My first post to this blog was in September, 2007. Professionally speaking, I have gone through major changes since then. I've changed employer, though amazingly enough in this line of work that happened only once during that time. I have also learned a lot and my duties have changed quite a bit.
Though I try to stay plugged in to incident response, NSM, and all those other operational bits I love, I am definitely a step back from directly responding to incidents compared to a lot of my previous experience. Another big change for me is that I no longer run a bunch of NSM sensors though I still do that type of administration on my home network. On the other hand, one of the wonderful things about my current employer is that they allow us a lot of freedom to identify problems or challenges then take them on without trying to pigeonhole us. I look forward to 2013 as a year in which I will continue being challenged by taking on some new projects of interest to me.
I've gotten a number of links and traffic bursts on some of my past blog posts, which is flattering. I don't particularly feel like a unique snowflake that should get a ton of web traffic and don't usually get a ton of traffic, but occasionally I will really hit the nail on the head with a technical post and get a lot of traffic and links from other bloggers. Unsurprisingly, many of my top posts are in the system administration category since the more security-focused posts probably have a narrower target audience.
I attended FloCon 2013 in January, which made me reflect on a couple things. First, I am going to try and blog a little more often this year. It was very flattering to talk to people at the conference and have them say they have read my blog or to find they were using content I had contributed to NSMWiki. When I started this blog, my two main goals were to provide references for myself and to make those references available to others in case they also found them useful. It is good to know that my blog and other public contributions have been useful to others. I would not be where I am without similar help from others and I think that sharing of information, advice, experience, and debate is a great thing about much of the security community.
The second thing it drove home is that I need to end the semi-anonymous nature of this blog. At FloCon I found that I had coworkers following me on Twitter without even realizing it was me that they were following!
My previous employer knew about my blog and did not give me any grief whatsoever, but at the same time they were somewhat nervous about it. My current employer embraces public engagement to a much larger degree. Plenty of people already knew my name prior to this and Richard Bejtlich even linked to my blog using my name at least once, but generally I did not promote myself as the author. It is time to change that.
01 March, 2013
Reflections on Over Five Years of Blogging
15 June, 2012
CERT's FloCon 2013 CFP
CERT's FloCon 2013 CFP is posted.
Albuquerque, New Mexico, on January 7–10, 2013.
I plan to attend.
17 November, 2009
SANS WhatWorks in Incident Detection Summit 2009
I am scheduled to be a part of several discussion panels at the SANS WhatWorks in Incident Detection Summit 2009 on 9-10 December. There are a lot of good speakers participating and the agenda will cover many topics related to incident detection. I believe there is still space available for anyone that is interested in attending.
From SANS:
Following the success of the 2008 and 2009 editions of the SANS WhatWorks in Forensics and Incident Response Summits, SANS is teaming with Richard Bejtlich to create a practioner-focused event dedicated to incident detection operations. The SANS Incident Detection Summit will share tools, tactics, and techniques practiced by more than 40 of the world's greatest incident detectors in two full days of content consisting of keynotes, expert briefings, and dynamic panels.
http://www.sans.org/incident-detection-summit-2009/
01 November, 2008
Shmoocon 2009 tickets
Tickets for Shmoocon 2009 went on sale at noon EDT today. All the "Early Bird" tickets for $100 went quickly but there are still some "Open Registration" for $175 and "I Love Shmoocon" for $300.
I like the way Shmoocon sells their tickets using three different rounds with three different price points in each round. Here is their chart with dates of sales. Noon is always the start time. Shmoocon itself is February 6 - 8.
| Date Tickets to be Sold | Early Bird | Open Registration | I love ShmooCon |
|---|---|---|---|
| November 1, 2008 | 200 | 300 | 10 |
| December 1, 2008 | 200 | 300 | 20 |
| January 1, 2009 | 100 | 100 | 20 |
One really cool contest I noticed this year is Barcode Shmarcode. The Shmoocon ticket has always been simply a barcode they email to you after you purchase. This year, they want people to modify their barcodes to be unique and awesome while still scanning properly. They'll grade on originality, best use of theme, best use of materials, and most error free scan. I look forward to seeing the results.
09 April, 2008
PADS signatures, NSMWiki, OpenPacket
I added a few PADS signatures to the NSMWiki. Anyone else that has some should definitely contribute since the standard signature set is fairly small and has a huge potential for improvement. I'm sure that any other useful contributions to NSMWiki are also appreciated.
Richard Bejtlich posted about OpenPacket being online. I think the idea is great and there is a strong community of people that have signed on to help him with various aspects of the site.
OpenPacket.org is a Web site whose mission is to provide a centralized repository of network traffic traces for researchers, analysts, and other members of the digital security community.For anyone just starting out in digital security or looking to get into the field, I strongly encourage you to participate in the security community as a whole. The number of ways to participate are too numerous for me to list, but there is definitely a lot to be learned from others who are more experienced, less experienced, or just have different types of experience. Just reading blogs, news, mailing lists and other sites can be enlightening, and once you get your feet wet you may find yourself contributing in short order.