European Union (EU) Notification

"This site uses cookies from Google to deliver its services and analyze traffic. Your IP address and user-agent are shared with Google ...

Popular Post

Monday, October 15, 2018

DEKO 37 | San Antonio Video Production | 210-573-7386 |

If you need high quality, high impact, compelling media content that is emotionally engaging and visually evocative, then you are recommended to seek out Danny O-K at DEKO 37, 210-573-7386.

I know Danny as the hardest working videographer in San Antonio, but he might be best known for delivering positive media for exceptional clients.

Danny is most proud of the work he does that benefits the local civilian, military, and veteran community in the San Antonio area. A few that come to mind are his recent projects working with the San Antonio Housing Authority (SAHA), the United States Air Force (USAF), and the Department of Veterans Affairs (VA). (The work that Danny has done with the USAF and the VA has not yet been released for public consumption, but expect to see it in the near future.)

The San Antonio Housing Authority (SAHA) competed in the Wireless Innovation for a Networked Society (WINS) competition. The competition, sponsored by the National Science Foundation and Mozilla, was an opportunity for communities to bring forth innovative ideas on bridging the digital divide. SAHA devised a solar-powered Wi-Fi network prototype, dubbed Solar Mesh And Re-engineered Technology Innovation (SMARTI), which would be leveraged to provide greater Internet access in the 50-Acre Cassiano Housing Project, where it is estimated that only ten percent of the residents have Internet access (Flahive, 2018). According to an Express News report, 42 percent of residents in the 78207 zip code (where Cassiano is located) live in poverty (Stoeltje, 2017).

SAHA had a compelling story to tell, and enlisted Danny OK of Deko37 to help them tell their story. By leveraging Danny OK's expert videography skills, SAHA was able to secure a $100,000 grant to help the Cassiano Housing Project, and deliver Internet access to an estimated 13,500 residents (Mozilla and National Science Foundation, 2018) (Flahive, 2018).

If you want high quality, high impact, compelling media content that is emotionally engaging and visually evocative, then you are recommended to seek out Danny O-K at DEKO 37, 210-573-7386. If you're not in San Antonio, no big deal, because DEKO 37 works with clients throughout the United States and Internationally.

Full disclosure: I WAS NOT compensated for this article. Just giving a shout to a fellow Geekdom member.


DEKO 37. (2018, June 20). SMARTI - SAHA - DEKO 37 Video Production San Antonio. Retrieved from

DEKO 37. (2018). DEKO 37 | San Antonio Video Production. Retrieved from htttps://

Flahive, P. (2018, September 25). San Antonio Housing Authority claims $100k prize to improve internet access for poor communities. Retrieved from

Mozilla and National Science Foundation. (2018). Smart community networks challenge grand prize winners. Retrieved from

Stoeltje, M.F. (2017, January 6). Chapter I: 'A tale of two countries'. Retrieved from

Tuesday, August 14, 2018

VetsInTech CyberSecurity Training at Palo Alto Networks in Santa Clara, CA (August 6-10, 2018)

The course: The Palo Alto Networks Firewall 8.1 Essentials: Configuration and Management (EDU-210)

The instructor of the course was Mitch Densley. I am not sure that it is possible to request the instructors by name, but if I could, I'd request Mitch for every class. He provided an abundance of resources that went above and beyond the core curriculum, to the point that there wasn't enough time to review them all. I am still perusing materials days after the class is over. Mitch was not alone in delivering the course. He was accompanied by what I would best call subject matter experts: Sandro (Professional Services Architect) and Tom (Content Developer) also brought their weight of experience to bear during the course, helping to translate classroom activities to real-world applications. One thing I won't forget about Tom is that he finds his work fun because he gets to tinker for a living. One thing I remember about Sandro is that he said "The Network is King" more than once. It's almost like a mantra with that guy.

The focus of the course was not purely academic. The head of technical recruiting, Chuck Konrad, described how job descriptions and resumes are read by actual recruiters and provided pointers on how this could be used to your advantage. One point that was made repeatedly was reaching out to persons inside the company of interest prior to blindly submitting an application. Interview pointers on being prepared to explain and answer how one has overcome adversity and/or performed in the past with respect to the role's requirements. Further, he made a big emphasis on integrity/honesty (since no one is expected to know it all in cybersecurity, not knowing it all isn't a negative).

There were multiple guest speakers that came by an accentuated that we (veterans) should be prepared to show examples of abilities that veterans hone: learning quickly, adapting and overcoming in volatile and/or adverse situations, discipline to persevere in spite of limited progress, etc. Further, the guest speakers voiced how Palo Alto Networks supported veterans in the training initiatives.

Oh yeah, lest I forget: there was a consistent reminder that adversaries are launching automated attacks, and that defenders have to get better at putting in place the proper automated defenses.

Here's a run-down of the persons I encountered during this course. I was able to get a little something from everyone.

Mitch Densley (Security Training Engineer at Palo Alto Networks)

Classroom Subject Matter Experts:
Sandro Janita (Professional Services Architect at Palo Alto Networks)
Tom Gonzales (Technical Instructional Developer at Palo Alto Networks)

Guest Speakers (in order of appearance):
Linda Moss (Vice President of Global Enablement at Palo Alto Networks)
Chris Starling (Director of Operations at VetsInTech)
Ashley Richardson (Security Training Engineer at Palo Alto Networks)
Rick Howard (Chief Security Officer at Palo Alto Networks)
Chuck Konrad (Director, Global Technical Recruiting and Veterans Programs at Palo Alto Networks)
Dustin Whidden (Sr. Veterans and Diversity Program Lead at Palo Alto Networks)
Mark Anderson (President at Palo Alto Networks)

This gentleman wasn't a guest speaker, but he was very receptive to comments (both positive and negative) with regards to the courseware:
Hung Ha (Courseware Development Manager at Palo Alto Networks)

Also, a shout out to my fellow students:
Jordan A.
Joseph B.
Rafael E.R.
Joseph G.
Dennis H.
Christopher H.
Eddie H.
Albert H.
Peihua K.
Kelly L.
Lewis L.(myself)
Willie N.
Juan T.
David T.
Archie U.

Currently, the calendar at lists upcoming events in Arlington, VA (Washington, DC area) and Boston, Massachusetts:

VetsInTech Cybersecurity Training (Arlington, VA) (VetsInTech, in partnership w/ Sun Management and Palo Alto Networks)
2019-09-17 (Monday) thru 2018-09-21 (Friday)

VetsInTech Cybersecurity Training (Boston, MA) (VetsInTech, in partnership w/ DraftKings and Palo Alto Networks)
2018-10-22 (Monday) thru 2018-10-26 (Friday)

If you have any questions about the experience, I can provide a first-hand account of any details you're curious about that weren't expressed here.

Since VetsInTech is a non-profit, it depends upon donations to provide its outstanding services to veterans. If you would care to donate to their mission, you can do so at this link:

VetsInTech is a non-profit that helps veterans connect to the technology industry, with programs for education, entrepreneurship, and employment. For more information about VetsInTech, please see

Palo Alto Networks is a for-profit network and enterprise security company based in Santa Clara, California. For more information about Palo Alto Networks, please see

"This site uses cookies from Google to deliver its services and analyze traffic. Your IP address and user-agent are shared with Google along with performance and security metrics to ensure quality of service, generate usage statistics, and to detect and address abuse."

Monday, September 2, 2013

CISSP FAQ for Veterans

> What is the CISSP?

> Do jobs requiring the CISSP pay well?

> Where can I obtain more information on the CISSP?

> What must I do to earn the CISSP credential?

> What are these domains that it keeps referring to?

> How can a veteran meet the domain experience requirements?

> What about endorsement?

> How do I maintain the CISSP credential?

> How do I prepare for the exam?

> How long must I study for the exam?

> Any test-taking strategies?

> How can I offset the exam costs?

> Where can I register to take the exam?

> How long before I receive my credentials?

> About the author.

Note: This FAQ is veteran-focused, and may mention a few resources that are veteran-specific, but for the most part, anyone curious about the certification may find the information useful. I attempted to avoid the use of military-specific acronyms, in order to make this FAQ more palatable to those outside the Department of Defense (DoD).

> What is the CISSP?

Back to the Top

The CISSP is the Certified Information Systems Security Professional designation, that is awarded by (ISC)2, the International Information Systems Security Certification Consortium. (ISC)2 has successfully marketed the CISSP to be known as the gold standard in information security certifications.

“If it’s not the CISSP, it may not be the best fit. The Gold Standard in Information Security” Source:

More general information about the CISSP can be found by downloading the candidate information bulletin:

> Do jobs requiring the CISSP pay well?

Back to the Top

This is a very informal analysis method.. There is no promise on compensation as a result of certification. Compensation can vary based on company, locations, etc. Nevertheless, a quick search on (make sure to choose to include salary information), reveals various jobs, none paying less than $57 per hour on the first page:

Of course, compensation is dependent upon location, skills and experience. Some locations pay less than others. Even within the same geographies, some employers pay less than others. Veterans are usually full of information security skills and experience. (See later in this faq about the domains: a veteran should be somewhat familiar with at least half of them.)

> Where can I obtain more information on the CISSP?

Back to the Top

(ISC)2 is considered authoritative on all things CISSP. If one wants to walk into things more slowly, (ISC)2 has some webinars that provide some free information about the program, at this link:

As waiting through that series of courses may be too slow to get an overview of the exam content, feel free to read the rest of this FAQ, to get more information about the credential.

> What must I do to earn the CISSP credential?

Back to the Top

To earn the credential, one must pass the examination, and complete the endorsement process.

Pass the Exam - Pass the CISSP examination with a scaled score of 700 points or greater. Read the Exam Scoring FAQs at

Complete the Endorsement Process - Once you are notified that you have successfully passed the examination, you will have nine months from the date you sat for the exam to complete the following endorsement process:
- Complete an Application Endorsement Form
- Subscribe to the (ISC)2 code of ethics
- Have your form endorsed by an (ISC)2 member
The credential can be awarded once the steps above have been completed and your form has been submitted.* Get the guidelines and form at


> What are these domains that it keeps referring to?

Back to the Top

The CISSP exam is based on the following ten domains:

Access Control
Telecommunications and Network Security
Information Security Governance and Risk Management
Software Development Security
Security Architecture and Design
Operations Security
Business Continuity and Disaster Recovery Planning
Legal, Regulations, Investigations and Compliance
Physical (Environmental) Security

These domains represent the ten areas that (ISC)2 considers to represent the critical topics in security today.


> How can a veteran meet the domain experience requirements?

Back to the Top

Candidates are required to present a minimum of five (5) years of direct full-time professional security work experience in two or more of the ten domains. One of these years may be waived by obtaining a four-year college degree, or passing a certification on the approved list (of which Security+ is one).

It should be VERY easy for a veteran to meet the domain experience requirements. The author will present two or three domains, so that candidates will have an idea of how their past work fulfills an information security domain. Please consider that services have policies that provide specific punitive prohibitions against NOT performing these measures.

Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.
Site/facility design considerations
Perimeter security
Internal security
Facilities security

Every service member’s military occupational specialty may be different, but they will all perform physical security operations during their jobs. What is important here is that it even allows credit to the person who designs the facility.

Business Continuity and Disaster Recovery Planning – addresses the preservation of the business in the face of major disruptions to normal business operations.
Business impact analysis
Recovery strategy
Disaster recovery process
Provide training

Military operations are designed to be resilient. Training exercises are conducted. Continuity books are updated. Military personnel have frequent turnover via the reassignment process, but the mission of the organizations must continue, whether or not the same personnel are there. The company, brigade, or division commander could be replaced suddenly, but the mission will continue. Talk about succession planning. This requires a high level of coordination and planning at all levels.

Information Security Governance and Risk Management - the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
Security governance and policy
Information classification/ownership
Contractual agreements and procurement processes
Risk management concepts
Personnel security
Security education, training and awareness
Certification and accreditation

This addresses several areas. C&A, education, awareness training, personnel security, risk management, contracts and procurement, information classification, and policy. Issues such as information classification and ownership are universal throughout all job levels, and cannot be avoided. Even if one is specifically in charge of trash disposal, there are certain methods for disposing of some information that are not allowed for others. As such, even the lowly E-1 has to comply with information security policy.


> What about endorsement?

Back to the Top

It is well-known that the CISSP credential requires that one be “endorsed” by a CISSP in good standing, prior to receiving the certification officially from (ISC)2. The obvious question is how can one obtain endorsement, if he/she does not know a current CISSP that could vouch for their experience? In this case, (ISC)2 has the ability to serve as an endorser for a candidate, by requiring the same documentation that would be submitted in cases of an audit.

See this link for additional details:

> How do I maintain the CISSP credential?

Back to the Top

Recertification is required every three years, with ongoing requirements to maintain your credentials in good standing. This is primarily accomplished through earning 120 Continuing Professional Education (CPE) credits every three years, with a minimum of 20 CPEs earned each year after certification. If the CPE requirements are not met, CISSPs must retake the exam to maintain certification. CISSPs must also pay an Annual Maintenance Fee (AMF) of US$85.


> How do I prepare for the exam?

Back to the Top

- Pass the CompTIA Security+ first. The CompTIA Security+ is regarded as “entry-level”. Interestingly enough, it provides a solid basis for the items that one will be tested on for the CISSP. Look at the Security+ as Round 1 of preparation, and the CISSP preparation run as Round 2 of testing preparation. More information about the Security+ can be found at

- The (ISC)2 Exam Outline for CISSP, available at The outline can be used to provide a template of areas the prospective test taker should study. The test taker needs to obtain, at the minimum, a beginner to intermediate level understanding of all of the topics presented. (ISC)2 provides a recommendation for a few resources that may be read, but the most reliable method is to review the exam blueprint, and review topics until one has an intermediate level of understanding them. This can be gained either by reviewing the books serially presented, or however the candidate learns best. Take all studies with the mindset that they are going to increase one’s preparation toward the test objectives.

- Training courses. There are a lot of training providers out there. Some of them may even accept the GI Bill to fund their courses. The author recommends against taking a training course. One can prepare for this course just fine via self-study. Even the best training courses are designed to be the “finishing touches” on a preparation course, and cannot be comprehensive, due to the broad nature of the exam’s domains. Keep in mind that one must show up to a training course prepared, and may be able to hash out particular pain points, but one will not be able to receive a “recipe to pass” simply by attending a five-day course.

- The FED VTE course library provides a virtual training environment. If one has maintained access to a .mil e-mail address, one should be able to register, here:

Here is a list of the courses available from FED VTE>

- Safari Books Online. Through the DoD MWR libraries, one can obtain unfettered access to the entire Safari library of books and course content. It requires a .mil e-mail address, in order to register.

More information about the DoD agreement with Safari Books Online can be found at this link:

Air Force URL:

Navy URL: ttp://

Army URL:

- The CISSP All-In-One Exam Guide, by Shon Harris

. Please note that the Shon Harris Exam Guide, as well as practice test questions, and many other materials, are available via safaribooksonline.

- Skillport. The DoD provides access to skillport, provides access to a library of technical course content for Information Technology, Business, Leadership, and Personal Development. Included within all this are courses for the CISSP domains.

Army URL:

Navy URL:

Unfortunately, the author is unable to locate the Air Force URL at this time. These URLs are subject to change. Please logon to the service’s education portal, for the appropriate link. (Please note that these links may appear under skillport or skillsoft.)

- Books 24x7. As part of the skillsoft access, one also gains access to Books 24x7. Access to books 24x7 is obtained after logging into skillport, and clicking on the links for books 24x7. The access appears to be via single sign-on, after gaining access through the skillport portal for your branch. Logging directly onto may or may not be possible.

Please note that if one cannot obtain access to Skillport via DoD e-mail address (for whatever reason) one can sometimes obtain access to the resources via their current employer. One might even obtain skillport access through a recruitment company, such as Robert Half Technology. Even though someone has never performed work through Robert Half, she has retained their skillport access as long as she remains a candidate within Robert Half’s system. This is a viable option to gain access to training material.

For more suggested preparation sources, please see TechExams is a great resource for certification exam preparation. One will receive practical advice from other IT industry pros who are also working hard at certifications, education, and experience, in their efforts to get ahead in their respective career fields. There is a sub-forum dedicated to information security certifications, at Registration is free.

Please avoid brain dumps. Due to the nature of the questions and the rumored mammoth size of the test bank, as well as the cost to sit each exam, one would be best served to prepare thoroughly and take the exam with confidence.

Please use CertGuard, at to check any sites prior to using them as a preparation resource.

There is a code of ethics associated with the CISSP, as well as most professional certification. It would be bad to lose a career certification due to an ethics violation.

> How long must I study for the exam?

Back to the Top

Truthfully, this is entirely dependent upon the candidate. The best advice is to study until one is confident that one could answer an essay style question about any of the domains present in the exam. Be reminded that one should not expect direct, simple questions. In the author’s case, he studied for about a month and then cleared the exam. After taking the exam, his opinion was that he answered most questions based upon experience, and few questions based upon the preparation materials. That is, he had enough experience whereby the preparation materials did not help as much. Additionally, the author is of the opinion that military information security experience is particularly well-suited for this exam.

The free questions that can be found at are representative of the exam’s difficulty. If one can do well on those, then one should feel comfortable booking the exam.

The sample questions can be found at this link: (A free registration is required.)

> Any test-taking strategies?

Back to the Top

Train as you fight. The exam will be 250 questions long, and one is given six hours to complete it. This provides a maximum of 86.4 seconds per question. If one can answer at least 42 questions per hour, one could complete the exam in time. In order to mimic the exam scenario, one should perform practice exams in the same manner as one takes the actual exam: as quickly as possible! One should practice on 50 to 100 sample questions at a time, and attempt to complete them within an hour.

When practicing, focus on looking for the question first, then looking for suitable answers, then comparing to the text to confirm the result. Prior to submitting an answer, double-check for words such as “not” that can reverse the meaning of a statement.

On the day before the test, go to bed early. Cramming is of limited utility, when one needs to take a “thinking” test. Keeping the mind fresh and alert is of primary concern. Avoid any beverages or foods that may increase your trips to the restroom, in order to manage your time most wisely.

On test day, the best strategy that I can recommend would be to tackle each question thusly:

1. Look for the question mark. Find the question. The test writers may provide an excessive amount of introductory text, such that the actual question may be obscured. Looking for the question allows the test taker to focus.
2. Compare each answer to the question, and look for the BEST answer in the provided text.
3. After choosing an answer, compare it to the question, the other provided answers, and the text and confirm that it is the BEST answer.
4. Keep in mind that simple wording can reverse the meaning of a question or answer. Is it a question of "is" or "is not"? Is it a question of true or false?

If one thoroughly knows the content of the exam outline, test day will be little more than a simple test of reading comprehension.

> How can I offset the exam costs?

Back to the Top

Keep in mind that there are initial costs, as well as maintenance fees for the certification.

Currently, the initial exam costs $599, with a $50 rescheduling fee and a $100 fee for cancelling the exam. Please see

In addition, the annual maintenance fee is $85, combined with submitting 120 hours of continuing professional development within a three year period.

(Alternatively, one could just retake the exam to maintain the certification, but considering that it is 250 questions long and $599, doing the continual professional development may be a preferred option.)

The author has saved up the funds to pay for the exam and pay the maintenance fees, but there are some other options:

- GI Bill. "The U.S. Department of Veterans Affairs has approved reimbursement to veterans under the G.I. Bill for the costs of the Certified Information Systems Security Professional (CISSP) ... Please refer to the U.S. Department of Veterans Affairs Website at for more details."


- Employer funding. Some employers have an educational assistance benefit, which may be used towards professional certifications. In typical cases, this funding is in the form of a reimbursement upon successfully passing an exam. Also, some employers require an agreement whereby the employee agrees to remain with the organization for a one year period after completing the exam if not, then the employee pays the company back for the expense.

> Where can I register to take the exam?

Back to the Top

One can register for the test using the Pearson Vue website, at

- Browse to
- Click Sign in to access your account.
- Choose "Information Technology (IT)"
- Choose "(ISC)2"

It should be self-explanatory beyond this point. From this point forward, select the test, (CISSP), then choose the testing location. Make sure to confirm that the test is booked. If necessary, one can reach Pearson Vue customer service.

Pearson Vue Americas Region customer service for (ISC)2:

> How long before I receive my credentials?

Back to the Top

After completing the exam, one must still wait for six to eight weeks before (ISC)2 completes checks and makes the results “official”. In the meantime, the candidate can use the title of “Associate of (ISC)2 toward CISSP” in the meantime, so that one can still have the “CISSP” keyword on the resume.


> About the author.

Back to the Top

Lewis Lampkin, III is a network security professional. He spends his days examining the security posture of and recommending enhancements to US Army networks. He has extensive private sector experience in network, security, servers, and virtualization. He has served his country in uniform as a senior local area network manager and information technology specialist within the United States Army. He has a master’s degree in information security and several certifications: CISSP, CCNP:R&S, Security+, and others. He enjoys spending his free time worshipping God, studying the Bible, or tinkering in his home lab. If you want to, please contact him at

Saturday, April 7, 2012

Setting Up Dynamips with Linux Central, and Windows Remote

I posted this on some guy's blog, here:

(Then, I realized, hey, this could be an article here!)

Here’s the topology file I used, might give you some ideas:

(I noticed I said to turn something off, but I put the setting on “true” hah, disregard)

How it works:
(1) stage directories, image files, and install dynamips/gns3 as required
(2) have script on Linux server to start the dynamips processes
(3) have script on Windows machines to start the remote dynamips processes
(4) run this topology file on the linux host

If you’ve enabled remote connect, you can remote to the box, and connect to the process there, OR … if you know the IP/port number combination, you can just telnet into the routers remotely.

Do … whatever works for you.

## Access server in GNS3
## IP Addresses
## – Local Linux Server
## – XP03
## – X04
## Dynamips Ports
## Linux01: 7300, 7301 (for lab 3) 7400, 7401 (for lab 4)
## XPO3: 7200, 7201, 7202, 7203
## XP04: 7200, 7201, 7202, 7203
## UDP Ports:
## Linux01: 10300, 10350, 10400, 10450
## XP03: 13000, 13100, 13200, 13300
## XP04: 14000, 14100, 14200, 14300
## Directories:
## Linux01:
## working = /home/owner/gns3/working/lab3, /home/owner/gns3/working/lab4
## configs = /home/owner/gns3/configs/lab3, /home/owner/gns3/configs/lab4
## image = /home/owner/gns3/ios
## XP03:
## working = c:\gns3\working
## configs = c:\gns3\configs
## image = c:\gns3\ios
## Do not automatically start the routers
autostart = True

## This router keeps the switches up
## Switches must connect to at least one router
## Depending on your lab, this will not be a necessary step
## It worked OK for me, so I kept the switches
## Probably could have done without it, but once I got a working
## topology … you know how it is … :D
## Actually, the original idea was an access server, then I
## just decided I’d keep this one in every lab, to keep the switches
## “UP”

workingdir = /home/owner/gns3/working/lab3
udp = 10300
image = /home/owner/lab/ios/C3725-adventerprisek9-mz124-15.T7image.bin
ram = 128
idlepc = 0x60bf77a8
idlemax = 100
sparsemem = True
ghostios = True

model = 3725
console = 2000
cnfg = /home/owner/gns3/configs/lab3/SK.txt
slot 1 = NM-16ESW
f1/1 = R4F1 3
f1/2 = R3F1 3
f1/3 = R2F0 3
f1/4 = R1F0 3
f1/5 = R6F1 3
f1/6 = R5F1 3
f1/7 = R4F0 3
f1/8 = R3F0 3
f1/9 = BB2F0 3
f1/10 = BB3F0 3
f1/11 = R6F0 3
f1/12 = R5F0 3

## This server runs the switches that connect to the clouds.

workingdir = /home/owner/gns3/working/lab3
udp = 10350

[[ETHSW R4F1]]
1 = access 1 nio_gen_eth:eth1
2 = access 1 R4 f0/1
3 = access 1 SK f1/1

[[ETHSW R3F1]]
1 = access 1 nio_gen_eth:eth2
2 = access 1 R3 f0/1
3 = access 1 SK f1/2

[[ETHSW R2F0]]
1 = access 1 nio_gen_eth:eth3
2 = access 1 R2 f0/0
3 = access 1 SK f1/3

[[ETHSW R1F0]]
1 = access 1 nio_gen_eth:eth4
2 = access 1 R1 f0/0
3 = access 1 SK f1/4

[[ETHSW R6F1]]
1 = access 1 nio_gen_eth:eth5
2 = access 1 R6 f0/1
3 = access 1 SK f1/5

[[ETHSW R5F1]]
1 = access 1 nio_gen_eth:eth6
2 = access 1 R5 f0/1
3 = access 1 SK f1/6

[[ETHSW R4F0]]
1 = access 1 nio_gen_eth:eth7
2 = access 1 R4 f0/0
3 = access 1 SK f1/7

[[ETHSW R3F0]]
1 = access 1 nio_gen_eth:eth8
2 = access 1 R3 f0/0
3 = access 1 SK f1/8

1 = access 1 nio_gen_eth:eth9
2 = access 1 BB2 f0/0
3 = access 1 SK f1/9

1 = access 1 nio_gen_eth:eth10
2 = access 1 BB3 f0/0
3 = access 1 SK f1/10

[[ETHSW R6F0]]
1 = access 1 nio_gen_eth:eth11
2 = access 1 R6 f0/0
3 = access 1 SK f1/11

[[ETHSW R5F0]]
1 = access 1 nio_gen_eth:eth12
2 = access 1 R5 f0/0
3 = access 1 SK f1/12

## Remote Windows XP Server
## Just finish connecting the interfaces
## and specifying the .bin files and idlepc
## Hypervisor for FRS

workingdir = c:\gns3\working
udp = 13000

image = c:\gns3\ios\C3725-adventerprisek9-mz124-15.T7image.bin
ram = 128
idlepc = 0x60bf77a8
idlemax = 100
sparsemem = True
ghostios = True

model = 3725
console = 2000
cnfg = c:\gns3\configs\FRS.txt
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s0/0 = R1 s0/0
s0/1 = R2 s0/0
s0/2 = R3 s1/0
s0/3 = R3 s1/1
s0/4 = R4 s0/0
s0/5 = R5 s0/0
slot 1 = NM-4T
s1/0 = R6 s0/0
s1/1 = BB1 s0/0

# Hypervisor #1 R1, R2, and R3

workingdir = c:\gns3\working
udp = 13100

image = c:\gns3\ios\C3725-adventerprisek9-mz124-15.T7image.bin
ram = 128
idlepc = 0x60bf77a8
idlemax = 100
sparsemem = True
ghostios = True

model = 3725
console = 2001
cnfg = c:\gns3\configs\R1.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s0/0 = FRS s0/0
s0/1 = R3 s1/2
f0/0 = R1F0 2

model = 3725
console = 2002
cnfg = c:\gns3\configs\R2.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s0/0 = FRS s0/1
s0/1 = R3 s1/3
f0/0 = R2F0 2

model = 3725
console = 2003
cnfg = c:\gns3\configs\R3.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s1/0 = FRS s0/2
s1/1 = FRS s0/3
s1/2 = R1 S0/1
S1/3 = R2 S0/1
f0/0 = R3F0 2
f0/1 = R3F1 2

# Hypervisor #2 – R4, R5, and R6
workingdir = c:\gns3\working
udp = 13200

image = c:\gns3\ios\C3725-adventerprisek9-mz124-15.T7image.bin
ram = 128
idlepc = 0x60bf77a8
idlemax = 100
sparsemem = True
ghostios = True

model = 3725
console = 2004
cnfg = c:\gns3\configs\R4.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s0/0 = FRS s0/4
s0/1 = R5 S0/1
f0/0 = R4F0 2
f0/1 = R4F1 2

model = 3725
console = 2005
cnfg = c:\gns3\configs\R5.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s0/0 = FRS s0/5
s0/1 = R4 S0/1
f0/0 = R5F0 2
f0/1 = R5F1 2

model = 3725
console = 2006
cnfg = c:\gns3\configs\R6.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s0/0 = FRS s1/0
f0/0 = R6F0 2
f0/1 = R6F1 2

# Hypervisor #3 – BB1,BB2, and BB3
workingdir = c:\gns3\working
udp = 13300

image = c:\gns3\ios\C3725-adventerprisek9-mz124-15.T7image.bin
ram = 128
idlepc = 0x60bf77a8
idlemax = 100
sparsemem = True
ghostios = True

model = 3725
console = 2007
cnfg = c:\gns3\configs\BB1.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s0/0 = FRS s1/1
s0/1 = BB3 S0/0

model = 3725
console = 2008
cnfg = c:\gns3\configs\BB2.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
f0/0 = BB2F0 2

model = 3725
console = 2009
cnfg = c:\gns3\configs\BB3.txt
slot 1 = NM-4T
wic 0/0 = WIC-2T
wic 0/1 = WIC-2T
wic 0/2 = WIC-2T
s0/0 = BB1 S0/1
f0/0 = BB3F0 2


connection = R4F1:1:nio_gen_eth:eth1

connection = R3F1:1:nio_gen_eth:eth2

connection = R2F0:1:nio_gen_eth:eth3

connection = R1F0:1:nio_gen_eth:eth4

connection = R6F1:1:nio_gen_eth:eth5

connection = R5F1:1:nio_gen_eth:eth6

connection = R4F0:1:nio_gen_eth:eth7

connection = R3F0:1:nio_gen_eth:eth8

connection = BB2F0:1:nio_gen_eth:eth9

connection = BB3F0:1:nio_gen_eth:eth10

[[CLOUD R6F0-ETH11]]
connection = R6F0:1:nio_gen_eth:eth11

[[CLOUD R5F0-ETH12]]
connection = R5F0:1:nio_gen_eth:eth12


As always, you know where you can reach me, Lewis Lampkin, III, on Linked In: (I usually accept invitations to connect ... Am I better than anyone else? [The answer is NO, if you're wondering.]

Or here on this website:

Saturday, February 25, 2012

Sixth Update: Certification: 642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

Sixth Update: Certification: 642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

I decided to get back on this horse, so here it is. I'm basically starting from scratch, as I have not really touched the text for this one since September 2011, except for a time a few weeks ago when I re-organized my study room, and had to relocate the shelving unit :D. I got side-tracked by a lot of my Master's program work, which is ongoing, I got sidetracked by the Certified Ethical Hacker I had to do for school as part of my degree program, I was looking through the CCNP R&S materials for a change-of-pace from day-to-day work, but it just makes sense right now to get down into this stuff, and to do it really well, and complete this one. I'll be re-setting the counters, and will just explain everything again from scratch.

Also, I realized that I hadn't updated my blog since September 2010, when I ... actually went through a lot of life-changing experiences, that I might tell you about person-to-person, but not on this blog! Needless to say, the experiences that I have had definitely changed me for the better. Sometimes it takes things like that to really get you in the proper perspective. I'm trying to get hired on at a job now where it's not even important to get certifications (from what I can tell), but it is always important to keep learning and improving yourself, and that is what it is really about, right? I feel that if you don't grow, then you're probably shrinking! So, let's grow together! My parents installed (yes, not instilled, because I feel they gave me an implant) in me a desire for life-long learning and curiosity (whether or not you get a piece of paper for it). I am doing my best to honor them.

(If you're wondering why this is the "sixth" update, then see the post here:

000.00% - Overall Preparation
000.00% - Reading
000.00% - Carding
000.00% - Labbing
000.00% - Viewing
000.00% - Studying
000.00% - Practicing
000.00% - Confidence
Header Explanations

[insert word here] Update:
Which update I'm on. I like to use initial, second, third, etc. Hopefully, I clear the exam before the thirtieth update!

Certification: [title]
Title of certification I'm working on

Overall Preparation:
Basically, a mathematical average of the numbers of Reading, Labbing, etc.

Reading will be the percentage that I have read the official certification text. Reading other texts is ancillary, and I will be reading several other texts, based on what has worked in the past. You can never rely on one source to tell you the complete story. I have great book access through my school, from Books 24x7. If I didn't use that, then I can also use Safari Books Online, which is a great option, also.

This refers to making flash cards to study for the exam. This has worked quite well for me in the past, and I recommend it to everyone. Based on past experience, I can make most efficient usage of my time if I concentrate on making the flash cards while I'm reading the text, as it makes me more of an active reader. (That is, I pay more attention to what I am reading.)

This is doing labs. If there aren't explicit "lab" activities, then I'll just make up my own, based on the materials presented, and/or make ones based on the Global Knowledge course, that publishes a very good curriculum on their website that you could emulate if you're doing this on a self-funded budget, like me.

This refers to watching the INE video series for the course. I went "all-in" and bought the 2 years for the price of one All-Access Pass. If I pass even a single cert from it, the investment will have paid for itself, as it is a lot less costly than an individual boot camp.

This refers chiefly to reviewing the flash cards, as well as possible ancillary reading if I find myself tripping up on some concepts. Spaced repetition is a wonderful thing.

This refers to taking practice exams once I think I'm close to ready. After looking at the cost of the Boson kit, I may very well skip this one, as the exam is $200 alone, the individual test prep is $100 each (half the cost of an actual exam, and the kit discount is only $31 bucks off getting them all individually, $369 versus $400... not a great deal, if you ask me.) For self-funded people like me, every dollar spent has to be well-invested, and I have not heard any great clamors on the difficulty of this kit, so not sure I see a need to be worried to the extent of practice exams. I will keep this figure here, just to completely represent whether or not I end up getting practice exams, so as to provide a complete review, in case someone decides to follow in my footsteps.

This is how confident I am in being able to pass this exam, if I took it today. Not very at this point, as I am starting ALL over again, from scratch.


Study materials that I will be utilizing: (Note: Of the books, the Official Cert Guide is what I will be reading 100%. I will use the other materials, as required, to get further understanding on topics that the Cert Guide isn't clear on, or if I feel that there are some "gaps".)

1. The official objectives:

2. CCNP Security FIREWALL 642-617 Official Cert Guide

3. Cisco ASA Configuration (ISBN:9780071622691)
Note: That's a books 24x7 link. The Safari links appear to include the ISBN, so I provide it here, for your convenience. I could not locate this text on Safari, but since it's a Richard Deal book (and I respect what he has to say about Firewalls) I included it here.

4. Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, Second Edition

5. Cisco Firewalls

6. INE All-Access Pass for CCNP Security
I actually have a technical issue right now -- I know I was observing those classes a couple days ago, as I was watching a NAT video to review something, but can't figure out how to navigate to it now. Seems I can get to everything on the site in every track, "except" the CCNP Security material -- you tell me what's up with that? (Even looks like a "blank" on the page where that material should go ...) Their support is usually kinda quick to respond, so not too worried right now, as it is the weekend and I have other materials to use for the time being.

7. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2
By all accounts I can find online, the current version of the test is based on version 8.2. This is very important, with regards to NAT configurations. The configuration guide provides excellent information, and it also provides brief explanations about the items that you configure.

8. Cisco ASA 5500 Series Command Reference, 8.2
Command reference comes in handy when you're trying to use a command that you don't use that often. Of course, I recommend being very familiar with everything on the syllabus for the exam, as they don't allow you to bring in reference material :D

9. Cisco Security Appliance Configuration Guide using ASDM, 6.2
From what I can tell, this version of ASDM marries up with 8.2. When you look at the ASDM 6.3, it is attempted to marry up against ASA 8.3, which would be beyond what's necessary to study. I have heard numerous complaints that ASDM is used on these professional level exams, so my best strategy is to do my best to dual-configure everything on CLI and ASDM. (Note: some tasks are ASDM only, as I can't find a command line equivalent to the real-time log viewer, for example ... :D )

10. The Global Knowledge syllabus for the course:
Note: I am not purchasing this course, but I am definitely using the syllabus as a guideline, ESPECIALLY for what labs I MUST know in preparation. For a comparison, you could get 2 years of INE All-Access for half the cost of this course. I am not knocking the training, as Global Knowledge is well known for quality content. If I had the funds to spare, I would take courses from them all the time. This site mentions ASA version 8.2

11. Firewall Data Sheet.
This link from the Cisco Learning Network plainly tells you that the Firewall v1.0 exam does test on ASA 8.2

12. REAL ASA Firewalls
Can't beat the real thing. If you check the hacki forums, someone there has emulated 8.4(2), if that's your thing.

I will reiterate once again that I am not, and DO NOT plan on reading all of the books other than the OCG (Official Certification Guide), cover-to-cover, but will use them to reference any points I need some extra reading on. Just kind of including the links here, so people have a better idea about the good materials available to prepare for this exam.

As is my tradition, I must remind you that if you would like to reach out to me, Lewis Lampkin, III, I can be reached on linked in, at the following address:

I hope you enjoyed this post!

Wednesday, May 12, 2010

6418 - Deploying Windows Server 2008, Day 2

On Day 2 of the class, we covered the following topics:
Windows Deployment Services
Microsoft Deployment Toolkit
Upgrading and Migrating Active Directory.

With regards to Windows Deployment Services, we covered how the deployment of windows systems has changed, and we have a new methodology, whereby it is more suited to imaging systems that may have underlying different hardware. Now, there are methods for updating drivers and patches on an image, while the image file is offline.

While covering the Microsoft Deployment Toolkit, we dug in and looked at some of the excellent utilities that Microsoft provides for modifying a .wim file (the new base file format for a system), such as imagex, which can be used to modify an image without first mounting it.

Also covered on day 2 was the GUI, as well as command line, methods for Upgrading and Migrating Active Directory.

The training so far has been top notch at New Horizons, of which I attribute a good portion of that credit to Mr. Kirk McArdle.

As is my tradition, I must remind you that if you would like to reach out to me, Lewis Lampkin, III, I can be reached on linked in, at the following address:

I hope you enjoyed this post!

Real Time Publishers ... Great Resource for IT Information

I have to hand it to Kirk McArdle, of New Horizons again, he's dishing out more good information. He showed us this web site during class wrap-up yesterday: Real Time Publishers,, is a great site for downloading white papers about various IT topics. I am most interested in the ones about service management right now, but they appear to have tons of information there. For the price of giving up your work mailing address, you get access to download lots of nice content.

If you're anyting like me, you probably shred tons of vendor mail throughout the week.

If you'd like to reach me, Lewis Lampkin, III on linked in, I am available at the following address:

Tuesday, May 11, 2010

Chris Riling, CCIE#25581

Chris Riling is one of my contacts on His linkedin page is available here:

I first met Chris during a 2006 training course at American Interactive, The course at the time was the CCNA/CCNP bootcamp, all-inclusive deal. If you ever need Microsoft or Cisco training, I'd always suggest American Interactive first. Toby (Cisco) and Jay (Microsoft) were excellent! OK, that's enough free advertising for American Interactive.

During the bootcamp, Chris was obviously the youngest person in the class. However, another thing readily apparent was that he was one of the most experienced and knowledgeable people in the class.

Here's an anecdotal story ..there was one person in the CCNP course, made the remark that he wouldn't trust Chris to touch his equpment, since he was too young. Of course, this miffed me, as you can judge a person on experience, and skills, but dismissing someone based upon age alone is a form of discrimination that I frown upon. Also, this person did not know what he was talking about, which made his opinion even weaker. This same individual once even remarked about "disabling spanning tree protocol" on his network. To those of you without networking experience, this is not something you would often do, as the spanning tree protocol prevents switching loops on your network--especially not this person, who later confessed to "not understanding spanning tree". Anyway, karma came back on that guy, and he later failed an exam.

During this course, Chris did present a wealth of practical, hands-on knowledge, that made the camp a much more enjoyable experience for me. I had the pleasure of being seated next to him, soaking up as much of the good Cisco (and Juniper) knowledge as I could from him.

I stayed in contact with Chris off and on over the following years, and he continued pursuing the CCIE certification. I would get updates from him, that he was currently in RTP (Research Triangle Park, where Cisco gives CCIE labs). This showed me that he was really serious about this, as the labs are a substantial investment, at over $1,000 per attempt. Chris did gain the CCIE certification, and I can say that he earned it with his intelligence and experience, and I applaud him.

I recently saw this article about Chris from his linkedin page, and decided to show it here.
The link to the article (a PDF file) is here:
Cisco Academy Featured Success: Chris Riling

I hope that you enjoy reading the PDF.

If you would like to join my professional network, I'm on linked in:

6418 - Deploying Windows Server 2008, Day 1

Well, I had a nice first day of class. The instructor was very knowledgeable. His name was Kirk McArdle. I believe that he said he was from Jersey. By the accent, I would have guessed he was from the New York/Boston region, so that much did fit.

I figure some of you might be wondering how the class itself went, and the class went fairly well. There was the initial "case of the Moooondays" (If you've seen Office Space, you get this reference.).

The class was in the online live learning format (OLL). This means that the class is held across the internet, and you use your mic and headset to communicate during the class. I can understand if this does not work for some. To me, it makes sense to the training company, as they can offer training classes more often than if they had to have the trainers on-site. Also, it helps the students, as they can have more scheduling options for the classes. By the way, this also cuts down on transportation costs, for people needing to take the courses.

Of course in my case, there was no way I was going to try to take a class from the comfort of my home or at my office, as the chance of disruption was too high. Taking the class at the New Horizons Learning Center was the perfect option, in this case. No worry of disruptions, and able to concentrate on the learning? .... Perfect! This probably also provides more value to your company, considering the investment they put into training you. Even if it is just training vouchers, as it is in my case, your company paid a lot for those, too, when they purchased either the vouchers, and/or the Software Assurance contract that the vouchers came with.

But, after that, everything was smooth. Interesting is that some graphical features of IIS aren't available in Server Core (but, considering the overall lack of a GUI, it seems perfectly understandable).

I'm really excited about Server Core, and I prefer command line administration. There are some commands that can get rather lengthy, but part of administration is building scripts to make administration easier, and when you consider the resource gain to not supporting a GUI, it is well worth the slight inconvenience to build a few reusable scripts for supporting your environment.

Being able to add the domain controller role (not only that, but a read-only domain controller role is possible) to a server via a simple script is a thing of beauty.

The class also went over the licensing setup, explaining the usage case scenarios of the License Management Server, versus the Multiple Activation Key, and how they could be used in concert.

You quickly get an idea of an instructor's worth, based on whether they're only teaching the syllabus, or they actually know what they're doing, and are able to troubleshoot issues that may appear during the course, and/or bring more information to the table than is in the course by default.

Kirk was able to troubleshoot issues with the course, no problem. I'm not referring to the standard "my mic isn't working" type of troubleshooting. I'm saying he was able to understand why a command would not work, when the issue was bigger than syntax. If something didn't go exactly as planned, Kirk was able to quickly recover, as if he'd seen the system do this before, and also showed a sense of maturity with the system. You do not get that type of knowledge from just teaching classes, is what I'm trying to say. Kirk could leverage the experience he had to provide a richer training experience to his students.

Kirk also supplied extra information. So far, I have over 20 megs of additional information from him. He says that the class is "just the beginning" of the learning process, and I like his mindset. He even makes himself available across the break periods and evenings during the class. Kirk gave his email address to the students, making himself reachable.

I guess this started as a review of a class, and morphed into a review of Mr. McArdle.

I appear to have found his profile online:

I hope you enjoyed this update, and hope to share more in the future.

Feel free to view my linked in page, which is here: