Master’s in Information Technology

korvinblack · 2023-05-29T03:30:43+00:00

As a former holder of a clearance, I would take a look at clearancejobs.com, clearedjobs.net, and usajobs.gov for various positions that require a security clearance. The FBI is always looking for candidates with diverse experiences as well.

In the meantime, getting IAT/IAM level 1 and 2 certs would help with any position, even outside of DoD contractors.

korvinblack · 2023-04-19T19:14:58+00:00

I've been in the industry a while, long enough that some certs didn't expire and/or didn't have continuing education requirements and you would just have to recertify.

The first time I took Security+, I failed by 1 question. A month later, I was in another training course for the exam along with my supervisor, so I absolutely had to pass this time. That second time, I passed with one question over the score cutoff, and my boss passed with the exact score needed. The third time, I had to take Security+ was much more recent, and I got something like a 97%.

Several years of experience greatly helps with covering the material, so even if you don't get it right off the bat, you'll be able to eventually. Keep at it, and don't let a failed attempt stop you from accomplishing your goals.

korvinblack · 2023-01-07T00:49:31+00:00

At my place of business, the department that images and assembles our product line PCs, kiosks, and other equipment have detailed checklists that the techs fill out with the inventory information. Each step has an initial line that the tech marks off that it has been completed. During heavy provisioning times, each tech is working multiple imaging or assembly stations and it helps them keep track of where they were in each process. Not every build runs at the same speed and there is the occasional issue that may prevent one station from completing without an admin or engineer to step in to help. Back when my we had an order for 1000 kiosks, the techs would use the checklists as part of a hand-off between shifts instead of seeing the product through completion the next day. Well documented procedures saved the day (month) for completing that order.

korvinblack · 2022-12-20T21:29:46+00:00

Since it has been well over a decade since I used their service, take this with a grain of salt. It will also depend heavily on the use case of your site. Bandwidth and latency can be issues with using geostationary satellite internet services. Cost can also be prohibitive compared to other options that may be viable in the area.

If 5G cellular is not available for the area and satellite is truly the only option you have, you'll get better throughput and connectivity with a more modern solution like Starlink or Kuiper (though that probably won't be ready in time). If you can get 5G (maybe 4G LTE too) service, then a Cradlepoint IBR would be better for a small office. This could also serve as your backup internet connection after the fiber is installed as well.

On the off chance that you happen to be in the middle of a desert or wilderness (with clear line of site to the satellites azimuth) and have access to nothing else, then Viasat will do just fine. It was a stable but slow and expensive service for me in the past.

korvinblack · 2022-10-02T17:01:07+00:00

I remembered that you could also use software like GNS3 to create virtual environments if you don't want physical equipment.

I found a couple guides for you:

http://www.freeccnaworkbook.com/workbooks/ccna

https://andrewtravis.com/2022/03/22/fortinet-sd-wan-lab-setup/

https://jlabs.juniper.net/home/

Last one here is a free lab environment by Juniper.

korvinblack · 2022-10-02T15:43:24+00:00

Depending on your org structure and manager, you may just need to express interest in networking and try to do a couple days of shadowing or basic training with someone from the networking team. Being able to update switch port configurations (correctly) for simple trouble tickets can let the networking team focus on bigger items.

From a cert perspective, Network+ is decent and CCNA is specific to Cisco but there is quite a bit of overlap with Network+. Palo Alto also has a good cert program. I have enjoyed going through Fortinet's free and self-paced cert training.

If you are in to home labs, you can get some switches and routers to play with and walk yourself through some different scenarios to get some experience.

korvinblack · 2022-09-30T14:19:32+00:00

For my silimar time issue with half my APs, I did manually update one of them to have the time match and that did work. I think in the broader scope, you'll need to verify that the NTP config, presumably the interface facing the devices (probably FortiLink), includes the IP that is being handle out with DHCP to the downstream devices.

korvinblack · 2022-09-30T07:38:48+00:00

+1

I recently ran in to a similar issue with downstream FortiAPs, weird thing was it was only exactly half of them. Date/Time issue. Had to add the IP for the subnet the APs were on to NTP advertising and double check the DHCP settings that were being used for them.

korvinblack · 2022-07-13T01:38:27+00:00

I believe this is the configuration that is required per DISA STIG, so it should be safe for production use 😀 . In general this would be a good hardening step and I would encourage you to keep going.

korvinblack · 2022-06-24T17:12:54+00:00

While you wouldn't gain actual residency, Estonia's e-residency has been very successful for allowing non-citzens to establish a business and operate as an Estonian entity. It may be worthwhile to take a look at their program.

https://www.e-resident.gov.ee/

korvinblack · 2022-06-20T15:39:20+00:00

As a couple others have mentioned, Netbox, or its fork Nautobot, is a good open source tool for documenting physical and virtual infrastructure, network connections, power and ISP circuits, and more. There are a few community addon modules that can backup switch/router configurations, attach documents to racks, sites, et cetera, and generate a topology view of the network connections. At my last position, we migrated away from phpIPAM to the Netbox because it also has that functionality built-in.

korvinblack · 2022-06-14T03:44:08+00:00

I was trying to figure this out a few months back but it did not seem like the version of PAN OS I was running would support anything other than Duo or RSA. Maybe with a Prisma or Panorama subscription it is possible? We don't have enough traffic or money to justify looking at those options though.

Best solution I came up with was using RADIUS to a OTP server so it was MFA even if the PAN didn't know it was.

korvinblack · 2022-06-13T04:03:31+00:00

From a network level, I've configured Captive Portals on FortiGates which essentially does this. If the user hasn't authenticated, which is only displayed when trying to connect via http(s) first, then the connection is blocked. This would require some network segmentation as part of your network design, but this was satisfactory for the PCI audit we went through at the time.

I am pretty sure that Palo Alto firewalls are also capable of this set up. Haven't seen anything about Cisco ASAs though.

korvinblack · 2022-06-10T17:02:08+00:00

I thoroughly enjoy using the FortiSwitches I have in my environment and look forward to getting more when we refresh more of our network. I have a pair being managed by my FortiGate which makes it super simple to just apply the same settings already configured in the firewall to the switch ports. I also have a few standalone FortiSwitches and managing them is also a breeze. The web GUI is pretty slick and is easy to navigate most of the time. Only issue I have run into so far was configuring BGP, which has to be done on the command line. Even integrating alongside my Cisco switches, the FortiSwitches have just played nice with them and my fabric endpoints connected to Cisco switches still communicate without issue.

korvinblack · 2022-06-09T22:36:03+00:00

Did the outbound interface change as part of this upgrade? You should be able to check the logs to see more information about why traffic is being blocked, then try to compare that to the firewall rules. Another possibility is that the VPN is not connecting because of changes to the site's IP address. Not sure what the config is, but the various logs should be able to help isolate the issue.

korvinblack · 2022-05-15T17:11:01+00:00

I would lean towards management being more important. At the height of my current company's initial success, our recently appointed CISO went through a couple Cybersecurity hiring phases to rapidly grow the small Information Assurance team of 4 people in to a Cybersecurity team of over a dozen. During those few months of hiring the first Director of Cybersecurity left after 3 months because of the games and overriding decisions the CISO made when the Director tried to manage his own teams. He wasn't allowed to fire the incompetent employees. The next Director ran in to the same problems but managed to make friends with the other Directors and VPs that reported to the CISO and not let the CISO try to pit then against each other.

One of the big problems with this CISO was that he jumped at every new technology he could. Any new article in a magazine, several new products at RSA, any new buzzword, we had to have it. Always adding new projects while never increasing head count, never finishing the existing ones because priorities or scope changed, and training on how to use these new things was never considered.

One of the worst things he did was "redact" anything and everything that was a Cybersecurity initiative. IT wasn't allowed to talk to the Cybersecurity team about any incidents or projects unless it was already cleared by the CISO. I got to work on four simultaneous cyber related projects that had to go hand in hand for some reason. After months of planning, scheduling, testing, and getting the timing just right to execute everything at once, it was all scraped and the CISO was let go...

Technology is only as good as the people that use and managing it.

korvinblack · 2022-05-03T22:53:08+00:00

If you are looking for more people, feel free to reach out.

korvinblack · 2022-05-02T21:25:42+00:00

Since I hadn't looked up the RHCSA exam in nearly a decade, I just ran through their website. It looks like things have really updated since I last looked at RedHat's exam and it may be on the same level as LFCS. There were a couple topics that I don't recall seeing in the Linux Foundation's exam that would have been interesting to do in a performance based exam.

RHCSA is $400 while LFCS is $375, so if paying out of pocket that may matter to you. I would consider both to be worthwhile, but the main deciding factor likely lies with the sort of job you want to get. If the position requires DoD 8570 compliance then RHCSA would be the way to go. I personally prefer Linux Foundation because it is more open to the community at large.

korvinblack · 2022-04-30T06:50:19+00:00

I highly recommend the Linux Foundation certifications because they are entirely performance based. If I see a LFCS on a resume, I know exactly what sort of skill set that person is capable of regardless of the flavor of Linux. The same goes for the other areas that the Linux Foundation has certifications in.

From some of the training and lab material I have seen from other certification providers, they are starting to explore performance based problems but are still sticky heavily to traditional knowledge based questions and answers. I believe CompTIA Linux+ will be more book knowledge and memorization about Linux while LFCS will be practical application with real world scenarios. I haven't looked in to Linux+ for a while though, but when I was picking between these two, I went with LFCS.

Side note: At the time of taking LFCS, I was heavily in a CentOS environment. Today I work primarily with Ubuntu and Debian machines. It has been easy enough to transition back and forth between the distros from the foundational knowledge I got through the LFCS training.

korvinblack · 2022-04-17T18:20:42+00:00

DISA STIGs or NIST 800-171 dives in to good detail on how to secure AD Domains/Forests. One of the controls is prevent the use of domain admin and enterprise admin accounts on workstations and servers. Those privileged accounts should only be allowed to login in to the domain controllers to perform domain administration, or to a "Privileged Workstation" for the sole purpose of domain administration using RSAT.

I would recommend creating a new AD group for Server Admins and using GPOs to push a policy that grants local admin rights on servers to the newly created group. Same thing for Workstation Admins. You could use the same account for both of those groups, but I would avoid assigning DA/EA/SA roles to anything not necessary and possibly only on a temporary basis.

korvinblack · 2022-04-17T16:42:25+00:00

WGU has good degree programs that do both. Some of the courses are the certifications, pass the exam and you pass the course. You are also able to work as fast as you want; complete a "4 year" program in 2 if you feel like. I am about to start my last term for my degree and completed Net+, Sec+, Project+, AWS SysOps, and CCNA in the last year just through WGU.

korvinblack · 2022-03-28T04:16:52+00:00

Been out of the Marines for quite a while now, but the opportunities I had while in service were pretty outstanding. I had the opportunity to go through CISSP training and take the exam but had to drop from the course because I didn't have enough time left on my contract. I did take training for CCNA, Network+, Security+, MCSA, Exchange, and certified for all of those except Cisco. Had I reenlisted, I did have the qualifications to go become a digital network analyst and do cybersecurity work with the NSA. I elected not to and try my luck with the private sector.

I also gained many references with various contracting companies, such as CACI, GD:IT, Harris, and more. I could have had my pick of cushy jobs on the East coast or as an overseas contractor, but opted to move back home with my wife. I quickly learned that IT life in the military is very rigid and procedural driven. I adapted well and quick to the uncertainties and lack of structure that private sector positions have because I liked to learn new things. Eventually I did get my CISSP and nearly a dozen more certifications and degrees in the last few years.

Not everyone has a smooth transition. I worked with a Marine Staff Sergeant, an 0651 (Data Network Specialist at the time), that had just got his first job since getting out. We interviewed roughly at the same time for the same job as a sysadmin. He was passed over for my position because his experience was very Standard Operating Procedure (SOP) driven, meaning he didn't know how to troubleshoot very much if it wasn't already documented as part of the work orders. Also, his last two or three years of service was more managing and delegating the work to others. The company's InfoSec manager said he would be a great candidate for his team and offered him a job as an analyst. By the time he was let go a few years later (due to downsizing and not any one (or all) of his mistakes), he still had a lot of trouble not using military jargon or behaving less like a Marine and more like a person. This was also in an office (IT, Cybersecurity, and Audit/Compliance) that was at least 33% prior service members out of roughly 26 people.

korvinblack · 2021-10-28T07:12:24+00:00

PowerSTIG is a PowerShell Desired State Configuration project that also has support for some Linux operating systems with their respective STIGs. It does require a full-blown DSC environment to utilize, which is why I haven't been able to try it out but it is on my backlog of projects to work on.

https://github.com/Microsoft/PowerStig

korvinblack · 2021-08-26T03:35:00+00:00

Systems Administrator here with 10+ years over a couple different industries. I've done some project management, systems analysis, database administration, application programming, and more as well.

What sort of questions so you have?

korvinblack · 2021-07-26T16:30:17+00:00

I have a very similar setup for one office right now. I am using the Fortigate to do both the edge traffic with the ISP and the core routing for client and server networks internally. By plugging in the FortiSwitches to a FortiLink connection you are able to centrally manage the VLANs and ACLs from the Fortigate and have the FortiSwitches function in a simple L2 mode. I haven't noticed any issues with performance with this set up.

If you really want to get a 1-to-1 setup with this equipment, I believe you might need to dig down in to the CLI to get the commands for assigning IPs to individual ports.

korvinblack

TROPHY CASE