Discovering Myself

I feel like lately I’ve been extremely busy.  I think this is a good thing because if I wasn’t busy, maybe I wouldn’t have a job and someone I love filling up my time.  It makes sense.  So I like being busy.  This weekend is the first weekend in a while where I’m just doing chores and hanging out.

I actually miss going to my bf’s house and hanging out though.  I like the activity and people to always do something with.  Usually a rousing game of Trivial pursuit where boys rules and girls drewl!

Haha, I’m domesticated I suppose, but I love it!

Work has been CRAZY lately!  I’m been working on a education program with my colleague on Security Awareness.  It’s such a cultural change to get these things through though… It’s wierd.

Anywho, I’m off to finish up some cleaning and trying to figure out how to get rid of some of my stuff.  I need to pair down.

Well, I finally broke down and bought a MacBook.  And of course before even turning it on I upgraded the 1gb of RAM to 4gb of RAM.  DUH!

Well, so far I’m happy with it, I bought it just so that I could learn the technological aspects and to see if it would help me in my career with penetration testing and other network and hacking related stuff.  I am a security engineer so I need to know what every is using in order to protect against it.  It’s one thing to have the technical knowledge, it another to be able to utilize it.

So here’s to me buying an Apple… *sigh*  I never thought I’d do it.

I think I will update this as well, someone already started it, I’ll just add to it.

SANS Internet Storm Center

The diaries the
handlers post here are very useful. There is also a threat-con meter
that shows their thoughts on the current state of threats.

Home Page
http://isc.sans.org/
Feeds
http://isc.sans.org/xml.html

Security Focus

This is a must place to visit. There are good security articles as well as vulnerability advisories and home of BugTraq.

Home Page
http://www.securityfocus.com/

Feeds
http://www.securityfocus.com/rss/news.xml
http://www.securityfocus.com/rss/vulnerabilities.xml

Secunia

Home of the Full Disclosure mailing list and a great place to research vulnerabilities.

Home Page
http://secunia.com/

Feeds
http://secunia.com/rss_feeds/

Black Hat

Organizer of one of the most infamous conferences in the security world. They also have an archive of presentations.

Home Page
http://www.blackhat.com/

Feeds
http://www.blackhat.com/BlackHatRSS.xml

Milw0rm

This
is one place you should check at least once a day. This site hosts
exploits for various methods of breaking into computers and is a place
where you will see many zero day exploits.

Home Page
http://www.milw0rm.com/

Feeds
http://www.milw0rm.com/rss.php

ha.ckers.org

This is a blog where you will see a lot of VERY useful information. This is another place you should really watch.

Home Page
http://ha.ckers.org/

Feeds
http://ha.ckers.org/blog/feed/

Well, they did a reorganization at work this past week. It is more of a lateral move for me and my co-worker, but for my boss it’s a bit of a demotion. They are selling it as just an ease of management thing, but it’s kind of a slap in the face as my boss puts it. I kind of agree.

Like I said, it really doesn’t affect me that much, I might be doing a bit different things such as more networking work as opposed to applications work, but we’ll see. My background is more applications stuff as opposed to networking, but I know enough to be usable. Let’s see how it pans out.

We’ll keep the new boss in line. We tend to work odd hours, so if he complains about us coming in late or leaving early we’ll slap him in the face or throw a book at him and tell him to do all of the security work. haha That probably wouldn’t go over too well though.

I hope my boss is ok with all of this, I’d hate to see him leave over it.

Well, I thought I would list my expertise here since I’m bored while waiting on a call at 9pm and a download to finish.

First off, I want to state that I started off as a software engineer, sooooo keeping that in mind, there are the technologies and programming language I know or have known in the past.

• Programming Languages:
  ASP, ASP.NET, BASIC, C#, C, C++, COBOL(VERY Rusty), PHP, Ruby, Python, Perl, Pascal, Delphi, Java
• Programming Tools:
  Eclipse, MS Visual Studio, Delphi, Borland Development Suite
• Application Administration:
  IBM Websphere 5.x/6.x, Hitachi P-Synch, Microsoft Server 2003, Microsoft SQL 2000/2005, Symantec Endpoint Protection 11.x, Microsoft Internet Security and Acceleration Server 2006, Checkpoint Firewall, BIG-IP F5, Linux (RHEL 4/5-SUSE 10.x), VMWare Server ESX 3.0

I think that covers the things in my head right now, I’m sure I missed quite a bit.

So, I’ve been working in my current position for almost 1 year now. I have about 3 months left. I love the job, but I’ve been having a bit of trouble really shaking out what I’ll be doing going forward. My co-worker’s thoughts are very disjointed and hard to follow, so explanations don’t come through clearly.

So I took an initiative to put together a list of all the applications/services we offer in Security. It’s quite a list, I was really surprised. I don’t think we’ve put something like this together before. I’m glad I started it. It was really supposed to help me rate my skill level in each of our respective services, but it turned into sort of a “let’s tell the company what we do” type of thing for our department.

My main focus is application security testing, and education material. I have yet to really get to delve into the topic here, but I’m hoping I will get to that soon. It’s very intriguing to me.

Anyway, I went on a date last week, it went great. We had a follow up date the next day. My only worry is that he lives about 30 minutes away, so as long as that’s not an issue I think it will be ok. My friend Jason and I have to get together again, he’s a nice guy, I’m going to throw him into my group of friends and see if he floats. I hope Jason is doing good.

Anyway, time for me to get back to work.

I work for a global organization. I handle computer security and try to make sure things stay up to date and protected.

Well, ASIA in particular gives me no end of trouble. Even though we have policies and procedures, we are still bound by some cultural differences and financial issues.

For example, if they need Photoshop or something like that, they will run down to the corner and by a copy from some vendor on the street for $5. This is VERY hard for us to monitor. Not to mention, those CD’s are usually infected with all kinds of malware. So by the end of the day of one guy installing this and using it we could have 10-20 infected machines.

It’s just very hard to control and it is an education and culture problem.

I am working on educational material right now. We already have policies in place, we might want to make stricter penalties for violations. We’ll see what happens.

What is your daily routine?

My day seems so boring! haha

6:30-7:00am: Wake up and feel drowsy.
7:15am: Brush teeth and take shower.
7:30am: Make my breakfast shake.
8:00am: Check e-mail, get dressed and get work stuff together.
8:30am: Leave for work.
8:45-9:00am: Get into work and setup my computer.
9:00-10:30am: Do secret work related thingies!
10:30-11:30am: Catch up on E-mail and read security related articles to keep skills sharp.
11:30-12:30pm: Get an early start to lunch because it gets rowdy around here at lunch time.
12:30-1:30pm: Catch up on my e-mail. I swear these people and their e-mail.
1:30-2:30pm: Meetings or updating project data.
2:30-4:30pm: Completing Tickets and Tasks.
4:30pm: Prepare to go home and get to my car pondering whether traffic will be good or bad.
5:30pm: Arrive home… hopefully.

Somedays, I go to the gym for 5:30ish and get some cardio in before my personal training sessions. Then I’m home or out of there by 7:15pm.

Once I’m home I just relax, might watch a movie or something. If a friend calls they come over or I might go out and hang out with them. I don’t like to hang out too late on “school nights” though. haha

I’ve seen this all over!

In large organizations you can’t always “lock down” workstations due to productivity loss and irritating employees that could and will go elsewhere.  It’s surprising how hard it is to implement solutions that will protect corporate and personal data just because they can’t install their little widget that makes little pictures fly across their screen.

Well Symantec decided to reclassify My Web Search Bar as a Downloader which totally screwed my reporting the other day.  We showed like a bazillion infections.

I researched this and found the file to be innocuous.  Symantec’s solution?  To tell me the file was innocuous and to ignore it.

Well anyway, I have to deal with this and other malware in ASIA due to keygens and other shananigans that people don’t realize are on their USB storage or what not. Oh well, at least it keeps me in a job.

I’m currently working on getting the Symantec Endpoint Protection tested and implemented globally.  That’s a huge endeavor on 13,000+ workstations and servers.  I’m a little leary of installing on servers at this point because I don’t know the impact on applications yet.  It does some new funky things and i don’t want anyone yelling at me.

I personally like the product, they’ve fixed many things in the MR2 release.  We’ll see how this whole project pans out.

Well, I don’t really have too much to say right now.  I have a friend sitting on the couch waiting for me to finish so we can grab lunch.  It’s quite a late lunch, but I got all caught up in making this website.

I’m a 26 year old Computer Security Expert.  My area of expertise ranges from common network security anomaly detection to in-depth application security architecture design.

I am in a relationship with my boyfriend of over a year Stephen.  He’s great most of the time, other times I want to strangle him.  I guess that’s what relationships are all about.

I’m doing fine in my business life, but my social and private life need some work, so I thought I’d make this blog and kind of discover who I am and what exactly I like and go from there.

First off, I am a pretty quiet person most of the time.  I can talk a lot, but I have to find the topic interesting.  I’m not one to jabber on about inane stuff.  I like intellectual conversation about anything.  I’m an analyzer I guess.

I love strategy games.  My favorite right now are these tower defense games, you have to put towers up to shoot things as they scroll across the screen before they reach the other side.  It’s interesting.  I like Sudoku as well.  I could do those for hours.

I’m an avid reader.  I read mostly science fiction and fantasy.  I can get the rest from real life.  I’m currently reading this book called Hero.  I recommend it.  It’s a bit shorter than most of the books I read, but so far I’m not disappointed.

I’m reading about 4 other books concurrently, but Hero I’ve fixated on for now.

I love movies, I could watch a new movie every night.  I don’t have cable, so I basically do watch a new movie every night.

My boyfriend likes to go out far more than I do, so I guess it balances out.  I’m more of a homebody than he is.

I like video games but don’t get to play them too much.  Hopefully when I buy a house I can setup a theatre or something.

I work for a great company and I’m out at work.  I don’t have a gay pride flag, but I don’t hide the fact.  My coworker is also gay.  She’s been with her girlfriend for about 2 years.

I also, love to cook, I don’t do that enough.  I just get tired when I get home from work.  I’ll work on that.

I just signed up for a years work of personal training, it cost me way too much.  Other than the price, we’ll see how it works out.

Ok, I need to hop in the shower before my friend kills me.  I’m not sure where we should go, she wants to sit outside since it’s nice weather.  Fine with me.

Take care, and I’ll post some contact info on here later.