Jul 14, 2019
Posted in blog, Cloud, Featured, Information Security, Reviews
SEC545: Cloud Security Architecture and Operations
Just recently I went to attend a local SANS Community class in my city. For those that are not aware, SANS Community classes are usually smaller classes with 5-10+ students. It’s a small venue with more of a small class size, but the material would be the same that SANS would teach on vLive, OnDemand, or at a SANS conference.
I can say that the SEC545: Cloud Security Architecture and Operations class is VERY popular. There were many students there that were not hardcore SANS enthusiasts such as myself. Many people were there on the basis that companies are all now starting to move to the cloud. And, many companies are worried about the security implications of moving, and with larger concerns on if the architecture is not setup and configured correctly.
The class was very much AWS focused, which was great for me in terms of learning AWS. However, Read The Full Post
Feb 5, 2019
Posted in blog, Information Security, pen testing, social engineering, Tools
Namechk – A Domain Searching & Recon Tool
So I came across a new tool that I found particularly interesting. And, especially for someone that may be working on a pen test during the recon stage. Recon is very important, since it allows you to gather as much intel as possible before you start to look for weaknesses.
What is the tool?
I came across a website called Namechk (https://namechk.com). And, started to realize the power it gives you when conducting recon for particular companies or people. This site basically allows you to search for company names and personal names of people. Now the site isn’t made to conduct recon on anyone or any entity. But, it seems like some cyber security analysts and pen testers are starting to utilize it for recon purposes. And, why not? It’s a tool and various tools can be used for various purposes.
What is its real purpose?
Read The Full Post
Nov 9, 2018
Posted in blog, Information Security
Cybersecurity for Small Businesses
The FTC (Federal Trade Commission) has recently created a whole section on cybersecurity awareness for small businesses. It can be viewed here –> https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity.
Best of all, the resources are all free to read and use within your own organization. When I first heard of the FTC doing this, I was glad because many smaller businesses find it difficult to obtain free security resources and expertise. There are a lot of small businesses that either state they have no resources, or they lack the funds for information security and awareness. Well, the posted information by the FTC is a great way for businesses to measure their current security practises.
What will I learn ?
Some of the topics discussed are:
- ransomware
- phishing emails
- cyber insurance
- physical security
- information regarding the NIST framework
- email security
Read The Full Post
Nov 4, 2018
Posted in blog, Information Security, Reviews
SEC 542 SANS Course Review
So I wanted to post a blog post on my experience related to the SEC 542 course. This way I can share my experience out there with others, and hopefully give others insight to see if the course is a right fit for them too.
Now because I took the vLive course, my course was not a 4-6 day course. This course was actually completed over 6+ weeks with 2 class sessions per a week. This was an excellent course, very well designed and presented out to students. There were things I already knew and had experienced. But, there were a lot of tools that were introduced in the course, which I had not used or heard of before. And, these tools definitely help save some time especially when it comes down to recon.
I’ll briefly list some of the things you learn during each week, but for the full list you’ll have to take the course for yourself. Trust me, it’s an awesome course! Read The Full Post
Sep 28, 2018
Posted in blog, Breaches, Information Security
NCIX Data Breach
One of the biggest news items around recently has been the NCIX Breach. I was notified of it through a colleague prior to the media finding out about it through the following blog –> (https://www.privacyfly.com/articles/ncix_breach/). The blog details events that took place where a person uncovered hard drives left by the now bankrupt NCIX computer retailer. The warehouse housing these drives, and left over computers that belonged to NCIX were being sold off by the warehouse landlord. The information based off privacyfly’s blog seems to point towards the landlord illegally selling the data on the drives to recuperate lost rent. The big question here is how NCIX, or the team taking care of their assets after bankruptcy could allow this information to be sold. And, this also goes to show how NCIX has very weak security procedues in place to safeguard their most vital data (customer and employee data). Read The Full Post
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
