This is a blogpost, and not intended to be a resume / CV
quality recollection. So, some of the dates are off by a bit or missing. I went
through the GIAC certification page (
https://www.giac.org/certified-professionals/directory/search
) and looked at the dates of certifications there and reconstructed this
timeline of SANS classes and certs. I know there are a few missing (like the
retired GIAC GSFP Fundamentals of Security Policy) that I took with James
Tarala in 2007 (I think).
 |
| Rough Draft attendance and GIAC certs |
Throughout this time, I was a facilitator for SANS because
my employers couldn’t or wouldn’t pay for the classes. I facilitated at many
conferences and summits.
I taught several semesters of classes at Tulane University
College prior to Hurricane Katrina (August, 2005). The classes were BASH shell
programming and Apache web server administration. These were in 2003-2005. I
saw SANS as an opportunity to further my education and my interest in teaching on
the side.
The first in-person class I took was SEC503 with Mike Poor
at Virginia Tech during Spring Break, 2005. The classroom was a large
auditorium with a couple hundred people in attendance. There was a funny wifi
problem. Randy Marchany went on stage a couple of times asking people to turn
off DHCP server in case someone was running one. Finally he went on stage and
said, “*Joe Smith* you are running a DHCP server on your laptop. We’ve tracked
your MAC address registered via our wifi registration to the DHCP Server
serving bad leases. Shut it off now, or we’re going to come find you.”
In 2006, I was all over the place dealing with the aftermath
of the disaster recovery from Hurricane Katrina. I was working remotely for
Tulane still, I moved from Houston, to Memphis, to Athens, Georgia. Then,
permanently to Maryland in the suburbs of DC.
In early 2007, I tried to run a SEC503 local mentor. There
was no enrollment. I tried to run it again, maybe one person enrolled:
cancelled. I tried again, one person: cancelled. SANS advised me to switch to
SEC504. I don’t think they said this expressly, but it was essentially, “it
sells much better and people will sign up for it.” Switch. I said no. I’ll do
SEC503 first, I assured them.
My first SEC503 mentor session had three students. I ran
it at the black rock center for performing arts with their projector. It went
great. The three people in the classroom really enjoyed it, and learned a lot.
I learned a tremendous amount. On average, I studied the material for about 10
hours for each hour of class time I lead. I spent my spare time learning this
content while I was working full time in the cyber security domain. I had left the work from home
position and took a position with a government contractor.
I got a call one day from Zoher Anis. “Chris, SANS called me
and asked me to pick up a SEC401 that had some problems. I don’t know all the
details, but it has to restart next week. I don’t have time to teach all the
classes because of some travel I had scheduled. Can you co-teach it with me? I told
them I won’t do it unless you co-teach with me. They really want it to run.”
Zoher and I had worked for the same company at one point and we knew one another through the
SANS community and that company. We had a common interest in security. We
started co-mentoring classes. SEC401, SEC560, and SEC504.
“Chris, can you go to Georgia in two weeks to teach SEC560?”
Scott Weill was asking me.
“Let me check, Scott. I need to verify I can get the time
off work.” I knew my managers supported the SANS work I was doing on the side.
But, this was something last minute and out of the ordinary. I was managing a 24x7 monitoring and response team at the time. They approved it. I made arrangements for my backup to deal
with the projects I was working on while I was gone.
The class went great. There were folks there from many
different companies and agencies. I met Russel Eubanks, who had recently moved
to Atlanta.
 |
Talks I've written, download
from: https://mgt517.com/soc |
When I returned to work, I had a tough conversation with my
customer management. He told me that he liked what I was doing with helping
people, but while I was gone, some things had gone poorly. He said, he knew
that if I was there, I would have addressed it and there wouldn’t have been any
impact. But, my backup wasn’t prepared to deal with the unexpected. He told me
that if I was a manager of a team, I needed to assure that things went the same
in my absence as when I was present, because I wouldn’t always be present.
When I left full time employment, I arranged with my contractor
employer and the customer to stop being the manager, and become an analyst on
the team that I had previously managed. Someone else on the team became the
manager.
Eric Conrad had approached me about a project he was working on that
would involve travel and development work. SANS had asked me to start teaching
SEC401 at the Learning Tree in five days. I asked them for at least ten of
these runs in the first year. Ten scheduled, but only six filled. I had
basically scheduled myself 150% of the time because I was afraid that my “pipeline”
of work wouldn’t come through. I was correct in some ways, but still over
subscribed.
(The talks pictured are extra presentations I've written and are publicly available for download from: https://mgt517.com/soc . It's the sort of extra work that needs to be done to continue to develop one's knowledge and community outreach in pursuit of being an independent contractor and SANS instructor.)
I became a Certified Instructor in 2012. “Jul 18, 2012 at
2:44 PM. subject: Promoted to Certified - Chris Crowley.” I was teaching a lot.
I was travelling a lot.
I’ve been traveling a lot since 2011. I’ve been home since I
returned from Tokyo, Japan on March, 9th 2020. Today is May 9th,
2020. (Update: August 18th, 2020 and I haven't left home for any work travel yet.) I think these two (now five) months are the longest contiguous time period that I’ve
stayed at home without work travel in the last ten years. I’m really enjoying
it. I’ll be happy to pick up when it’s safe to resume travel.
There’s a new chapter unfolding for me in 2020. I’m really
excited to tell you about it, but I can’t yet. It’s going to be a really big
surprise, and you won’t guess what it is. Some of you are going to hate it, and some of you are going to be really happy for me. I'm excited! (Update: this has been deferred until 2021, but it is still coming to fruition!)
