My name is Gage Southard, and have been in the IT field for 7 years now, beginning as a Systems Administrator specializing in Windows domains, Trusted Thin Clients, and Solaris 8, transitioning from that to more security-focused roles. My first security role was simply setting up Span ports to be mirrored over to a centralized Wireshark box, to monitor for suspicious traffic. Times have absolutely changed, yeah?
In 2015, I crossed over to become a Cyber Warfare Operator, through which I received fantastic training, and started out as an Incident Handler that performed host analysis, network traffic analysis, digital forensics, and malware analysis, performing hunt operations on suspected exploited networks.
I am now the Technical Advisor, in charge of Standards and Evaluations, ensuring that operators receive the appropriate training to do their job, and to evaluate them being able to practically utilize that knowledge. Currently familiar with using Elasticsearch, Logstash, Kibana, Moloch, *beats of various formats, and RHEL for network traffic analysis.
I currently hold Security+, C|EH, GSEC, GCIH, GCFA, and GCDA. My goals for the short-term are to being on my GCIA this month, then begin studying for the GSE, with an estimated attack timeframe of end of this year to spring of next year.
One facet of Cyber Security that I haven't delved into much yet is the Web Application Pen-Testing piece. I'm currently taking the E-LearnSecurity Web Application Penetration Testing course, and it's been great. I'm nowhere near the point to take the 7-day hands on test/report certification exam, yet, but that's been due to time constraints that I've had lately.
The primary thing to keep in mind about this certification is that it is NOT any kind of advanced material, or building new exploits, but it focuses on understanding simply the concepts, and showing a practical knowledge of using these exploits, then writing a respectable report upon your findings.
