Ayoi’s

What a week. I think I nearly lost my voice for 4 days of conducting training. A good response from the participants and of cause for the first 2 days are the most challenging period of the training. To be honest at the end of each day, I think I’ve drained all the energy that I have not only for conducting the training but also to assist my colleagues for our MSS implementation at one of our most fussy (my view ONLY maa) clients so far.

Btw, as I am not buying any new books last two months, I’ve decided to print some articles from the Internet for light reading during my travel time from home to office (Yeah, I am using LRT both Putra and Star to get to work) One of the articles really attract my attention. The article title is Analyzing Malicious Code and of cause you can downloaded the article from hackin9.org Why I found that article is interesting?

Because for my personal knowledge enhancement, I plan to add my skills on Malware/botnets/viruses analysis. Initially I’m waiting for resources to implement honeypots at our company (and also I ordered Virtual Honeypots - From Botnet tracking to Intrusion Detection book) but due to some circumstances (also due to the tight schedule that I have) I have to put off the plan for a “while”

From the article it does show the methodology of performing the analysis and maybe I can start by analyzing virus or malware without having the honeypots implemented (yet). And of cause offensivecomputing will be one of the references besides honeynet.org. Also I’ve asked one of my colleagues here to assist or providing some guide while performing this type of analysis.

Hopefully I can find some time to do all these things (I have another 3 sessions of 4 days training to conduct) and meanwhile perhaps I can start by downloading all the necessary tools. Wish me luck (especially in finding free time)

Adam’s impression when I decided to go for malicious code analysis

It’s not about the car OK? It’s about me. From a young and immature lad to (still) young and a man who has a lovely wife, 2 lovely and very very naughty daughters and blessed with a twin or two boys under his responsibility. From a young lad who was hoping to play his trade in corporate world (yeah, I did take ICSA course and to be honest get through till the pre-professional papers) to a person who finally found his niche or his passion in the ICT world. From a young lad who was working in numerous startup companies to hopefully settled down at a public listed company. And from a person who learned about a company administration ( from law to company secretarial practice) to a person who fell in love with ICT especially in networking and security.

And now it seems that I am back to what I’ve started before, instead of dealing more on technical stuff, I mean doing analysis works, I’ve been given the tasks that deal more on bird eye view or macro. Anyway still I can perform necessary Research and Development on improving our capability in providing world class solution to our Clients. As our company provides services and solutions instead of product selling, I still and do believe that the most precious asset is the knowledge possessed by our staff. Any products where in our case SIEM/SEM/SIM are basically the same with our competitors and the only thing that will differentiate between one MSSP with another is the pool of knowledgeable and competent human resource in providing a good and quality services. And of cause proper development, training and career path+layout of this asset need to be carefully planned and implement.

Sometimes I do feel that I’m inching away from my original task every single day. And yeah, I do wonder is it because I am deemed not competent to perform my original tasks and that’s why I’ve been given another tasks? Maybe.. I can’t answer that either..

That’s the thing that keeps on playing in my mind since I’ve been contacted by one of my former colleagues. After all these years I still feel grateful and blessed for the things and events that happened in my life. When I joined my current company as a security analyst, there were plenty of questions and goals that I’ve asked myself. For a start I just look into the internet to learn about the job description (apart the ones stated in my offer letter), the required skills and knowledge plus the responsibilities. From there I started to improve and acquiring the necessary skills and knowledge in order to perform my security analysts tasks. But as I was stationed at The Client site, the one obvious thing that I lacking is the resources to perform my own RnD, simulations and other things even though there are plenty learning materials  in order to enhance my knowledge, skills and capability.

Out of frustration, I started having my own lappy - thanks to wifey anyway (cheap but u dun have any idea how many things that I’ve learned from using this ol friend) and coupled with vmware, I proceed with my own education. Of cause, I started to improving my soft skills area especially when dealing with clients (day to day interaction maaa) and perform some minor in house training as well. And when transfered to the HQ, I’ve been presented with plenty of time to continuing my education (to be honest, one of the best aspects of working here is the learning environment which encouraged by our Bosses planned knowledge sharing session, technical write ups, etc and yeah, we do have K-Based workers here )

From working shifts, I’ve been upgraded to have normal working hours (and yeah I’ve been promoted to be Senior Security Analyst as well and that happened when I started my 1st day at the HQ) and now I’ve been given tasks that initially I thought not suitable for me but then after consultation with wifey and long self review hours, I started to accept this transition as well.

My Goal? First of all I want myself to be an asset to my company instead of liability. Secondly to show them that I am worth more than what they are paying me now and I have to substantiate that claim with the knowledge, skills, capability and improvement that I have made since I joined the company 4 years ago. How? By executing the tasks (related task ok? Installing NMS is not in the tasks) bestowed upon me professionally

One more thing, I think I can call myself an undergraduate of the University of Google

Let see what is the future has in store for me and I’m looking forward for it (or moving forward? ;P)