Studying for the CompTIA CSA+ Certification
Over the past year, my curiosity in Information Security has been piqued. I now want to learn as much as I can about InfoSec from both adminisrative and technical perspectives, and I've found that pursuing certificates is a great way of doing so.
I'm currently studying for the newish CompTIA Cybersecurity Analyst (CSA+) cert, which seems like a logical choice after taking the CISSP earlier this month. Fortunately, the breadth of testable information is more limited than on the CISSP, which means I won't have to pour over thousands of pages of study materials or take thousands of practice questions (which is why I stopped blogging here for so long).
So far I've been using CompTIA's Certmaster test engine along with the CompTIA CSA+ study guide by Mike Chapple & David Seidl. I've already completed Certmaster and will be reviewing the study guide over the next few weeks before I take the test on December 11th. I'm really looking forward to completing the CSA+ to move onto studying for the OSCP, which will consume the bulk of my free time in 2018.
Beyond the CISSP
Well it's taken most of 2017, but my journey through the CISSP exam is finally complete. I studied regularly for about 6 months and actually extended my test date by a month to garner more confidence for the exam. Fortunately I passed on my first attempt yesterday, although I must still go through the endorsement process to officially become a CISSP.
I enjoyed learning about InfoSec at a broad overview while studying for this cert. But now I'm ready for something more technical rather than jumping into another managerial-focused cert like the Certified Information Systems Auditor (CISA), which I plan on eventually taking.
I would ultimately like to become an Offensive Security Certified Professional (OSCP) within the next few years but would like to further develop and hone my technical skills before jumping into that journey. An obvious intermediary technical cert would be the Certified Ethical Hacker, but the CEH is very expensive and imparts little technical knowledge compared to other more respected certs, according to what I've read.
Thus, I've decided to pursue CompTIA's new Cybersecurity Analyst (CSA+) cert. I'm slightly nervous about pursuing this cert without having completed the CompTIA Triad (A+, Network+ and Security+) but think that my CISSP, work and labbing experience should give me a solid foundation. I'm also teaching myself Python right now, which is an absolutely rad programming language with tons of application in InfoSec.
Although I still feel like a relative InfoSec noob, I can't wait to learn and share more and more as my interest in the field grows.
Pursuing A CISSP Certification
Security has become a focus of mine over the past 6 or so months. This interest sprung out of curiosity in my homelab. I began playing with things like Group Policy, routing between subnets, SNORT Network Intrusion Prevention System, Sophos Unified Threat Management software, MetaSploit and Security Onion Intrusion Detection System.
This interest in information security is also due in part to a project at work in which my company must obtain NIST SP 800-171 IT security compliance as a government subcontractor.
I’ve decided to become a Certified Information Systems Security Professional by passing the CISSP exam to learn more about how to properly secure information systems. This certification has become one of the gold standards in information security and those holding this certificate are becoming more and more in demand.
The CISSP test is pretty beastly: 250 questions on topics ranging from cryptography to network security to legal compliance and access control. The scope of this test is wide and requires a great breadth of knowledge. I’ve been studying for about a month or so and hope to feel confident enough to take the test this fall. More CISSP posts to come!
New Blog Format
I obviously haven't posted here in quite some time. There've been a few reasons for this.
Firstly, I primarily built this site as a learning experience and I've largely satisfied my curiosity in bootstrap responsive design, HTML5, and CSS3.
Secondly, the way I've formatted this site has made posting an onerous task since so much content must be created for each post.
Reducing the need to create so much content will result in more frequent posts. So I will no longer make individual pages for each blog post. Rather, blog posts will be added only to the site's homepage.
Lastly, I've become increasingly interested in information security and auditing over the past months. As such, there will be more posts about InfoSec such as learning opportunities, professional certificates, and technical methods.
Expect more frequent posts on information security in the coming weeks.
Developing a Graphic Design Portfolio
I’ve become more and more interested in graphic design over the past 4 years. This is largely because my current job role as a one man IT department requires that I wear many different hats, including that of a graphic designer.
Fortunately, I’ve grown very fond of doing graphic design and love taking up graphic design projects. Over the past few years I’ve designed logos, product handouts, posters, CAD drawings, stickers, magazine ads, website mockups, and so on.
I rely heavily on Adobe Illustrator as my main tool when generating graphics design materials. Illustrator has deep functionally and the vast resources that are readily available online make learning new techniques fun and easy.
Most recently, I’ve been partial to flat design, which uses a muted palette and minimalistic elements to create designs that have intuitive user interface. Click the link above if you're interested in taking a look at any of my design work.
Electronic Voting Systems, Fitbit, Google, and the Circle by Dave Eggers
I pretty much always struggle to get through non-fiction while traveling. Titles like “VMware vSphere 5.5 Cookbook” and “Nmap 6: Network Exploration and Security Auditing Cookbook” are less appealing when stuck on an airplane, without Internet access, for hours on end.
Instead, I find myself reading mostly science fiction by authors like Philip K Dick and Neal Stephenson. Most recently I decided to dive into Dave Eggers’ book “The Circle”.
This recently published book is a great a read that addresses themes that are incredibly relevant. The parallels between this book and current events, and to my personal life, are striking.
The book centers on an Internet and technology company called the Circle, which seeks to better humanity through data tracking and interconnectedness. The Circle’s founder are given godlike status by those inside and outside of the company, particularly politicians. And the company’s employees, called Circlers, are desperate to further the company’s goals to a cultish degree.
Specifically, the Circle seeks to eliminate anonymity and privacy in order to bolster personal safety, health, convenience, political participation, and interconnectedness. Does this all sound familiar?
How to Make an Affordable RetroPie Gaming Console
Remember the good old days when gaming meant playing the Oregon Trail on an old school Macintosh computer? Ever wish you could play the original Super Mario Bros on your home TV? Well, you can. And you can even do so for less than $100.
By taking advantage of an awesome project called RetroPie, you can make a console that will enable you to play any old school games that were released for nearly any video game system. Better yet, many of those great old games are readily available for download on the Internet.
So how is this all possible? This is possible by using the tiny, yet surprisingly powerful, Raspberry Pi computer board. Raspberry Pis were intended to be used in projects exactly like the RetroPie
Making a RetroPie is very straightforward so there’s no excuse to let your nerdy side out and go buy the simple parts that you’ll need for your console. Not only will you end up with a great gaming console that will unquestionably be a hit with groups of friends at gatherings, but you’ll have learned a bit about computing along the way.
I’ve already put in the legwork by making 2 RetroPie consoles, now you just need to click the link above so that you can learn to make your own.
Converting Techsploits from WordPress to Flat HTML
Oh hey, what’s up Internet! It’s been a minute since I’ve posted here but I swear that I have a valid excuse. I’ve been working hard on rebuilding my blog from scratch over the past month or so. I’ve gone from using Wordpress to using flat HTML and CSS files with no Content Management System.
There are many reasons that I decided to rebuild Techsploits from the bottom up. Most importantly, it’s familiarized me with the latest front end web technologies and enabled me to better hone my development skills. Secondly, this new blog format gives me more flexibility when it comes to Search Engine Optimization, allowing me to more easily implement and test new SEO practices.
Building even a simple blog like Techsploits can be very time intensive, especially for a perfectionist like me. I first built the site to look good on desktop, then optimized for mobile devices, then optimized site speed and finally optimized onsite SEO, which will be an ongoing process.
Click on the link above to learn more about the process of building my blog & about the specific technologies that I employed in doing so.
How to Obtain Google Analytics Certification
If you’ve ever worked in web development or digital marketing then you’ve doubtlessly worked with Google Analytics. Google Analytics captures data about user interactions and conversions on digital properties. This is vitally important as the data from Google Analytics drives changes made to the digital properties.
Using Google Analytics is pretty intuitive. However, Analytics constantly changes as new features are added. So how can you learn about, and display your knowledge of, Google Analytics? Easy. Just look to the Google Analytics Academy.
Google Analytics Academy presents users with great information that is provided by actual Google Product Managers. This information is invaluable at giving an inside look into how Google Analytics works. Moreover, these courses enable users to become certified in Analytics by taking a certification examination. Are you interested in becoming Google Analytics certified? Then click the link above to get my take on the process.
Brushing Up on HTML & CSS at Jury Duty
I was, tragically, selected for jury duty for the first time a few days ago. I knew that the experience would at least be interesting since I’d never been selected for jury duty in spite of having interned in many courthouses back in my college days.
The book I chose to read was Kyle Horne’s HTML and HTML5: HTML In A Day Bootcamp. This text was an easy read that reinforced many of the concepts that I’ve been learning through W3Schools, Free Code Camp, and Codecademy.