Saturday, October 2, 2010

SANS Network Security 2010

I had the pleasure of being Rob Lee’s Teaching Assistant for Computer Forensics Essentials (AKA FOR408) last week at SANS Network Security 2010 in Las Vegas.  It was more than a surreal experience for me.   About six years ago I took my first SANS class taught by Ed Skoudis. Ed showed how great information security training could be when you match a fantastic instructor with great material. I’ve been a SANS fan ever since.   Part of what made it a surrealistic week was that the event was held at Caesars Palace in Las Vegas.  Factor in a high level of excitement on my part, minimal sleep, the almost cartoon like Vegas surroundings and interacting with all of the great SANS instructors, students, and staff and it’s quite a difference from my normal work week.

One of the nice things about being on the instruction staff, even just as a TA, is access to the speaker’s ready room where the instructors eat breakfast and lunch together.  I essentially got to act as a fly on the way watching how the instructors abused interacted with each other.  They clearly spend a lot of time together during the year at these conferences and outside of them and have a high sense of camaraderie.   Being able to hear what people like Stephen Northcutt, Lenny Zeltzer, Ed Skoudis, Mike Poor, Kevin Johnson and the rest talk about when they’re together was worth the trip alone. I was finally able to meet Lenny Zeltzer, Hal Pomeranz, and Kevin Johnson in person for the first time and enjoyed their company immensely.

If you’re at a SANS conference or any other venue where Kevin Johnson is speaking, I highly encourage you to attend one of his “Social Zombie” presentations.  Kevin is not only a very sharp fellow, but it’s more than a little bit of a showman.  His material is excellent and he’s an innovator when it comes to the convergence of social networking and penetration testing.   I enjoyed not only the content of the presentation, but watching how Kevin works a room. He provides a very high energy presentation and is almost constantly in motion when he’s talking.  The audience was very engaged with his presentation because of how well he can connect with a large group of people.

I also finally got to meet Scott Moulton in person.  His hard drive repair class was in the room next to where Rob was teaching FOR408.  Scott’s class is nothing short of awesome.  He brings an amazing amount of equipment with him and it looks like an outrageous amount of fun.  If you were were the kid who liked to take things apart just to see how they worked, this would be the class for you.  I saw legions of hard drives in various states of assembly and watched at least one student trying to solder his way into bringing a drive back to life.  The class room looked like a hard drive civil war had occurred there.  It was hard drive Gettysburg.

Being a Teacher’s Assistant  for Rob was a great experience.  We had around 50 students in the class and I enjoyed helping Rob introduce them to the world of digital forensics.  I was surprised by how many of the students were new to digital forensics.  One of the things I found most fulfilling  was being able to share my own experiences learning digital forensics with the students.  It was a long time ago that I started on this path myself and it quite a bit of fun watching people start on the same path with so much enthusiasm.  We even had a student destroy their first hard drive (complete with “magic smoke”) while trying to image it. I felt like a proud father watching his son score his first touchdown. If you do digital forensics long enough, you’re going to kill your fair share of hard drives.  Imaging can be really rough on a drive and if you have one that is already on death’s door knocking loudly, the imaging process is more than capable of opening the door.  Now that I think about it, we should have rushed it next door to Scott’s class…

Coming Soon

The interview with Richard Bejtlich was very well received and I’m grateful for all of the positive comments that were sent in response.  One of the positive things that came out of the interview is that I have been approached by several really high caliber people who liked the interview and who I will be using as future interview subjects.