Introduction to Posts..
Welcome follow cybersecurity fellows.
As our chapter begins a new year, I'm hoping to inspire something more and greater. I feel that we all have something to offer and hopefully help each other with. I know by you being a part of this chapter that you are passionate about cybersecurity or at the very least interested.
With that said I asked myself how do we make this more. Surely you don't just come for the popcorn and you probably drink plenty of the Kool-Aid at your employment. When I talk to folks about the chapter and what they want it seems to come back to a few things with could be summed up by the word community.
Members are looking for a connection to other cybersecurity professionals. We want exposure to new things and help with difficult topics. We have members looking to get a certification, we have members with experience. This chapter can be a place of opportunity. But how do we get there?
Sure we can come to the meetings we can chat informally before and after, maybe exchange contact information, but we really didn't just come for the popcorn and the speaker and the CPE's. We came to be enriched and to help others.
Posts and your part..
So as of today, we are providing you the mean and forums to put yourself out there. To broaden not only yourself but your colleagues, friends, and yes, total strangers.. but hopefully not for long. All the chapter members can draft posts, and when you have drafted something you want published let me or another officer know and we'll publish it.
I would like to challenge each of you, and yes, I'm going to do this too. To take a few minutes, every other week and post something. Tell the chapter what your doing, what your passionate about, what you've learned. While a majority of our membership work at the Idaho National Laboratory, not all of us do the same thing, and everybody has not only their own unique skillset but passions as well. Take a moment and break the ice. Who are you and what do you do? Then in a week or two, tell us something you learned or something your trying to figure out. These posts have the ability for members to comment and leave feedback. To keep this semi-sane, only chapter members will have views into what is posted.
My Introduction
For those of you who don't know me. HELLO!
I work at the Idaho National Laboratory and partner with the Department of Homeland Security frequently as a consultant and subject matter expert with their Validated Architecture Design Review (VADR) Assessment team. I've been back in Idaho since August 2013 doing this. My job entails going out to critical infrastructure locations, companies, and facilities across the US and providing them with suggestions to improve their security posture as a result of a in-depth interview based assessment and review of their network architecture. We also validate that architecture by looking at packet captures they provide us to validate that things are as they were designed.
Prior to working for INL, I was an assessment lead for the DOI/DOT Enterprise Service Centers Certification and Accreditation assessment group performing accreditation assessments on federal systems for a multitude of federal agency systems. While based out of Oklahoma City, I also traveled across the states performing assessments.
From a certification point of view, I hold the CAP and the CISSP. And I'm interested in getting the CISSP-ISSAP certification amongst other interests. I love to learn and do and figure things out. I have a home lab environment from and old Dell R-610 server setup to run several VMs. I love to learn about and understand networks and network security. Control systems are something I've spend that last 9 years learning about and working with in the course of doing assessments. And of late I've been learning to program in Python also. I already know C#, VBA, PHP, and some SQL.
My Latest Project
As I've previously said, I'm always trying to learn something and have more project than time to do them. But about 2-3 weeks ago, while I was killing some time waiting for the wife, scrolling through articles on my phone. I saw a article about log servers and it had some neat little dashboards. I thought, I want that for my little home network lab space. It would be neat to play with and see how it works.
I found a few articles on setting up log servers and having played with a few of them before opted to try Graylog. Now this isn't a recommendation that Graylog is any better than anything else. Just me thinking I've played with Splunk and ELK (Elasticsearch, Logstash, Kibana) before. I would try something new.
The setting up a new VM was easy and getting my firewall, PfSense to send Syslogs was also fairly easy. I did some more research and to get a basic dashboard, I knew I wanted to get some metrics from my various VMs. I decided upon Metricbeats as the utility to get the data and send it to my new log server. After several days of figuring out how to not overthink some things and remembering my own firewall rules for others. I was able to setup a neat little dashboard, showing system metrics. See below.
This project was fun and probably not a useful as some. But I learned some new things, including getting to try my hand at ReGex to build the extractors for the PfSense Syslogs. At some point I'd like to build some dashboards to log specific security items like software installation counts and user logins and such, but my curiosity itch has been satisfied for the time being and I am looking to have finish another home project. So where this project is at a good stopping point, I'll probably just let it do its thing and check on it from time to time .