Category Archives: Education

Open FAIR Exam Quick Follow-Up

In my Passed the Open FAIR Exam post, I mentioned there were some issues with some of the questions on the exam not matching what I studied. Since I wrote the blog post, I printed and did quick reviews of the O-RA v2.0  and the O-RT v3.0.

The questions I remember struggling with did come from the newer versions of the Knowledge Body. So if you’re going to study for the Certification Exam, even though the Certification Page still lists the old documents, you’ll want to study the new standards.

Passed the Open FAIR Exam

Last year, I took the RiskLens FAIR training course to learn the FAIR-U software before teaching FAIR as the Risk Management part of the graduate-level Risk Management and Incident Response class I taught [*]. The course came with an Open FAIR certification exam voucher.







After passing the GOSI in June, I took a few weeks off and started then studying for the Open FAIR certification exam. My study material and method was:

Now there is a new version of both the O-RT and the O-RA that came out this year. But after asking the member team at the FAIR Institute if I should get the new versions in case the test changed, they said I should be okay using the older material.

After taking the exam about six weeks after asking that question, I think I should have studied the new versions, even though the other study material doesn’t appear updated yet. Some of the questions on the exam didn’t make sense, and  I suspect they reflected the change in the new versions of the O-RT and the O-RA. I need to check that, but I wanted a few days of downtime to read other things.

[*] I’m not teaching this term; part-time lectures are used to fill classes that the department doesn’t have Full or Part-Time professors (Ph.D.) for courses. The department has also been hiring more Ph. Ds the last few years, so there are more of them now, meaning they need fewer lectures. It also means I have more free time to work on personal things. While the job says part-time, I spent more time doing class-related administrative work than I did my Full-Time Day Job.

Passed the GOSI

As usual, I have a lot on my plate. So I don’t get to blog as much as I’d like. Then again, I haven’t had a cool project to work on for a while. Just going through skilling up on things. Back in March, I mentioned I took the SANS Security 487 course, Open Source (OSINT) Gathering and Analysis. For the last month or so, I’ve been studying for the exam.

So that’s a thing. Second SANS class taken, second GIAC exam passed. I’d share the embedded link, but it gives too much personal information away. So all that is here is the certification badge they provide.








Next up is going to be the Open FAIR certification. I went through the training on my own dime last year, and I’ve been slowly studying for that one since last year. I’m planning to schedule the test for mid-August.

For SANS/GIAC, next on my radar will probably be Sec 504 / GCIH.

After that, I’m still interested in the Python classes. Both Sec 573 Automating Information Security with Python and Sec 537 Practical Open-Source Intelligence (OSINT) Analysis and Automation.

They added a new one for OSINT, and I’m wondering how much overlap with the Automating OSINT by Justin Seitz there is.

I’m also interested in LEG52: Law of Data Security and Investigations and MGT512: Security Leadership Essentials for Managers. Both of those are for personal reasons. But in all the years I’ve been around the industry, I’ve only gotten to go two SANS classes, so it will probably take a while.

SANS Security 487

I recently took the SANS Security 487, Open-Source Intelligence (OSINT) Gathering and Analysis, course with Micah Hoffman. Now, I need to get started on the associated GIAC Open Source Intelligence (GOSI) exam prep.

When I put my training request in, my manager pointed out I could probably pass the exam without the course. Maybe my manager was right, but I like a good refresher course every once in a while.

Continue reading

Passed the GCTI

I know I haven’t posted much lately. Been busy, don’t have the time to research the cool things I want to, or read the books I want to.

I did recently pass the SANS For578 / GIAC GCTI exam back in June.

So that is a thing. First SANS Class taken, first GIAC exam passed. I’d share the embedded link, but it gives too much personal information away. So all that is here is the picture. 








I’m hoping to take the OSINT and Python classes in the not too distant future.

One of the differences between college and real life (bias in speaking)

Last talk I have, I expected audience participation, because I asked for it. I failed the audience. I know how to improve the talk for last time.

What was my bias that lead to me failing the audience? I’m used to participation being part of my grade, and having to participate. Others in classes were the same way. Yes we had some that barely participated. But usually half the class did.

Because that’s what I was used to in college class setting, that’s what I expected at a conference talk. The result was I failed my audience with expectations that I shouldn’t have put on them.

CSEC630 Lab 2

Ok. The lab was pretty much what I expected.

Click this Panic button to reset everything. Go look at this pcap in Wireshark. Run this command in cmd.exe (and even walks the student through opening a term window by go to the start button, type cmd in the run box).

Run Snort with the test option on a pre-defined rule set using the pcap you looked at. Modify the same rule multiple times, enabling and disabling an alert each time. Run to see the difference.

Answer these 10 questions.

The last question was how to improve the class… I forgot to say use a Linux VM instead of a Windows VM. Since one of my answers did require Grep. Which means copy and paste from the VM lab to my box connected to the lab.