Certifications

SANS FOR509 Review

TLDR This course focuses on the information that we can leverage from cloud logs and highlights the “gotchas” of when and how they are generated/collected. Compared to traditional forensics, cloud does not offer the same depth of artifacts due to it’s abstracted nature. As a threat hunter, I walked away with a better understanding of where to find various types of activity within the different cloud providers. Overall Thoughts Content FOR509 was a well-paced course without much fluff that dives deep into the content right out the gate on day one.

Prepping for a GIAC Exam

TLDR I use a method to prepare for GIAC certifications that isn’t the quickest or the easiest but it builds reference material that’s useful during and after the exam. The two outputs of this method are a binder of your notes boiled down from the full course content and a set of GIAC course books that have been carefully tabbed for quick reference. This is not the ONLY method, but it has worked well for me.

SANS SEC542/GWAPT Review

PLEASE DO NOT ASK FOR MATERIALS FROM THE COURSE OR INSIGHT INTO THE QUESTIONS ON THE EXAM. TLDR This course did an excellent job of building a solid foundation around how protocols/services are intended to work before showing how to exploit them manually. While this course is not designed to produce world-class, cutting-edge red-teamers, it does lay the groundwork to begin that journey if you want to pursue it further. Many of the techniques used are great for illustrating exploits/methodologies but require additional strategies to bypass modern defenses.

ELASTIC CERTIFIED ENGINEER CERTIFICATION REVIEW + TIPS

TLDR: The exam itself was a fair assessment of the candidate’s knowledge around engineering an Elasticsearch cluster. All of the required tasks on the exam were grounded in real-world use cases that would be part of an ES engineer’s day-to-day work. Not only did I learn a ton about the engineering side of Elasticsearch but I am a stronger analyst because I better understand where my data is coming from and how it is processed.

What Certification should you pursue next?

People often ask me for advice on what certification they should be pursuing. As with most questions in IT, the answer is, “It depends…” The “right” certification for any given individual will vary greatly depending on where they are in their career and where they want to go. Here are a handful of things to consider while deciding what to study for next. INITIAL CONSIDERATIONS JOB POSTINGS/REQUIREMENTS  If your next career move involves applying for external positions, take the time to research the certifications listed for the type of role you are pursuing.

SANS FOR508/GCFA Review

PLEASE DO NOT ASK FOR MATERIALS FROM THE COURSE OR INSIGHT INTO THE QUESTIONS ON THE EXAM. TLDR This course was an incredible dive into host based forensics and I would highly recommend it for anyone interested in expanding their understanding of the incident response process with host artifacts. I walked away from this course with a much better grasp on how attackers move through an environment and where to find the evidence of their activities.