TLDR This course focuses on the information that we can leverage from cloud logs and highlights the “gotchas” of when and how they are generated/collected. Compared to traditional forensics, cloud does not offer the same depth of artifacts due to it’s abstracted nature. As a threat hunter, I walked away with a better understanding of where to find various types of activity within the different cloud providers.
Overall Thoughts Content FOR509 was a well-paced course without much fluff that dives deep into the content right out the gate on day one.
Resume Mindset Resumes ARE not intended to be an archaeological record of everything you did in every role in your career. If you build it that way it’s going to be a swamp of bullet points that will take a recruiter a ton of time to sift value from.
The purpose of a resume is to communicate relevant experience as succinctly as possible to prove that you can do a certain role at a certain company.
TLDR I use a method to prepare for GIAC certifications that isn’t the quickest or the easiest but it builds reference material that’s useful during and after the exam. The two outputs of this method are a binder of your notes boiled down from the full course content and a set of GIAC course books that have been carefully tabbed for quick reference.
This is not the ONLY method, but it has worked well for me.
PLEASE DO NOT ASK FOR MATERIALS FROM THE COURSE OR INSIGHT INTO THE QUESTIONS ON THE EXAM. TLDR This course did an excellent job of building a solid foundation around how protocols/services are intended to work before showing how to exploit them manually. While this course is not designed to produce world-class, cutting-edge red-teamers, it does lay the groundwork to begin that journey if you want to pursue it further. Many of the techniques used are great for illustrating exploits/methodologies but require additional strategies to bypass modern defenses.
TLDR: The exam itself was a fair assessment of the candidate’s knowledge around engineering an Elasticsearch cluster. All of the required tasks on the exam were grounded in real-world use cases that would be part of an ES engineer’s day-to-day work. Not only did I learn a ton about the engineering side of Elasticsearch but I am a stronger analyst because I better understand where my data is coming from and how it is processed.
TLDR: The virtual format makes humor difficult, have a fallback plan for internet/power outages, and you don’t need a fully completed presentation to enter a submission to a conference.
Doing my best to avoid letting 2020 hold me back, I achieved one of my personal goals and presented a talk at a infosec conference this year! My preference would have been to do something local and in-person but because of COVID, those hopes were dashed.
People often ask me for advice on what certification they should be pursuing. As with most questions in IT, the answer is, “It depends…” The “right” certification for any given individual will vary greatly depending on where they are in their career and where they want to go. Here are a handful of things to consider while deciding what to study for next.
INITIAL CONSIDERATIONS JOB POSTINGS/REQUIREMENTS If your next career move involves applying for external positions, take the time to research the certifications listed for the type of role you are pursuing.
PLEASE DO NOT ASK FOR MATERIALS FROM THE COURSE OR INSIGHT INTO THE QUESTIONS ON THE EXAM. TLDR This course was an incredible dive into host based forensics and I would highly recommend it for anyone interested in expanding their understanding of the incident response process with host artifacts. I walked away from this course with a much better grasp on how attackers move through an environment and where to find the evidence of their activities.