Working to attain my CISA Certification

Since I work for a company that is in the Health Care industry which is pretty heavily regulated, I figured it would be a good skill add for myself and the organization if I became a certified IS auditor.

Coming from a Technology background, my journey towards this certification has been a big eye opener on some of the reasons behind business decisions that I did not previously have insight into.

Sure, but why an auditor?

Whether I ever decide to function as an auditor in a job role remains to be seen.  But, I will have gained a vast amount of new knowledge and insight in this journey.  Many of these knowledge areas will directly benefit me even in a non-auditing role because I will have a better knowledge of what is expected and can make sure all the work I do is in line with business objectives and aligns with what will be needed for audits.

There is currently 70 days left until the June test.  I have been spending what free time I can find on studying.  I am using the ISACA Question, Answer and Explanations database, along with their official Study Manual to prepare.  Due to the timing I ultimately gave myself less than 90 days to prepare.

While the ISACA study system does well on tracking progress and stats, I found that is lacked some of the data I wanted.  I wrote my own personalized tracker that takes the session information from ISACA and analyzes it in ways that allow me to know on a question by question basis where my knowledge level is it and it can provide specific reading recommendations for questions that are problematic for me.


Managing EC2 Security Groups with SaltStack and Python Part 1

This is the first in a series of posts related to automating the management and auditing of AWS EC2 Security Groups.  This first post will cover how to use SaltStack state files to maintain your security group rules.  In the second post, we will use python to populate a database that contains instances. groups, rules and their associations.  In the final post, we will create a CLI that will allow you to add/remove rules to security groups and it will push all changes to AWS.


I assume you already have a salt master server setup and understand the basics of using Saltstack.  It is beyond the scope of this series of posts to cover installing and/or configuring a salt master.  If you have not done this yet or need some additional info on using SaltStack, please visit their official Walk-through.

Continue reading Managing EC2 Security Groups with SaltStack and Python Part 1

Welcome to my blog

Welcome to my blog.  This blog will have posts on devops technologies and related topics.  Some of the topics will be touched on are Infrastructure Automation, continuous integration, continuous delivery, immutable infrastructure, security and others.

Some of the posts will be in the form of tutorials on different topics.  There will also be posts that are just my ramblings or griping about a technology.

I hope you enjoy your visit.