So, I promised exciting news last post and then it dawned on me that it's only exciting to my family and I. Sorry for the letdown.
I started my new job on Monday the 27th. Not just any old new job, but a job with Trustwave's Spiderlabs. If you don't know who who or what Spiderlabs are, start with the company webpage, then look at all the DEFCON talks, whitepapers, blogs and everything else these guys are responsible for. They are the top Incident Response and Computer Forensics team in the country (my opinion of course) and I am absolutely stoked about joining them.
How on earth did I land a job with Trustwave?
For starters I have a lot of very relevant experience. I can walk into a server closet and discern what goes to what and why within a few minutes. This is important when every case situation is a total unknown.
I also went out of my way on my own dime to go to DEFCON and meet prospective employers. I shook a lot of hands, bought some drinks and asked some good questions. (see: networking)
I got certified earlier this year(see my earlier posts on studying for the GCFA) and started a forensics division at my former employer, business was just starting to build up when I got this offer.
Lastly, I may be the single luckiest person I know! Timing, luck and a personal relationship with one of their senior consultants all came together at just the right time and led to job interviews. The rest is now history.
So what's a new guy learn on his first 2 cases?
1) People are still making the same simple mistakes when it comes to System Administration and auditing. Plain and simple. If you open RDP, PCAnywhere or VNC up to the internet and leave a weak, default or blank password, consider yourself pwned!
2) Hackers are getting better and better at disguising malware as valid processes. I can't go into a lot of detail here but plain sight is still the best hiding place of all.
3) P.O.S. integrators are screwing their customers! This is not to say that there are not some good integrators out there, but seriously, you cannot just drop these systems into place and pay absolutely no attention to the basic security fundamentals. When you do, you wind up costing your customers tens and possibly hundreds of thousands of dollars in investigations and fines. Buck up! Put in a Netgear Prosafe for $85 and change those default passwords......or don't, I guess it's job security.
Thanks for following along.