RICH CLAYTON

BLOG

Marysville Ohio | 805.973.7123 | rclayton1@gmail.com

Baulder's Gate

02/22/2024

OK, this is the best game I've played in quite a while. The thing that makes it cool, is the re-playability. Going to try to keep it to a minimum though. There's work to do.

OpenCTI

02/22/2024

I have mixed emotions about threat intelligence. It's definately cool, but at the same time how useful is it? I would like to know how realistic it is to operationalize this data. Something tells me it's not that easy. When I think of threat intel, I think of an analyst sitting there learning that the virus that is currently ravaging his enterprise was built by a guy from a small village Brazil, and who is linked to other breaches in the sector. Oh how useful! Meanwhile ransomware is being demanded from the business. Threat intel is basicaly a research tool for research people, and doesn't serve any useful purpose as far as I can tell.

Renewed the Azure Administrator

02/07/2024

I don't know if there's much to say about this. Microsoft makes this pretty easy and all the questions and answers are online if you search around. I'm not complaining, but it's not that hard.

Ghost blogging software

02/06/2024

Really impressed with the Ghost blogging app, built into a contianer with NGINX as a reverse proxy and mysql as the backend. It's very simple and I'm thinking about moving this resume site to it... the trouble is, my blogging isn't exactly masterful and certainly not yet worthy of a platform to house and showcase long in depth articles unless I start having ChatGPT write them for me! Check out Ghost

HomeLab

02/05/2024

Well I've been building out the homelab in anticipation of starting grad school. Revisiting docker now that I've dedicated a laptop as a second Proxmox server. Portainer is awesome but you still gotta know how the containers work. I'm running some other random ones most people run I think, PiHole for DNS, Memos, Homer, LinkWarden, Uptime Kuma, nginx, and Wordpress.

Pen Testing

02/02/2024

I've been on a tear lately brushing up on my old penetration testing skills. I'd forgotten how much fun it is. Kali purple is an interesting addition to the growing list of distros available for use. I started with Backtrack back in the good old days.

Built ELK

01/25/2024

That was a pain. I built ELKstack (ElasticSearch, Kibana, Logstash) because I needed to look at some internal logs and thought that would be a good and easy open source way to do it. Well, actually backing up, I went to build graylog because I'd done it before and it was decent. That was a bust so I switched to ELK which basically uses the same components, and that was a pain too. What is up with these tools? They are barely usable even if you have a ton of compute. Disappointing all around.

Built Wuzah

01/13/2024

Well this seems like a really good solution for someone who doesn't have a solution at all. I mean, it takes all the same approaches as what you see in the enterprise but you have all the same management headaches. Namely, deploymnet and maintenance of agents. Looks like elastic is being used as the SIEM which is cool, if you need a SIEM. (Pronounced "SIM") That's a pet peeve. Anyway, did the market finally determine that SIEMs are too expenseive and never deliver or are we still acting like everyone needs one?

Built a LAMPstack for no reason

01/10/2024

I definately needed to puclish something to the internet so I built a DMZ in pfSense, and a linux virtual machine in ProxMox, and a proper segmented network configuration, Apache, PHP, and mysql. Then the virtual servers and certificates to serve the site externally via a ddns registration mysite.ddns.net, and tested it from an external Azure virtual machine.... and now... what to publish? A test page. OK time to disable the NAT rule. That was fun.

Went with pfSense

01/08/2024

I was recently in the market for a new firewall, (the old ZyXel died) and discovered pfSense for the first time. I know it has been around for a long time but wow it has gotten good. I know it's bad practice to reveal what one runs in terms of security to the rest of the worl but I think I'm safe. I'll count this as my first personal project to list here, along with upgrading to 2.5 gigabit ethernet and 10 gig backbone in the house for access to the QNAP NAS. Pfsense makes it easy to implement IDS, VPN along with a ton of other stuff.

Happy New Year

01/05/2024

We're getting our first set of storms for the year this weekend. The youtube algorythm really wants me to know that it's going to snow. Apparently there are tons of underground weather forecasters that are on youtube, who have better access to all the tools that it takes to forecast the weather. Why aren't these available to everyone? Or better yet, why isn't AI just doing all this?

Deeper into AI

09/22/2023

I'm currently diving deeper into AI and Stable Diffusion running models locally. I only have an 8GB GPU so I have to stick to the 5GB or so stable diffusion models and the 7B parameter LLMs for chat but it works! Thanks to whoever built EasyDiffusion!

Passed the SC-400 Renewl test

08/17/2023

The knowledge you need to pass the main SC-400 is very esoteric. The renewl test reminds you of just that, trying to cover some of the main, albeit obscure objectives of that test.

Which certification is the hardest?

08/016/2023

I've taken over 30 certifications throughout my career and I've been asked on multiple occasions about the difficulty of the exams in comparison to each other. Here's how I'd rank the most recent and most popular exams in order of difficulty.

  1. CISSP
  2. CISA
  3. CISM
  4. SC-400
  5. AZ-104
  6. AZ-500
  7. SC-300
  8. SC-200
  9. CCISO

It's worth mentioning that I took the CISSP in 2009, when the tests were 6 hours, in person "scan-tron", and I had to drive 5 hours to a testing center at the time. All of which made the testing experience much more stressful and difficult.

Please check out Gracen!

08/14/2023

Been working on the third party risk questionnaires for a while now for Gracen We do third party vendor risk management and general information security advisory and/or consulting! Get a hold of me.

The BLOG site is going live.

08/13/2023

This is a little site I build to showcase some of the accomplishments I've had during my journey to a Master's in CyberSecurity. I've never been so busy without a full time job! I'm doing all this by hand and not using some BLOG generator BTW.

Finished Coursera Introduction to Generative AI

08/11/2023

The math was way over my head on this one. I understood the basic concepts and the labs were cool, allowing you to actually use their models in the AWS environment. Seems like it was mostly geared toward those that might eventually need to do actual instruction.

Passed the SC-300 Renewal Test from Microsoft.

08/08/2023

These are tests you have to take every year to kepp your certification current. I wish Microsoft had study material for the update tests. A refresher for the entire contect of the original test makes it a little tough.

Passed the SC-200 Renewal Test from Microsoft.

08/08/2023

These are tests you have to take every year to kepp your certification current.

Passed C|CISO Certification

08/07/2023

I studied for this test for a few weeks. Having just taken the CISA I figured the material would overlap and it did. The C|CISO may be a prestigious certification but I found it to be fairly easy. This test was easier than the other three governance tests I've taken (CISSP, CISM, CISA) The study material (book, video, and powerpoints) are only available for a year and they were really good. I'd like to have them for "real life" as reference material in my next job, whatever that may be...

Finished Google Introduction to Generative AI

07/25/2023

This was a very easy course and served to teach the basic vocabulary around dealing with LLMs (Large Language Models)

Passed CISA Certification

07/21/2023

I studied for this cert for a few weeks. Given my background I thought is would be easier than it was. I'd say the CISA is harder than the CISM. The check in process is worth mentioning though, I thought it was a bit overkill. They asked for the standard, things like "show me your desk" and "show me the room" but then, the "show me under your computer, under your mouse pad, and show me each of your ears and under your arms" was a little bit much. I got distracted by a butterfly flying by my window at one point and got a warning for "looking away from my computer" (during this 4 hour test) and was also repremanded for covering my mouth like "the thinker" statue. It was definately the most trouble I've ever been given in my 30+ certification tests I've taken.

Running LLMs locally

07/19/2023

I started off looking into PrivateGPT to see if I could run a model locally and parse through a bunch of PDFs and text files. The short version of the story is, after playing in vmware for a long time and fighting a bunch of python errors, I moved to my gaming rig with the NVIDIA graphics card and everything worked. Besides the LLMs which are interesting by themeselves, and the seemingly countless number of models, Stable Diffusion locally is the most interesting thing I've been playing with. Crazy what you can create!

In case anyone is wondering

06/10/2024

I'm playing a lot of golf...

ClaytonLabs 2024