search
top

National Cybersecurity Awareness Month 2019

National Cybersecurity Awareness Month 2019

So, I ended up posting this much later than I anticipated. I originally had it ready for October. However, I had to make some final edits and had to delay it. None the less, here it is a month later!

Cyber security awareness month is coming up real soon. In October, it is nationally known as cyber security month. Many security leaders present important security topics. This is also a time where many companies, government units and various organizations educate their members on cyber security. Many hold training workshops, lectures and send out updates to their workers.

I’d like to highlight some key points that readers should try to implement and incorporate in their personal lives and at work.

The US Cert organization has built some excellent cyber security training.

There detailed reports and educational training can be found all for free à https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019

Read more About This Post

Equifax Breach Lessons Learned

Equifax Breach Lessons Learned

After reading the Equifax breach report released by U.S. House of Representatives Committee on Oversight and Government Reform. This would be a great post to summarize and list out key items that went wrong in the Equifax breach. Hopefully, it will lead to a wake up call for other companies in order to better their own information security. 

 

Security Representative on the Core team

It’s highly important to have someone that understands information security on your core team. Many times, the task gets pushed to the Legal or IT team core team members. This is one of the reasons that led to the breach. IT operational tasks and security tasks need to fall under a specific leader. Ideally, someone that understand security and not just IT. In Equifax’s case, security was represented by the IT team core member. However, their views were not in line with the security team leader. Therefore, something that may be of risk may not reach the CEO’s level and will get missed. However, Read The Full Post

Review of SEC545 Cloud Security Architecture and Operations

SEC545: Cloud Security Architecture and Operations

Just recently I went to attend a local SANS Community class in my city. For those that are not aware, SANS Community classes are usually smaller classes with 5-10+ students. It’s a small venue with more of a small class size, but the material would be the same that SANS would teach on vLive, OnDemand, or at a SANS conference.

I can say that the SEC545: Cloud Security Architecture and Operations class is VERY popular. There were many students there that were not hardcore SANS enthusiasts such as myself. Many people were there on the basis that companies are all now starting to move to the cloud. And, many companies are worried about the security implications of moving, and with larger concerns on if the architecture is not setup and configured correctly.

The class was very much AWS focused, which was great for me in terms of learning AWS. However, Read The Full Post

Namechk – A Domain Searching & Recon Tool

Namechk –  A Domain Searching & Recon Tool

So I came across a new tool that I found particularly interesting. And, especially for someone that may be working on a pen test during the recon stage. Recon is very important, since it allows you to gather as much intel as possible before you start to look for weaknesses.

What is the tool?

I came across a website called Namechk (https://namechk.com). And, started to realize the power it gives you when conducting recon for particular companies or people. This site basically allows you to search for company names and personal names of people. Now the site isn’t made to conduct recon on anyone or any entity. But, it seems like some cyber security analysts and pen testers are starting to utilize it for recon purposes. And, why not? It’s a tool and various tools can be used for various purposes.

What is its real purpose?

Read The Full Post

Cybersecurity for Small Businesses

Cybersecurity for Small Businesses

The FTC (Federal Trade Commission) has recently created a whole section on cybersecurity awareness for small businesses. It can be viewed here –> https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity.

Best of all, the resources are all free to read and use within your own organization. When I first heard of the FTC doing this, I was glad because many smaller businesses find it difficult to obtain free security resources and expertise. There are a lot of small businesses that either state they have no resources, or they lack the funds for information security and awareness. Well, the posted information by the FTC is a great way for businesses to measure their current security practises.

What will I learn ?

Some of the topics discussed are:

  • ransomware
  • phishing emails
  • cyber insurance
  • physical security
  • information regarding the NIST framework
  • email security 

Read The Full Post

« Previous Entries

top