#whoami...#whoami • director of technology and information systems 20+ years • certified...
TRANSCRIPT
![Page 1: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/1.jpg)
![Page 2: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/2.jpg)
#whoami• DIRECTOR OF TECHNOLOGY AND INFORMATION SYSTEMS 20+ YEARS
• CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP)
• CERTIFIED GIAC SYSTEM AND NETWORK AUDITOR (GSNA)
• CERTIFIED GIAC INCIDENT HANDLER (GCIH)
• M.S. IN COMPUTERS AND TECHNOLOGY IN EDUCATION
• UNITED STATES MARINE CORPS
![Page 3: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/3.jpg)
SCOPE OF NETWORK
• >8800 STUDENTS
• >1900 EMPLOYEES
• >14,000 DEVICES ON NETWORK (WIRED AND WIRELESS)
• 14 LOCATIONS CONNECTED VIA FIBER NETWORK
• 71 TELECOMMUNICATIONS CLOSETS
![Page 4: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/4.jpg)
By Goran tek-en, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=36942216
![Page 5: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/5.jpg)
Malspam
“Dialer”
![Page 6: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/6.jpg)
COMMAND AND CONTROL
•“COMMAND AND CONTROL CONSISTS OF TECHNIQUES THAT ADVERSARIES MAY USE TO COMMUNICATE WITH SYSTEMS UNDER THEIR CONTROL WITHIN A VICTIM NETWORK.”
https://attack.mitre.org/tactics/TA0011/
![Page 7: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/7.jpg)
EGRESS FIREWALL FILTERING
“EGRESS FILTERING IS THE CONTROL OF TRAFFIC LEAVING YOUR NETWORK.”
https://www.sans.org/reading-room/whitepapers/firewalls/egress-filtering-faq-1059
![Page 8: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/8.jpg)
GOALS•EXAMINE MALSPAM ATTACK VECTOR•REVIEW EXAMPLE OF A COMMAND AND CONTROL•EXAMINE BENEFITS OF FIREWALL EGRESS FILTERING•EXAMINE METHODS FOR IDENTIFYING REQUIRED DESTINATION PORTS•DISCUSS APPLYING EGRESS FILTERS TO FIREWALL RULES
![Page 9: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/9.jpg)
MALWARE SPAM OR MALSPAM•“THE MAJORITY OF INITIAL MALWARE IS DELIVERED BY EMAIL.”
(2019 VERIZON DBIR)•6.11% OF SPAM CONTAINS MALWARE
(2019 TRUSTWAVE GLOBAL SECURITY REPORT)•LAST 30 DAYS (SEPT), EMAIL FILTER DROPPED 1.7 MILLION MESSAGES•6.11% OF 1.8 MILLION=103,870 POTENTIAL MALSPAM
![Page 10: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/10.jpg)
CIS/MS-ISAC TOP 10 MALWARE MARCH 2019
https://www.cisecurity.org/blog/top-10-malware-july-2019/
![Page 11: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/11.jpg)
BENEFITS OF EGRESS FILTERING • PREVENT MALWARE “DIALER*” CALLBACKS • PREVENT COMMAND & CONTROL AND BACKDOORS• PREVENT DATA EXFILTRATION • PREVENT DEVICES FROM ACCESSING DNS DIRECTLY• ENFORCE POLICY—NO USE OF UNENCRYPTED COMMUNICATIONS: TELNET, TFTP, FTP.
• 47% of Crimeware incidents used C2
• 87% of Cyber-Espionage incidents used C2 (2019 Verizon DBIR)
![Page 12: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/12.jpg)
FIREWALL• A FIREWALL IS A NETWORK SECURITY
DEVICE THAT MONITORS INCOMING AND OUTGOING NETWORK TRAFFIC AND DECIDES WHETHER TO ALLOW OR BLOCK SPECIFIC TRAFFIC BASED ON A DEFINED SET OF SECURITY RULES.
https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html
![Page 13: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/13.jpg)
JARGON ALERT!
![Page 14: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/14.jpg)
Destination Port:http-80https-443
I have 80/443 open. You can pass.
I’m listening on 80/443. Here’s what I have.
![Page 15: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/15.jpg)
Destination Port:smb-445(Windows File Shares)
I do not have port 445 open. “You shall not pass.”
![Page 16: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/16.jpg)
I’m stateful. I’ll remember what port you use. I’ve been configured to permit you access to all 65,535 tcp ports and all 65,535 upd ports.
Destination Port:http-80https-443
![Page 17: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/17.jpg)
Email-25/110/143. You can pass.
Outgoing. Sure. I’ll remember.
I remember you. You can pass.
![Page 18: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/18.jpg)
EMOTET
https://www.us-cert.gov/ncas/alerts/TA18-201A
Emotet reports a new infection to its C2
server and receives instructions
A downloader or dropper of other banking Trojans.
![Page 19: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/19.jpg)
https://www.cisecurity.org/white-papers/ms-isac-security-primer-emotet/
![Page 20: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/20.jpg)
https://isc.sans.edu/forums/diary/Malspam+pushing+ransomware+using+two+layers+of+password+protection+to+avoid+detection/23573/
![Page 21: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/21.jpg)
MITRE ATT&CK
![Page 22: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/22.jpg)
MITRE ATT&CK • HTTPS://ATTACK.MITRE.ORG• HOME>TECHNIQUES>ENTERPRISE>COMMAND AND CONTROL>COMMONLY USED PORT• HTTPS://ATTACK.MITRE.ORG/TECHNIQUES/T1043/• EMOTET: 20, 22, 80, 443, 8080, AND 8443
• HTTPS://ISC.SANS.EDU/FORUMS/DIARY/EMOTET+MALSPAM+IS+BACK/25330/
![Page 23: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/23.jpg)
DNSCAT2 Client direct communication with DNSCAT2 C2 Server
DNSCAT2 Client communication with DNSCAT2 C2 Server via Internal DNS Server
![Page 24: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/24.jpg)
OBJECTIVES• CREATE NETWORK VISIBILITY• CAPTURE NETWORK TRAFFIC—IDENTIFY DESTINATION PORTS • MAP DESTINATION PORTS TO SERVICES• IDENTIFY REQUIRED PORTS• CONFIGURE FIREWALL TO PERMIT IDENTIFIED REQUIRED PORTS AND DENY ALL
![Page 25: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/25.jpg)
CIS CONTROL : BOUNDARY DEFENSE
12.4: DENY COMMUNICATION OVER UNAUTHORIZED PORTS:• DENY COMMUNICATION OVER UNAUTHORIZED TCP OR UDP PORTS OR APPLICATION
TRAFFIC TO ENSURE THAT ONLY AUTHORIZED PROTOCOLS ARE ALLOWED TO CROSS THE NETWORK BOUNDARY IN OR OUT OF THE NETWORK AT EACH OF THE ORGANIZATION'S NETWORK BOUNDARIES.
https://www.cisecurity.org/controls/
![Page 26: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/26.jpg)
POLICY OR PERMISSION
![Page 27: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/27.jpg)
NETWORK VISIBILITY
• IDENTIFY BEST LOCATION TO MONITOR NETWORK TRAFFIC• SELECT NETWORK TAP OR • SPAN (SWITCHED PORT ANALYZER), PORT MIRRORING, OR PORT MONITORING
![Page 28: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/28.jpg)
Network VisibilityDestinationPorts
![Page 29: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/29.jpg)
Network Tap
Tap NSM
![Page 30: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/30.jpg)
SPANPORT orPort Mirror
![Page 31: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/31.jpg)
SHARKTAP
midBit Technologies
![Page 32: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/32.jpg)
CAPTURE NETWORK TRAFFICZEEK
• FORMERLY BRO NETWORK SECURITY MONITOR• UNIX/LINUX• RUNS ON COMMODITY HARDWARE• GENERATES LOG FILES OF NETWORK ACTIVITY• CONN.LOG—SESSION DATA • BRO-CUT
![Page 33: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/33.jpg)
CAPTURE NETWORK TRAFFICSECURITY ONION
• ZEEK INSTALLS WITH SECURITY ONION• UNIX/LINUX• EASIER TO INSTALL• REQUIRES MORE HARDWARE• DEFAULT INSTALL LOGS FULL PACKET CAPTURE• ZEEK LOGS IN JSON FOR USE WITH ELK STACK
• ELASTICSEARCH, LOGSTASH, AND KIBANA
![Page 34: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/34.jpg)
SAMPLE ZEEK CONN.LOG
![Page 35: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/35.jpg)
SAMPLE ZEEK CONN.LOG
{"ts":"2019-04-26T00:05:30.990493Z","uid":"CrbjTY2YyqDdOVcxO5","id.orig_h":"10.53.4.42","id.orig_p":54317,"id.resp_h":"162.222.96.171","id.resp_p":443,"proto":"tcp","service":"ssl"
![Page 36: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/36.jpg)
ZEEK CONN.LOG-IDENTIFY PORT USE
$ zcat conn.*.log.gz | awk -F '"' '{ print $12, $15, $18, $21, $24 }' | grep '^10\.‘ | awk -F ' ' '{ print $4, $5 }' | sort | uniq -c | sort -nr | head -n 10
![Page 37: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/37.jpg)
ZEEK CONN.LOG-IDENTIFY PORT USEzcat conn.*.log.gz | awk -F '"' '{ print $12, $15, $18, $21, $24 }' | grep '^10\.'
• Source IP Sport Destination IP Dport Protocol• 10.231.5.102 :57051, 23.49.249.151 :443, tcp• 10.15.2.19 :52397, 104.244.36.20 :443, tcp• 10.15.2.19 :52376, 104.244.36.20 :443, tcp• 10.15.2.19 :52394, 104.244.36.20 :443, tcp• 10.43.6.70 :58428, 17.249.108.89 :5223, tcp
![Page 38: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/38.jpg)
ZEEK CONN.LOG-IDENTIFY PORT USE| awk -F ' ' '{ print $4, $5 }' | sort | uniq -c | sort -nr | head -n 10
• 9525992 :443, tcp• 3179372 :80, tcp• 2809189 :53, udp• 1696422 :443, udp• 175176 :8245, udp
• 149542 :5223, tcp• 95336 :123, udp• 44510 :2195, tcp• 42725 :2196, tcp• 34693 :3260, tcp
![Page 39: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/39.jpg)
CAPTURE NETWORK TRAFFICTCPDUMP• EASY TO INSTALL
• RUNS ON COMMODITY HARDWARE
• ADDITIONAL OPTIONS NECESSARY TO MINIMIZE PACKET CAPTURE
![Page 40: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/40.jpg)
TCPDUMP-IDENTIFY PORT USE
sudo tcpdump -i eno2 -nt -s 60 src net 10.0.0.0/8 and 'tcp[13] & 2!=0' > /path/file.tsv
![Page 41: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/41.jpg)
TCPDUMP-IDENTIFY PORT USEsudo tcpdump -i eno2 -nt -s 60 src net 10.0.0.0/8 and 'tcp[13] & 2!=0' > /path/file.tsv• IP 10.56.2.51.53704 > 3.95.104.195.443: Flags [S], seq 3183427970, win 65535, options [mss 1250,nop,[|tcp]>• IP 10.53.2.80.52855 > 172.217.12.162.443: Flags [S], seq 790271908, win 8192, options [mss 1250,nop,[|tcp]>• IP 10.56.2.51.53705 > 23.195.65.245.443: Flags [S], seq 2573793816, win 65535, options [mss 1250,nop,[|tcp]>
• IP 10.232.9.38.41030 > 172.217.7.13.443: Flags [S], seq 2547266284, win 29200, options [mss 1250,sackOK,[|tcp]>• IP 10.56.2.51.53706 > 68.67.180.43.443: Flags [S], seq 1203456510, win 65535, options [mss 1250,nop,[|tcp]>
![Page 42: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/42.jpg)
TCPDUMP-IDENTIFY PORT USEcat /path/file.tsv | awk -F ' ' '{ print $4 }' | awk -F '.' '{ print $5 }' | sort | uniq -c | sort -nr• 170551 443:• 24462 80:• 1118 5223:• 829 2195:• 827 2196:• 368 3260:
![Page 43: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/43.jpg)
MAP DESTINATION PORTS TO SERVICES•9525992 :443, tcp•3179372 :80, tcp•2809189 :53, udp•1696422 :443, udp—QUIC
(Google Chrome)•175176 :8245, udp
•149542 :5223, tcp—APN• 95336 :123, udp—NTP (Apple)• 44510 :2195, tcp—APN• 42725 :2196, tcp—APN• 34693 :3260, tcp
https://www.fastvue.co/fastvue/blog/googles-quic-protocols-security-and-reporting-implications/
![Page 44: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/44.jpg)
FIREWALL PERMIT/DENY• VISIBILITY—PRACTICE ABILITY TO VIEW CLIENT NETWORK TRAFFIC TO DETERMINE IF YOU ARE
BLOCKING A NEEDED DESTINATION PORT
• BLOCK PORTS IN CHUNKS OR GROUPS—EASIER TROUBLE SHOOTING
• ADD PERMIT RULE FOR REQUIRED PORTS
• ADD DENY RULE
![Page 45: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/45.jpg)
FIREWALL PERMIT/DENY
![Page 46: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/46.jpg)
NGFW• LAYER 7 APPLICATION FILTERING
https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html
![Page 47: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/47.jpg)
RECOMMENDED READING
![Page 48: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/48.jpg)
“THE MORE I PRACTICE, THE LUCKIER I GET.”
![Page 50: #whoami...#whoami • director of technology and information systems 20+ years • certified information systems security professional (cissp) • certified giac system and network](https://reader033.vdocument.in/reader033/viewer/2022043006/5f90f744fe4a3965ad4a9d2d/html5/thumbnails/50.jpg)