Ayoi's

Finally, I’ve received my GIAC GCIH Certificate this morning. The best thing is GIAC took all the trouble to make sure that any GIAC certification holder not only receive their certificate but also received their respective certificates in frame. Well I did see one of my colleagues CEH (Certified Ethical Hacker) certificate and to be honest and no offense to their holders, it looks like what Nisha’s got when she graduated from her kindergarden school.

Now my GCIH certificate is on display temporarily along with my books and other precious possession on my table at the office. Kudos to GIAC for their effort.

Hopefully this shud be a good indication of better things to come in 2009

As a human, I always have the softer side of me. I always fond of kids, small kids that is. I can’t stand seeing any kids crying. It either overwhelmed me with pitty and sadness or it will drives me crazy (especially when they are crying in the middle of the nite.. Hahaha). My tears nearly rained down from my eyes when I held my newborn child for the first time when I performed the obligatory “azan” and “iqamah” because everytime I recited those holy verse to their ears, they will look straight into my eyes. Another one is when they call me “papa” for the first time. Again I have to hold back my tears when hearing that word coming from their mouth for the first time. I felt it when Nisha called me “papa”, same feeling when Iman uttered that word and yesterday when Adam called me “papa”. I think my friend Mr. Adli from CyberSecurity put it nicely when he commented,

“That must have felt better than Pwn1ng a box or finishing your slides 2 minutes before the MC calls your name to take the stage Priceless! Congratulations bro! “

Yeah, you are right Mr.Adli. It is a Priceless moment

(more…)

When I visit SANS Handler’s Diary today, there’s only one short entry by the Handler of the day; Jim Clausing. That post is regarding one website that provides cheatsheets on the network protocols and some challenge as well. So I browse into that website and heck, it is very informative and useful. If you’re into network thingy like protocols, design and others, I recommend that you bookmark it. The name? Packetlife.net.

p/s: Now I know that RJ45 is not the name of that connector actually .

I’ve read one of the news from SANS Newsbite about how critical data belongs to the Australian Federal Police (AFP) has been accessed by public (at least by some of the guests of the hotel in Kathmandu, Nepal. Among the documents are the AFP’s Bangladesh Office strategies, priorities and also some pictures of a plane crash. OKay, it is not because some clever attackers managed to break through their network or access the AFP network via encrypted, stealthy channel created by malware.

(more…)

This is NOT UTMS

Unified Threat Management System or UTMS. Yup, that’s the new hype now. Who needs separate box for firewalls, IPS, IDS, Anti-Virus, Spam filter, VPN, DNS, Mail server and many others when you can have it all in one bundled up in one machine or box? Just like nowadays, we can have a machine that can be our fax machine, scanning documents, printer and as a photocopier as well. Cool eh? Yeah cool until a simple power failure will render that huge machine useless..

(more…)

Most of the time whenever I have meetings with clients, the topics will be based on penetration testing, system hardening and some about having monitoring services as well. OK, that because the purpose of having those meetings are to discuss on that topics anyway. But then they( the client of cause) somehow never mention about their response if there’s any incident occurrs. Yeah they did mention about the SLA or SLG but it concentrates more on the escalation process between MSSP and them. Most of the time, we have either little or no idea on how they perform any form of response or handling on the reported incidents detected.

(more…)

Yeah, that’s me

I rarely have any spare time nowadays. My workload at the office sometimes make me wish that I have Harry Potter’s magic wand so I can cast a spell to have few clones of me to get the job done. Wait a minute, better I cast a spell to get all my job done automatically Because of this, I seldom complete whatever things that are not stated in the new appointment letter which I haven’t put my signatures yet.

While at home, the kids will always make sure that I dun have the time to touch my laptop or to open a book. My twin especially Adam indicates his interest in IT by try to step on my laptop whenever he managed to get his little hands on it while Ariff has this habit of poking and leaving his palm prints all over my laptop. Iman loves “whispering” in my ears saying “I want to play game papa..Pleaseeeeeeeeeeeeeee…”. Usually her sister Nisha will take over playing the games while IMan end up as a bystander.

(more…)

Since acting as the head of a new unit in my department, I’ve noticed that most of the time my job will become less technical and more on high level kind of thingy. I attend meetings, devise a training series for the analysts, writing reports (which I hate most) and yeah making presentation slides as well. But from time to time, I do miss doing analysis, looking at the logs and alerts, reconstruct back attackers activities based on our logs and many other stuff. As I seldom touch my lappy at home due to the attention required by my children especially the twin, I’ve found it’s hard sometimes for me to cope with the work load. I know that I have this so called designated assistant where I am the one who recommend his employment but recently I just decided to move him back into the SOC. I believe he needs more knowledge especially on our operations. Anyway I dun think I will recommend anyone else after this..

(more…)

Well, it seems that this year I’ve seen many of my colleagues moved on with their careers. Some of them moved to different field and getting better pay (most of them actually) and they’ve made some progress with their career as well. Some of them still within the security field and yeah, they’ve moved on to our competitors as well. For me, profesionally, we are competitors but as security practitioner, they are still my peers

(more…)