• @dynamik wrote:

    Everyone knows the only way to win here is to participate, so I say you give it to him and don’t reward the lurkers 😉

    I got a PM also, so we have two contenders. If you two still want it, the tie-breaker is to figure out which web server and its version my site is running and then email me your answer via my GPG key. I’m sure…[Read more]

  • Just got back from DEF CON and Black Hat earlier today. Seems we have a couple of people interested in the exam. Not sure if first-come, first-served is the best method though. Any ideas for a tie-breaker? I’m too tired to think right now.

  • I have it. It’s a non-proctored, open-book exam. The fact that it’s non-proctored makes it less credible, in my opinion. I did a write-up on my experience with it over on

    I’m not sure what your interest in it is, but if you’re wondering whether it’ll make you stand out in the employment line-up, I doubt it. The class was fun,…[Read more]

  • I guess in some ways it’s supposed to be one of the more difficult SANS offerings since it’s a 600-series, but that said I already had some experience looking at wireless captures, working with 802.1X, etc., so not getting at least a 90% on the exam is pretty lame, although I came close.  I got my OWSP a while back so you’d figure I’d have some…[Read more]

  • I passed the GWAPT last year and I’m not a developer (far from it, actually, as I work on network infrastructure security for a living).  SANS SEC-542 will teach you to recognize JavaScript / Python / PHP basics and the material doesn’t require you to know how to code.  I think the mindset helps, but if I can get through the course and manage to p…[Read more]

  • It’s hard to say whether you’d benefit from 503 enough to justify the cost or not.  The first couple of days does get into the “bits and pieces” if you will about packet headers, interpreting the hex dumps, normal / abnormal traffic patterns, traditional evasion tactics, etc..  It certainly instills a strong mindset and approach, but I think in t…[Read more]

  • I posted a review on another forum regarding 503 a while back.  Google up “GCIA passed” and you should see it.  I felt it was a great course, but what you’ll get out of it depends on what you already know about TCP/IP fundamentals as well.

    TCP/IP Weapons School by Richard Bejtlich is also a good supplemental course.  I’ve posted a review for it…[Read more]

  • From what I’ve seen of infosec job trends, the vast majority of technical “security” jobs seem to fall into the traditional infrastructure categories such as network security, systems security, etc..  Forensics and penetration testing are still rather niche areas, but with the way things are going I’d assume that’ll open up eventually.

    I predict…[Read more]

  • Also check the GIAC listings:

    There might also be issues with your resume that you’re not recognizing.  On other forums, some people post their (sanitized) CV for others to critique.

  • Vendor training sometimes come with the corporate appliance package purchase.  My company is spotting me for Black Hat trainings this year (never done anything at Black Hat other than the Briefings).  Otherwise I generally have to fund my own continuing education, requiring heavy sacrifice in other areas of life…

    …which explains why my bank a…[Read more]

  • …What is this “social life” you speak of?

    I signed up for the Python course already.  Udacity looks interesting.  My head is going to explode.  I have a long list of projects at work.  Not … enough … time.

    There’s too much cake.

  • This sounds pretty slick, and I could definitely use some basic Python knowledge (and preferably not from a book).  I haven’t read a lot of reviews yet on SecurityTube’s offerings, but I might have to sign up for this.  I like the model of “lifetime access” which is pretty nice.  The certification is optional for me, but I may attempt it if ti…[Read more]

  • @ajohnson wrote:

    When are you scheduling that GSE written exam? 😉

    Maybe in a few years if I haven’t gone insane from all this studying?

    @ajohnson wrote:

    Have you gone through the Web App Hackers Handbook (2nd)? If so, how did you feel it compared to the course? I’m thinking about challenging this one and would be interested in any…

    [Read more]

  • I work on the blue team side and my web app mindset was pretty much nonexistent before I took 542.  At work I’m quite often faced with looking at web traffic and configuring various infrastructure devices, so I needed something that would help me get up to speed with how web-based attacks work.  Before the course I had some vague notions of what S…[Read more]

  • When I did the OSWP exam some years back my SSH sessions kept dropping, but perhaps because I had a two or more concurrent sessions and I think there was some latency in my connection.  I think “doing” the attacks isn’t what consumes time, but rather the documentation.  One of the most fun exams I’ve ever taken though with that t…[Read more]

  • I’ve taken SANS 504 as well as Richard’s TCP/IP Weapons School 3.0.  I didn’t get a whole lot of Mandiant name-dropping in his class or lots of references to China.  Either that or I wasn’t paying attention.

    But since the Mandiant IR class is indeed Mandiant-branded, I have to wonder as well about how much push there will be for their services o…[Read more]

  • docrice replied to the topic What now ?? in the forum Career Central 9 years, 10 months ago

    I can sympathize with what you’re going through.  Being hired into a dream and then feeling kicked out of it can be an emotional hit to your ego and personal outlook.  Maybe it was deserved, or perhaps there’s a good hard lesson to be learned so you can emerge stronger from it.

    I’m relatively new here and not a pentester so take my two cents w…[Read more]

  • I’ve never attended the talks at RSA (other than keynotes) but I think the conference is somewhat about talks and a lot more about the vendor expo.  I just got back from two days worth of walking around, shaking hands, looking at new products, getting demos, collecting brochures and shirts, etc..  Good times.  It gets a lot more crowded when th…[Read more]

  • I understand your pain.  I’m one of those people with a collection of certs that probably gives people the impression that I’m good at what I do, and in the real-world it’s quite the opposite.  All the formal training and self-studies that I’ve gone through have helped, but reality is filled with tons of nuances that have to be carefully weighed a…[Read more]

  • I currently work as an operations network security engineer (which sounds like the type of role you’re trying to move into) and for me SANS 503 was memorably the most valuable experience I’ve had out of all the classes / cert studies that I’ve been through.  I’m not knocking 502 and 504 and their respective certs, but diving deep down to the bit…[Read more]

  • Load More

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?