|
I have the potential to be interviewed for a position as an "Information Technology Security Officer." I am hoping to receive some help in the form of links, book recommendations, programs, any general or specific advice or experience that can be shared by people who do the work. I like the sound of the position, I have read up on it and it seems like a good field, and if chosen for an interview would like the best shot possible to get the job. As an example, I am not as well versed in IT Forensics and reading up on it briefly it seems to involve legal matters, lawyers and other potential horribleness. Gatts posted:I'm gathering that. I got the requirements and it involves quite a bit. IT Forensic Analysis, Intrusion detection and prevention systems, VPN, Firewalls, encryption, web filtering, principles and use of identification, authentication, and authorization, knowledge of security hardware and software keeping in line with industry standards, web hosting, Microsoft Exchange Server. I posted in Ask/Tell, I posted in Business, Finance and Careers and stupidly did not think to post in the one forum where it would help the most. I appreciate the assistance I received in the other threads. It would be appreciated if we could get a discussion going so this can be an all purpose IT Security thread.
|
| # ? Nov 03, 2009 01:25 |
|
|
|
| # ? Nov 22, 2009 10:53 |
|
|
You should have a CISSP if you plan to work in this field.
|
| # ? Nov 03, 2009 02:49 |
|
|
I'll try to throw out some links I bookmarked (maybe more tomorrow if I can go fish out my IS Security class notes). Microsoft's Security Bulletin Search - potentially useful if you're going to be dealing with Microsoft products U.S. Computer Emergency Readiness Team (CERT) - some light reading, courtesy of Homeland Security ISACA - organization that deals a lot with auditing; puts out the CISA/CISM line of certifications as well as COBIT Security-forums.com - pretty self-explanatory, though I just have it bookmarked and haven't really gotten in-depth with it yet brent78 posted:You should have a CISSP if you plan to work in this field. Which is offered through ISC2, if you're interested. There's also the GIAC program through SANS, which might be of some interest. Sergeant Hobo fucked around with this message at Nov 03, 2009 around 04:01 |
| # ? Nov 03, 2009 03:58 |
|
|
What IT experience do you have? Typically, someone who is doing hands on work such as forensics and pen testing have quite a bit of experience in the IT field. Think of IS as a specialization of the IT field. That said, you'll need to have at least four years of experience in the field and a degree or five years and no degree in order to get a CISSP. Also, thanks to the new requirements, you'll need the recommendation of another CISSP to get the certification. That said, the http://www.cccure.org/ site is a good start for what the CISSP entails and the types of questions you will encounter. You may also want to go the CEH route, but it depends on your underlying experience as well. Not trying to be a buzzkill, but if I were hiring for this type of position (and I have) I would expect more of a description of forensics than "legal matters, lawyers and other potential horribleness." 
|
| # ? Nov 03, 2009 04:19 |
|
|
Thank you.Gatts posted:Well I did speak with the rep who was at the job fair and he went over my resume, told me to review two positions to see which was a better fit, that they're looking to fill the position quickly, and that I'd better get my resume in so I can be in the running. I got some positivity out of it. Admittedly I could be excited for nothing. I have a Bachelors in IT and an MBA though concentrated in Finance. And yes you are right about the description but I wasn't exactly being 100% serious when I wrote that. Gatts fucked around with this message at Nov 03, 2009 around 04:46 |
| # ? Nov 03, 2009 04:43 |
|
|
You don't need a CISSP specifically, though that's the cert with the most name recognition. There are literally dozens of certifications that are accepted in this field. Some are not IT-specific, like the CIA cert, and will be generally applicable to any line of business if you decide that you like auditing stuff but hate the IT security industry. List of cert programs from ISSA: http://www.issa.org/Resources/Indus...ifications.html
|
| # ? Nov 03, 2009 05:03 |
|
|
Sounds like you're not entirely qualified for the position but I've seen worse people in that one before. Much, much worse. Not knowing anything about the company you're interviewing for I'll just speak generally of the ISO positions that I've crossed paths with being in the industry for a number of years. The position of ISO is a political one. You'll shape the policy of the company in regards to Infosec but you won't directly do anything. You'll have people to do that for you. An ISO will spend 7 hours out of the day in meetings with other "important" people and decide which way the wind blows for IT overall and the company as a whole. Any technical skills you have will be lost after a few months but your writing skills will generally improve. Your comprehension skills may not but you have to learn to trust others, especially your other Infosec people who are doing the VPN configurations, IDS monitoring, firewall deployments, etc. If you can speak bullshit.. I mean manageese.. then you'll fit in. Of course this could be an "Information Security Officer" in title alone and you'll be one of two or three people hired to do actual security work. The other people will not like you because you don't have as much experience as they do, especially within the company. You'll be coming in at a higher rung on the corporate ladder without having put in the time. For most "Officer" or "Manager" positions a CISSP and CISM certifications are very good to have. While the CISSP is generally regarded as crap for technical reasons its strength lies in an overall understanding of the security field and its processes. It is very general since it has to cover "the 10 domains" but those people who are cert whores and get every GIAC, ISSA, CompTIA, MS, and RedHat cert out there aren't necessarily better because of their ability to study and not do any "real work". Infosec is fun because you're always needed. Just be ready to take poo poo when your CEO clicks on some Ukranian phish and loses all his documents, calls emergency meetings, wakes up the entire Infosec staff for a Severity 1 on "this phishing problem and how it affects the company" so you can write up a new policy that says "don't be a dumbass and click on Ukranian phishing scams."
|
| # ? Nov 03, 2009 14:41 |
|
|
BelDin posted:Not trying to be a buzzkill, but if I were hiring for this type of position (and I have) I would expect more of a description of forensics than "legal matters, lawyers and other potential horribleness." If I might ask, what do you look for in a candidate? What types of questions did you ask or personality do you examine? Any information would help. And this would be for the City's Division of Water which is local government. grutz posted:Sounds like you're not entirely qualified for the position but I've seen worse people in that one before. Much, much worse. Not knowing anything about the company you're interviewing for I'll just speak generally of the ISO positions that I've crossed paths with being in the industry for a number of years. I would imagine that I'd have to rely more heavily on my staff early on as I'm getting familiar with their network and infrastructure and I would delegate the technical work to my staff while I focus more on where I want the department to be. But as was said, I will likely find out in the interview if they want someone more hands on or more of a manager. I have dealt with a variety of individuals from IT to Engineers to Shop Personnel to Presidents of companies but this would be a different level. I might be inexperienced in politics. Based on what has been said I'll have to be more strict and assert my point of view. I tend to manage more of a compromise or consensus in the past but in this case I'll have to reinforce my beliefs even to my superiors. Gatts fucked around with this message at Nov 03, 2009 around 17:46 |
| # ? Nov 03, 2009 17:37 |
|
|
Gatts posted:If I might ask, what do you look for in a candidate? What types of questions did you ask or personality do you examine? Any information would help. And this would be for the City's Division of Water which is local government. Personally, I look for problem solving ability, an even temper, and the ability to work well under pressure. You also have to posess technical knowledge in networking, systems administration, programming, etc. Not that you need to be a real expert in any of them, but you need to be able to know what you are looking for and what you are looking at when you find it. Quick learners are always encouraged to apply! Keep in mind, I work for a DOE contractor, so my environment is going to be very different. Typically, I ask questions like: What is the difference between an IPS and an IDS, give examples of each (bonus if you have worked hands on with them). How do VLANs work? (in general) What is a buffer overflow attack? Which would you do first, encrypt or compress a document (and why)? Then I would ask them to burn a CD..... *sorry, couldn't resist!* Personality wise, I look for someone who meets the weaknesses of the existing team. Got a network admin with 20 years of experience and your only other guy is a tech writer of policies? Goldmine!
|
| # ? Nov 03, 2009 18:09 |
|
|
BelDin posted:Then I would ask them to burn a CD..... *sorry, couldn't resist!*  I see what you did there...BelDin: What do you recommend for someone who is seeking an entry level position into the security world? I'd like to do pentesting, I already pretty much know what I have to learn, but it would be nice if I could break into something and learn on the job because my current position won't really let me hone my skills. (sorry for the hijack)
|
| # ? Nov 03, 2009 18:19 |
|
|
g3k posted:
Not a problem! Remember, pen testing is more than just the technical part. If you are going entry level, most of this will be written for you. Basically, it is a RoE (Rules of Engagement) document as well as a formal writeup of the findings. You also have to factor what industry you will be working with. As far as the methodologies go, I liked the approach the NSA IAM/IEM took, but it was a little too subjective for my taste. Some others are SAS70 (haha) and the specific guidance of the company or government entity. For the actual pentesting, I have found that if you want to go the open source route, BackTrack is a very beginner friendly Linux distro that has most of the packages you will need to do the most common tasks. If you go the commercial route, there are programs such as Core Imapct which will do everything but slice bread for you. Our last external pen tester used this program, and showed me how he could deploy a harmless trojan that gave a little sound clip every time a user clicked on the link. Once the test was done, he basically sent an uninstall command to his new botnet! Slick, but costs around 30K per license. (But I digress) My advice: Set up a ESXi system at home with a few trial licenses of MS servers and workstations. Use Backtrack or something of the like and hammer away with metasploit, nmap, and Nessus. Learn some of the more complex stuff like arp poisoning, and how to use tcpdump and wireshark to identify and capture things like password hashes. Use rainbow tables and ophcrack to learn how to crack those hashes. I'll give you a protip for a Cisco shop: Look for routers and switches that have HTTP enabled and level 7 passwords. Others may laugh, but yes, they are still out there. IT departments with no budgets are still running 10 year old models that don't have crypto IOS images. Do some web looking, and you will find how to get the config from older models with no authentication. From there, most switches have the same password. Look for a level 7 password decrypter (Vigenere cipher IIRC) and then you can own their switches. Insert evil laugh, sho cdp neigh detail commands, and hopping from switch to switch to do your recon. Once you have all this down, you can sit down and laugh evilly when you give your results and watch the IT staff squirm in their seats. I know it may be more information than you wanted in other areas, but it boils down to learning on your own with a test lab. Then again, I'm self taught as well. Good book that I just ordered this weekend: http://www.syngress.com/information...on-for-Security Gives you a primer on creating your own VM test network.
|
| # ? Nov 03, 2009 21:28 |
|
|
Wow, excellent post, did not expect something so detailed. I have the basics down for the most part, I understand most of the tools and I just downloaded Backtrack 4 the other day to play with (I've use BT3 a few times before to break wifi networks) I guess I just need to really hone my skills and bunker down. Get everything to become second nature and more familiar with the tux. I have all the materials for my lab, I was lucky enough to score some cisco equipment at work. Thanks for the link to the book. All good stuff A+ will read again.
|
| # ? Nov 03, 2009 21:48 |
|
|
BelDin posted:Which would you do first, encrypt or compress a document (and why)? I'm intrigued by this question. Not having the slightest clue about standard security procedure I would say compress the encrypted data, to maintain integrity. Unfortunately, something tells me I'm wrong. Would you mind posting, from a security point of view, which is accepted practice?
|
| # ? Nov 03, 2009 21:58 |
|
|
sirblack posted:I'm intrigued by this question. Not having the slightest clue about standard security procedure I would say compress the encrypted data, to maintain integrity. Unfortunately, something tells me I'm wrong. Would you mind posting, from a security point of view, which is accepted practice? You can compress an encrypted file, but it honestly won't do anything because of the way the data has changed. Compression looks for patterns and an encrypted file really shouldn just look like random numbers. Best practices are to compress than encrypt, I did just read a Sec+ book that said that you couldn't compress an emcryted file. So really it's not because of security, it's because it's kind of pointless.
|
| # ? Nov 03, 2009 22:06 |
|
|
g3k posted:You can compress an encrypted file, but it honestly won't do anything because of the way the data has changed. Compression looks for patterns and an encrypted file really shouldn just look like random numbers. Best practices are to compress than encrypt, I did just read a Sec+ book that said that you couldn't compress an emcryted file. So really it's not because of security, it's because it's kind of pointless. Hahaha.... right on the nose. If there is anyone that says "You can too compress encrypted files!" my response would be "Yes, but only if you have a very lovely encryption method." Encryption should introduce entropy in the system, not just shift the letters like a cryptoquote. Like I said, the question was to see if someone could take two different technical process and reason how they work together well. Some people said one or the other, and I always made them answer they why to make sure they had reasoning behind it.
|
| # ? Nov 04, 2009 16:52 |
|
|
BelDin posted:Hahaha.... right on the nose. Can I have a job please? :p
|
| # ? Nov 04, 2009 18:11 |
|
|
g3k posted:Can I have a job please? :p Once I figure out how to get rid of my two legacy non performers, I can get you an interview. You would have to come to the black hole of culture known as Southern Ohio in order to do so. Is your sanity worth it?
|
| # ? Nov 04, 2009 18:48 |
|
|
BelDin posted:Once I figure out how to get rid of my two legacy non performers, I can get you an interview. You would have to come to the black hole of culture known as Southern Ohio in order to do so. Is your sanity worth it? Ha! I live in Cleveland.
|
| # ? Nov 04, 2009 19:09 |
|
|
BelDin posted:Once I figure out how to get rid of my two legacy non performers, I can get you an interview. You would have to come to the black hole of culture known as Southern Ohio in order to do so. Is your sanity worth it? I live in Florida and I have a friend that I've visited in Ohio, its not much different there from here. We just have more sun and warmth, a lot of the silliness is pretty much the same :P
|
| # ? Nov 04, 2009 19:57 |
|
|
Gatts posted:Ha! I live in Cleveland. Now your avatar makes so much sense... poor Browns.
|
| # ? Nov 04, 2009 21:54 |
|
|
g3k posted:I live in Florida and I have a friend that I've visited in Ohio, its not much different there from here. We just have more sun and warmth, a lot of the silliness is pretty much the same :P Where at in Ohio? As of 10 years ago we had a blackface doll in a noose hung on the one stop sign in a neighboring village. Problem is, it stayed there a few days before someone decided to take it down. Events like that, and the cultural black hole make me want to gnaw my arm off and leave. It's becoming more of a possibility every day with this very skillset.
|
| # ? Nov 04, 2009 22:14 |
|
|
BelDin posted:Where at in Ohio? As of 10 years ago we had a blackface doll in a noose hung on the one stop sign in a neighboring village. Problem is, it stayed there a few days before someone decided to take it down. Lol. Sounds like Florida. Lakeview, Ohio. It's near Dayton.
|
| # ? Nov 04, 2009 22:50 |
|
|
Out of curiosity, I was looking at some job descriptions for security positions and it seemed like a lot of them called for networking experience and knowledge. Does that mean there's a fairly significant overlap between networking and security or am I finding some fairly specific jobs? EDIT: I guess the opposite end of the spectrum, at least in my mind, would be code auditors and testers. I'm not much of a coder; I'm just wondering really. Sergeant Hobo fucked around with this message at Nov 06, 2009 around 00:33 |
| # ? Nov 06, 2009 00:29 |
|
|
Sergeant Hobo posted:Out of curiosity, I was looking at some job descriptions for security positions and it seemed like a lot of them called for networking experience and knowledge. Does that mean there's a fairly significant overlap between networking and security or am I finding some fairly specific jobs? Short answer: Most of the jobs you are looking at are probably pen. testing. You need to be looking for Certification and Accreditation (C&A) and some auditing jobs if you want to review code. Like I said, most shops view it as an IT specialization beyond a generalist. One of the main methods of penetration testing in use for auditing is network mapping and remote vulnerability exploits. In order to be effective at this, you need to have network knowledge beyond the basics of how TCP/IP works on a local LAN. Sure you can perform a SYN flood and DoS a network, but most engagements prohibit intentional DoS attacks (at least the ones I sign do). Why try to do that when you can use your net-fu to perform arp poisoning on a switch/router/pix and set your computer up to mimic the gateway and capture all traffic for a network? Once you capture the password for a switch or router, how do you crack it and use it to your advantage? (I actually did this on an old W2K server) Can you use a SPAN port on a Cisco device (or other method on other switches) to capture all traffic on the switch's trunk when it gets mirrored to your port? How do you do this without getting detected quickly? Can you exploit a remote weakness to gain access to the server hosting all of the backup console sessions to your infrastructure? That's why a good pen tester typically has very good if not excellent networking and sys. admin. backgrounds (not counting basic DBA and moderate scripting/programming skills. You need to know how to admin systems and networks in order to know the weak points and misconfigurations to exploit. It's also why I chose computer security as a career... I am now a specialized IT generalist. Who am I kidding, I'm a manager now... with a personal training budget! 
|
| # ? Nov 09, 2009 15:19 |
|
|
BelDin: What is the next move when you 'master' the basic tools? I'm no master or pro at anything, I've got a lot of work and practice ahead of me, but what happens after I can use Metasploit like I can breath? (which will likely happen very quickly cause I'm a fast learner. The only thing holding me back is not having my lab up and running yet) I don't really want to be a career tool runner.
|
| # ? Nov 09, 2009 18:04 |
|
|
g3k posted:BelDin: What is the next move when you 'master' the basic tools? I'm no master or pro at anything, I've got a lot of work and practice ahead of me, but what happens after I can use Metasploit like I can breath? (which will likely happen very quickly cause I'm a fast learner. The only thing holding me back is not having my lab up and running yet) I don't really want to be a career tool runner. It depends... what do you want to do? Forensics, Pen Testing, Auditing, Protection? There is big business in the C&A arena if you know your stuff in different areas of the government. DOD and DOE hires those nefarious hacker types to perform pen tests for their different locations, as well as red teaming. Look up the term ST&E online for more information on those. As far as private sector goes, be sure to know the regulations regarding the industries you might need to audit. GLB, PCI, SOX, and a host of others come to mind. Either way, be prepared to do more paperwork than honest to goodness hacking during engagements. Unfortunately, most of the pen testing nowadays is just running the tools and getting results. Sure, you can write your own custom zero day exploits, but typically that only happens in research areas. Be sure to start practicing your social engineering skills... they will get you more information than a network scan.
|
| # ? Nov 09, 2009 18:39 |
|
|
BelDin posted:It depends... what do you want to do? Forensics, Pen Testing, Auditing, Protection? Yeah... I've been doing a lot of research on what it is actually like to work in the field, listening to podcasts etc. It does sound like I'd be doing a lot of paperwork, which I have no problem with. I'm more attracted to the field because it would be short term work that yields tangible results with clear goals than with general IT work because I always feel like I'm top of a never ending mountain of poo poo. I've always been into security stuff, I really fell deep when I got 'Steal this Computer Book volume 1' back in the day. What I'd like is to pentest, even if I have to start on the bottom somewhere. I'd like to be able to just focus on pentesting and the process instead of being asked to do whatever my boss and his bosses feel like doing. (computer janitor) [edit] what is the best way to land that entry level security job? g3k fucked around with this message at Nov 09, 2009 around 19:03 |
| # ? Nov 09, 2009 19:00 |
|
|
g3k posted:Yeah... I've been doing a lot of research on what it is actually like to work in the field, listening to podcasts etc. It does sound like I'd be doing a lot of paperwork, which I have no problem with. I'm more attracted to the field because it would be short term work that yields tangible results with clear goals than with general IT work because I always feel like I'm top of a never ending mountain of poo poo. I've always been into security stuff, I really fell deep when I got 'Steal this Computer Book volume 1' back in the day. In all honesty, unless you are already in the field, or an IT worker who has the opportunity to get the skills, certification is still the best way to get in the field. Before everyone starts yelling that certifications are worthless, hear me out. The certifications you get may be worthless in the amount of knowledge you gain (I'm looking at you, Security+) or may be valuable (GIAC), but it gets you past HR and in to the hiring manager's stack. Personally, my gateway into IS management was getting a Master's heavy in metrics and statistics, ten years of experience in the IT field specializing in networking and systems administration, and a Security+ / CISSP / and MCSA combination (working on MCSE and CCSP). Your other approach is to find the IT job and apply security to your role as "all other duties as assigned" and grow within the company. Treat it as a specialization, not a sole career path. Otherwise, look for specialized jobs such as "Firewall Administrator". I will say that most IS jobs are not entry level, and never will be. It just takes time.
|
| # ? Nov 09, 2009 19:58 |
|
|
BelDin posted:In all honesty, unless you are already in the field, or an IT worker who has the opportunity to get the skills, certification is still the best way to get in the field I waffle back and forth on certs, but its a mixed bag when I talk to people in the field. Some people outright hate them, others babble on excessively about their merits and it looks like alphabet soup on their business card. The popular one now is the CISSP, but I sometimes hear it is one of the weaker certs, but HR seems to go batshit crazy over it. I've looked at GIAC (especially with a SAN event in Orlando in 2010 (even though I have no money for training  )), we'll see. It's difficult to root out what the real core important certs are half the time.
|
| # ? Nov 09, 2009 20:44 |
|
|
BelDin posted:In all honesty, unless you are already in the field, or an IT worker who has the opportunity to get the skills, certification is still the best way to get in the field. Good info, I'd agree that IT security is more of a specialization you get after you're already in the IT game, than the start of a career. Are the GIAC certs pretty well regarded? I've got a few of them now, as my current boss is a big fan of SANS training. The courses I've done at least seem excellent.
|
| # ? Nov 09, 2009 21:33 |
|
|
g3k posted:I waffle back and forth on certs, but its a mixed bag when I talk to people in the field. Some people outright hate them, others babble on excessively about their merits and it looks like alphabet soup on their business card. The popular one now is the CISSP, but I sometimes hear it is one of the weaker certs, but HR seems to go batshit crazy over it. I've looked at GIAC (especially with a SAN event in Orlando in 2010 (even though I have no money for training I would hire a GIAC certified specialist in a heartbeat over a CISSP if the position was related to the cert. Be careful, you are narrowing your focus for an entry level position at that point. I personally look at every resume submitted for any postions we have open, so the alphabet soup isn't as important here. That said, I also have to be a project manager and finance guru (Federal Acquisition Regulations) to get funding and do my job effectively. The CISSP won't teach you to hax0r the network, but it will teach you enough to be familiar with a large amount of security areas. That is important when you have to interface with finance, physical security, IT, and all the other areas doing the job. Also, when you have to get the CEUs to keep the degree, you can justify all of the cool training (SNAF, CANAC, etc.) you will get to keep your certification. A job at one of the larger companies? If you don't have those letters, your resume will never pass their robo checker for keywords. "Like to have" becomes a "must have" in those situations, as you are looking at possibly 5-600 resumes for entry level positions.
|
| # ? Nov 09, 2009 21:39 |
|
|
BelDin, I've got my GCIH currently and am working on taking my GPEN in about a month. I am thinking about doing either my CISSP or GCFA in the springtime, but the more I look at the CISSP I am having problems finding anything really that would make me want to get it other than to have the piece of paper. I am really wanting to get into Pen Testing more but Forensics is looking more and more appetizing. Any opinion either way?
workape fucked around with this message at Nov 10, 2009 around 00:59 |
| # ? Nov 10, 2009 00:57 |
|
|
workape posted:BelDin, I've got my GCIH currently and am working on taking my GPEN in about a month. I am thinking about doing either my CISSP or GCFA in the springtime, but the more I look at the CISSP I am having problems finding anything really that would make me want to get it other than to have the piece of paper. I am really wanting to get into Pen Testing more but Forensics is looking more and more appetizing. Any opinion either way? If you want to go into either as a tech, and not into management go for the SANS certs. Like I said earlier, the CISSP body of knowledge gives you some letters after your name that has had a lot of worldwide marketing put behind it. It is not technical training, no matter how much they may want it to look that way. You may also want to try for GCIH Gold. How much experience do you have in either area?
|
| # ? Nov 10, 2009 02:27 |
|
|
I just wanted to thank you, BelDin for providing excellent guidance.
|
| # ? Nov 10, 2009 04:48 |
|
|
BelDin posted:If you want to go into either as a tech, and not into management go for the SANS certs. Like I said earlier, the CISSP body of knowledge gives you some letters after your name that has had a lot of worldwide marketing put behind it. It is not technical training, no matter how much they may want it to look that way. Ok, that's what I figured for the CISSP. I'm definitely going to stay on the technical side of the house, there is entirely too much fun and too many awesome things here not too. On Incident Handling, I'd say more than some. I've setup our internal Incident Response team as well as drawn up most of the policies surrounding incidents, reporting and functional flows. Nothing like making a recommendation and everyone going "Yeah, why don't you do that?" On the other hand, it is a great thing because I can sit down and talk with others about what really works and iron out some functional plans that will allow us to better respond to things instead of giving canned answers to everything. I am thinking about the GCIH Gold right now, but I want to get the GPEN put to bed first. On the Pen Testing side, the 560 class was my real first formal training. Everything else has been in my lab or vm's playing with and breaking things over and over to see how they work. Between that, mailing lists, talking to people online and teaching myself alot there really hasn't been much on the Pen Testing side. I definitely find it extremely interesting, it'd be better than being a Sr Network Engineer like I am now. But I am finding that all the networking and systems admin background I have had made learning almost all of this a hell of alot easier. Has anyone taken any of the Offensive Security classes? I am curious as to see how good they are.
|
| # ? Nov 10, 2009 19:45 |
|
Rate Thread:
