Friday, May 22, 2020

Splunk, 30 Bird Media, and the CompTIA CySA+ CS0-001 (Cyber Security Analyst or SOC Prep): Part 002

Good day, everyone! I was going to write a blog talking about the Splunk Fundamentals One course that I finished. Instead, I have decided to talk about how to set up your environment, with the intent of helping people be as prepared as possible to implement the training programs that I mentioned in the first posting.

From the perspective of hardware, which I will only briefly touch on here, having the right equipment is essential to your future progress. The first thing you really need, the one non-negotiable piece, is a CPU that supports virtualization in hardware. If you go to the Gibson Research Corporation website (here), you will find a program called SecurAble. It is free and, when you run it, it will show you if your CPU supports virtualization and if it is turned on in your UEFI (think modern BIOS). If virtualization is present but not on, you will have to follow your system or motherboard instructions on how to access your UEFI and change the appropriate settings.

The second most necessary component for you to have is plenty of RAM (random access memory). The RAM will be shared between your operating system, such as Windows 10, and the virtual machines that you will download from the 30Bird website or build (which you will have to do for the Splunk server...assuming you follow the suggestions in this blog). The absolute minimum amount of RAM I would recommend would be 8GB of RAM. Understand that using that amount will not be the most optimal configuration possible but, if you are patient, it will work. It is better to buy as much RAM as your system and wallet can take. One word of warning: the host operating system will use up some of the RAM (approximately 4GB for Windows 10). You must subtract that amount when figuring out how much RAM to allocate to each VM. So, if you have 8GB of RAM and use Windows 10, you will only have 4GB of RAM for the VMs to use.

The third, and last, component you will need is an adequate amount of hard drive space, preferably a drive (or drives) that have the best balance of cost, capacity, and speed. When you build your virtual machines, select the dynamic allocation option as this will only use the minimum amount of space on the drive while still letting the virtual machine's guest operating system think that it has more space available to it than it is using. For instance, if you build an Ubuntu VM, the minimum amount of spaced used is likely less than 8GB on disk. If you set it up to use a maximum of 20GB, the VM will still only take up 8GB of space on disk but the OS will "see" 20GB. As an example, I have a 2TB Seagate Solid State Hybrid Drive (SSHD) with 12 VMs, plus backups, and I still have approximately 1.5TB of free space available.

Assuming you have adequate hardware to meet at least the minimum requirements, you will also need the software in order to setup your virtual lab. I recommend using Oracle's VirtualBox  software. While not as full featured as VMware's offering, it is always free and it is more than good enough for our needs. In addition to the virtualization software, you will also want to purchase the 30Bird book and download the VMs they provide for labs. You will need to import the VMs once you have downloaded them. Since they are compressed using the zip format, you can use either the builtin compression/decompression software that typically comes in modern OSes, or you can use 7zip (from 7zip.org). Once they are unzipped, open VirtualBox, choose the Import button, and choose the folder where the OVA file you need to import is located. Once it is done importing, you need to configure the network settings, according to the directions in the book. After that, you will be able to start the VMs, log into them, and follow the lab instructions in the book.

To set up Splunk, you will need to do a few things, in addition to what is mentioned in the previous paragraph. First, download your favorite distribution of Linux (I used Ubuntu). You can decide to download and install from an ISO file or use a prebuilt VM. It is your choice but I prefer to install from the ISO file. Once installed, launch the VM and go to the Splunk website to download the software. Follow the installation instructions.

That ends the instructions for now. In a future post I will show how to implement Splunk monitoring on the 30Bird provided VMs and how to use the lab environment to build practical experience with Splunk and any other technology that is able to be virtualized.

Until then, please be safe and thank you for reading this far.

Sunday, May 17, 2020

Splunk, 30 Bird Media, and the CompTIA CySA+ CS0-001 (Cyber Security Analyst or SOC Prep): Part 001


One of the eternal questions that it seems everyone asks when they want to break into cybersecurity is this: how do I develop the skills that will make me a great security analyst when I can't get a job without experience? Add to that a pretty common request or requirement on job requisitions is experience with various security tools. Some of those tools have free or community editions but a lot will require that you work for a company that can afford said tools. The need to develop marketable skills, coupled with the oftentimes expensive cost of the tools that get you noticed, creates a perfect storm of job seekers with great knowledge and "weak" skills, as well as a job market where hiring managers struggle to find good, qualified workers. So what are we supposed to do to create balance in this situation?

What I am about to relay through this article won't necessarily help unlock the doors to your first Security Operations Center (SOC) gig. What it will do is provide a blueprint that, if you follow it, will help you develop critical skills that are in demand and might even get you noticed. If you build those skills you may impress someone enough to give you the chance you want and probably deserve. By combining two different training opportunities into one, we can develop the knowledge and skills that will show we are hungry and as prepared as we can possibly be, given the lack of professional experience. So let's go!

Step one: we need a starting point for us to develop our SOC skills from. If you are fresh off of training/certification for the CompTIA Security+ exam, then you have a great baseline of knowledge. If you don't have that training or knowledge, then I think you should consider getting it before diving into this adventure. Back to the starting point...I think that one of the most attainable SOC analyst training and certifications is CompTIA's Cyber Security Analyst Plus or CySA+. There are certainly others out there, such as the Cisco Certified CyberOps Associate (formerly the Cisco Certified Network Associate: Cyber Ops), and you may choose to pursue that certification instead. For name recognition, I have had hiring managers comment positively on the CySA+ and ignore the CCNA: Cyber Ops certification (which had two exams and cost approximately $600 for the two exams, combined). Since it has the best name recognition (out of my rather small sample size), we will focus on this certification, and more specifically, the training needed to become certified.

Full disclosure: I took the CySA+ CS0-001 beta exam and passed it, thus becoming certified before the exam was publicly available. The exam was $50, whereas the full, non-beta exam costs $359 retail. Additionally, I teach CompTIA courses, which means I am biased toward CompTIA certifications. Besides teaching the courses, which helps pay the bills, I have also seen how life-changing the CompTIA certifications can be to those trying to break into IT.

Step two: training materials. I purchased the 30Bird Media book for the CySA+ exam (found here). One of the main reasons why I chose the book, besides the experience I've had using their materials for other CompTIA certifications, is that in the book they have virtual labs. You can go to their site (see link above) and download the virtual machines (VMs) in order to follow their labs. You will need a virtualization hypervisor, such as VirtualBox. as well as enough RAM, hard drive space, and CPU virtualization extensions. Choosing the best hardware platform is beyond the scope of this article but there are plenty of great tutorials on YouTube: check out the video from Black Hills Information Security for an example video.

The benefits of the labs include:
  • Access never expires since they are on your computer.
  • Beside the cost of the book, the labs won't add to the cost of the training (which is a frequent occurrence that can make affordable training anything but).
  • They allow you to reinforce the knowledge learned in the lessons.
  • When you are done with the book and get certified, you can continue to sharpen your skills by going back through the labs, again and again.
  • You can also add new VMs to the mix, allowing you to use the labs for other certifications and training that you may get access to in the future.
Since we've gone over the pros of the labs, here are a few possible cons:
  • The VMs are demonstration versions of the software that requires a license. This means that you will get warnings and possibly have some or all of the functionality disabled over time.  
  • The labs will, over time, become outdated. That means that their value will diminish over time. Not a huge deal, but something to consider.
  • The VMs may become incompatible with more up-to-date versions of your hypervisor. While unlikely in the near term, it is something that I try to pay attention to, just in case.
Step three: one of the problems with most training programs is that they rarely give you experience with actual tools used by SOC analysts. It is very expensive, in most cases, to give people access to the most in-demand tools. That cost would have to be passed along, which would make such training less accessible to the "average" student. Now that I've said that, I can imagine that some might be asking the questions "well if that's the case, how am I ever going to get experience with those tools? Is this a lost cause or pipe dream?". The honest answer to those questions is that you can get access to the tools and you can get free training to go with the tools. Where, you ask? Splunk, I say. Splunk offers training (Fundamentals I & II) and they also offer a free download and 30 days of access to the full, enterprise tools and features. After the 30 days, you will have the features reduced to the free version (500 Mbytes of data processed after the trial period ends, for instance). If you do a search online for "Splunk Fundamentals I", you will find the link to apply for the training.

In my next post, I will write about how I have merged the material in Steps 2 and 3, thus giving me practical knowledge, training, and experience.

Until then, cheers!

Tuesday, March 17, 2020

Career Trajectory: Some Thoughts

It's been a minute since my last post, so I thought I would throw some words on the screen and talk about something that recently came up on a forum I am a member of.

Knowing what I know now, here are a few things that I would like to present to you related to the topic of how to develop your career.  Before we get going, remember that these are my opinions and may not work for you.  As an old roommate said to me once, extract the knowledge and discard the rest.

One of the most important things that you can do for your career is simply taking stock of where you are right now in your career and knowing where you want to go.  All too many of the IT professionals that I know only have a vague idea, a notion if you will, of where they want their careers to go.  Most, if not all of them, say things like "I want a meaningful career", "I want more money", or "I have no idea!".  To me, none of them have a clue one where they are going or what they will be doing in the future.  Now don't get me wrong, it isn't because they aren't smart or are unmotivated.  I just think that they haven't taken the time to think things through.


 Here are a few simple steps to get you going down the right path, career-wise:

1.  You must take stock of where you are right now.  What technologies do you have experience with?  Rate them on a scale of one to three or use some other way to define your level of expertise.  Beginner, intermediate, expert.  Usually, I would say that you are a beginner with approximately one day to one year, intermediate would be one to two years, and expert would be anything above two years of experience.  In addition to that, what do you do with the tech?  Do you simply answer questions, do you install and configure it, or are you capable of architecting the solution for a customer who has never had it in their environment before?

2.  Next, you must do a little dreaming.  Where do you want to be?  The "where" could be the type of technology you would like to support, such as cloud, security, network engineering, you get the picture.  It could also be what industry you would like to break into, such as healthcare, defense, finance, etc.  Ultimately, you can't get to your destination if you don't know where you are and you can't reach your destination if you don't know what/where it is.

3.  Now comes the challenging part.  You need to develop the roadmap.  This is oftentimes referred to as gap analysis.  You need to bridge the gap between number 1 and number 2.  For instance, let's say you are a network engineer and you want to be a security analysis.  If you do a quick search on Glassdoor or Indeed for security analyst jobs, you will typically see education, experience, and certification requirements.  Use those requirements as the rough map you will further develop over time.  Taking that as our guide, lets say that CompTIA's Security+ comes up in most of the postings.  Well, now we know that we should focus on getting that certification.  If it was something else, then obviously we would pursue that certification, experience, or training requirement.

To sum things up, you need a roadmap.  As with any journey, there is rarely a straight line between origin and destination.  Additionally, there may be really cool things to see on the journey that interests you.  Because of that, you may find that you are not where you envisioned yourself being.  Another thing that I have seen is that when people get sidetracked and don't arrive just when they thought they should, they get depressed or down on themselves.  Whatever you do, DO NOT get discouraged.  All moments are learning moments, even when we struggle and move in directions we didn't foresee.

The fourth step isn't directly related to the first three steps, at least not on the surface.  The fourth step is to periodically reevaluate things.  So go back to step 1 and start over again.  It will refocus you and, more importantly, gives you a chance to see how far you've come.

Good luck and I hope and pray that your career trajectory takes you where your heart desires.





Friday, February 21, 2020

Some Pet Peeves (Softskills)

The other day I had the opportunity to watch an interaction between the IT department of a school and a student.  Let's just say, I wasn't too impressed.

First, let me be clear, the issue was resolved and quickly, too.  That isn't what I want to discuss here.  What I want to discuss is attitude.

So, attitude.  We do NOT need to provide our customers with bad attitudes.  Pleasant ones, yes.  But not bad ones.

We don't need to be:

1.  Rude
2.  Condescending
3.  Sexist
4.  Racist
5.  Exclusionary

Before anyone gets it wrong, I am not saying that we need to be "politically correct".  God knows I can't  maintain a proper level of PC to not make people uncomfortable.  As someone who "grew up" in the military, our dark sense of humor has a tendency to create its own set of awkward interactions.

That aside, being a decent human being is what we should strive to be when we are dealing directly with our customers.  Would you want your <fill in the blanks>(Mom, wife, daughter, grandkid, best friend, next door neighbor)</fill in the blanks> to have the same interaction with another IT professional that you just put someone else through?  If your answer is no, then you have some work to do.

What you might not know:

1.  Your customer probably doesn't know what is going on with their computer.  That doesn't mean they are stupid.  It means that they have not developed the vocabulary necessary to talk to you on your level.  I am willing to bet, in most cases, that you have been raised in an environment where you have the same type of vocabulary that your customers have.  Hmmm...common ground.  Interesting.

2.  Your customer is probably pretty apprehensive about talking to you.  No, you don't really intimidate them, per se, but they don't want to look stupid when talking to you.  Don't forget how powerful anxiety can be in shaping the interaction.  That may make them look rude.  So be kind and patient with them.

3.  The kinder you are to your customers, on a consistent basis, the kinder they will be with you.  You get what you give.  Put them at ease, fix the problem, and see how appreciative your customers will be. That will make you a part of the team and not a necessary evil to be endured.

4.  Learn how to communicate in a way that is neither condescending (overly simplified) nor too complicated.  Ask questions in order to gauge the knowledge/experience level that your customers have.  Then talk to that level.  See yourself as a guide or a teacher and not just a technical guru that must be put up with.

Just some thoughts to, hopefully, make us all better.  Some things, too, that I still have to work on, myself.

Cheers

Warning: A Bit About These Blogs

Hello!  I am writing this blog post so that we can set a few ground rules, so to speak.

While I don't anticipate a lot of people reading this blog, I want to make sure that people who do read it know the "why" of the blog.

Most of my posts are going to be relatively short.  A page or two per post is the intent so that people can quickly read the posts. 

My posts will contain what I consider humor.  You might not consider it humor.  That is okay.  I have nothing but dad jokes in real life, so there is that.

Right now I am writing posts that deal with breaking into IT or IT security.  In the future this blog will dive into more technical topics, like setting up a home lab.

I will also be talking about different resources that we can use to advance our careers.  I am very curious, so I might suddenly swerve a little into other platforms or topics, but they will all be related to technology.

I want to share what I know, what I discover, and do it in a way that is easy to read and easily assimilated by the reader.  Getting into IT isn't hard, if you are in IT.  Technology isn't hard, if you are into technology. 

With that being said, I hope this blog gives you a roadmap that you can use to become the IT professional, regardless of the tech or title, that you desire to become.

The Cover Letter (of Doom!)

Cover letters.  A cherished part of our IT job hunting experience.  Has anyone else found it confusing, cover letters?  No?  Just me.  Okay.

I am sure that most people who read blogs like mine will agree that cover letters are not exactly easy to write.  There are numerous questions that need to be answered before we even start writing it:

1.  Should I write a cover letter?

2.  What should I write in the cover letter?

3.  How many pages should my cover letter be?

Those three questions are the most common ones that I had asked of me, and which I have asked in the past, and there are no solid, concrete answers to any of them.  Why is that?  Well, simply put, it depends on the company and/or hiring manager.  Since it is, essentially, personal preference, that leaves us guessing most of the time.

Let's try to answer each of the three questions, in turn, remembering that these are just guide posts and not unbreakable rule.

1.  Should you write one...unless otherwise stated in the requisition, yes, include one.  Just do yourself a huge favor...use both a spell-checker (built-in to Word, Google Docs, etc) and a grammar checker (Grammarly has a great one that you can use for free).  Nothing, and I mean nothing, screams DO NOT HIRE ME more than simple to avoid spelling mistakes or really easily corrected grammatical errors going uncorrected.  Understand that a cover letter is a formal document, not an example of creative writing (unless you are looking for a job as a creative writer...in which case I question why you are here...this is about IT, after all).

2.  Most people will tell you that you want to introduce yourself formally (do not include personal details like age, marital status, number of kids, whether or not you like long walks on the beach, etc.) with the cover letter.  There will be parts of a job posting that you might not be able to put on your resume, such as an explanation about your home lab (which will be the topic of a future posting, so stay tuned) or how you solved a problem for a customer, etc.  You can, in essence, fill in the gaps that are present when you submit just a resume.  For instance, if you worked as a cashier at a store, you are not necessarily qualified to troubleshoot computers, right?  Wrong, but only if you had to troubleshoot an issue with the network connectivity of the point-of-sale machine and the payment processing servers. Since troubleshooting computers and cashier don't necessarily sound right on a resume, put them in the cover letter.

3.  As many pages as you need.  Remember this:  the cover letter introduces you and works in conjunction with your resume to present you as the best candidate for a job.  It fills in the gaping holes in experience that are almost always present.  Just remember that it should tell them what they need to know and nothing more.  After all, it's a letter, not a book.

Helpful bonus tips:

1.  If you are a hiring manager, please include in the job requisition whether you want a cover letter or not.  Please, please, do not say cover letter optional...that is too vague.

2.  If you are a job seeker, please write one for each application you send in.  If they don't want to read it, they won't.  If they do, and you don't include one, then you may needlessly end up at the bottom of the pile.  Not a good place to be when looking for the next opportunity.

I understand that writing cover letters that are tailored to the job are very, very time consuming projects, but it will pay off eventually.  Not to mention, just like resumes, you will find that you will reuse a large portion of the first cover letter with each additional cover letter you write.  For me, about 85% is going to be the same.

Until next time.

Sunday, February 16, 2020

IT Job Postings...Yeah!

A lot can be said about job postings and whether or not they represent the real world.  Well, kind reader, they do not.  Well, I guess I should say "not exactly".  Wait, what?

Here is the low-down on job postings...they are for the "perfect" candidate.  A candidate that does not exist.  Not in the past, not now, nor in the future.  It's as simple as that.  Why do employers cast such a wide net, then?  Easy, they want the largest pool of qualified candidates that they can get and they want the smallest one possible, as well.

I am sure that to many of us that sounds counter-intuitive.  They seem to want all and none, the perfect Schrodinger's job listing.  Think about it...if I create a job posting that sounds impossible to fill, then the weaker candidates will probably not apply.  Also, the strongest candidates will likely apply and I will get the cream of the crop to choose from.  Having spoken to many hiring managers, this approach isn't exactly "scientific", so some postings get the bottom of the barrel and others get the top choices.  It seems rather arbitrary.

Should we just give up, since the employer wants a perfect candidate, one who doesn't exist, and clearly we exist...right?  No.  Undeniably, no.  DO. NOT. GIVE. UP!

There, I said it.  Do not give up.  No, you (and I) are not the perfect candidate.  The employer knows that the perfect one doesn't exist and even if they did, the company doesn't have the budget for hiring you, oh perfect one.  And that is a good thing.  No, a GREAT thing!  As you can tell, this posting is going to have a lot of capitalized words in it.  Unless I lose interest in them.  Then all bets are off.

Let me put this out there and tie it into the previous post about educational endeavors:  job postings are a gold mine of information about the needs of the local job market.  They point out the technologies that are in high demand.  You can craft a personal development road map using those postings.  Just do me a favor, okay?  Do not just look for the technology that pays the best or is the latest buzzword bingo winner.  If you don't pursue something that interests you and that you are good at, you will get bored or won't be good enough and your performance on the job will suffer.  Depending on the market, you could easily end up closing more doors by doing that than you open.

By looking at the postings, you can see what the need is and if you are at the beginning of your career, or looking to change career trajectories, you can start looking at ways to become the most ideal candidate you can be.  In some ways, the clues are right there in front of your nose.  Unfortunately, just because you become cloud certified or a cyber-security guru doesn't mean that you have what it takes to be successful in landing the job.

So use the clues to develop yourself but also realize that there are other attributes that your employer is looking for, whether or not it is written down in the posting.  So do yourself a big favor and try to develop the following skills:

1.  Public speaking.  You can take a class at your local college or join a local Toastmasters International group.  While sometimes scary, once you conquer that fear you will see your stock rise in any company that you work for.  Not to mention, during interviews it isn't the smartest person but the one that communicates in a way that the company understands who gets the job.

2.  Writing.  While I am certainly no expert on proper writing, you will go far if you develop your writing skills.  Some of the top non-technical attributes that employers want include written as well as verbal communication skills.  No one wants to get an email from someone that is hard to read.  Use a service like Grammarly if you need it.  There is no shame at all in using available tools to assist you in creating clear communications with your coworkers.  In fact, most great managers, leaders, and coworkers likely use spell-checker, at the least.  Just be careful when using Google as your spell-checker...it gets a bit snarky when you misspell something (Did you mean..."I have no clue, Google!  Why are you judging ME?!"  Very definitely deflates your ego, Google does).

3.  Be kind.  We don't need more people in tech who are self-important ass clowns.  We have enough already.  If your customer comes to you with a problem, one of the most important things to keep in mind is that they will likely feel dumb because they can't fix the problem themselves.  That creates anxiety, which can really blowup in your face if you act superior or treat them like rebel scum.  Seriously, be gentle, be kind, and talk them through the problem without talking down to them.

4.  Be a team player.  Yes, we have our office in the basement.  No, no one else has an office down there (not even facilities maintenance).  Yes, we are isolated.  No, that doesn't give you permission to act as if the company revolves around your department.  We are here to support the success of the company we work for.  Learn a little about what the different departments do so that you can better understand why they might have a sense of urgency that you don't share.  Yes, being a team player can mean getting walked all over if you are too nice.  But honestly, if you let people know that you merely want to help them be successful at their job through the application of the technology that you are charged with maintaining, you will be seen differently (and that is usually a good thing).

Okay, that was a tangent that I didn't anticipate taking.  Now that that is over, let's get back to the regularly scheduled flow of information from my brain to this blog.

Aside from the fact that you can use job postings to help develop your training program, realize that since the ideal candidate doesn't exist YOU should apply anyway.  If they have hard requirements, which usually start with the word must, then you might want to consider applying for the job but don't be surprised to not get a call back.  Aside from that, though, I honestly think that most "ideal" candidates are the ones that don't meet all of the requirements but are:  teachable, inquisitive, and would work well with the team that we currently have in place.  As the saying goes:  you won't know if you don't ask.  Applying is the asking.  You just might be surprised by how often you get called back.

In the next blog posting we will talk about the dreaded cover letter.