Author Archives: Chris Sanders

The Cuckoo’s Egg Decompiled: An Introduction to Information Security

I’m excited to announce my newest online course. This is unlike any course I’ve done before and I’m making it available completely free.

The Cuckoo’s Egg Decompiled is a cross between an online course and a book club. Starting on November 9th, we’ll get together every Thursday night at 7:30 PM ET. Our “textbook” will be Cliff Stoll’s epic “The Cuckoo’s Egg”…the book that launched the career of many infosec practitioners and required reading for the field!

Each week I’ll review a few chapters of the book and we’ll tie Cliff’s experiences to modern themes in computer security. This series is ideal for people who are new to information security or want exposure to other facets of the field, but anyone is welcome. All you need is an internet connection and (optional) a copy of the book.

How can I join?

The weekly sessions are hosted LIVE online and free to attend. All you need to do is sign up and login. You can register before the start of the next session. Registration IS REQUIRED and space is limited.

What will we do?

For each session, I’ll provide an overview of the reading and then lead a discussion about the topics presented in the book. I’ll tie in aspects of Cliff’s story to modern security themes, breaches, tools, and techniques. I’ll demonstrate techniques from the book that are still relevant, or their modern evolutions. You’ll have the opportunity to participate by chiming in with your own thoughts and experience, participating group polls, or asking questions.

What work is required?

Ideally, you’ll come to each session having read the chapters we’ll discuss (I’ll tell you what those are ahead of time). Each week will cover around five chapters, which is only about 30-40 pages. Trust me, once you get started reading the book you’ll have a hard time putting it down. Couldn’t find the time to get the reading in this week? No problem, I’ll provide a quick rundown of the reading when we start.

What will I learn?

We’ll touch on a wide variety of information security topics. This will include but isn’t limited to: network architecture, host forensics, network forensics, packet analysis, security management, honeypots, malware, exploitation, attribution, lateral movement, encryption, network scanning, and espionage. You’ll have the opportunity to gain exposure to problem spaces spanning multiple infosec job roles and the underlying themes that tie them all together.

Who is this class designed for?

This course is specifically designed for people who are new to information security, those who have been in infosec for only a couple of years, or high school and college students. Topics will be discussed at an entry-level with a focus on stimulating curiosity and steering you towards additional resources if you want to learn more. Of course, while this group is designed to be entry-level, participation from experienced practitioners is also welcome!

Is participation required?

Absolutely not! Feel free to sit back and listen. If you’d like to join in I’ll open up the floor periodically to voice or video participation. There will also be a live chat going the whole time and I’ll be monitoring a hashtag on Twitter.

Will the sessions be recorded?

Yes, recordings will be made available until the next session begins. Live participation is highly encouraged so you can participate in the discussion and get the most out of the time. After the class is completed, the entire set of recordings, along with my instructional materials, will be made available for free to high schools, universities, and full-time students.

What if I miss a week?

No problem! You can catch one of the recordings and just read the chapters we would have covered.

What is the schedule?

We’ll plan to meet on these days, but this is subject to change as we get further along.

November 9, 16, 30

December 7, 13, 21

January 4, 11, 18, 25

Where can I get a copy of the book?

  1. You can buy a new copy from Amazon here
  2. Chances are, you might be able to find a friend or coworker who has a copy they will lend you
  3. Your local library might have a copy

How can I stay up to date on the event and changes?

Sign up for the group mailing list here.

Will this series be offered live again?

Probably not anytime soon. But, if this is successful there’s a good chance that I’ll do similar courses focused on different books.

Should I tell everyone I know about this course?

Only if you like them and want them to succeed in life. If you tweet about this course, use hashtag #cuckoosegg.

Where can I sign up?

Space is limited and registration is required. Click the button below to reserve your spot.


New Online Course: ELK for Security Analysis

I’m excited to announce the release of the ELK for Security Analysis online course! You’ll find the description of the course to follow. Registration is open now (with early bird pricing), and the course officially opens next month.

For more details, see:

You must master your data If you want to catch bad guys and find evil. But, how can you do that? That’s where the ELK stack comes in.

ELK is Elasticsearch, Logstash, and Kibana and together they provide a framework for collecting, storing, and investigating network security data. In this course, you’ll learn how to use this powerful trio to perform security analysis. This isn’t just an ELK course, it’s a course on how to use ELK specifically for incident responders, network security monitoring analysts, and other security blue teamers.

You’ll learn the basics of:

  • Elasticsearch: How data is stored and indexed. Working with JSON documents.
  • Logstash: How to collect and manipulate structured and unstructured data.
  • Kibana: Techniques for searching data and building useful visualizations and dashboards.
  • Beats: Use the agent to ship data from endpoints and servers to your ELK systems.

I’ll also show you how to build complete data pipelines from ingest to search. This means you’ll get to watch step-by-step guides for dealing with security specific data types like:

  • HTTP Proxy Logs
  • File-Based Logs (Unix, auth, and application logs)
  • Windows Events & Sysmon Data
  • NetFlow Data
  • IDS Alerts
  • Dealing with any CSV file you’re handed
  • Parsing unstructured logs, no matter how weird they are

When you walk away from this course, you should be equipped with the skills you need to build a complete IDS alert console, investigation platform, or security analysis lab.

More details and registration:

Rural Tech Fund Shirts

If you’re looking for a fun way to support the Rural Technology Fund, we’ve got shirts now! Our new “This Shirt Fights Poverty” shirt does exactly what the name says. All proceeds from the store go to support computer science education in rural and high-poverty classrooms.

You can grab your shirt here:

We have plenty of sizes, styles, and colors available.

If you bought a shirt, I’d love to see it! Take a picture and post it to the Rural Tech Fund Facebook page or tag on @RuralTechFund on Twitter!

Source Code S1: Episode 8 – Jason Smith

My long time friend Jason Smith joins me on our last episode of the season. He talks about growing up in western KY and how much his parents and teachers influenced his career development from budding physics student to senior architect at Cisco Systems. As we walk through his rapid career progression, we also talk about the state of education in our industry and some mentorship strategies he’s used to help newbies become successful in our industry.

You can find Jason on Twitter @automayt.

Listen Now:

You can also subscribe to it using your favorite podcasting platform:

If you like what you hear, I’d sincerely appreciate you subscribing, “liking”, or giving a positive review of the podcast on whatever platform you use. If you like what you hear, make sure to let Jason know by tweeting at him @automayt. As always, I love hearing your feedback as well and you can reach me @chrissanders88.

Source Code S1: Episode 7 – Bill Pollock

In this highly anticipated interview, I have Bill Pollock who founded No Starch Press. We talk about his life growing up in New York and how he had really varied interest as a kid. He knew at a young age he wanted to be an entrepreneur and start a business for kids like him, and he did it! No Starch Press is one of the most significant names in technology publishing and through Bill’s story you’ll get a peek at why. He talks about his trials and tribulations through the publishing industry and exactly how those things shaped NSP. You can find Bill on Twitter @billpollock.

Listen Now:

You can also subscribe to it using your favorite podcasting platform:

If you like what you hear, I’d sincerely appreciate you subscribing, “liking”, or giving a positive review of the podcast on whatever platform you use. If you like what you hear, make sure to let Bill know by tweeting at him @billpollock. As always, I love hearing your feedback as well and you can reach me @chrissanders88.