Source Code S1: Episode 3 – Magen Wu

This week, I’m joined by Magen Wu (tottenkoph) of Rapid7 to talk about her career path. We talk about growing up in “God’s Waiting Room”, how we take our hash browns at Waffle House, speaking at security conferences, and our shared interest of psychology and how it applies to information security.

Listen Now:

You can also subscribe to it using your favorite podcasting platform:

If you like what you hear, I’d sincerely appreciate you subscribing, “liking”, or giving a positive review of the podcast on whatever platform you use. If you like what you hear, make sure to let Magen know by tweeting at him @tottenkoph. As always, I love hearing your feedback as well and you can reach me @chrissanders88.

Source Code S1: Episode 2 – Doug Burks

The response for the podcast has been tremendous. Thanks so much to everyone who listened and subscribed!

This week, my good friend Doug Burks joins us. Doug is most widely known for being the creator of the Security Onion Linux distribution that helps you peel back the layers of your network and make your adversaries cry. In this episode we talk about the origin of Security Onion, the reality check in college that helped turn Doug into one of the most disciplined and hard-working people I know, and his part in helping turn Augusta into the information security capital of the south.

Listen Now:

 

You can also subscribe to it using your favorite podcasting platform:

If you like what you hear, I’d sincerely appreciate you subscribing, “liking”, or giving a positive review of the podcast on whatever platform you use. If you like what you hear, make sure to let Doug know by tweeting at him @dougburks. As always, I love hearing your feedback as well and you can reach me @chrissanders88.

Time, Straight Lines, and the Next Step

As I shared a couple of weeks ago, I’ve decided to step away from my role at Mandiant/FireEye after three fun and challenging years. During this time I did some interesting work and met a lot of great people who I’m glad to call friends. However, it’s time for something different, and that’s what this post is about.

I’ve spent a lot of time over the past few months thinking about how I spent my time and how my time will be remembered by those around me. Time is the only thing that you can’t get more of, and once it’s gone you can never get it back.

I started a career in information technology and security at a young age because it was a new frontier, I enjoyed the challenge, and there was a demand. As I’ve gotten older, I’ve begun to realize that I don’t love information security — I love how it lets me serve others and help them achieve their goals. When I really thought about it, I realized that there is evidence of my love of service in other facets of my life as well. This is why I love to teach, why I love to gather friends around the BBQ pit, and why I started the Rural Technology Fund nearly ten years ago.

I think it’s easiest to serve people when you can draw the shortest, straightest line between the work you do and how it positively impacts the lives of others. I’ve been fortunate to have some jobs where that line was fairly straight and short, but I’ve also had plenty where the line was miles long and wrapped around in circles. The more I thought about it, the more I realized my happiness is really contingent on my ability to keep that line short and straight.

Here’s how I’m going to do that…

Applied Network Defense

First, I’m thrilled to announce the launch of Applied Network Defense, a new business venture I’ll be leading. Through this organization, I’m going to focus on delivering high quality, affordable online information security training. Many of you may be familiar with some of my existing classes like Investigation Theory and Effective Information Security Writing. These courses will serve as a blueprint for new courses I’ll be teaching, including a Practical Packet Analysis course, and a course called Defense Against the Digital Dark Arts aimed at teaching practical security concepts to college students, IT workers who are interested in focusing on security, and business leaders who want to gain a better working knowledge of how to think about and approach security problems.

AND isn’t just about me, though. Beyond my own teaching, I want to help enable others deliver their expertise to those who need it. I’ll be partnering with other individuals and organizations to help them develop online training to support their products and education goals. This includes a new Bro scripting course, and a new partnership with OISF to offer an official online Suricata course. These will both be released this summer. If you’d like to learn more about this venture or are interested in taking a course or developing one, check out appliednetworkdefense.com

Pro-Bono Consulting

A big part of what I’ll be doing with AND is trying to help those who really need it. I’ve always offered scholarships to my courses for human service non-profit workers, and I’ll continue to do that. I’ll also be devoting one or two days a month towards offering free “pro-bono” consulting for those organizations and very small businesses that can’t afford to pay the price many vendors charge. If you’d like help in that area, you can fill out an application here. If you’d like to join me in this effort, please reach out.

Source Code Podcast

Something that has always fascinated me about our field is that everyone comes from such diverse backgrounds. Most got into IT or security by taking a different path, and everyone has a unique story to tell. I’ve decided to create a new podcast to create a forum for people to tell those stories. My hope is that I’ll create a repository of “origin stories” that will inspire other practitioner and students. I released the first episode of the podcast last week and the feedback so far has been amazing. You can check out the first episode and stay up to date with future episodes here.

Rural Technology Fund

Finally, I’ll be spending more time with the Rural Technology Fund. The impact of this organization has grown tremendously over time. Last year, we made enough targeted donations to public schools to reach over 10,000 students. This year, my hope is to reach as many as 25,000 (we’re already 30% of the way there). I can’t do this alone, so I’ll be spending time fundraising, soliciting volunteers, and getting the word out about all the good work we’ve been doing. You can learn more about the RTF and how you can help here.

I want to end with a personal note. I’m the son of a trucker and a sewing machine operator from a town named Mayfield that nobody ever heard of. To be able to do what I do and interact with so many amazing people through my work is nothing short of a miracle. I don’t belong here, but because I am, I’ll never stop being thankful. I’m incredibly excited about this new journey and I sincerely appreciate all the support of those who have bought a course license, purchased one of my books, donated to the RTF, or simply read this blog. 

Introducing the Source Code Podcast

A few weeks ago on Twitter, I teased that I was working on a new podcast called “Source Code”. Creating a podcast is something I’ve always wanted to do, but I’ve never really had the opportunity to pursue it until now. There are a lot of great podcasts in the information security space already, and I’ve been fortunate enough to be guests on a couple of them. So, what makes mine different (aside from being able to make fun of my accent)?

Source Code is an information security podcast that’s all about education. Rather than simply providing technical segments or news, Source Code is focused on the people that push information security forward and battle in the trenches every day.

We interview practitioners from every facet of information security about their origin story. This includes how they go their start, how they got into the field, and the career decisions that made them successful (or slowed them down) along their path. It’s the story of their source code — what makes them tick. We also talk about current opinions on the state of security education to include what we’re doing right and what we’re doing wrong.

You’ll hear from plenty of household names you’ve heard of, as well as some people you should know about with interesting back stories and unique contributions to the field. Source Code celebrates the diversity of backgrounds that makes information security a unique place to exist.

The #1 question I get asked is “How do I get into infosec?” My hope is that through this podcast, I create a library of stories that can help answer that question by showing people that there are a ton of different ways to get started, and each one can lead to great success.

The podcast will live here: http://www.chrissanders.org/podcast

You can also subscribe to it using your favorite podcasting platform:

If you like what you hear, I’d sincerely appreciate you subscribing, “liking”, or giving a positive review of the podcast on whatever platform you use. 

The show is seasonal, and the first season will have eight episodes that will be released every other Friday (you get this one early). I have some GREAT guests lined up, so stay tuned.

I hope you enjoy it!

Announcing the Practical Packet Analysis Online Course

I’m excited to announce my newest training course “Practical Packet Analysis”, with a portion of the proceeds supporting multiple charities.

Register Here

It’s easy to fire up Wireshark and capture some packets…but making sense of them is another story. There’s nothing more frustrating than knowing the answers you need lie in a mountain of data that you don’t know how to sift through. That’s why I wrote the first Practical Packet Analysis book a decade ago. That book is now in its third edition, has been translated to several languages, and has sold over 25,000 copies. Now, I’m excited to create an online course based on the book. The Practical Packet Analysis online course is the best way to get hands on visual experience capturing, dissecting, and making sense of packets.

Practical Packet Analysis takes a fundamental approach by exploring the concepts you need to know without all the fluff that is normally associated with learning about network protocols. Everything you’ll learn is something you can directly apply to the job you have, or the job you want. The ability to understand packets is a critical skill for network engineers, system administrators, security analysts, forensic investigators, and programmers alike. This class will help you build those skills through a series of expert-led lectures, scenario-based demonstrations, and hands-on lab exercises.

The Practical Packet Analysis course is perfect for beginners to intermediate analysts, but seasoned pros will probably learn a few useful techniques too. Whether you’ve never capture packets before or you have and you struggle to manipulate them to effectively achieve your goals, this course will help you get over the hump. You’ll learn:

  • How networking works at the packet level.
  • How to interpret packet data at a fundamental level in hexadecimal or binary.
  • Basic and advanced analysis features of Wireshark.
  • How to analyze packets on the command line with tshark and tcpdump.
  • Reducing capture files with Berkeley packet filters and Wireshark display filters.
  • Techniques for capturing packets to make sure you’re collecting the right data.
  • How to interpret common network and transport layer protocols like IPv4, IPv6, ICMP, TCP, and UDP.
  • How to interpret common application layer protocols like HTTP, DNS, SMTP, and more.
  • Normal and abnormal stimulus and response patterns for common protocols.
  • Troubleshooting connectivity issues at the packet level.
  • Techniques for carving files from packet streams.
  • Understanding network latency and how to locate the source.
  • How common network attacks are seen by an intrusion detection systems.
  • Techniques for investigating security alerts using packet data.
  • How malware communicates on the network.

Course Format

The Practical Packet Analysis course is delivered completely online using recorded video lectures that you can go through at your convenience. It is modeled like a college course and consists of lectures that overview critical concepts, demonstrations where I walk through packet captures, and lab exercises when you are given packet captures to work through on your own to practice the concepts you’ve learned. There is also a a discussion forum where you can ask questions and share tips and tricks with other students. The course includes over 40 hours of video lecture content, and can be completed at whatever pace is comfortable for you.

Prerequisites

This course has no prerequisites, but a basic understanding of networking is helpful. It is delivered in English.

Cost

Introductory pricing for the course is $797 for a single user license. Bulk discounts are available for organizations that want to purchase multiple licenses (please contact me to discuss payment and pricing). A portion of the purchase price will go to support multiple charities including the Rural Technology Fund, the Against Malaria Foundation, and others.

You’ll receive:

  • 6 month access to course video lectures and lab exercises
  • A Certification of Course Completion
  • Continuing Education Credits (CPEs/CEUs)

Sign Up Now!

This course is only taught periodically and space is limited.

Summer 2017 Session – Begins June 12 (Registration Deadline 6/9)