After winning July's contest, I was fortunate enough to be able to sign up for the GREM in lieu of SEC-542/SEC-504. Both those courses I'm almost positive are excellent courses however, I'm familiar with many core topics and have been moving more towards reversing so it made sense to at least beg SANS to let me swap any of those for the GREM. (Alright so I just asked and they agreed).
Anyhow, for those who don't know me on a personal level or who haven't corresponded with me via e-mail or other means, I have a dozen plus years of "professional" security experience under my wing. I initially started my foray into computing professionally circa 1991 at a financial institution where I assisted the fraud department in what was then Chemical Bank pre Manufacturer's Hanover merger. From there I moved into the advertising industry (J Walter Thompson, Grey Direct) and into "pre-press" production where I got my taste of heavy Unix based systems administration under a slew of different OS' (Irix, NeXT, System 7 (through 7.6 Quadras baby!)) and all different types of networking, AppleTalk, Novell, etc. My first forays into Linux came after I had been using FreeBSD (2.0) in which I began using Slackware followed by OpenBSD, QNX and other operating systems out of hobby (QNX, Tru64, etc.). My main tasks begin in hardcore systems administration, upgrades, keeping things running, trying new things. My first *true* venture into computing though came via my then Coleco Vision Adam
Security came and comes way via a hobby, interest and self-teachings. There were friends in the realm of systems/security (back then), IRC, "the Internet", pre-Internet were BBS', people like RSnake, Tattooman, Spikeman, Chameleon, Vacuum, Bronc Buster, Sinnerz, Technotronic, Rhino9 and a slew of others I've had the fortune to learn from and with and sort of "grow up online with." I'd been fortunate enough to learn from a lot of people in the industry, many of which actually are CSO's now.
Back when I got started, there wasn't much via way of what there is today regarding security articles, books, etc., so the books I recall reading were from the beautiful minds of Bellovin, Blaze, Cheswick, Dorothy Demming and others. My first true "hardcore" glimpse at security from a business standpoint came maybe in 95 from Marcus Ranum via the Lisa Conference where I heard about a system called Aurora. Around this time frame (94-96) I began finding and reading boatloads of information on security that interested me. I also began tinkering with tools like RScan, SATAN, Tiger, Autohack, COPS. Sites that I frequented back then, PacketStorm when it was @ Genocide2600 (greets to Genocide, DoXavG, Ken and others), Kwantaam Pozetron, Fravia and others.
Book after book, application after application. I was sold on determing how to secure whatever it was I was doing. In order to do so, I believed then and still believe now, one needs to understand how to compromise/break it. Fast forward almost 20 years later, here I am. Still reading, book after book, playing with application after application. Attempting to and sometimes writing my own, still tinkering, still fascinated. I've watched and experienced the dotcom "daze" via way of Metromedia Fiber, Starmedia, Register.com and a few others. I've had my share of working for dotcoms, ISP's, MSP's and now an ITSP where I am in charge of developing, deploying and administrating our managed security services. I keep my current employer out of the radar to avoid the downsides of the Internet as I've experienced those downsides in a horrible way once upon a time. (For those wondering where I work, unless I explicitly tell you, good luck finding out).
So what is it I do now. Tough to explain... I work at a "services" based company. We offer a variety of things from VoIP trunking and interop, telecom billing, managed firewalls, routers, pentesting, assessments, etc., etc., etc., If it exists as an IT service, we offer it. The breakdown of a typical of a typical day varies but I would place it at 40% security 20% networking 20% VoIP 10% systems administration/engineering 10% vendor/client/*other* meetings and conference calls. My environment: Juniper (SA, SSG, SRX, JunOS(all types)), Cisco (almost anything and everything), Avaya, Nortel, Foundry, Sonicwall, Session Border Controllers, and this list could be long enough to make someone puke. Because of my environment, I love being able to dabble with anything and everything. It definitely has allowed me to learn a lot more than staying static at another company (we only use Cisco... well we only use Juniper!).
Anyhow, I've been fortunate through the years and have my share of unfortunate circumstances as well. This is life though What do you do when you're handed lemons, you either make lemonade. With this said, I will keep the rambling down and try my best to post on the steps I'm taking to learn and understand GREM content. I've got 4-5 months to play with and get myself ready. So why GREM?!? Well, I've been doing penetration testing for a while before it became a hot topic (my first professional pentest as in 99 to be exact for back then the WWF via a managed service provider) so I'm comfortable with what I know. Why not Incident Response / Handling... Been there done that. Reverse Engineering as a whole is an interesting topic let alone malware. Because I've been slowly teaching myself reversing on the exploit side, it makes more sense for me to take this course. I'm hoping to understand more of the attack vectors used in that realm, to help me as a whole on the defensive realm (network, applications, sessions, etc.)
With the rambling aside, this month I decided to revisit it a lot of topics. Two current books Ajax Security by Billy Hoffman (dusted off) and "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System" Bill Blunden stay tuned.