Friday, June 28, 2019

Traveling around the world

I travel a lot for work, and have been reading several travel site blogs as of lately.

Some are down right stupid and a waste of time, while a few are useful with relevant inforamtion.
None of them are 100% accurate, and all have some biased toward one thing or another.

Blogs I do like to read often:
https://thepointsguy.com/
https://www.flyertalk.com/
https://millionmilesecrets.com
https://frequentmiler.boardingarea.com/ 
https://www.frugaltravelguy.com/

I know there are more, but these are the ones I read the most. Most of them have the same content on bonus points/miles and card to use. 

My preferences for travel:
Flight: Delta  (Platinum)
(I travel out of a regional airport and the other carriers have screwed me a time or two)
Hotel: Hilton (Diamond), Marriott (Gold), Hyatt (Discoverist)
(Some have asked my why I have 3 hotel preferences, and I have always told them none of these brands are perfect in all cities or have a good hotel in all cities I have visited.)
Car: Hertz (President Circle), National
(have switched back and forth between these two over the years)

Packing:
It does crack me up on some of the posts on sites telling people what to pack, how to pack and what to bring. There is no one way to travel, one way to pack, and it will depend on the person what they need to bring along with them.

Having traveled extensively for the past 10 years for work and military, I can say I have defined my own plans for packing and what to bring. It does not align to most of the blogs sites, and works well for me, but may not work well for others. I pack in cubes and fold my clothes, many sites recommend rolling your clothes to make more space. I have never been able to make add any extra space, and it makes my clothes more wrinkled then me just folding it neatly.

I have a separate toiletry bag that I keep all my items in, it is just easier to have duplicates, and just fill up the items as I need to after my return home. I do have the same mouthwash bottle that is exactly 3oz in size and I just refill it as needed. I also have a decent supply of small toothpaste tubes, as everyone in the family gets one from the dentist after their teeth cleaning, and never uses them.

I generally take a small 21" Wegner SwissGear suitcase, that I have had for a many years, it was not expensive (maybe $80 max) and I am in need of a replacement soon. I do not carry on my suitcase, and generally check it (I get checked 3 bags free). Which I have been ridiculed for many times by so called expert travelers. However, having been screwed many times (Primarily by United and AA) on waiting for plane side checked bags (Smaller regional planes), and missing a connection due to them taking forever getting the bags back to me, I have always checked my bag since.

Flights:
I prefer Delta as my main carrier for flights, I like that my miles never expire, and I have had little issues with them compared to AA and United out of TYS. I travel out of a regional airport, so am limited to AA, United, Delta, Frontier, and Allegiant and will usually connect into another airport to get almost anywhere. A majority of the flights I am on are CRJ700/900 and maybe a MD88, which is why I check a bag as I do not like to plane side check a bag, and then wait to get it back at the next airport, and hope to make my next flight.

Hotel:
I prefer Hilton brand hotels, I have a few I like best out of all of them. I would book Embassy Suites hands down if they were available in the area I am needing to be in. They provide a two room suite, and an evening managers reception, as well as a cook to order breakfast. I have usually found them to be better priced (not always) then say a Hampton Inns which is a lower value Hilton Brand for some reason. I do stay at some Marriott properties when I need to, some times it is just to keep my status with them, other times it is there is not much else available at a reasonable price or in the location I need to be. When I am able to I will stay at Hyatt, I do like their hotels but they tend to not be in many locations I need to be in. I used to stay at Holiday Inn hotels, but they have not kept up their hotels and seem to be lacking these days.
 
Rental Car:
Have been using Hertz as it is just easy to book from the Delta web site after booking my flight. Their website and mobile app suck, but I like getting the Delta Points for booking as I never get a rental car when I go on vacation so would not use the points. I used to always book National as I liked the walk up and drive off method. I just pick the car that works for me on the trip and drive to the exit and am on my way. I get the same service with Hertz now that I am President Circle, as long as the location has that option.

So, pick what works best for you and stop listening to all those blogs telling you what you must do when traveling. We all have different styles and opinions so no one thing works for everyone.

Wednesday, May 22, 2019

Starting again....

Well it has been a wile since I have posted anything, planning to get back to posting once in a while. Hopefully not pissing off my current employer in the process, but guess they will get over that, or I will be finding a new endeavor.

Stopped posting some items as I have had several confrontations on publicly available news articles I posted on LinkedIn and twitter by several people at my current employer.

Started focusing more on pentesting in my spare time to keep my technical skills up, as my current work is rather boring and non-technical. Started working on Hack The Box systems, in my spare time to get back into the groove. Thinking of moving back to pentesting and away from compliance work, it used to be fun, but that feeling has been long gone.




Thursday, June 22, 2017

PCI PA/P2PE certifications

Took the Payment Application (PA) Qualified Security Assessor (QSA) exam back in March, just a couple of weeks after taking the Point to Point Encryption (P2PE) QSA exam. Surprisingly they both seemed fairly easy tests, the P2PE was a little harder since I had to study up on some crypto information.

Had been trying for a few months to assist with some P2PE assessment work, but it seems that is not as easy as I had hoped. Had asked to shadow some people or assist on small projects, but got nothing. I then asked to work on PA assessment, was invited out to the Colorado office to learn the internal processes, and go over some documents. Was asked if I was interested in joining the PA team by hte managing principal.

Finally decided to stop trying to get into the P2PE team, and took an opportunity on the PA team. Applied for a Senior Consultant position, but was only transferred over as a IT security Consultant. Not exactly sure what the deal is with promoting me to Senior, especially since I have more experience then most Senior Consultants that I have worked with so far. But that battle is for another day.

Will see how things go with doing the PA assessments, they do not seem to be very difficult, most of the testing is easy. The pentesting portion is kind of a joke, as they do only minor tests against SQLi, XSS, CSRF and buffer overflows. Almost makes me miss doing the pentesting stuff, and the exploiting software vulnerabilities.



Wednesday, January 4, 2017

Starting off 2017 right! (I hope.....)

Well its 2017 already, and I am not sure where 2016 went.

Last year I was extremely busy, traveling about every week and multiple ROC's due weekly for my previous company. Never had enough time to actually do my job well or even think about fixing the issues that we had. Now that I am at Coalfire, I have plenty of time to do my job, with tons of resources to help me out. I am not traveling as much, which I sort of miss, hope that changes a little starting soon. Working from home is a little weird, not sure it is something I really like, miss the interactions with other people. Not that I do not like my family, its just getting out of the house for a little while and talking to other people with similar interests. Will be trying to get former colleagues to do lunch once in a while to at least try to keep up with whats going on.

This year is starting off fairly decent for me, since I am getting to attend two different training classes. First one is an ISO 27001 Lead Auditor certification course. I will be heading to Colorado for a few days. The class was supposed to be for junior associates that needed a certification to allow them to get their QSA. I asked if their was space I would like to attend, and I guess there was room for me. The second class is PCI P2PE certification, which will be a little harder from my perspective. Most of my cryptography experience is military related and not really geared towards the commercial sector. If I pass this course, I have been asked if I wanted to take the PA-DSS course and then possibly the PA-P2PE course. Since they are in need of people to assist in that area, I said why not. I am always willing to take training classes, certifications never hurt anyone.

So it looks like my first full ROC I am lead on will be a client that they have had for a while. This should be fairly nice to get to learn their methodology, and show my manager, I am able to do the work. I was brought in as a consultant, and not a senior consultant. That was something I had decided to do, I originally had interviewed for a senior security consultant position, but since they were willing to pay me the same for either position, I took the lower level position. I am sure some are going WTF, I would never do that. Well, I am more than capable to be a senior consultant, but If I come in as a junior level person and can show that I am very good at my job, I will more than likely get a promotion or possibly opportunities to do other stuff. Which is sort of what is happening already with the certification courses.

Well 2017, lets hope things keep rolling along smoothly.....   

Friday, December 2, 2016

ARCYBER Puzzle

Had a former colleague post a cipher puzzle on a Slack channel I hang out on.

http://www.recruitahacker.net/Puzzle

I figured I would give it a try, since I like to do puzzles.
The site was a link to an ARCYBER web site:


Looking at the cipher text, I was like you have to be kidding me. This is too easy, so I ran it through a script I made a few years back to break vigenère ciphers for another puzzle I had worked.

While the script is not perfect, it was able to decode this cipher text.

Eexl fmoi! 
Well done!

Jabnh gsl'ze decbjrx lvtv, gsl uak hctf xyw gvltpj 
Since you're reading this, you may have the skills

inp mqrjzrlwzq bs awiz tjc Bvdq hpdu! 
and motivation to join the Army team

Pvirz mqpf esgie bwyi xofeprjec xiexzi nqtt ATAZFVJ.
Learn more about your potential future with ARCYBER.

KEY:
iamacybersoldier

So putting the key into the website you get the full response.


You got a link to email someone that you solved the puzzle.



So I was like sure, what could it hurt, might get an offer to apply for some cool jobs with the government (not really).

The response from my email to solving the puzzle.

Congratulations on solving the puzzle and for your interest in the Army's cyber mission. We ask that you fill out a form found at http://www.goarmy.com/info/send1/?iom=GT45-FY16-ACNP-OT-XXX-XX-XXX-CP-XX-X-XXX   so we can continue discussions about how you can best fit into our Army's cyber professional workforce. We thank you for your inquiry and are committed to providing information as it becomes available. You may check out our website for the latest cyber career field updates at www.arcyber.army.mil.


v/r,
Mike Milord

Public Affairs Specialist
Army Cyber Command
8605 6th Armored Cavalry Road
Fort Meade, MD 20755
301-833-2007
michael.o.milord.civ@mail.mil

It takes to the Army website to request information to join.
I figure since I already have 24 years of service in the military they will not want me.

Tuesday, November 22, 2016

Moving from WordPress to Blogger Hassles

Have been attempting to move from WordPress to Blogger, and failing miserably at it.

There seems to be no useful tools still available that will parse the WordPress export to a usable file to import to Blogger. At one time there was several tools, and many sites to assist with this. I guess that has gone and many are no longer available or working.

Downloaded several scripts that say they work on converting the data to the correct format, all have failed me. Tried some websites, and they all barf on me that my file is either incorrect format or is too large.

Currently have moved one article over, with many format changes needed, it took me about an hour to get it in a readable format.

Attempting to move articles over one at a time is a time consuming, guess I will only move the important ones over and trash the others.


Monday, September 26, 2016

Starting a new Job

I have Left Sword & Shield to take a better opportunity with Coalfire Systems.
There were multiple reasons for leaving Sword & Shield, and most of them are related to one individual that has moved up the ranks in the company. He was originally hired to do report reviews five years back, and is now the Senior VP of services. Since his move into management there has been a drastic exodus of highly qualified personnel from the company. One major issue is that the CEO/President, Executive VP and COO do not even notice the main reason for the high personnel turnover.
Since I turned in my notice, the CEO and COO have completely ignored me. Walking down the hallway, I always say hello to everyone, and usually get a hello back from whomever is there. Not lately; had multiple encounters with the C suite and they literally walk past me as if I was not there.
I wish all my former colleagues well in there endeavors and hope things get better.