Category Archives: blog

Trade School, Degree, or something else completely?

Last Thursday I listened to Risky Business 377. The part that really got me engaged was the section with the sponsor, RSA. They were talking about how they are working with schools to build educational SOCs.

What they were talking about though, and I’m paraphrasing from my point of view, was making Universities less theory like and more Trade school like. For example why not add a check point certification class to get students out with some experience and a certification after 3 months of class?

Continue reading

New Job and stuff

So for those that hadn’t heard, I started a new job about a month ago. I’m no longer doing firewall audits, secure network design, and mainframe web emulation. I was kind of sad to leave some of the projects I was working on un-finished, but that was the nature of the beast.

So now I’m working in a Security Operation Center, as a CIRT Event Analyst (or at least that was the job description they sent me after I interviewed of what the job was going to be).

The downside is I now have a 2+ hour daily commute. It should take 45 minutes or less, but well we only have 2 seasons. Winter and Road Construction. It also means I have less time to work on things I want to. Reading and projects have been affected.

I’ve also been less than healthy lately. I got really sick before Bsides Detroit. The night before the con, I was at the hospital. I also ended up missing the con because of being sick. A fever for a week, and everything spinning regardless if I was sitting standing or laying down. Turns out I had an inner ear infection. Got drugs that helped but didn’t make me better. I wended up running a fever for 3 weeks. Now I just have this annoying cough.

I graduated.

I graduated from Eastern Michigan University with a BS in Applied Information Assurance. Now that is done, I’m working on some stuff that I want to do. I also am trying to to get accepted to UMUC for a Master of Science. I’m unsure if I want to go for the Cyber Security or Digital Forensics and Cyber Investigations degree.

Some of the projects:

  • My Raspberry Pi WIDs modifications
  • Study for my CISSP
  • Hacker’s Challenge (from 2001)
  • R Programming (Coursera Data Science Program)
  • catching up on leisure reading
  • Studying for my General Amateur Ticket
  • Designing a new home lab
  • some other things not for open consumption

I’ve been busy again:

I know I haven’t written here lately, and I’m not getting in the number of blog posts I want per week. However I’ve been busy with school and projects. I only have time right now, because I can only run 1 Raspberry Pi (of 6) at a time (right now), and the first one is going through Kali’s apt-get upgrade. Man talk about not the fastest. Going to clone that drive and copy to other flash drives.

Currently, I’m working on a project for my independent study at Eastern Michigan University. The project and documents have to be turned in by Monday night, so I’ll talk about that after I get the stuff done.

The Eastern Michigan Campus Crime Project turned out really well. My team and I presented on it at Circle City Con in Indianapolis.  What I thought was going to be a simple 4 week project will probably take the rest of the year to complete. That’s with 4 of us working on it. There is some more interest on campus and suggestions on how to move this forward. I’ve got a really good team, and I’m really proud to have worked with them on the project.

I also dug out, and updated (slightly) my Human Trafficking talk. I’m a little wary of posting that one. Goes against my OPSEC views, but the presentation is important enough. I will say this, things have changed in a year+ since I stopped working on it. Got some good books to go with it too, I’ll get reviews of them up eventually.

There will be another book review up over the weekend (probably Sunday) as well.

WordPress and some security

I was recently listening to Paul’s Security Weekly episode 366: How Security Weekly got defaced, and started thinking about my own security posture around my WordPress sites. When I first created The Rats and Rogues Podcast site, I read everything I could find and on WordPress security. There wasn’t much. Later when I created this site, I still wasn’t impressed.

Continue reading

I doubt people are wondering…

I doubt it, but in case people are wondering why I’ve move to more of a book review format… My class load is taking up a lot of my free time. In fact I should be working on my Art project for EMU Gen-Ed Right now (well now when I’m writing this, not when you read this).

Doing homework is more or less preventing me from doing a lot of the things I would rather be doing. Granted I have a nice stack of books that tie in to Information and Cyber Security to read as well. However, while my Digital Forensics class occasionally brings up interesting things to talk about, the majority of my time is spent in Psych 101 and Psych 103 (Lab). This week has been tied up with a 1 week accelerated class, but it hasn’t left time for me to do other things. It’s not as easy as the Counter Terrorism class was last year. Ok, yes my Saturday’s are tied up with an interesting OSINT project, but I can’t talk about that yet.

Anyway, back to the point of this post. I know it seems like my content has gone from a really cool OSINT post (which I have at least 2 follow ups to), to mostly book reviews, but I’m trying to kill 2 birds with one stone here.

I do have some topics from other books I’ve been reading (I’m usually reading more than one non-school books at a time), the project above, some followup OSINT posts, a paper from last year to finish water marking and sharing on here, and a few other things. But those have to wait until I have some free time. Now… where did I put those crayons for intro to art?

Welcome to my new blog

I’ve wanted to create this blog for a while, but never seemed to find the time to set it up the way I wanted it. If you’ve seen me around you know that I had chrisrattis.blogspot.org, and I have www.ratsandrogues.com. The first one was ok, but I wanted more control over the site. The second one is for the Podcast I started with Infosec Rogue, and had MWJComputing join recently.

About Me:

I work full time, currently doing Network security audits for application design, designed a point of presence for working with business partners, firewall rule design, and maintaining a web based terminal emulator.

I started my Cybersecurity / Information Security / IT career in doing physical work, changing locks, running cables, building POPs and Data Centers, and then moved in to Network Operation Centers, and System Administration.

I’ve worked in Networking Service, Telecommunication, Automotive, Publishing, and Infrastructure as a Service.

I’m a senior at Eastern Michigan working on my degree in Applied Information Assurance. My classes have included Intelligence Analysis, Cyber Crime Investigations, Cyber Law, Digital Forensics, and Foreign and Domestic Terrorism and Information Warfare

I run the Ann Arbor chapter of TOOOL

I hold the following licences, certifications, certificates and degrees:

  • Associate of Applied Science, Computer Information Systems
  • Associate in General Studies focus on Anthropology
  • Security+
  • Offensive Security Wireless Professional
  • New Mexico Tech Energetic Materials Research and Testing Center – Incident Response to Terrorist Bombings program – Awareness Level
  • Eastern Michigan University Center for Regional and National Security – Incident Response to Weapons of Mass Destruction
  • Technician class Amateur Licenses

I also podcast, teach lock picking, and speak at conferences.