GIAC GCFW Gold paper attempt and progress

Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
I've mentioned several times in the past that I have the GIAC GCFW Gold paper attempt lined up for this quarter. Its been something on my horizon for a while now but changing jobs and various life events have side-tracked my progress. My original approved subject was along the lines of how to use open-source tools to secure the network perimeter but I don't really use open source tools at my current job so I really felt a need to re-scope my paper.

After clearing it with my advisor I've settled on a new subject and abstract. My new paper is going to be focused on how to secure the perimeter of a large scale enterprise. The paper will be more targeted towards IT managers and will describe concepts more than nitty-gritty configuration choices.

Title: “How to Effectively and Efficiently Secure the Large-Scale Enterprise Perimeter”

Abstract:
“Large-scale enterprises are challenged with the daunting task of securing the perimeter while meeting regulatory and compliance requirements, maintaining cost effectiveness, and compensating for a lack of internal expertise. Due to the blurry and complex nature of modern network perimeters this can often become an insurmountable challenge. This paper intends to demonstrate a methodology that IT managers can follow to meet these challenges while greatly improving the security posture of the network. The reader will understand how to identify the boundaries of their network, identify compliance objectives, maximize return on investment, effectively evaluate third party service providers, and leverage outside expertise. The reader will also understand how to implement effective change management procedures, leverage existing network data, and create a culture of constant perimeter awareness. This paper supports many of the concepts from the GCFW, such as defense in depth, active security monitoring, and security gap analysis.”

Further, I’ve also created an outline for this paper that I’ll be following. One of the biggest pitfalls with a lengthy paper is keeping on track and only including relevant information. The subject of my paper is pretty broad so without an outline my paper would have no direction. I strongly recommend creating an outline while you’re developing your abstract to ensure that you put everything into the paper that the abstract states you will. The outline isn’t set in stone but it’s a general format that I’d like to follow.

Rather than posting a lengthy outline here I'll just link to my blog post which has the outline: Click Here.


Over the next several weeks and months I’ll be updating the blog with content from each section as I develop it. I am on the final push to meet the GSE requirements so a lot of effort will be going into this in a short amount of time. Stay tuned for my progress :)
CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/

Comments

  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Looks cool. I am really interested in the HiPAA section of your paper. I am sure it will be a good read.
  • [Deleted User][Deleted User] Posts: 0 ■■■■□□□□□□
    Are there clearly defined guidelines for a GIAC Gold Paper? I saw the scoring criteria but I didn't see any requirements that needed to be met. Have you published a Gold Paper already? I'd be curious to read it if you have. I'm excited to follow this thread, it seems like a great topic.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
    Looking forward to reading paper when you are finished icon_thumright.gif
    Currently working on: Linux and Python
  • Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
    Looks cool. I am really interested in the HiPAA section of your paper. I am sure it will be a good read.

    My plan for the regulatory requirements section of the paper is to describe the general nature of regulated environments, lay out common criteria amongst various regulatory bodies, and provide specifics for several of the well-known requirements such as HIPAA and PCI-DSS. I have a lot to cover in the paper so I don't want to get TOO specific into the various regs, but want to make sure that the paper appeals to as many environments as possible.
    xmalachi wrote: »
    Are there clearly defined guidelines for a GIAC Gold Paper? I saw the scoring criteria but I didn't see any requirements that needed to be met. Have you published a Gold Paper already? I'd be curious to read it if you have. I'm excited to follow this thread, it seems like a great topic.

    GIAC GOLD Security Certification

    There is a general outline that you're supposed to follow. The rubric that the papers are graded on include sticking to the template closely. I'm using the outline, papers I wrote in college, and other GIAC gold papers that are highly rated to ensure my formatting is correct. I have not published a gold paper yet, this will be my first.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • rogue2shadowrogue2shadow CISSP, GXPN, OSCE, OSCP, OSWP, eMAPT, CEH, CNDA, A+, Network+, Security+ Member Posts: 1,501 ■■■■■■■■□□
    Looking forward to reading paper when you are finished icon_thumright.gif

    +1. I'm definitely eager to see the finished product :)

  • [Deleted User][Deleted User] Posts: 0 ■■■■□□□□□□
    Paul Boz wrote: »
    My plan for the regulatory requirements section of the paper is to describe the general nature of regulated environments, lay out common criteria amongst various regulatory bodies, and provide specifics for several of the well-known requirements such as HIPAA and PCI-DSS. I have a lot to cover in the paper so I don't want to get TOO specific into the various regs, but want to make sure that the paper appeals to as many environments as possible.



    GIAC GOLD Security Certification

    There is a general outline that you're supposed to follow. The rubric that the papers are graded on include sticking to the template closely. I'm using the outline, papers I wrote in college, and other GIAC gold papers that are highly rated to ensure my formatting is correct. I have not published a gold paper yet, this will be my first.

    Cool stuff, good luck with the process. I'm sure you've got it on lock though.
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    Great blog I will bookmark it for future reference.
  • Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
    Oh snap!
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
  • shednikshednik Member Posts: 2,005
    Finally I get some news about this paper, I only posted a comment on your blog a month and half ago :D

    Best of luck on it Paul, I will be very interested to read it. It will relate to my team and specifically my role very well.

    joe

    also - don't let dynamik scare you. He's all talk icon_lol.gif
  • Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
    shednik wrote: »

    also - don't let dynamik scare you. He's all talk icon_lol.gif

    Yeah he's all talk until he puts GHB in your drink. Then he gets all business real quick.

    PS - In all seriousness, he definitely keeps me on my toes far too much to think he's all talk. He's also the most capable dude at my last job... by far (at least since I left hehehe).
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
    The paper's coming along nicely. I'm about 50% through with the first section, defining the perimeter. The other sections each have probably 10% content. Basically the way I write papers is I define my outline, built it out into the document, then flesh out the content based on what I can tolerate to write on at that given point in time. Eventually each section gets completed and I can edit / re-write for competence. I think that as long as you pick a topic that interests you and you are a good speaker the paper shouldn't be a big deal. I'm enjoying writing it so far. I went from zero to 11 pages last night without thinking about it. I really hope they don't bust my balls because I'm going to shatter the recommended page count :/
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • rogue2shadowrogue2shadow CISSP, GXPN, OSCE, OSCP, OSWP, eMAPT, CEH, CNDA, A+, Network+, Security+ Member Posts: 1,501 ■■■■■■■■□□
    Paul Boz wrote: »
    The paper's coming along nicely. I'm about 50% through with the first section, defining the perimeter. The other sections each have probably 10% content. Basically the way I write papers is I define my outline, built it out into the document, then flesh out the content based on what I can tolerate to write on at that given point in time. Eventually each section gets completed and I can edit / re-write for competence. I think that as long as you pick a topic that interests you and you are a good speaker the paper shouldn't be a big deal. I'm enjoying writing it so far. I went from zero to 11 pages last night without thinking about it. I really hope they don't bust my balls because I'm going to shatter the recommended page count :/

    Sick! Great update :)

Sign In or Register to comment.