glance, it would appear as though CompTIA is taking on ISC2 and the venerable CISSP. After a closer look, this isn’t quite the case. Let’s find out more from Carol Balkcom, CompTIA’s Director and Product Manager for the CASP.

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Editor-In-Chief}

Continue Reading

An American Hacker in London: Course Review of CSTA by 7Safe

| August 31, 2011

As most of you know, I do not have a college degree. I’m not alone… Bill Gates, Mark Zuckerberg, Richard Branson and countless others have had great success without this particular piece of paper. A common question in The Ethical Hacker Network Community Forums is if someone should get a degree, gain experience or achieve certifications to which I quickly respond by saying, “Yes!” All make for a better resume. Unfortunately, I only have 2 out of 3. In addition to sounding hypocritical, there are plenty of other reasons why I get that nagging feeling that I should get my degree: what if this online magazine thing goes caput, what if I ever want to teach, or, the most pressing item at this point in my life, am I setting a good example for my kids? american_werewolf_in_london.jpgBut even if I do want to pursue a degree, how do I find the time? An undergrad degree is no longer good enough, and that adds even more time and effort to reach for a masters. So as always, I’ll put it on the back burner and let those voices continue in my head…

“You’ve got to kill yourself, Don, before it’s too late.”
“Why are you doing this to me?”
“I’m cursed to walk the Earth as the undead until the bloodline is severed. You have to get a degree, Don, or you’ll make others like me.”

This American hacker recently had the opportunity to travel to the UK to attend the launch of the latest update (version 5) of the Certified Security Testing Associate (CSTA) ethical hacking certification course by 7Safe. When looking at their website, every page of every course shows the MSc logo and the credits to be earned towards a Master’s Degree in Computer Security & Forensics… that nagging corpse of an idea kept reappearing telling me, “Don… get your degree or people will die!” OK, so I’m not a werewolf from the classic horror film that inspired Thriller, and I’m not spawning a group of undead. It just seems as though every time someone asks me about a college degree, I feel like a new undead idea roams the netherworld of my brain. Will I forever be cursed with these visions?

So what’s the deal with this course, the certification and why should I consider this one over what seems to be a never ending choice of new security training providers? How does it compare with similar courses in areas of content, price, availability and acceptance in the industry? And what’s all the talk of college degrees? Get all the details after the break.

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Editor-In-Chief}

Continue Reading

Review: SANS SEC 617 – Surely You’re Joking, Mr. Wright!

| June 15, 2009

feynman_indexfinger_sm.jpgThis review is long overdue. My apologies to EH-Net readers, SANS and especially Joshua Wright, developer and instructor of SEC 617 – Wireless Ethical Hacking, Penetration Testing, and Defenses. Its lateness is more due to my inability to comprehend exactly what I experienced than to a lack of desire to complete the task. I honestly sat down at the keyboard multiple times, but each time I felt I wasn’t doing the course or Mr. Wright justice. OK… so like every other SANS course, it had quality courseware, the instructor was top-notch, and I walked away with much more knowledge than when I arrived. So I could simply state the above sentence, report on each and every day of the course offering endless details, recommend it to the masses and be done with my job. But even that felt like empty rhetoric.

As with the review of SANS 560 – Network Pen Testing and Ethical Hacking entitled "Ed Skoudis and the Pen Testing Factory," and many other articles, I felt the writer’s need to have a theme. And it doesn’t have to be a movie, but something that weaves a thread through the words to keep the reader engaged. Just the right connection or idea can make all the difference in the world. And as many do when faced with writer’s block, I let it sit for a while knowing that inspiration would hit me when not looking. But even with pressure and anxiety to produce, it wasn’t coming. Forcing it made for poor results. Suddenly during the minutia of daily life, a bright red spine from one of many bookshelves in my basement caught my eye. I had found my theme.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Editor-In-Chief}

Continue Reading

DIY Career in Ethical Hacking: The R-Rated Version

| February 24, 2009

diy2.jpgThe first time I gave this speech was at the SANS WhatWorks in Pen Testing Summit in 2008. Although the content was what I wanted to cover, I did tone it down it bit for the audience. I had a strong desire to do the talk again in the future, but had no intention on presenting at my own event, ChicagoCon. I must admit, that it didn’t take too much arm twisting from some of the other EH-Netters to get me back to the podium.

So last fall at ChicagoCon 2008f (yes… that’s what the ‘f’ is for), I took the advice and went for it. Not only is this version slightly longer, the stories I tell are not all the same & the free resources section is much longer, but also the audience was different allowing me to let loose. As I state in the speech itself, it’s actually in the script for me to drop the ‘F’ Bomb… and I don’t mean ‘f’all. So if you really enjoyed the first one, then I’m excited to be able to share with you this new edition. If you’re of the Disney crowd, the please refer to the last one. I still think it’s worthwhile.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Editor-In-Chief}

Continue Reading