PCI PA/P2PE certifications

Took the Payment Application (PA) Qualified Security Assessor (QSA) exam back in March, just a couple of weeks after taking the Point to Point Encryption (P2PE) QSA exam. Surprisingly they both seemed fairly easy tests, the P2PE was a little harder since I had to study up on some crypto information.

Had been trying for a few months to assist with some P2PE assessment work, but it seems that is not as easy as I had hoped. Had asked to shadow some people or assist on small projects, but got nothing. I then asked to work on PA assessment, was invited out to the Colorado office to learn the internal processes, and go over some documents. Was asked if I was interested in joining the PA team by hte managing principal.

Finally decided to stop trying to get into the P2PE team, and took an opportunity on the PA team. Applied for a Senior Consultant position, but was only transferred over as a IT security Consultant. Not exactly sure what the deal is with promoting me to Senior, especially since I have more experience then most Senior Consultants that I have worked with so far. But that battle is for another day.

Will see how things go with doing the PA assessments, they do not seem to be very difficult, most of the testing is easy. The pentesting portion is kind of a joke, as they do only minor tests against SQLi, XSS, CSRF and buffer overflows. Almost makes me miss doing the pentesting stuff, and the exploiting software vulnerabilities.

ARCYBER Puzzle

Had a former colleague post a cipher puzzle on a Slack channel I hang out on.

http://www.recruitahacker.net/Puzzle

I figured I would give it a try, since I like to do puzzles.
The site was a link to an ARCYBER web site:

Looking at the cipher text, I was like you have to be kidding me. This is too easy, so I ran it through a script I made a few years back to break vigenère ciphers for another puzzle I had worked.

While the script is not perfect, it was able to decode this cipher text.

Eexl fmoi! 
Well done!

Jabnh gsl’ze decbjrx lvtv, gsl uak hctf xyw gvltpj 
Since you’re reading this, you may have the skills

inp mqrjzrlwzq bs awiz tjc Bvdq hpdu! 
and motivation to join the Army team
Pvirz mqpf esgie bwyi xofeprjec xiexzi nqtt ATAZFVJ.
Learn more about your potential future with ARCYBER.

KEY:
iamacybersoldier

So putting the key into the website you get the full response.

You got a link to email someone that you solved the puzzle.

So I was like sure, what could it hurt, might get an offer to apply for some cool jobs with the government (not really).

The response from my email to solving the puzzle.

Congratulations on solving the puzzle and for your interest in the Army’s cyber mission. We ask that you fill out a form found at http://www.goarmy.com/info/send1/?iom=GT45-FY16-ACNP-OT-XXX-XX-XXX-CP-XX-X-XXX   so we can continue discussions about how you can best fit into our Army’s cyber professional workforce. We thank you for your inquiry and are committed to providing information as it becomes available. You may check out our website for the latest cyber career field updates at www.arcyber.army.mil.
v/r,
Mike Milord
Public Affairs Specialist
Army Cyber Command
8605 6th Armored Cavalry Road
Fort Meade, MD 20755
301-833-2007
michael.o.milord.civ@mail.mil

It takes to the Army website to request information to join.
I figure since I already have 24 years of service in the military they will not want me.