- Working on my CCNA-Security, have that exam scheduled for December 2nd.
- Started the ICS 515 - ICS Active Defense and Incident Response Course. This is the precursor to the GIAC Response and Industrial Defense (GRID) eaxm and certification. My goal is to take that test by Feb. 2018. (A little side note here - yesterday at work we were looking some stuff up, because we have a lot of people going through different SANS class at the moment and we were curious where they overlap, and I noticed that despite all the hype about the need for ICS security professionals there are only 1500 people who have taken and passed the GICSP (me included) and only 81 who have taken and passed the GRID. I'm not sure if that means the problem is overhyped or if it means the training isn't getting enough exposure, but there seems to be a disconnect.)
- Still plugging away on the OSCP - which has gotten me thinking there needs to be an OSCP like cert for industrial networks.
- Gathering material for the GIAC Critical Infrastructure Protection exam, which they will start offering in Feb. 2018. I haven't decided whether or not I am going to take the SANS course yet.
On top of this of all that I have a trip to Austin planned for Dec. to take the SANS SEC 560 course.
Yeah, yeah I know this reads like a SANS fanboys wet dream, and that I have been critical of SANS in the past, mainly because of the cost, BUT, the training is good and work is paying for the two SANS courses so I would be a fool not to take them. The goal is to have all three SANS ICS certs by the time DefCon starts next year. It doesn't mean anything, other than it will make me super-sexy at the Vegas pool parties, but it's something to strive for.