Going for the CISSP

October 2, 2015

I've started the process of gathering resources for acquiring a CISSP certification. The CISSP (and certifications in general) have been mocked quite a bit in the security community. What I think most people are bothered by with certifications is that some see it as a finish line to their knowledge. In reality certifications are just the beginning.

After discharging from the Navy, I found myself out in the hot South Carolina sun that summer pulling cable for a company that, today, no longer exists. I was not getting to where I needed to be job wise. So I quit my job, spent two weeks studying, and got my CompTIA A+ certification. Within a month I was hired to fill a systems analyst level two role, in an air condition office inside a manufacturing plant. Since then, I acquired my CompTIA Network+ certification and a media arts degree from the University of South Carolina. Now it's time to shift gears and really get serious about security.

A lot of the appealing job postings I've looked at prefer (sometimes require) a CISSP certification. There are other certifications in those job postings, but the CISSP is pretty standard. Now I'm not just doing this for career advancement, I also want to explore areas of security that I haven't yet explored or haven't explored deep enough. The CISSP should give me some structure to do that. Over the next few weeks (as long as the Astros are playing baseball) I intend to collect resources on passing the CISSP examination. If you have anything to share I would love it if you would contact me via email (timothy.deblock[at]gmail.com) or on Twitter (@TimothyDeBlock). I intend to document those resources here on my website for the benefit of others.

The Martian: A Fantastic Novel and now a Matt Damon movie

June 9, 2015

The Martian: A Novel is a book written by Andy Weir that has been turned into a movie set to release this November. The book is about an astronaut in the near future who gets left behind on Mars. He must learn to survive Mars' harsh environment while waiting for a rescue that could take years. The format is in the form of a journal logged by a character who deals with high stress situations by using humor, that is quite entertaining.

I first heard about the book on Adam Savage's podcast Still Untitled, I read it in February, and now I'm giddy after watching the trailer today.

There's also this video, which I found yesterday, giving a small peak into some of the humor from the book that I expect to get translated into the movie:

The movie isn't without its suspense and drama as Whatney, Matt Damon, must solve complex problems to continue to survive. I highly recommend the book, if you haven't read it already. According to Savage, who has talked to NASA personnel about the book, the technology and math in the book are solid. It's easy to read and also very affordable at $6 - $16 depending on the version you want, Kindle to hardcover. If you enjoy reading this is a must read for the Summer.

Three books that changed my life

May 15, 2015

Bill Brenner had a post back in February that talked about a series Jennifer Minella was doing that asked security professionals to name three books that changed their life. Since then security pros like Dave Kennedy (I read reworked from his list, which was pretty good) and Jack Daniel, among others, have contributed to the series. It's a wonderful series that gives a small peak into the mind of each person that has contributed. I don't expect to be asked to contribute my short list of books anytime soon so I've decided to go ahead and post my list here.

1. The Winter King by Bernard Cornwell

This story of King Arthur is unlike anything you've ever read. It's a well researched, gritty, and realistic take on a story that often times gets overly romanticized. The book follows the story of Derfel, one of Arthur's warriors (yes, warrior not knight) who interacts with all the characters in the original story: King Arthur, Merlin, Lancelot, Guinevere, and many others you've heard of and not heard of. It's a fantastic story and the best part is, it's only the first of three books in The Warlord Chronicles. The book changed my perception of the world and showed me that stories can be overly romanticized and that there is probably more to the story.

2. Band of Brothers by Stephen E. Ambrose

Growing up I watched WWII movies The Longest Day and A bridge too far quite a few times, so naturally when I discovered Stephen E. Ambrose I became hooked. I've read just about every WWII book Ambrose wrote. Band of Brothers was the book that stuck with me the most and at one point I even explored the possibility of joining one of the Army's airborne units. The movies are just as good as the book, but the book has so much more than what could be shown in the 10-hour HBO series. Richard Winters, a main character, of the book is someone I've come to draw inspiration from in both my work ethic and effort to become a good leader.

3. Feel the Fear and Do It Anyway by Susan Jeffers

This book changed my life completely. It taught me to recognize fear and embrace it. I was reading this book at the recommendation of a program that was teaching me how to talk to women. I got much more out of the book than just talking to women, though. I learned how to look at opportunities that made me nervous or fearful and embrace them, because it was an opportunity to grow as a person. Fear is something that we all deal with daily. How we handle and respond to it not only defines us as a person, but it can also shape us into a better person.

Getting a degree in media arts vs. something more technical

May 5, 2015

Yesterday, I went to the University of South Carolina for the final time as a student. After seven and a half years of schooling, I will be graduating Cum Laude from USC with a bachelors in media arts.

I often got weird looks telling security and really IT professionals in general that I was going to school for a media arts degree. I've recently discovered the value of working on a media arts degree, while working full time as an IT professional. More on that in a minute.

The Reason

Petty Officers Timothy De Block and Chris Money

Coming out of high school I did not know what I wanted to do as a career. I knew if i went to college I would waste my time and my parents money. Instead I decided to join the Army paralegal to try and figure out what I wanted to do and get the GI Bill. After being disqualified from the Army, I joined the Navy as an electronics technician to try and figure out what I wanted to do and get the GI Bill. After six years in the Navy I was honorably discharged to the beautiful state of South Carolina.

I didn't go straight into college after leaving the Navy. Instead, I ended up pulling cable and inventorying electronic equipment for various organizations via a staffing agency and then moving onto a level two support gig via a staffing agency. I don't remember exactly why I decided to start school, but I did in the Spring semester of 2008. I guess I figured I should use my hard earned GI Bill.

After reviewing a few different programs, I eventually picked media arts. I had always had an interest in media and learning how to use media editing tools like Photoshop, Final Cut Pro, Premier, etc. was very appealing to me. Seeing as I was working in IT, I probably should have picked a computer science degree, but there just wasn't anything of interest there. The specialization in a computer science degree seemed to be lacking when compared to a media arts degree that included specialization in areas like: new media, graphics design, photograph, movie production, etc.

If I went back for a computer science degree, half the stuff I would learn I already had exposure to in the Navy. With media arts everything would be new and exciting. I mean who doesn't love the idea of studying movies, television, and art in general, so that is what I went with.

The value of a media arts degree in information security

Simply, contributing and networking within the information security community. I am far from the smartest person within information security. I am also a very shy person when it comes to meeting new people. It is really hard for me to walk up to people introduce myself and start a conversation, even when I know I will be received warmly. I was at three BSides conferences last year with Jayson Street, last year. I've read his book, so I had something to talk to him about, but I was scared shitless to walk up to him, even though he's a very approachable guy. I am working on that part of me, but that fear is something embedded deep within me from years of torment and bullying that I am still trying to shake off.

Once I get to know someone or if they approach me, I am perfectly normal and I tend to even surprise people once I break out of that fear. That leads me to my media arts degree, which I have quickly discovered allows me to meet and work with people that I normally wouldn't get the opportunity to do so. The first time this came apparent to me was at BSides Nashville, when I contacted the head organizer Edgar Rojas about bringing my camera and taking pictures of the conference. I've since spun a podcast with Ed and a buddy of his Paul Jorgensen. I've also taken taken pictures of BSides of Asheville, BSides Nashville 2015, and I'm slated to shoot pictures at Circle City Con and BSides Asheville again this year. I also hope to contact organizers for BSides Augusta and Charleston about shooting pictures at their conferences as well. I didn't shoot Augusta last year because I wanted to volunteer for a BSides at least once and Charleston my old ass camera finally broke down. I have since procedure a new camera.

On the podcasting side of things I've done the Exploring Information Security (EIS) podcast for seven episodes, (which I'm toying with the idea of starting up again) and I've had several discussions with other security professionals about starting up podcasts. Podcasting is a great median for getting the message out, because it's a much more personal type of media and studies have shown that listener interaction and engagement is much higher than other forms of media.

I've currently got my Astros podcast, the PVC Security podcast, and one more IT related podcast in the very early stages. The PVC Security podcast and EIS podcast alone have introduced me to so many wonderful people in the infosec community: Jimmy Vo, Wolfgang Goerlich, Amanda Berlin, Simmon Bennetts, Bob Rudis, and many, many, more.

When I volunteered at BSides Augusta, I remember Mark Baggett, one of the organizers, walking by and saying something to the effect, "Oh yea, I've seen your pictures on Twitter." Mind blown. I am by no means a professional photograph, nor am I striving to be one, but if it allows me to connect with people, that is awesome. The other benefit is that I am contributing to the infosec community, which I think is important for anyone in any type of community.

Wrapping up

A degree in computer science probably does help me advance my career and open up new career opportunities, but the media arts degree is allowing me to connect with people within the information security community build relationships and contribute. Honestly, in the end it probably all comes out in the wash, but the media arts degree is much more fun.

Looking for more OWASP chapter in Columbia, South Carolina

April 30, 2015

Frank Catucci and I are looking for at least one more person passionate about web application security to spin up an OWASP chapter in Columbia, South Carolina.

Frank is veteran in the web application space and I am at the early stages of my career in web application security. We're looking for one more to help us stand up a chapter, because quite frankly it is A LOT of work. We are both dedicated to making the chapter a success but we feel that we need one more person to help shoulder the load and make an OWASP chapter in Columbia a success.

If you have interest in helping getting a chapter started, please read the OWASP Chapter Leader Handbook. After reading the handbook if you are still interested contact me at timothy.deblock[at]gmail[dot]com.