I’m continuing on to achieve my Bachelor’s by next summer and I hope to obtain another certification or two this year.

So, if anyone is looking for either an entry-level infosec position, or an experienced sysadmin position, check out my resume and drop me an email.

If you follow me on Twitter or Facebook you’ve already seen all these, but I thought I’d take some time to define these goals a bit more.  This way, you, my faithful follower (Hi, Mom & Dad!) might understand what I mean, plus writing it down gives them more meaning to myself as well, especially come December 2010 when I look back and think, “What the heck did I mean by that?”

I need to find a good OSS project that I care about that I think I can make some kind of contribution to.  I’m most likely looking for something security-focused.  I also need to continue to improve my programming skills before I can get too involved.  I am getting ready to take and Advanced programming class and I’m hoping along with my self-study in Assembly I will actually be able to make some kind of meaningful contribution to something.

This goal goes back to the whole get involved in the community thing.  OSS isn’t just about the code after all, but is also about the community.

Anyway, I should also point out that even those I hang out with regularly have little interest in IT Security.  The InfoSec world is not made up of a bunch of lone geeks hacking away in their mom’s basement as Hollywood might have us think, it is actually a thriving community of geeks who love to get together and share information ( and party!).  If I really hope to make it in the IT Security career I need to get involved and network with the community.  Since there’s no local group for me, I won’t get any real face time with people except at some of the national cons that are spread out across the globe throughout the year.  Of course, I can make plenty of connection on teh internets, and I suppose I’ll include that as a sort of sub-goal to this one.

As far as competing goes, it’s another opportunity to test and improve my skills, plus if I do well it’s something I can point out on a resume.

So, rather than driving down to the local bank and cracking their wireless encryption then gaining access to their servers and looking at people’s personal information, it would be far easier (and way more legal) to setup a hack lab at home with servers and such I can hack away at.  So I’ve got a server already that I took to work with me to fill in for awhile, but now that we’ve upgraded our hardware there it is no longer needed and I can use the hardware I bough myself for my own purposes.  There are several ways to put together a hack lab, but for simplicity sake I’m starting out by using the resources at http://www.de-ice.net/.  De-Ice offers several live linux CD’s with pre-configured hacking challenges on them.  So I simply pop the CD into my server, boot it up, and let the leetness begin.  Once I’ve obtained my goal, I can move on to the next challenge.

Once I’ve completed all the De-Ice challenges I’ll have to look around for other similar services, if there are any.  And if there aren’t, I’ll just have to come up with some of my own scenarios.  Meanwhile, there are various online challenges, such as Mod-X I can also conquer.

I hope later in the year to have the time to compete in NetWars and score some points.

For those who don’t know, this is a programming language. Assembly differs from other programming language because it is basically line for line the instructions sent directly to the systems processor. Most programming languages work on a higher level and are written in such a way as to be mostly human readable. For example, in a higher-level programming language, if I want to open a file called “stuff.txt” I might type something like:

open stuff.txt

In Assembly, you would have to take the location of stuff.txt and move it into a specific location in memory, then call call the instruction to open a file, then move the contents of that file into a specific location in memory.  These are the actual steps the processor and memory go through when you compile and run the command from the higher-level language, it’s just the higher level languages were developed so you don’t have to know or understand what the processor is doing in order to actually make it do it.  Also, the actual commands are different for each type of processor, so I’ve chosen specifically to learn Assembly for x86 processors.  This would include Intel Pentiums 1-4, and most other 32-bit processors found in modern desktop computers.

Now, if higher level languages are easier to read, why would I want to learn Assembly?

First of all, learning Assembly will help me understand more precisely what’s going on inside my computer, and IMHO (In My Humble Opinion for those less-internets-savvy followers) gaining more understanding is a good enough reason on its own.

Secondly, the above example higher-level language command might compile into 100 lines of Assembly; however, it is possible they could be completed with only 20 lines of Assembly.  So code written in Assembly is typically a LOT smaller and faster.  Most developers don’t use Assembly often, but they will sometimes when a certain piece of code needs to be optimized for performance.  (Let me take a moment here to say that the example given is a HUGE over-simplification and really not accurate at all; however, it should be useful for helping my less technical followerd [ Hi, Mom and Dad!] get at least some kind of grasp on what I’m saying.)

Now the third and really the main reason I have already begun this endeavor is for the sake of exploit development.  I’ve mentioned buffer overflows on this blog before and what it all boils down to, is that if you don’t know at least a little Assembly, you won’t be able to even understand how buffer overflows really work.  Now I don’t want to just understand how they work, I actually want to be able to fuzz applications myself (fuzz = test an application for vulnerabilities) and be able to write my own exploit code.  If I want to do this with any kind of real success, I need a better grasp on Assembly than I currently have.

OK, I think that sums up this goal fairly well, so on to number 2!

Anyway, the end of the year is often a time where we take some time for self reflection to look back and what has been accomplished the past year and then to look forward to the coming year to see what we would like to accomplish. These goals often take the form of “New Year’s Resolutions;” however, I’ve chosen not to make any resolutions, because statistically most never keep their resolutions. Rather, I’ve looked at the things I’ve already had in mind to accomplish and decided just to define in a bit more detail the goals I want to accomplish in 2010.

But first, here are some highlights from 2009:

1. My fourth child and second daughter, Bella Rose, was born July 25th.

2. I turned 30 May 13th.

3. I competed in the Louisville Metro Infosec CTF Hacking Competition and achieved 3rd place.

4. I obtained my Offensive Security Certified Professional status.

5. I completed my Associate’s degree program and am currently pending graduation January 9th!

So, I’d say it’s been a milestone year for me in several ways.

Now that 2010 is here, I have defined 10 goals I want to accomplish.  In order to keep my posts brief, I’ve included them in the following posts.

I’ll let you know how it goes.