GIAC GCFW Gold paper attempt and progress

I've mentioned several times in the past that I have the GIAC GCFW Gold paper attempt lined up for this quarter. Its been something on my horizon for a while now but changing jobs and various life events have side-tracked my progress. My original approved subject was along the lines of how to use open-source tools to secure the network perimeter but I don't really use open source tools at my current job so I really felt a need to re-scope my paper.

After clearing it with my advisor I've settled on a new subject and abstract. My new paper is going to be focused on how to secure the perimeter of a large scale enterprise. The paper will be more targeted towards IT managers and will describe concepts more than nitty-gritty configuration choices.

Title: “How to Effectively and Efficiently Secure the Large-Scale Enterprise Perimeter”

Abstract:
“Large-scale enterprises are challenged with the daunting task of securing the perimeter while meeting regulatory and compliance requirements, maintaining cost effectiveness, and compensating for a lack of internal expertise. Due to the blurry and complex nature of modern network perimeters this can often become an insurmountable challenge. This paper intends to demonstrate a methodology that IT managers can follow to meet these challenges while greatly improving the security posture of the network. The reader will understand how to identify the boundaries of their network, identify compliance objectives, maximize return on investment, effectively evaluate third party service providers, and leverage outside expertise. The reader will also understand how to implement effective change management procedures, leverage existing network data, and create a culture of constant perimeter awareness. This paper supports many of the concepts from the GCFW, such as defense in depth, active security monitoring, and security gap analysis.”

Further, I’ve also created an outline for this paper that I’ll be following. One of the biggest pitfalls with a lengthy paper is keeping on track and only including relevant information. The subject of my paper is pretty broad so without an outline my paper would have no direction. I strongly recommend creating an outline while you’re developing your abstract to ensure that you put everything into the paper that the abstract states you will. The outline isn’t set in stone but it’s a general format that I’d like to follow.

Rather than posting a lengthy outline here I'll just link to my blog post which has the outline: Click Here.

Over the next several weeks and months I’ll be updating the blog with content from each section as I develop it. I am on the final push to meet the GSE requirements so a lot of effort will be going into this in a short amount of time. Stay tuned for my progress

Find more posts tagged with

Comments

Bl8ckr0uter

Looks cool. I am really interested in the HiPAA section of your paper. I am sure it will be a good read.

[Deleted User]

Are there clearly defined guidelines for a GIAC Gold Paper? I saw the scoring criteria but I didn't see any requirements that needed to be met. Have you published a Gold Paper already? I'd be curious to read it if you have. I'm excited to follow this thread, it seems like a great topic.

veritas_libertas

Looking forward to reading paper when you are finished

Paul Boz

Bl8ckr0uter wrote: »

Looks cool. I am really interested in the HiPAA section of your paper. I am sure it will be a good read.

My plan for the regulatory requirements section of the paper is to describe the general nature of regulated environments, lay out common criteria amongst various regulatory bodies, and provide specifics for several of the well-known requirements such as HIPAA and PCI-DSS. I have a lot to cover in the paper so I don't want to get TOO specific into the various regs, but want to make sure that the paper appeals to as many environments as possible.

xmalachi wrote: »

Are there clearly defined guidelines for a GIAC Gold Paper? I saw the scoring criteria but I didn't see any requirements that needed to be met. Have you published a Gold Paper already? I'd be curious to read it if you have. I'm excited to follow this thread, it seems like a great topic.

GIAC GOLD Security Certification

There is a general outline that you're supposed to follow. The rubric that the papers are graded on include sticking to the template closely. I'm using the outline, papers I wrote in college, and other GIAC gold papers that are highly rated to ensure my formatting is correct. I have not published a gold paper yet, this will be my first.

rogue2shadow

veritas_libertas wrote: »

Looking forward to reading paper when you are finished

+1. I'm definitely eager to see the finished product

[Deleted User]

Paul Boz wrote: »

My plan for the regulatory requirements section of the paper is to describe the general nature of regulated environments, lay out common criteria amongst various regulatory bodies, and provide specifics for several of the well-known requirements such as HIPAA and PCI-DSS. I have a lot to cover in the paper so I don't want to get TOO specific into the various regs, but want to make sure that the paper appeals to as many environments as possible.

GIAC GOLD Security Certification

There is a general outline that you're supposed to follow. The rubric that the papers are graded on include sticking to the template closely. I'm using the outline, papers I wrote in college, and other GIAC gold papers that are highly rated to ensure my formatting is correct. I have not published a gold paper yet, this will be my first.

Cool stuff, good luck with the process. I'm sure you've got it on lock though.

dynamik

Why only one?

tpatt100

Great blog I will bookmark it for future reference.

Paul Boz

Oh snap!

cgrimaldo

bookmarked!

shednik

Finally I get some news about this paper, I only posted a comment on your blog a month and half ago

Best of luck on it Paul, I will be very interested to read it. It will relate to my team and specifically my role very well.

joe

also - don't let dynamik scare you. He's all talk

Paul Boz

shednik wrote: »

also - don't let dynamik scare you. He's all talk

Yeah he's all talk until he puts GHB in your drink. Then he gets all business real quick.

PS - In all seriousness, he definitely keeps me on my toes far too much to think he's all talk. He's also the most capable dude at my last job... by far (at least since I left hehehe).

Paul Boz

The paper's coming along nicely. I'm about 50% through with the first section, defining the perimeter. The other sections each have probably 10% content. Basically the way I write papers is I define my outline, built it out into the document, then flesh out the content based on what I can tolerate to write on at that given point in time. Eventually each section gets completed and I can edit / re-write for competence. I think that as long as you pick a topic that interests you and you are a good speaker the paper shouldn't be a big deal. I'm enjoying writing it so far. I went from zero to 11 pages last night without thinking about it. I really hope they don't bust my balls because I'm going to shatter the recommended page count

rogue2shadow

Paul Boz wrote: »

The paper's coming along nicely. I'm about 50% through with the first section, defining the perimeter. The other sections each have probably 10% content. Basically the way I write papers is I define my outline, built it out into the document, then flesh out the content based on what I can tolerate to write on at that given point in time. Eventually each section gets completed and I can edit / re-write for competence. I think that as long as you pick a topic that interests you and you are a good speaker the paper shouldn't be a big deal. I'm enjoying writing it so far. I went from zero to 11 pages last night without thinking about it. I really hope they don't bust my balls because I'm going to shatter the recommended page count

Sick! Great update