«
»

IronGeek’s interview on MalwareDiaries

August 24th, 2009

Hello,

As Jerome is away on vacation, he asked me to do some interviews of the people I think are up and coming “movers and shakers” in the security field. One such person, that immediately came to mind is Adrian Crenshaw. Adrian runs http://www.irongeek.com a website that covers various security topics ranging from infosec articles to tutorial videos, as well as almost anything in between. I had seen Adrian’s site in the past, but some lab testing where I got to use his ready made vulnerable web site, called “Mutillidae” (you can find it here http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10) gave me the opportunity to get in contact with him. I was very pleasantly surprised to immediately get an answer to my questions.

I was also further vindicated in my efforts to see that I wasn’t alone in trying this: http://blog.tenablesecurity.com/2009/04/tips-for-using-nessus-in-web-application-testing.html

So without further ado, I give you IronGeek, aka Adrian Crenshaw!

Name: Adrian Crenshaw

Site/blog: http://irongeek.com

Location: Louisville, KY area

iron

Tell us a bit about your background and what you currently do?

Currently, I’m a glorified help desk monkey in my day job. By night, I develop Irongeek.com which specializes in producing videos and articles for information security education. I have and AS in electronics, a BS in comp sci, a bunch of certs too old to matter and am working on an MBA since it’s the only degree I can get payed for where I work.

Why did you decide to become a security researcher?

I dig understanding how thing break, especially complex systems. I also like teaching others. Going into computer security education seemed like the thing to do to supplement my income, and get my tech toys paid for.

What is your typical day like as a security researcher?

Get up, read some articles on the web or parts of a book. Play with some tool I’m trying to learn. Once I think I have a basic understanding I try to make a video or article about how to use the tool or concept that strikes my interest. I have this theory that the best person to teach a noob is another  noob that just learned the subject themselves. A noob teacher does not take as many things for granted about the students knowledge, and knows the sticking points in trying to learn about a new topic.

On average, how many malware samples do you come across on a daily basis?

0.01, maybe I should start writing my own? :)

How do you deal with the ever increasing number of malware threats in the wild?

I run AV on critical systems, and am careful what I allow on my system. On most of my main boxes, I have no AV at all since so much of the software I work with is considered “hacking tools” by anti-virus vendors. That, and patch, patch, patch. Is all about lowering attack surface.

What is your environment like (number of machines, OS, VMs, bandwith etc.)

About 3 windows boxes, mostly XP, one Vista and am working on switching stuff over to Windows 7. Since I do mostly education, I’ve got to use what others use. For Linux, I’m an Ubuntu man and have it on my netbook, dual booted on my main laptop and use it in VMWare player. My VM environment is VMPlayer with VMXBuilder to make my VMs, but I need to look more into using Virtualbox. I’ve just got a cable modem connection to the world.

What do you think is going to be the next ‘big’ threat?

Stupid management that makes decisions without trying to understand the topic first. All computer problems are people problems when you get down to the bottom.

What is your involvment in the security community?

I’m a regular speaker at Phreaknic, Notacon and my local ISSA. The local ISSA is having a conference in Louisville shorty that I’ll be speaking at http://louisvilleinfosec.com/.   I also give free classes in the Louisville area, and am a regular on the Pauldotcom mailing list.

What is the achievement you are the most proud of (professionally)?

Not being put up on charges or restraining orders. That, and maybe my printer hacking research.

Anything else you would like to add?

Come see us at the Louisville Infosec Conference and:

What is best in life Conan?
To crush your enemies, see them driven before you, and to hear the lamentations of the vvemon!

Thanks!

Jean

——————————–

ParetoLogic, a Microsoft Certified Partner

 

RSS feed to this site Twitter Linkedin YouTube Channel

 

RSS feed to this site
Jerome Segura is a Security Analyst working at ParetoLogic.

You can contact him at:
MalwareDiaries Email

 

Pages




Security Software




Malware Top 10




Archives




Categories
 
 
 
Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.

© 2010 ParetoLogic Inc.