Monday, November 21, 2011

Why Des Moines for InfoSec


About two weeks ago I started posting that my company was looking to fill a new position on my team. Since I feel this is a great opportunity for anyone interested in pursuing a challenging, and it means that my team can hopefully get an incredible team member, I thought I would promote the good things about the Des Moines Iowa area, and working for Principal Financial Group.

The job posting can be found here.

Why Des Moines?

I moved to the Des Moines are about 5 years ago from the Middle Tennessee area where I had lived for about 5 years, previous to that I had moved from almost 8 years of living in the KC area to the central Iowa area. I always liked the laid back, atmosphere of Central Iowa, but coming from KC I missed the excitement and opportunities that a larger city has to offer. When we moved back to the midwest from Tennessee, we were aiming for Kansas City, but I landed my first real IT job in Des Moines so we put down roots.

While it has taken me time to realize how much I actually love the area, and the potential that offers for a family, and building of a solid info sec career field, it has grown on me. One of the biggest hurdles I have been forced to over come is that this will NEVER be like Kansas City, Chicago or Nashville, and I am finally ok with that. What Des Moines has instead is the ability to become an incredible technology city for its size and location.

There are a lot of options available to the family moving to the Des Moines area to keep them entertained and engaged without the feeling of always being in a rush to get somewhere. Des Moines has an incredible farmers market, full of produce and goods from local merchants. This is home to numerous sports teams that feed into various professional clubs, such as the Chicago Cubs, Chicago Bulls, and Phoenix Suns. We also have Arena Football, Soccer and Hockey teams. We also have college teams in the Big 12, and the Big 10 nearby.. Including the team that gave Oklahoma State their first loss in 2011.. There are two major lakes nearby, Saylorville and Gray’s Lake that offer fishing, boating, trails and numerous other aquatic events. Des Moines is also home to the Science Center of Iowa with an IMAX Dome Theatre, Botanical Center, Living History Farms, and Adventerland Amusement Park. There is always something to do with two kids, or just a romantic night get away.

Live music in Des Moines ranges from small settings, outdoor festivals, to large arenas. We have a wide mixture of talent come through here every year; George Strait, Bob Seger, ACDC, Reba, Mercy Me, Wilco, David Allan Coe, Staind, Tech N9ne, Queensryche, Big Sean, Primus, Janet Jackson and many others. For festivals we have 80/35 Music Fest, LazerFest plus the State Fair Lineup.
Cost of living in the area has remained lower then Kansas City, Nashville and even the coastal cities. For example, I just filled up with Midtier fuel at $3.02/gallon, milk is running about $3.10/gal for 2%. Movie tickets are about $7/adult, large popcorn is $4.50, pop is $4.00.

For me, my career in infosec is tied to my passion of digital forensics, incident response, and malware analysis. I realize as of right now that this is going to be a difficult but not completely out of the question. To start with we have Iowa State University, offers the Information Assurance Center, which is one of the original 7 NSA certified centers of academic excellence in information assurance, they also host the IT Olympics, with is a CDC event for High School kids, and support the local community college CDC competitions. DMACC offers the Electronic Crime Institute which is a two year program for infosec which specializes in digital forensics. 

Des Moines is also home to multiple global companies; The Principal Financial Group, Wells Fargo, Nationwide, GuideOne, ING and many others. We have the largest percentage of employment in the Financial Activities, yes we have a smaller population, but we also have A LOT of financial companies. Since we are an agriculture state we also have a booming bioscience industry that needs protection. There are plenty of Federal Government jobs in the area, such as the USDA Labs in Ames, The Iowa Forensic Labs in Ankeny, and there is an FBI Fusion Center in Des Moines. We also have Silicon Prairie that helps showcase the technology startups that are forming out of the area known as Silicon 6th, not to mention the Technology and Research Incubators in the area. 

With the need of a robust information security industry needed in the area I am surprised that an established company has not chosen to open a location in the area. I can think of a half dozen that based on their philosophy, vertical markets, and professionalism would make a great addition to the financial and agribusiness sector in central Iowa. We also have the talent capable of supporting the development of a solid Forensics and Incident Response company in the area.

Of course there are some drawbacks when it comes to Infosec. With the proximity of Kansas City, Chicago, and Minneapolis/St. Paul we are over looked by some of the cool conferences and events, would love to see a SANS, or a GFIRST conference make a stop here, but I do not see that happening. Technology User Groups are available, but attendance and support varies from meeting to meeting. I am in the process of working to remedy this, I have started to establish BSidesIowa for 2012, and looking at options to get more InfoSec traffic to come this way. I can’t do it alone, but if I do not attempt to start the fire it might not happen. We also are in the process of starting a hackerspace.

We also are not going to have everything a larger city has, but we are close enough that a weekend road trip is not out of the question. We have an international Airport that can get employees out to the coast quickly if needed. 

Don’t take my word for it, here are some other reviews of the place:

Why Should I work at Principal?

I have worked a wide range of careers and companies since I graduated from High School. These have ranged from digging trenches and laying drainage tiles, manager of arcades, lighting and sound production for a theatre in Nashville, to my current path of an Info Sec specialist. I have worked with enough companies to see the good and the bad, and what I expect as an employee.

When I started at Principal it was pre-housing market bubble crash, financial bailout and increased unemployment. Principal tries very hard to be transparent to its employees, making sure we understand the motivators of Senior Management and the decisions that impact the employees. They might not always make the easiest choices, and people will complain, but I feel that over all the management team here does an outstanding job.

When I first started at Principal, we had perks such as Free Drinks Monday, Family Fun Packs, Christmas Gifts and a few other minor ones that have phased out due to the economy. Out of everything that we have lost I think I miss the Family fun Packs the most. These packs gave employees options of how to do something with their family, this could be Tickets to the State Fair, Adventureland Amusement Park, Iowa Cubs Game, Show at the Civic Center, or a few other options.

Looking back at some of the quarterly department meetings, and yearly reports it appears that Principal was anticipating the impact of a financial crisis and worked to shore up its investments to minimize the impact of the fall out. We still lost a few employees due to lay offs, but there were other levers that were pulled to maintain a solid workforce without severely impacting the employees. We all gained more responsibilities, streamlined processes and hunkered down.

For the last two years Principal has taken steps to bring back perks to the employees, reward us for our sacrifices and actually listen and act on our yearly employee opinion surveys. The management team usually looks at 2 or 3 pain points identified in these surveys and works on improving them over the next year. They also announce to employees what these pain points are and attempt to solicit ideas to improve them. Principal is also big on personal development, but it really depends on how important development is to your direct leader on how much external development you might be able to receive. Usually in late spring or early summer Principal hosts Development Weeks where they bring both external and internal speakers in to help develop the employees. Topics cover time management, stress mitigation, talks with Senior Management, and a myriad of other topics that change year to year.

For external development, Principal offers tuition reimbursement, and in the case of my team we try to send one or two people out for major training (SANS, EC-Council, Linux) every year. I was given time off last year to attend GFIRST, and utilized training for my attendance at BSIDESKC. My leader is also very accommodating with my hectic class schedule.

My Team
For lack of a better word, we are awesome.

In reality this is a team that has been through a lot of development, set backs and growth in the last 3 years. This is the strongest I have seen us as a team, and I know that we will only get stronger.
The team that I am on is a great group of guys, we have a myriad of talents and skill sets that we bring to the table, we have finally started to get a good working groove since we acquired a new leader about 2 years ago. With him being very technical and knowledgeable about the threats and risks we are facing has allowed us more visibility to the CISO and upper management, allowed a more security focus direction when dealing with the business unit, and getting our team the training we need. He has allowed us to excel and take risks, knowing that he supports us in our choices. Of course he also expects us to have researched and tested the options before us before we make a choice and run with it. The team is made up of fathers, farmers, firefighters, recent college graduates, hackers, defenders, technical gurus, soon to be empty nesters, beer snobs, and many other traits that have meshed very well.

Don’t take my word for the company; here is what others are saying:

As you can see Des Moines and The Principal have a great opportunity for those willing to relocate and take a chance. It might take a little bit to get used to the laid back atmosphere and incredible corn fed beef, pork, and turkey. Or the incredible hunt for deer, duck, geese in the area. Given time this area will grow on you, you will learn to love the laid back atmosphere, the wonderful opportunities, and the ability to experience all 4 seasons... some times those seasons all might hit within the same 48 hours... 

If you have any questions feel free to ask. 

We have something for everyone, below is a list of everything we offer. That is just the tip of the iceberg.

  • Sporting options
    • Chicago Cubs Minor League Team
    • Iowa Energy (NBA Development League for Bulls and Suns)
    • Iowa Barnstormers (Arena Football)
    • Buccaneers (United States Hockey League)
    • Menace (Soccer Team)
    • Drake Relays (track and field)
    • Principal Charity Classic (golf)
    • Hy-Vee Triathlon (Olympic qualifier)
    • Des Moines Marathon
    • Ragbria - Cross State Bike Ride
    • Live Horse Racing
  • Culture
    • Civic Center of Greater Des Moines
    • Temple of Performing Arts
    • Des Moines Playhouse
    • Des MOines Metro Opera
    • Ballet Des Moines
    • Des Moines Symphony
    • Jazz in July
    • Wells Fargo Arena
    • Multiple smaller venues
    • Simon Estes Riverfront Amphitheater
    • Des Moines Art Center
    • Pappajohn Sculpture Park
  • Attractions
    • Des Moines Botanical Center
    • Science Center of Iowa
    • IMAX Dome
    • Blank Park Zoo
    • Great Ape Trust
    • Adventureland Park (Amusement/waterpark)
    • Living History Farms
  • Festivals and Events
    • Iowa State Fair
    • 80/35 Music Festival
    • World Food Festival
    • Farmers Market
  • Trasportation
    • Enclosed Skywalks
      • Over 4 miles
      • one of the largest in the US
    • Crossroads of 2 Interstates 
      • I-80 (East/West Omaha-Chicago)
      • I-35 (North/South Kansas City-Minneapolis)
    • Public Bus System
    • Greyhound, Jefferson Lines, and MegaBus
    • Amtrak Station 40mi south
    • International Airport
  • Education
    • Main Campuses
      • Drake University
      • Grand View University
    • Other Facilities
      • Simpson College
      • William Penn
      • Upper Iowa
    • Other Institutions
      • Des Moines University
      • Iowa State University (Ames, IA)
      • University of Iowa (Iowa City, IA)
      • DMACC
  • Parks and Recreation
    • Principal Riverwalk
    • Brenton Skating Plaza (Outdoor Ice Skating by the river)
    • Gray's Lake (Massive lake near Downtown)
    • Jester Park (Horse Back Riding)
    • Saylorville Lake

Friday, November 18, 2011

My Perfect Forensic Curriculum


It was asked at Mid-terms what we thought of our Forensics Class, and what we would change. Digital Forensics is my passion, and I had A LOT of ideas. At the time I kept quiet because I was considering the question. I have decided to post this as a blog, to allow some discussion and communication on the topic.

This is the description of the class:
Fundamentals of computer and network forensics, forensic duplication and analysis, network surveillance, intrusion detection and response, incident response, anonymity and pseudonymity, privacy-protection techniques, cyber law, computer security policies and guidelines, court testimony and report writing, and case studies. Emphasis on hands-on experiments.

While the overall description sounds like a great class, in reality there is so much information being delivered that there is really no depth what we learn. Keep this in mind, this idea is a long term development, will require funding, and dedication to make this happen. I feel that if you want to be the best in the country providing this education, then you have to make the commitment to decimate the competition.


Intro to Forensics: (Undergrad)
Basically you want the students to leave this class with a solid understanding of the history of forensics, investigation process, and a well-rounded foundation for pursuing the investigation.


Windows Forensics: (Undergrad/grad)
Basically you take this book, and you spend 16 weeks going through it. Reinforce what they are learning in class with labs. First few weeks of class they create an image of a PC, and then utilize various tools through the semester to analyze it. You also have a few live machines that you can do live analysis on. You teach the students the ins and outs of Windows OS, the quirks, the pain points, and the tools to utilize.

Linux Forensics (Undergrad/Grad)
Basically you take this book, and you spend 16 weeks going through it. Reinforce what they are learning in class with labs. First few weeks of class they create an image of a PC, and then utilize various tools through the semester to analyze it. You also have a few live machines that you can do live analysis on.


Mac Forensics (Undergrad/Grad)
Basically you take this book, and you spend 16 weeks going through it. Reinforce what they are learning in class with labs. First few weeks of class they create an image of a PC, and then utilize various tools through the semester to analyze it. You also have a few live machines that you can do live analysis on.


Network Forensics (Grad)
This class is to find an attacker footprint on the network. They will learn to analyze from switches, IDS, Net Flow, pack capturing. They will learn to find Covert Channels, carving logs and packet captures, and correlating traffic and artifacts to find the evidence.


Mobile Forensics (Grad)
This class will teach the student how to forensically investigate mobile devices. Students will learn the process of investigating and handling various mobile devices and the information that is stored withing various artifacts that can be recovered.


Advanced Forensics (Grad)
This class would delve deeper into forensic analysis, techniques used for Anti-Forensics, stenography, etc . It could also be used to define research goals for improving forensics capabilities and solutions. 

This should give the student a dedicated and more complete understanding then just cramming everything into a single 16 week brain dump course. This also requires a facility and resources to accomplish this goal. You will need to recruit the some of the Digital Forensics power players to refine and establish a solid baseline. You will need to have two or three professors who are dedicated to Forensics to teach and develop the curriculum and take the time to invest in training.

If this is done right, you can help fund the curriculum by utilizing the services of the program for the following:
·         Conducting Digital Forensics
·         Provide Training for practitioners
       Data Recovery services
      Technology Transfer of tools researched and developed by University.

  

Thursday, November 10, 2011

Everything I know about InfoSec is reinforced in Modern Warfare 3


I picked up Modern Warfare 3 (MW3) the day it came out, one of the only first person shooters I play. While playing online against other gamers I realized a lot of the strategies and philosophies I use in my day job protecting the network from evil. These strategies are even more relevant when I am playing such game modes as Domination and Capture the Flag.

Rule 1 – Do not be afraid to utilize different tools to get the job done.
In MW3 you have plenty of equipment at your disposal, they all provide different tools to get the job done, and excel at different strategies and requirements. With practice you are able to customize your favorite equipment to make them more robust and feature rich. In InfoSec we are taught to utilize some core tools to secure out network. As we gain more experience with the tools we learn the various capabilities that advanced users can comfortably access, as well as coming across new tools that provide a richer tool set to accomplish different needs in the tasks we are assigned.

Rule 2 – Your team is only as strong as your weakest link
In MW3 you might be the best player in the game, but you learn quickly if you cannot win the game by yourself, there are too many variables that are stacked against you. If you want to succeed in the team games you have to work together as a team, and you have to support your weakest link. Just like in InfoSec, you could be the rock star InfoSec guru in the company, but if you attempt to secure everything by yourself, you are going to lose. To protect the network you have to rely on your team and their strengths, those with known weakness need to have helped to improve their skills, while utilizing their strengths to help secure the objectives.

Rule 3 – Maps are different, they have unique qualities, so does each network
In MW3 every map is slightly different and provides different quirks for the players to adapt to. Some maps are wide open with plenty of sight lines while others are packed tightly together, multiple choke points and limited sight lines. The same is true with the networks we are set to defend. Some networks are very distributed and allow everything to pass through; some are tightly controlled with multiple choke points to secure against attacks, while others are small, tightly packed with very limited sight lines to actually see what is travelling in them. Just like the maps in MW3 you must learn the quirks of your network if you want to win.

Rule 4 – You are pwned if you will not adapt to the environment or the attack
In MW3 the likelihood that you will encounter the same environment or attack is very rare. You will end up losing. You must be able to adapt to strategies against you in order to defend or attack the objectives if you want to win. Just like in the InfoSec world, it is very unlikely that you will encounter the same attack vector or environmental variables for every attack. Your strategies must be able to be adapted dynamically to these variables or you will be pwned.

Rule 5 – To survive you must be willing to continue learning
In MW3 it is true the younger players have better hand eye coordination in playing these games, they also usually have more time to play, But I have seen older players play very efficiently against them. In the InfoSec world we are constantly being forced to learn new skills, technologies and attack vectors. If we are not willing to continue to learn than we quickly will become obsolete and increase the risk to the network we are tasked to defend.

Rule 6 – It is ok to specialize in a role
In MW3 every player has a preferred play style, this can be the run and guns kill everything that moves, to the camping sniper who is dropping targets with pinpoint efficiency. In the InfoSec world it is ok to specialize in a few areas and remove yourself from the generalist pool. Keep in mind doing that run the risk of closing some advancement doors, but will allow you to concentrate on the technologies or threats that interests you the most. You can be the guru that specializes in pentest and exploiting webapps, or you can be the guy that is the sniper forensicator* on your team that can pinpoint the data required.  (*word taken from Chris Pogue, Sniper Forensics series)

Rule 7 – It is ok to admit when you have no clue what you are doing, and ask for help
In MW3 this is one of the hardest things I have seen, it is usually by people not afraid of failure. When I first started playing 1st person shooters I was a spray and pray shooter, I mentioned in one game I have no clue what I was doing and some youngster took me to a closed match and walked me through some basic strategies. In InfoSec there is going to be a time when you realize that while you are interested in something you have no clue what you are doing. You can muddle through the tasks and pray that you are doing it right, or can ask for help and learn the skills necessary for success. Hopefully when you ask for help someone will be there to provide assistance.

Rule 8 – If you are not enjoying the action it’s time to change it or move on
In MW3 there will be a time that you are no longer enjoying the session. This can be because the team you are on is not cohesive and refusing to work as a team or the strategies involved just are not working. When this is the case it’s time to find a different session, attempt to get the mentality changed or leave for a few days. The same can be said in the InfoSec world. If you are not happy with your current situation you need take stock of the environment and decide if it is something that you can change and want to within the organization, if you would be happier in another job on another team, or if it has just been a rough few days and you need to take some time away to recharge. In the end a game or work should be something you enjoy more then you hate.

Rule 9 – Regardless how good you think you are, some hotshot punk will come in and pwn you.
In MW3 I keep finding out how good I thought I was is not really as good as the other players in the game. I am a casual gamer, my k/d ratio is horrible, but I have fun and I try my best. I have learned that I am no match for the younger generation when it comes to these games. In the InfoSec world I have learned that there is always someone better than me out there. Someday there will be some hotshot kid come into my environment and show me up, I can either be angry and bent out of shape or I can admit that they are better, and learn from them.

Rule 10 – Sometimes you are going to just have a bad day, just don’t take it personally
In MW3 some days regardless how well you normally play nothing will be going right for you. You will be doing great if you actually have a positive k/d ratio. In the InfoSec you will have those days too. You will do everything you can to keep things working and running smooth, but something will come up and smack you around. It is going to be hard on those days to keep things in perspective, but if you don’t you will get burnt out quicker and not enjoy your job. I have not met anyone in InfoSec that got into this field because they hate it, just like I have not met anyone online in MW3 that started playing because they hate it. If you are having an off day, take a few steps back, adapt to the issue and work to resolve it.
                
BTW before I forget again.. if you want to match up and help educate me.. XBOX gamer tag is Thrall Rasp