I spent most of the last month trying to catch up on some stuff I have been putting off for awhile. That is finally done so I am back again for a bit, and to kick the new Fiscal Year off right I am once again trying to better myself. (it never works but I keep trying) . Today's what I am reading focuses on a book I picked up over the weekend "Hacking Exposed - Industrial Control Systems"
So far it's been a pretty worthwhile investment. I have been jumping around in the book mainly looking at the Risk Management Sections, but the authors seem to have the same approach (hereafter and forever more the correct approach) to assessing risk that I do, and from what I have seen they also seem to be fans of what I consider to be a highly underutilized tool (based on my limited career in this field so far) The ICS-CERT CSET tool. Personally I think that alone makes the book worth the price. I haven't really delved into the technical stuff yet. They seem to have some basic explanations of the various components and protocols, and I have been trying to get a virtual SCADA system set up at work so maybe I can use some of the techniques in the book there, test out the actual offensive hacking stuff.
Anyway that;s where It stands.
(Oh I am also still studying for the SANS GSEC)
(Yeah I know the title for this post makes no sense but it was the only SCADA attack that I could think of that most people would recognize)