I wanted to post about a very cool one-of-a-kind cyber security job listing website. If you are looking into getting a job specializing in cyber security, you are in luck! One of my friends has created a website dedicated towards connecting like minded cyber security professionals and hiring managers.
What is InfoSec-Jobs.com?
It is a highly focused website listing out only cyber security positions. You can check out the website here: https://infosec-jobs.com/
It has listings that only consist of security focused and related jobs or positions. If you are a hiring manager, it is a great place that allows you to post your current open positions if you are looking for some talented cyber security professionals.
The website also does not sell your personal information, CV/Resume details to any other parties, and no external trackers are used on the site. The website is built to protect every user’s personal information.
It is a rare website, as most other IT job related websites showcase various IT positions. There are none that really focus just on cyber security positions. So this is a new rare gem to check out and bookmark!
One of the most exciting parts of the BCAware conference was getting to meet Brian Krebs live in person!
During his talk he shared some interesting topics such as how
cyber criminals are using websites similar to https://haveibeenpwned.com/
Except, that these “other” websites will actually list out
the users leaked password(s) in plaintext. And, with this method attackers can
now attack various social media, banking and other commonly used services
online to possibly find valid emails/passwords to accounts.
Another topic was related to how cyber criminals determine how much money to ask for during a
ransomware attack. The typical amount seems to point at about 10% of total
revenue a business makes from the previous year. This way, they do not ask for
too much or too little. It gets close to an amount that the organization can
afford, and finds would be cheaper than to recover from backups or rebuilding
the environment.
I’m proud to announce that I have now obtained my SANS – GIAC GCIH certification. It was a long process, and I pushed myself to get it done before the start of the New Year – 2020.
New SANS GIAC changes to exams
One thing that was particularly new
for me compared to the other 2 SANS exams I’ve done was the lab questions. SANS
with GIAC now has added a section that tests your knowledge through a virtual
lab. Now, I have to say I think it’s actually pretty awesome! It puts your real
world skills to the test to see if you can actually can apply needed practical
skills. It also gives companies assurance that their employees are also getting
and being tested on real hands on work and not just theory based topics.
So, I ended up posting this much later than I anticipated. I originally had it ready for October. However, I had to make some final edits and had to delay it. None the less, here it is a month later!
Cyber security awareness month is coming up real soon. In
October, it is nationally known as cyber security month. Many security leaders
present important security topics. This is also a time where many companies,
government units and various organizations educate their members on cyber
security. Many hold training workshops, lectures and send out updates to their
workers.
I’d like to highlight some key points that readers should
try to implement and incorporate in their personal lives and at work.
The US Cert organization has built some excellent cyber
security training.
After reading the Equifax breach report released by U.S. House of Representatives Committee on Oversight and Government Reform. This would be a great post to summarize and list out key items that went wrong in the Equifax breach. Hopefully, it will lead to a wake up call for other companies in order to better their own information security.
Security Representative on the Core team
It’s highly important to have someone that understands information security on your core team. Many times, the task gets pushed to the Legal or IT team core team members. This is one of the reasons that led to the breach. IT operational tasks and security tasks need to fall under a specific leader. Ideally, someone that understand security and not just IT. In Equifax’s case, security was represented by the IT team core member. However, their views were not in line with the security team leader. Therefore, something that may be of risk may not reach the CEO’s level and will get missed. However, Read The Full Post
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like StealthBay to be a place where IT users can find some form of knowledge and education. And, hopefully I can learn a few new things from other users as well who also wish to share their own experiences and knowledge.