Tuesday, November 11, 2008

GCIH Conquered!

My best score yet! A 97% on the GCIH exam!

I think that having taken the GCFW less than a month before certainly helped since both courses have a lot of overlapped. I certainly questioned having taken them both that close together, but it ultimately worked out really well.

Now I am studying for the rest of the requirements for the GSE-C platinum level exam. I want to reach that before taking a break and keeping my focus on that while it remains fresh in my head is a good idea.

I don't currently face any deadlines though, since I haven't paid for the challenges yet though. Ironically, not having that pressure can make it more challenging to keep things at a high priority. I am going to finish the other two (G7799 and GSNA) this year though, if at all possible!

I plan on working on the gold papers after I clear those out of the way. I have already started the shell of one (on secure development). I figure I can find someplace to publish it if the topic isn't accepted. One key thing will be limiting myself to just 4 papers. :)



Tuesday, November 4, 2008

How to Learn it All?

The biggest challenge I am facing now is that I am trying to learn everything, a definite impossibility. I have gotten a big urge to know many different useful things, but I only have so many hours in the day. Balancing this all out is turning out to be a serious challenge!

I would rather have this challenge than one of apathy though, so I will keep working it. Ironically, it can be frustrating at times.


Saturday, November 1, 2008

I have been listening through the OWASP 2008 session videos recently and some of it is downright scary. I would have to agree with Ed Skoudis, a SANS instructor, who noted in a class I listened through (SEC 504) that this is the Golden Age of Hacking. The OWASP video was talking about a new phishing engine someone was creating. While this could be great for testing, it has a lot of things that would make it a powerful tool in the hands of script kiddies and even those with more experience.

It is kind of like the Metasploit Framework. It is a powerful tool for doing harm on systems, but it can also be used to test your own systems for possible vulnerabilities. I am not a pen tester, so perhaps these tools scare me even more. Still, it is better to know what is out there than to have the only tools circulate with only the bad guys knowing what is going on.