A former coworker contacted me last week. He’d been employed in the same place for the last 16 or 17 years and he couldn’t remember how to look for a job. Who better to ask than a guy who’s changed jobs 9 times in the same timeframe? One obvious question to ask regards job hunting on your own vs. using a recruiter.
In fairness to myself, government contracting causes a lot of job-hopping. And in fairness to him, the game’s changed a lot since the last time he had to play. IT Recruiters existed back then, but back then when you wanted a new job, you found it yourself.
I still use both methods.
Continue reading Job hunting on your own vs. using a recruiter
I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
Continue reading Recommended DD-WRT settings
Whether you’re a sysadmin, an analyst, or use a computer for something else professionally–even if you’re not a database administrator or developer–SQL is a useful skill to know. I’ve gotten by for 20 years without knowing much more SQL other than simple SELECT statements, but those days are rapidly winding down–if I want to be good at my current job, I’m going to have to take some time to learn SQL. If you’re in the same boat, here are some resources for learning SQL.
Here are two resources:
SQL is the underlying language behind Oracle, Microsoft SQL, MySQL, PostgresSQL, and probably a few other databases I’m forgetting. If you’re doing something beyond Microsoft Access, it’s probably using some kind of SQL. Each implementation has its own quirks but the basics remain the same between all of them.
The most infamous Microsoft patch of all time, in security circles at least, is MS08-067. As the name suggests, it was the 67th security update that Microsoft released in 2008. Less obviously, it fixed a huge problem in a file called netapi32.dll. Of course, 2008 was a long time ago in computing circles, but not far enough. I still hear stories about production servers that are missing MS08-067.
Last week, Microsoft took a look back at MS08-067, sharing some of its own war stories, including how they uncovered the vulnerability, developed a fix, and deployed it quickly. It’s unclear who besides Microsoft knew about the problem at the time, but one must assume others were aware of it and using it. They certainly were after the fall of 2008.
Continue reading Microsoft looks back at MS08-067
The GCHQ is the British equivalent of the NSA. They recently published a new document containing the GCHQ’s new advice on handling passwords in light of the things we’ve learned in the last few years. It’s worthwhile reading, whether you’re a sysadmin or a web developer or just an end user who wants to stay secure online.
Some of the advice may be surprising.
Continue reading The GCHQ’s new advice on handling passwords
If you need gigabit ports for your home server or router project and you’re short on available expansion slots, I have just the thing. Home sysadmins have known for a while that you can get cheap PCI-X Intel NICs and run them in PCI mode, but you may not know that you can find the very same thing by searching Ebay for HP 7170 and it’s usually cheaper. It’s not rare to find them for $7, shipped.
Continue reading Need a good, cheap dual gigabit NIC? I have just the thing.
At a recent job interview, the CISO asked me a really good question that I wish more people would ask.
He asked me how I conduct myself as a security professional when dealing with the rest of IT.
Continue reading How do you conduct yourself as a security professional?
I found a story earlier this year about Vox’s decision to dust off, slightly update, and re-run old content as new.
The practice happens a lot more often than anyone realizes in the print world, especially magazines, and as Gigaom says, there are implications when doing this. The questions got me thinking, and in the case of blogging, I think there’s something to learn but the practice is probably unnecessary. Continue reading Vox dusts off old content, should the rest of us?
I got an innocent question last week. We’d been scanning an AIX server with Nexpose, a vulnerability scanner made by Rapid7, and ran into some issues. The system owner then asked a question: The server is behind a firewall and has no direct connection to the Internet and no data itself, it’s just a front-end to two other servers. Is there any reason to scan a server like that?
In my sysadmin days, I asked a similar question. Nobody could give me an answer that was any better than “because reasons.” So I’ll answer the question and give the reasons.
Continue reading Yes, we need to run vulnerability scans inside the firewall
So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.
The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Continue reading How to become an Info Assurance Analyst