CyberSecurity Career Checklist

CyberSecurity Career Checklist

by ipconfigzNo Comments
In order to increase the chances in succeeding in anything, you need to have a plan. To excel in a complex field like cybersecurity, you need short term and long term goals. The list below highlights the route I have taken and continue to do so. Looking back I have no regrets, other than I should have taken more risk! Hopefully it helps those choosing this career path by having an insight of my lifestyle and schedule. Educate Books/AudiobooksShort TrainingsYouTubePodcastsArticlesBlogs/forums Check out the links section for some recommendations. Train CTFtake part in 1-2 Capture-The-Flag events per yearTry to attend local events to meet new people (sometimes they are hiring)HackTheBox.eulist of some public CTFs hereProjectsWork on websites, github, help a friend, non-profit Explore toolsKali Linux, Vulnerability Scanners, Cloud PlatformsDemosAttend product demos, learn what's in the market, ask competitive questions Certifications Create Long/Short term goalsGet at least 1 per year, in 10 years you'll have a lot!Select industry standard ones, that hold value to the employerWith vendor certs (like Cisco,...
Read More
Top FREE Applications Every Mac 💻 Should Have

Top FREE Applications Every Mac 💻 Should Have

by ipconfigzNo Comments
A Mac Operating System has plenty of useful applications built right into it (like telnet, ssh, tftp, ftp) but depending on your use, the list below could really add value especially if you're into privacy and security. Security (Anti-virus/Malware) Myth: Macs don't require an antivirus. Truth: Most viruses are created to target the bulk of the users who are on Windows. But the list below has some very effective and light weight free apps that will help defend agains and clean your Mac. They all come with a paid version, but for most users, the free version should suffice. Malware Bytes Great for detecting suspicious files on your Mac. BitDefender Free virus scanner for your Mac. Avast Security For Mac Another free and decent virus scanner for the Mac. Privacy BitWarden My choice for storing, sorting and managing all your passwords. You can keep notes in it as well, access it anywhere from any device. Don't forget to enable multi-factor authentication for added security. You can use the web version...
Read More
Website Safeguards: Security Hardening Checklist

Website Safeguards: Security Hardening Checklist

by ipconfigzNo Comments
Defacement A website is the front door and the face of your organization. Many hackers deface an organization by hacking their website and posting their message on it. (some well known victims: MIT, NASA, eBay, PayPal, Mossad, Forbes, WikiLeaks, Oracle, Russia Today) DDoS Attackers often use a Distributed Denial of Service attack to overwhelm a web server with requests that ends up bring a site down. It can greatly affect the owner  financially especially if the website generates revenue. (examples of websites going down due to a DDoS attack: Netflix, Amazon, Twitter, Spotify, GitHub, xbox live) Fortunately, CloudFlare offers a free DDoS protection for WordPress websites to get started. OWASP The Open Web Application Security Project (OWASP) is a not-for-profit organization that publishes a Top 10 list of the most common security flaws in web applications along with mitigation techniques. They contain an excellent resource to help harden your website or web application. We highly recommend going over the list.   HTTPS This is an easy...
Read More
Cyber Warfare: Bringing a Knife to a Gunfight

Cyber Warfare: Bringing a Knife to a Gunfight

by ipconfigzNo Comments
The enemies of today are well equipped with the latest tools and techniques, knowledge on vulnerabilities and zero day attacks. On the flip side, most companies and individuals are not. Reasons for Lapse in Security Most organizations don't take security seriously until they get affected. They do not see tangible results It is not their primary business They do not budget for security They do not invest in their employees getting security trainings or certifications Common Mistakes Some of common mistakes companies make when applying security measures include: Using Outdated Software Using Old Tools to detect new threats Using human intelligence alone Using Simple Rules Thinking that an antivirus is enough Thinking the "IT" guy is sufficient to understand Security, Networks, Databases, Software, Servers, Helpdesk, Tools, troubleshooting, the list goes on. Helpful Solutions Automation and Artificial Intelligence is leading the way in detecting anomalies. Even encrypted malware can now be detected in some cases based on it's behavior and pattern. Training and Awareness is key. If...
Read More
Open Source Network/Security Software for the Enterprise

Open Source Network/Security Software for the Enterprise

by ipconfigzNo Comments
Software vendors are going to kill me for saying this, but you don't have to break the bank with software costs. There are FREE alternatives. Vendors may debate over which are better. But that decision has to be made on a per software basis and per use-case. As long as you have good support, Open Source software can be as good, even better. The code in most cases is well developed and audited by the open source community. I can see many medium tier organizations run these enterprise open source software and save a lot of money in product fees. They will still have to pay for implementation and support costs, but that will be there with all software anyways. Here's a list I compiled of enterprise level security/network tools an organization can benefit from. By no means is this list exhaustive, a comparison or in any order of priority.   Function Free / Open Source Paid LAN Monitoring Tool Network Monitoring (NMS) NMIS NtopNG (nTop Probe for netflow has a...
Read More
Remembering 100s of passwords 🗒, a thing of the past (Top 6 Password Managers)

Remembering 100s of passwords 🗒, a thing of the past (Top 6 Password Managers)

by ipconfigzNo Comments
Gone are the days when you only needed to remember 3-5 passwords. Passwords were primarily for email accounts and a handful of social media and maybe an online bank account. Now you need at least 10 accounts for literally everything, from emails, eCommerce sites, social media, cloud apps, your thermostat, all your gov sites. You probably think you don't have that many but the average person has well over a 100 passwords (I just made that up, but I have way over that, I lost count). I often end up using the same password for most accounts, until some website tries to be secure and tells me I need an "special character". I don't need a $%!&(*@ character if I don't want one! Or a combination of Capitals and numbers! Pretty soon my passwords are appended by numbers and some sites don't allow repeated passwords over time! Needless to say, this can't keep up for too long. Until a better way comes...
Read More
Don’t WannaCry 😭Tonight

Don’t WannaCry 😭Tonight

by ipconfigzNo Comments
Name:  Wanna Cry a.k.a Wanna Crypt Type: Worm, Ransomware Target: Windows Computers running SMB file sharing Original Creators: NSA (Yes, the US gov.) EternalBlue is the exploit that was developed by the NSA most likely to be used on "we the people". It was leaked by hackers in April 2017 and used in the WannaCry ransomware a month later. This ransomware only targeted certain Microsoft Operating Systems and it spread using the file share feature (SMB). Microsoft even patched their OS back in March 2017. But how many people keep their systems updated? Microsoft even went as far as to create a patch for end-of-support systems like Windows XP and Windows Server 2003! Microsoft issued a statement criticizing government spy agencies and the NSA of hiding critical security flaws from vendors. Most security specialists blame the National Security Agency (NSA) for committing the original sin. Of course, if a hacker had created EternalBlue, he would be serving time (...just saying💁🏻‍♂️) The irresistible actions of the NSA for...
Read More
Installing a free Certificate 🔖 on a Cisco ASA Firewall for AnyConnect

Installing a free Certificate 🔖 on a Cisco ASA Firewall for AnyConnect

by ipconfigzNo Comments
These days all the devices have Trust Issues! In order to get rid of the warning every time you connect to the VPN using Cisco AnyConnect using the default self-signed certificate installed in the Cisco ASA Firewall, you can install a free certificate from Let's Encrypt. They only issue 90 day certs, but free to renew for a lifetime. On linux, the process of renewal can easily be automated, but not on a Cisco device. Eventhough Cisco is mentioned as a sponsor on Let's Encrypt's website, as of this writing, this is a manual certificate renewal process, until Cisco devices natively implement the ACME protocol. That being said, here's the quick and dirty way using free online tools to make the process easy: Step 1: Go to ZeroSSL.com That's just the web based version of Let's Encrypt, since Let's Encrypt only get's certificates using its ACME protocol that the linux app Certbot uses on an Apache server, .... well that's the most common use case. Input all the...
Read More
“Let’s Encrypt” 🔐 your website

“Let’s Encrypt” 🔐 your website

by ipconfigzNo Comments
Why Encrypt a website? Simple, when you visit a website, you may enter forms, passwords, credit card info, social security numbers, upload/download images or any other sensitive data. It's not too difficult to "intercept" that data by novice hackers. They may use tools like network sniffers with rogue wireless access points in a pubic environment like an airport or cafe. Or simply by organizations that like to snoop or keep a tab on all the traffic in their network. That data can also get compromised (Believe it or not!🤗). If a website begins with https:// it will have the lock 🔒  sign, showing that data between your browser and the website is now encrypted and no one in between intercepting the traffic can decipher it. Your data is seen as garbage to them and decrypted only at he 2 end points. What is Let's Encrypt Let's Encrypt is a FREE SSL Certificate Authority! Yes completely free! A lot of companies have made a ton of money,...
Read More
Useful Security 🛡 Certifications Review

Useful Security 🛡 Certifications Review

by ipconfigzNo Comments
There are plenty of certifications out there to choose in the market. My opinion is based on the market value and my own experience working as an employee and an entrepreneur. My reviews will be blunt and to the point, so proceed at your own risk! Keep in mind, I have gone through most of them and realixe what value they add to your CV and to an employer as well as the knowledge attained. Disclaimer: Unfortunately, none of the below mentioned companies pay me for anything! I endorse what I believe in and provide my honest opinion without fear of "what people will say". ISACA, (ISC)2, EC-Council are the most popular organizations that provide security certifications. I would divide the tracks into 2 areas of focus. Technical CCNA/CCNP Security CCNA Security is great to learn all the technical terminology out there for security. There is A LOT. And I'll be honest, Cisco is one of the leaders in networking products. They do a great job in covering security topics with their...
Read More