• 
   Subscribe in a reader

• Twitter

  • RT @carnal0wnage metasploit msfconsole gets color! http://bit.ly/4w3Hxr & http://bit.ly/45MbSz > It's so pretty that I might just frame it ! 4 hours ago
  • is wondering how much a Technet subscription will cost. 5 hours ago
  • There I was, innocently listening to @securityjustice when I hear a sweeper with me saying "going in like a super hacker" #LOL 10 hours ago
  • RT @ToolsWatch NetworkMiner v0.90 released! @ http://bit.ly/CzmNj 18 hours ago
  • [Blog SPAM] GWAPT / SEC542 --> http://bit.ly/3xyeKl 23 hours ago

• Security

  • Carnal0wnage Blog
  • McGrew Security Blog
  • PaulDotCom
  • SANS Institute

• Category Cloud

  Conference General Life Metasploit Penetration Test Security Strange Study Technology

• My Photos

  More Photos

• RootSecure (Latest)

  • techradar: Secret net security flaw exposed by accident "SSL isn't as perfect as we once thought, but they're working on it"
  • Wired: Brazilian Blackout Traced to Sooty Insulators, Not Hackers "A massive 2007 electrical blackout in Brazil has been newly blamed on computer hackers, but was actually the result of a utility companys negligent maintenance of high voltage insulators"
  • The Register: Bot herders hide master control channel in Google cloud

About me

SANS Amsterdam 2008

Name: Chris John Riley
Nationality: British
Location: Austria (Niederösterreich)

A little history: I’ve been working in IT since about 1996, mostly working in server and desktop support roles as well as some special projects work. Like most people, I kind of fell into doing some security work while working at my previous employer (Computershare in Munich, Germany). After diving into vulnerability scanning and some IDS work, the technical side of security really began to interested me more and more. I’d always been security conscious (that’s how I got the unfortunate nickname – The Änal Security Guy) and after a while doing security on the side, I decided to re-focus my career away from support with a side-helping of IDS/Vulnerability testing, and to full-time security. Not an easy transition, but worth every penny, and every hour spent learning.

After taking about 6 months off from work to read up on security in all forms, attending some courses (of varying quality) and get some nice shiny Security qualifications (Security+, CEH, ECSA and MCSE 2003:Security) I moved back into the 9-5 life here in Austria. I’m currently working as an IT Security Analyst and spend most of my time doing penetration testing of internal systems, or for external clients. I’m studying various things currently, No point listing them all, it seems to change on a weekly basis. There’s always something new to learn after all.

I’ve been lucky enough to gather together a range of IT certificates over the last 13 years in the industry (for better or for worse). My latest is the GIAC/SANS GPEN (GIAC Penetration Testing) qualification which I’m hoping will lead me to be able to work more closely with SANS in the future in the role of a Mentor or Community Teacher. Until then I’ll be trying to get through my ever growing workload and try and squeeze in the odd blog entry here and there. Hope you enjoy.

Feel free to leave feedback, or send me an email – contact[AT]c22[DOT]cc

Disclaimer

The information in this blog is provided “AS IS” with no warranties, and confers no rights. Any opinions expressed in this blog are mine and do not represent the thoughts, intentions, plans or strategies of any employer, past, present or future. If you have travelled back from the future to tell me the strategy of a future employer, please keep it to yourself.

I make no guarantees over the quality, quantity, or common sense of any of my posts here. If you find anything posted here mildly interesting, please feel free to leave a comment. No, I do not pay for comments. Although I do offer prizes for the funniest ones.

5 Responses to “About me”

1. atul jha said

   November 16, 2007 at 10:26 pm

   hey just googlin 4 ceh exam center came across ur page.

   neat

2. Kaushal said

   December 15, 2007 at 6:04 am

   Hi,

   Was surfing through some sites and found your reply on one of them. Sounds interesting, but coming to India for ECSA , CEH and MCSE..is strange for me.
   Well, I agree with your views for CEH, but security starts from within. I am also looking for security jobs in India. I was working as Information security officer and we had implemented ISO 270001 in our organisation.There is cultivated interest and digged further….still learning new things.. dedicate yourself …you will find a job…think,eat and live “security” and you will find it…

   Job is like a child, take care of it and it will take care of you.

   Rgds

   Kaushal

3. Michael Schratt said

   January 8, 2009 at 10:05 pm

   hi,

   nice article in 1/09 hakin9
   how did you get your GPEN cert? selfstudy? proctored exam?

   would be nice hearing from you!
   i’m from lower austria too

   BR Michi

4. Chris Riley said

   January 9, 2009 at 12:06 pm

   Thanks, to be honest it was something quick I threw together. So glad it came over well. The GPEN, like all of the SANS certs, really should be studied through a SANS course (live training, Self Study, or using the SANS@home series). You have the option to study from your own material and then challenge the exam, however this is tricky to get right, as the topics covered in the GPEN can be very specific. I personally attended a course in Amsterdam and then followed it up with a proctored exam. You get 2 practice tests before the real one, so enough time to prepare. To be honest the exam itself isn’t that hard if you know your stuff and have good organisational skills. As the SANS exams are open book you can have material with you to reference. That said, there isn’t enough time to look up all the answers, so you still have to know whats what. The SANS courses aren’t cheap. My tip, if your company won’t cover the costs, is to try for the work and learn scheme (checkout the SANS website for info). It’s not easy to get in, but if you do it’s a great way to learn. The basics are, you work at a SANS event helping them setup/packup, as well as helping in-class with paperwork, problems etc…. for that you get a 6 day course for $700 which is a huge discount. It’s hard work, but worth every penny in my opinion.

5. Serbanescu Sorin said

   July 23, 2009 at 4:24 pm

   All my respect for a professional.
   –Best regards