Feel free to ping me on Twitter etc.

Cheers…m

With regards to Twitter, I agree following too many people means you miss things, currently I’m only following people that either tweet things of interest to me or seem to have a good “reputation” on Twitter.

The challenges for Pen Testing is something on my list to try, and I will no doubt blog about my success and failures, I’m a patience person so I’m in no rush to have hundreds of hits (and the content isn’t there yet either). My blog is more like my own personal diary of how my “skills” are developing, if people read it all the better.

There aren’t any “local” security groups near me, but I intend to go to Defcon and possibly OWASP in London next year. I hadn’t heard of the InfoSec Mentor programme but I will have a look now.

I was actually having a look at the Offensive Computing courses, might see if I can convince work to pay for it..

Thanks for the reading book lists, some of those are on my list. I’ve been making a list of areas of InfoSec that I need to work on and then adding books to my list as I go.

Again thank you for taking the time to response to my comments.

Adam

>> I’ve never really worried about who follows me and who doesn’t, at the start maybe a little but I really don’t care. I don’t think I’ve ever asked anyone to follow me but I have had folk DM me, then unfollow so I couldn’t DM them back

I don’t like following too many people because I find that I miss so much from the people that I do want to follow. There are lists out there but again they’re subjective to the creator and many are full of “thought leaders” and “evangelists”, which IMHO isn’t a good thing and they’re not the people you want to follow. A lot of the time you get real “gems” out of really clever people who don’t have that many followers, nor do they care about having many.

On Twitter, you can comment on what others tweet as most folk are decent and will reply, engaging in a conversation Say enough interesting things and you’ll be followed. Similarly tweet links with your own comments & hashtags. This will most likely generate RTs etc.

I personally don’t follow people lists – it’s generally friends, friends of friends or folk who I feel are industry leaders and if any of that lot retweet something interesting, I’ll trial following the person who was retweeted.

Although I may not follow someone, I’ll always reply to a tweet to me, something a lot of so-called “security thought leaders” don’t do. Why? No idea, maybe their ego gets in the way? On the other hand, some sh!t-hot folk (who you imagine are incredibly busy) will go out of their way to help.

2. I have a blog, which although isn’t 100% security related will feature articles about Security, but then what? For example I was looking for a Pen Testers process flow diagram, Google was no help so I made my own, but who/how do I get it checked to see if it’s right before I blog about it?

>> I think you’re doing the right things but driving traffic to your site is difficult, especially when the people you want to read it are usually busy and many are trying to do the same thing as you whilst others are choosy over what they’ll read.

Have you thought about doing some of the challenges for pen tests or forensics on the web? You could the contests and post your solution on the blog after the challenge close date? That’ll generate traffic to your blog and usually get folk offering constructive criticism.

For me, I did a combination of the study route, was lucky enough to meet Brian Honan and got invited to be part of Iriss Cert, created HackEire, presented at local security meetings and posted links to what I did (as well as being fairly chatty on Twitter).

I’d recommend looking around where you live to see if there are any Security groups – Owasp, 2600, DefCon or even on the net, have you thought about applying to InfoSec Mentors as a mentee?

I think everyone’s different and you figure out along the way what works for you.

3. Courses – Are they worth it (I know hands on experience is best)? If so which one? SSCP, CEH, Security+

>> As I said on the blog, I’m a huge fan of SANS/GIAC and the ‘red aprons’, however, I do appreciate that they’re expensive I’d also look at the Offensive Computing courses, I’ve heard nothing but good about OCSP and OCSE (they are cheaper). I’d like to try them myself but if I do another course, it’ll most likely lead to a divorce!!

I don’t know enough about the others to comment though I’ve heard very mixed reports about the middle one.

4. Books – I’m reading 3 at the moment, but is there a book list somewhere? Or is it a personal choice?

>> On the HackEire blog about HackEire 2011, I posted some books that would’ve been useful for the CTF – http://www.hackeire.net/2011/11/hackeire-2011-ramblings-part-1.html.

Personally though, it’s a personal choice and if you want some guidance, you can’t go wrong with Bejtlich’s list – http://www.bejtlich.net/reading.html.