Tuesday, August 16, 2022

Recovering Luddite?

Growing up Mennonite in Lancaster County with no computer, and no television, only to become a Digital Forensic Analyst and Incident Response Specialist living in New York City, has been quite a journey. My friends tell me the uniqueness of my life requires a blog, but I tell them, I haven't changed much, really.

Personal blog, nothing on here represents my employer.

My People Are Hackers

As I reflect on my week in Vegas for Hacker Summer Camp 2022, I had several takeaways from Christopher Krebs' engaging keynote address. One which stood out was, "Find your people", nurture those relationships, mentor, and give back when you can (I’m paraphrasing).

Well, my people are hackers. We’re good people who break stuff, build stuff, and we leave things better than we found them, (a personal family motto that I have been telling my daughters for years).

I am overwhelmed with gratitude to have been able to gather this past week with so many of my people. Some of us only met in spirit as we passed like ships in the night due to insane schedules where (guilty as charged) we tried to make up for two years of not attending in-person. Additionally, there were others that I had never met before, who have become new friends. Regardless of which “bucket” you fit in, I thank you for your relationship with me. I hope I can live up to Chris’ words, and nurture you, encourage you, be an ear for you, and give back when I can.

I have some big plans for the near future, which I cannot yet divulge, but if you too are a hacker, stay tuned because you will NOT want to miss what I'm cooking up. It won’t happen for several more weeks, so enjoy the rest of your summer, then get ready to strap yourself in, very close to your computer, because we’re gonna have some fun together, and that’s all I can say for now!

To everyone I interfaced with this past week, in one way or another, including but not limited to the following, may we be sustained by our time together, until we meet again:

Tarik Abdel, Danny Akacki, Rui Ataide, Corey J. Ball, Paul Battista, Samantha Isabelle Beaumont, Jay Bhalodia, Jaime Blasco, Chris Camacho, Mickey Cecil, Patrick Chapman, Ray Davidson, PhD, Michael Francess, Bilal Green, Jeremiah Grossman, Juan Andres Guerrero-Saade, John Hammond, William Harris, Tom Hegel, Nick Hensley, CISSP, Dave Herrald, Christofer Hoff, Kyle Kephart, Sandy Lindsey, 🛡️Alyssa Miller, Albert Mimo, Kevin Perlow, Joseph Rivela, Lynn Schifano, 🤖 Shelby Shum, Michael Sinno, Ed Skoudis, Jack Smith, Jennifer Sunshine Steffens, John Stoner, Joshua Sutfin, Tristin Tharp, Ted Theisen, James Turner.

Wednesday, July 27, 2022

Finding Your Voice

“Miracles happen when you believe in yourself enough to let go.” -credit Debra Sperling.

Many of us in InfoSec and DFIR are content creators. Perhaps you aspire to have your own Information Security YouTube, Twitch, or podcast channel like John Hammond or Black Hills Information Security. Or, maybe you strive to hone your speaking skills in front of an audience.

Some of you may know that I had a whole other career as a television executive before I broke into tech. One of the many responsibilities I held in the entertainment world was receiving copy from local TV stations (and often tweaking it), then directing the stars of #1-rated shows, helping them to make that copy read like it was their own.

If you want to engage with your audience on a whole new level, Debra Sperling’s class is for you! “You are the only authentic YOU there will ever be” - Debra... so why wouldn’t you get to know that person a little bit better?!

I have had the privilege of attending two of Frank Verderosa's free, “Meet a Coach!” events with Debra Sperling - Authenticity in Voiceover. The concepts I learned from those brief sessions were invaluable, and far exceeded in worth, the cost of her full workshop. Debra is an absolute champion, in a highly competitive field, and I believe that a lot of that is due to her mindset. Don’t get me wrong, she’s got wicked talent, but I believe it's her attitude that sets her apart. A session with her is like spending time with your own personal motivational speaker!

CyberSecurity is a vast and expansive field. Some of us are team-leads or aspiring leaders, while others in our field find ourselves behind the curtain, and perhaps prefer that. If you're a manager, are you a leader? Do you raise-up those individuals whom report into you? And do you see each one of them individually as their own unique person, understanding that one style or approach might not fit everyone on the team? Do you take into consideration every challenge that makes each of us fearfully and wonderfully made? I felt like all of those concepts were unintended take-aways from my time spent with Debra (and Frank), just by observing how they treated (and coached) others during their Webcast. Each of them are at the top-tier in their field, yet truly care about sharing what they’ve learned about their craft with others. Debra shared skills which translated into any line of work. For example, she used a scenario from her world of how one can choose to complain about “mountains of auditions to get through” vs. “wow, look at how blessed I am to have all of these auditions while others are struggling just to get one”.

I encourage everyone who seeks to be a better speaker/creator, to take Debra's "Authenticity in Voiceover" class! It’s a 3-hour, affordable coaching class, in which you’ll learn a ton about yourself, and how to capture any audience.

Wednesday, December 8, 2021


Earlier this year I updated my paper entitled, "IR A-Z" for a talk that I was giving at the Magnet Forensics Summit, so I wanted to put its new link here. Enjoy! https://bit.ly/31JHGoF

Thursday, November 18, 2021

Book Review

What was your high school experience like? For me, high school was a struggle. Not because of the material, I was a top student...but the spring of my junior year, it was period two, and I was sitting in my English Literature class when there was a knock on the door. It was my brother and his wife, and I knew why they were there. My father was in the hospital, and had been in a coma for ten days.  Losing my dad tore me apart, and the next several years were the most difficult of my life.

High school counselors can play a critical, and pivotal, role in a student’s life, and we know that our youth are the future, so we need to invest heavily in them.  If you know someone in the education sector, do them a favor and get them a copy of this book. It’s a great stocking-stuffer by a fantastic counselor who just happens to be my mother-in-law, Nancy Regas. 


Sunday, May 2, 2021

InfoSec101 CheatSheet

So, you’re new to InfoSec you say?  How can I help?  Below are a few resources that I just put together for one of my mentee’s.  I offer a bunch of InfoSec links over at my DFIRLinks site: https://dfirlinks.blogspot.com.  The formatting on the blog is a bit wonky, so if you want this cheatsheet as a PDF, go here:  https://bit.ly/InfoSec101.

Jason Blanchard:
-Jason is amazing.  He runs a twice-weekly job search meet-up.  Jason works for one of the leading Cyber Security firms called Black Hills InfoSec (BHIS), owned by an industry luminary, John Strand. 

Tuesday Nights: 7-9pm ET 
Friday Afternoons: 1-3pm ET 

-Jason's job meet-up group meets over Twitch, once or twice each week.  It covers job hunting tactics and techniques, resume and interview tips, and much more.  People looking to fill open positions sometimes attend, and even recruiters have been known to attend because it’s so popular with strong candidates: https://www.twitch.tv/banjocrashland.

-Jason has archived some of the meet-ups on the BHIS YouTube channel: https://www.youtube.com/c/BlackHillsInformationSecurity/videos, and they are also on his Twitch channel: https://www.twitch.tv/banjocrashland/videos

-Jason's online handle is @BanjoCrashLand: 
"We're doing a 5-part extended series on each one of the aspects of the job hunt. 
52+ viewers have landed new jobs so far since March 2020."
Black Hills InfoSec (BHIS): 
BHIS runs weekly Cyber Security WebCasts which they often record and post afterward.  I try to never miss them!  They also offer discounted (pay what you can) training: 

Be sure to follow them on Twitter: https://twitter.com/BHinfoSecurity.

They also have an active Discord server: https://discord.gg/4mJ7Hf7W.

-Here’s an example of their “Pay what you can” training: 

Wild West Hackin’ Fest: 
Wild West Hackin’ Fest is a Cyber Security conference by the folks at BHIS: 

-Here's an example WebCast from BHIS: The Dirty Truth Behind Breaking into Cybersecurity: 

Be sure to follow them on Twitter: https://twitter.com/WWHackinFest
They also have an active Discord server: https://discord.gg/wwhf.

Active Counter Measures (ACM):
John Strand of BHIS also runs: Active Counter Measures: https://www.activecountermeasures.com
-ACM often runs free Threat Hunting classes: https://www.activecountermeasures.com/events

Be sure to follow them on Twitter: https://twitter.com/ActiveCmeasures

They also have an active Discord server: https://discord.com/invite/2JjfB7E

Dave Kennedy/TrustedSec/Binary Defense: 
Dave Kennedy runs two companies (Trusted Sec and Binary Defense), and he has been known to “tweet” when they are hiring (often Junior level): 
"My favorite thing this year is we are opening up our junior program. To get new folks to INFOSEC trained up and into the field. Where best to learn!? #TrustedSec We are crazy hiring over at #TrustedSec and #BinaryDefense with more jobs being posted in the next few days. Have to shape our future, and more than pumped to have new folks coming into the industry." 

Be sure to follow them on Twitter: https://twitter.com/HackingDave

They also have an active Discord server: https://discord.gg/trustedsec

SANS Institute: 
Great courses as well as many free offerings: https://www.sans.org/free

Check out their “New-to-Cyber Field Manal”: 

Train up!  CTF’s: 
I offer a bunch of links to CTF’s and training video’s: https://dfirlinks.blogspot.com, below is a sample: 
(1) Watch Ed's CTF talk which begins about 17.5 mins in: 
(5) Smash the Stack: http://smashthestack.org 
(6) picoCTF: https://picoctf.com 
(7) WarGames (Bandit is recommended): https://overthewire.org/wargames 
(8) Daily CTF, just one challenge per day: https://nw3.ctfd.io/challenges 
(17) Hack the Box (free account works fine): https://www.hackthebox.eu 
(19) Cyber Defenders: https://cyberdefenders.org/labs 
(20) Try Hack Me: https://tryhackme.com

I can count on one hand the recruiters whom I respect, and that’s as nice as I can put it; sorry, not sorry - been burned one too many times.  That being said, I do have two fantastic recruiters whom I can highly recommend:

Katie Owston 
Email: katie.owston@glocomms.com 

John Terkovich 
Email: John@TerkoTech.com

Sunday, August 30, 2020


Finally! Successfully got the SANSInstitute PhilHagen SOF-ELK up and running in VirtualBox!  I struggled a bit with what others in #DFIR seemed to do with ease, so I created a CheatSheet I'm sharing in the off-chance it could lessen someone else's pain!  http://bit.ly/SOFELK