Q & A with Eric Conrad, SEC530 Co-Author

Eric Conrad

Meet Eric Conrad.  SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and co-author of SEC530: Defensible Security ArchitectureSEC511: Continuous Monitoring and Security Operations and SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead author of the CISSP Study Guide Book, and the Eleventh Hour CISSP: Study Guide. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering.

In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC; GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications.



SANS: What made you choose to work in tech/security?

Eric Conrad: I was an English major/computer science minor in college. After I graduated I answered an ad in the Boston Globe for an “Electronic Shephard” in 1991. That was for an oceanographic company that was an early dot.com firm. In 1993, I was working as a Unix sysadmin for a Japanese multinational company with a research lab in Cambridge, MA. We got hacked with a first-generation rootkit. I handled that incident (before knowing what incident handling was) and got hooked on InfoSec. I then found a full-time InfoSec role at Boston University in 1994, and never looked back.


SANS: Tell us an interesting fact about yourself and your connection to the technology world.

Eric Conrad: I’m the only SANS instructor mentioned in both Maximum Rock’n’Roll Magazine and Dragon Magazine.


SANS: What was your first SANS course?

Eric Conrad: SEC503 with George Bakos (2003)


SANS: What course is on your wish list to take as a student and/or to teach as an instructor?

Eric Conrad:  I’d love to take 573 (Automating Information Security with Python) or 760 (Advanced Exploit Development for Penetration Testers)


SANS: What song is missing from the NetWars playlist? What would you add and why?

Eric Conrad:  I created the Cyber Defense NetWars playlist and already have the best music!


SANS: What SANS event are you looking forward to most this year?

Eric Conrad:  I’m looking forward to SANS Prague, for the European debut of SEC530. Prague is a fantastic city, and I’m looking forward to returning there.


SANS: How has security changed in your specific industry in the past five years?

Eric Conrad: The leaked NSA hacking toolkit, combined with highly destructive malware such as Not Petya, has been a true game changer.


SANS: How do you stay up-to-date with the latest cybersecurity information? 

Eric Conrad: Twitter is the best source. Follow a bunch of SANS instructors, and follow the people that they follow.


SANS: Advice for someone taking a SANS course for the first time.

Eric Conrad: Network, network, network. Networking with other InfoSec professionals via SANS has been a huge boost to my career.


SANS: What is a quote that inspires your work and why??

Eric Conrad: “The best time to plant a tree was 20 years ago. The second-best time is now.” Chinese Proverb


SANS: Why do you teach for SANS and not other educational programs?

Eric Conrad: SANS has the best instructors on the planet!


SANS: What advice do you have for students pursuing a career in cybersecurity.

Eric Conrad:  Always work on something to further your career that is not directly tied to your day job. It could be a certification, a paper, a blog post, an open-source project, a talk, etc. If you haven’t performed public speaking, make that your goal.


SANS: What is the next big topic in cybersecurity? 

Eric Conrad: Influencing politics, elections, and national security via the Internet.


SANS: What was your first piece of technology as a child? 

Eric Conrad: I was the first kid on my block with a computer in 1983 (Texas Instruments TI-99/4A). I later upgraded to an Atari 800XL. I immediately got hooked on programming and loved exploring bulletin board systems (BBSes) via modem.


SANS: If you could write your dream course, what would it be about?

Eric Conrad:  I have already done so, a few times! Check out MGT414: SANS Training Program for CISSP® CertificationSEC530: Defensible Security ArchitectureSEC511: Continuous Monitoring and Security Operations & SEC542: Web App Penetration Testing and Ethical Hacking.



To learn more about Eric Conrad and where you can take his next course — visit his SANS bio page: https://www.sans.org/instructors/eric-conrad 

Catch him on Twitter @eric_conrad

 

Leave a Reply

Your email address will not be published. Required fields are marked *