New Hypervisor and Other Homelab Changes
I've made changes to my homelab recently that I'm excited about. I installed Citrix XenServer on my Thinkserver TS140; I'd rather use an open source hypervisor unlike VMware vSphere. I joined the VMware Users Group to get heavily discounted access to vSphere but would rather not deal with recurring licensing at all.
So far I've installed a few ubuntu server VMs on the XenServer host. I’m not going to host all that many VMs on this server since I now do my studying/labbing using either HyperV or VMWare Workstation on my ridiculously powerful laptop.
There are two more immediate homelab projects that I'm working on. I'm installing an SSD in my Watchguard Firebox X1250e that runs pfSense. I currently run the embedded NanoBSD version of pfSense on a compact flash card, which has limitations. I have to be a little creative to install the SSD, but installing it will give me access to deeper pfSense functionality related to some packages and logging.
I'm also going to install Pi-hole DNS sinkhole and Kodi open source theater on some raspberry pis in addition to buying some used wireless XBox controllers for my RetroPie.
More homelab updates to come.
The Impending MCSA 70-740
I rescheduled the 70-740 exam to give me a few more weeks of studying. So far I've completed two prep courses, one offered through CBT Nuggets and the other through PluralSight. I'll mostly just take practice tests from here until the test date.
Studying for this cert has been a slower process than expected. I started rock climbing in March and have become completely obsessed with the sport ever since. My goal is to be able to consistently send V4 boulder problems by the end of the summer, which is likely wishful thinking.
I've also been spending even more time outdoors than usual, especially at the beach, and I'm stoked for a series of upcoming camping trips to the Eastern Sierra.
One reason I've been making the most out of my personal time lately is because of just how much time I had to devote to studying for the CISSP last year. Nevertheless, it'll be nice to take the 70-740 and make progress towards an MCSE in Cloud Infrastructure and Architecture.
Best Resources for MCSA 70-740 Exam
There's not a lot written about the 70-740 MCSA exam since it's a relatively new cert, so I figured I’d make a quick post about study materials. The most effective resources I've found for the 70-740 exam so far are PluralSight's 70-740 course series, the MCSA Windows Server 2016 70-740 Exam Study Guide from Sybex, and the MeasureUp test engine for 70-740.
The PluralSight course is particularly awesome and indispensable. It goes into Server 2016 in great detail and is geared towards those who follow along in their own lab, like me. Plus, the number of VMs needed for their High Availability course provided the perfect excuse to buy more RAM for my laptop. :)
I highly suggest delving into these resources if you’re considering the 70-740 cert.
The Year of Microsoft Certification
I actually had a great time studying for the CISSP and CompTIA CSA+ last year and am really excited to obtain more certifications in the coming years. The CISSP/CSA+ were great at providing foundational knowledge of information systems and information security but now I'm looking for more specific, technical certs. I've been an admin for a windows domain environment for the past 5ish years so that seemed like a good place to start.
So I've been studying for the tests that comprise the Windows Server 2016 Microsoft Certified Solutions Associate path and will take an additional test thereafter to become a Microsoft Certified Solutions Expert in Cloud Platform and Infrastructure. The current test I'm studying for, 70-740, mainly covers Server 2016 installation and storage which means....PowerShell!!! I love PowerShell and am really excited to continue learning more PowerShell through this Microsoft Certification path. More to come.
Studying for the CompTIA CSA+ Certification
Over the past year, my curiosity in Information Security has been piqued. I now want to learn as much as I can about InfoSec from both adminisrative and technical perspectives, and I've found that pursuing certificates is a great way of doing so.
I'm currently studying for the newish CompTIA Cybersecurity Analyst (CSA+) cert, which seems like a logical choice after taking the CISSP earlier this month. Fortunately, the breadth of testable information is more limited than on the CISSP, which means I won't have to pour over thousands of pages of study materials or take thousands of practice questions (which is why I stopped blogging here for so long).
So far I've been using CompTIA's Certmaster test engine along with the CompTIA CSA+ study guide by Mike Chapple & David Seidl. I've already completed Certmaster and will be reviewing the study guide over the next few weeks before I take the test on December 11th. I'm really looking forward to completing the CSA+ to move onto studying for the OSCP, which will consume the bulk of my free time in 2018.
Beyond the CISSP
Well it's taken most of 2017, but my journey through the CISSP exam is finally complete. I studied regularly for about 6 months and actually extended my test date by a month to garner more confidence for the exam. Fortunately I passed on my first attempt yesterday, although I must still go through the endorsement process to officially become a CISSP.
I enjoyed learning about InfoSec at a broad overview while studying for this cert. But now I'm ready for something more technical rather than jumping into another managerial-focused cert like the Certified Information Systems Auditor (CISA), which I plan on eventually taking.
I would ultimately like to become an Offensive Security Certified Professional (OSCP) within the next few years but would like to further develop and hone my technical skills before jumping into that journey. An obvious intermediary technical cert would be the Certified Ethical Hacker, but the CEH is very expensive and imparts little technical knowledge compared to other more respected certs, according to what I've read.
Thus, I've decided to pursue CompTIA's new Cybersecurity Analyst (CSA+) cert. I'm slightly nervous about pursuing this cert without having completed the CompTIA Triad (A+, Network+ and Security+) but think that my CISSP, work and labbing experience should give me a solid foundation. I'm also teaching myself Python right now, which is an absolutely rad programming language with tons of application in InfoSec.
Although I still feel like a relative InfoSec noob, I can't wait to learn and share more and more as my interest in the field grows.
Pursuing A CISSP Certification
Security has become a focus of mine over the past 6 or so months. This interest sprung out of curiosity in my homelab. I began playing with things like Group Policy, routing between subnets, SNORT Network Intrusion Prevention System, Sophos Unified Threat Management software, MetaSploit and Security Onion Intrusion Detection System.
This interest in information security is also due in part to a project at work in which my company must obtain NIST SP 800-171 IT security compliance as a government subcontractor.
I’ve decided to become a Certified Information Systems Security Professional by passing the CISSP exam to learn more about how to properly secure information systems. This certification has become one of the gold standards in information security and those holding this certificate are becoming more and more in demand.
The CISSP test is pretty beastly: 250 questions on topics ranging from cryptography to network security to legal compliance and access control. The scope of this test is wide and requires a great breadth of knowledge. I’ve been studying for about a month or so and hope to feel confident enough to take the test this fall. More CISSP posts to come!
New Blog Format
I obviously haven't posted here in quite some time. There've been a few reasons for this.
Firstly, I primarily built this site as a learning experience and I've largely satisfied my curiosity in bootstrap responsive design, HTML5, and CSS3.
Secondly, the way I've formatted this site has made posting an onerous task since so much content must be created for each post.
Reducing the need to create so much content will result in more frequent posts. So I will no longer make individual pages for each blog post. Rather, blog posts will be added only to the site's homepage.
Lastly, I've become increasingly interested in information security and auditing over the past months. As such, there will be more posts about InfoSec such as learning opportunities, professional certificates, and technical methods.
Expect more frequent posts on information security in the coming weeks.
Developing a Graphic Design Portfolio
I’ve become more and more interested in graphic design over the past 4 years. This is largely because my current job role as a one man IT department requires that I wear many different hats, including that of a graphic designer.
Fortunately, I’ve grown very fond of doing graphic design and love taking up graphic design projects. Over the past few years I’ve designed logos, product handouts, posters, CAD drawings, stickers, magazine ads, website mockups, and so on.
I rely heavily on Adobe Illustrator as my main tool when generating graphics design materials. Illustrator has deep functionally and the vast resources that are readily available online make learning new techniques fun and easy.
Most recently, I’ve been partial to flat design, which uses a muted palette and minimalistic elements to create designs that have intuitive user interface. Click the link above if you're interested in taking a look at any of my design work.
Electronic Voting Systems, Fitbit, Google, and the Circle by Dave Eggers
I pretty much always struggle to get through non-fiction while traveling. Titles like “VMware vSphere 5.5 Cookbook” and “Nmap 6: Network Exploration and Security Auditing Cookbook” are less appealing when stuck on an airplane, without Internet access, for hours on end.
Instead, I find myself reading mostly science fiction by authors like Philip K Dick and Neal Stephenson. Most recently I decided to dive into Dave Eggers’ book “The Circle”.
This recently published book is a great a read that addresses themes that are incredibly relevant. The parallels between this book and current events, and to my personal life, are striking.
The book centers on an Internet and technology company called the Circle, which seeks to better humanity through data tracking and interconnectedness. The Circle’s founder are given godlike status by those inside and outside of the company, particularly politicians. And the company’s employees, called Circlers, are desperate to further the company’s goals to a cultish degree.
Specifically, the Circle seeks to eliminate anonymity and privacy in order to bolster personal safety, health, convenience, political participation, and interconnectedness. Does this all sound familiar?
How to Make an Affordable RetroPie Gaming Console
Remember the good old days when gaming meant playing the Oregon Trail on an old school Macintosh computer? Ever wish you could play the original Super Mario Bros on your home TV? Well, you can. And you can even do so for less than $100.
By taking advantage of an awesome project called RetroPie, you can make a console that will enable you to play any old school games that were released for nearly any video game system. Better yet, many of those great old games are readily available for download on the Internet.
So how is this all possible? This is possible by using the tiny, yet surprisingly powerful, Raspberry Pi computer board. Raspberry Pis were intended to be used in projects exactly like the RetroPie
Making a RetroPie is very straightforward so there’s no excuse to let your nerdy side out and go buy the simple parts that you’ll need for your console. Not only will you end up with a great gaming console that will unquestionably be a hit with groups of friends at gatherings, but you’ll have learned a bit about computing along the way.
I’ve already put in the legwork by making 2 RetroPie consoles, now you just need to click the link above so that you can learn to make your own.