Posts

Traveling around the world

I travel a lot for work, and have been reading several travel site blogs as of lately.

Some are down right stupid and a waste of time, while a few are useful with relevant inforamtion.
None of them are 100% accurate, and all have some biased toward one thing or another.

Blogs I do like to read often:
https://thepointsguy.com/
https://www.flyertalk.com/
https://millionmilesecrets.com
https://frequentmiler.boardingarea.com/
https://www.frugaltravelguy.com/

I know there are more, but these are the ones I read the most. Most of them have the same content onbonus points/miles and card to use.
My preferences for travel:
Flight: Delta  (Platinum)
(I travel out of a regional airport and the other carriers have screwed me a time or two)
Hotel: Hilton (Diamond), Marriott (Gold), Hyatt (Discoverist)
(Some have asked my why I have 3 hotel preferences, and I have always told them none of these brands are perfect in all cities or have a good hotel in all cities I have visited.)
Car: Hertz (President Circle…

Starting again....

Well it has been a wile since I have posted anything, planning to get back to posting once in a while. Hopefully not pissing off my current employer in the process, but guess they will get over that, or I will be finding a new endeavor.

Stopped posting some items as I have had several confrontations on publicly available news articles I posted on LinkedIn and twitter by several people at my current employer.

Started focusing more on pentesting in my spare time to keep my technical skills up, as my current work is rather boring and non-technical. Started working on Hack The Box systems, in my spare time to get back into the groove. Thinking of moving back to pentesting and away from compliance work, it used to be fun, but that feeling has been long gone.




PCI PA/P2PE certifications

Took the Payment Application (PA) Qualified Security Assessor (QSA) exam back in March, just a couple of weeks after taking the Point to Point Encryption (P2PE) QSA exam. Surprisingly they both seemed fairly easy tests, the P2PE was a little harder since I had to study up on some crypto information.

Had been trying for a few months to assist with some P2PE assessment work, but it seems that is not as easy as I had hoped. Had asked to shadow some people or assist on small projects, but got nothing. I then asked to work on PA assessment, was invited out to the Colorado office to learn the internal processes, and go over some documents. Was asked if I was interested in joining the PA team by hte managing principal.

Finally decided to stop trying to get into the P2PE team, and took an opportunity on the PA team. Applied for a Senior Consultant position, but was only transferred over as a IT security Consultant. Not exactly sure what the deal is with promoting me to Senior, especially si…

Starting off 2017 right! (I hope.....)

Well its 2017 already, and I am not sure where 2016 went.

Last year I was extremely busy, traveling about every week and multiple ROC's due weekly for my previous company. Never had enough time to actually do my job well or even think about fixing the issues that we had. Now that I am at Coalfire, I have plenty of time to do my job, with tons of resources to help me out. I am not traveling as much, which I sort of miss, hope that changes a little starting soon. Working from home is a little weird, not sure it is something I really like, miss the interactions with other people. Not that I do not like my family, its just getting out of the house for a little while and talking to other people with similar interests. Will be trying to get former colleagues to do lunch once in a while to at least try to keep up with whats going on.

This year is starting off fairly decent for me, since I am getting to attend two different training classes. First one is an ISO 27001 Lead Auditor certifi…

ARCYBER Puzzle

Image
Had a former colleague post a cipher puzzle on a Slack channel I hang out on.

http://www.recruitahacker.net/Puzzle

I figured I would give it a try, since I like to do puzzles.
The site was a link to an ARCYBER web site:


Looking at the cipher text, I was like you have to be kidding me. This is too easy, so I ran it through a script I made a few years back to break vigenère ciphers for another puzzle I had worked.

While the script is not perfect, it was able to decode this cipher text.

Eexl fmoi!  Well done!
Jabnh gsl'ze decbjrx lvtv, gsl uak hctf xyw gvltpj 
Since you're reading this, you may have the skills

inp mqrjzrlwzq bs awiz tjc Bvdq hpdu!  and motivation to join the Army team
Pvirz mqpf esgie bwyi xofeprjec xiexzi nqtt ATAZFVJ. Learn more about your potential future with ARCYBER.
KEY: iamacybersoldier
So putting the key into the website you get the full response.


You got a link to email someone that you solved the puzzle.


So I was like sure, what could it hurt, might get an offer …

Moving from WordPress to Blogger Hassles

Have been attempting to move from WordPress to Blogger, and failing miserably at it.

There seems to be no useful tools still available that will parse the WordPress export to a usable file to import to Blogger. At one time there was several tools, and many sites to assist with this. I guess that has gone and many are no longer available or working.

Downloaded several scripts that say they work on converting the data to the correct format, all have failed me. Tried some websites, and they all barf on me that my file is either incorrect format or is too large.

Currently have moved one article over, with many format changes needed, it took me about an hour to get it in a readable format.

Attempting to move articles over one at a time is a time consuming, guess I will only move the important ones over and trash the others.


Starting a new Job

I have Left Sword & Shield to take a better opportunity with Coalfire Systems. There were multiple reasons for leaving Sword & Shield, and most of them are related to one individual that has moved up the ranks in the company. He was originally hired to do report reviews five years back, and is now the Senior VP of services. Since his move into management there has been a drastic exodus of highly qualified personnel from the company. One major issue is that the CEO/President, Executive VP and COO do not even notice the main reason for the high personnel turnover. Since I turned in my notice, the CEO and COO have completely ignored me. Walking down the hallway, I always say hello to everyone, and usually get a hello back from whomever is there. Not lately; had multiple encounters with the C suite and they literally walk past me as if I was not there. I wish all my former colleagues well in there endeavors and hope things get better.