Security+ Journey – Prying Eyes

The internet allows us to have the proverbial ‘world at our fingertips’. We have almost immediate access to countless amounts of information at practically any given time. While this is great, it can definitely be seen as a double-edged sword. Being on the internet often means disclosing information about ourselves in order to get accessContinue reading “Security+ Journey – Prying Eyes”

Security+ Journey – Gone Phishin’

As brought up in the social engineering post in this series, while attacks can rely on sophisticated payloads to accomplish malicious goals, oftentimes the point of entry is an action taken by an unsuspecting human. In that social engineering post, I also highlighted that humans are the last line of defense for an organization, inContinue reading “Security+ Journey – Gone Phishin’”

Security+ Journey – Social Engineering

In today’s day and age, attackers and defenders can both be very sospisticated. Threat actors can have ways to obfuscate their attacks and exploit zero day vulnerabilities. Conversely, defenders can leverage defense in depth to put multiple layers of defense between valuable assets and attackers. However, at the end of the day, there is aContinue reading “Security+ Journey – Social Engineering”

Security+ Journey – DNS for Recon

For attackers and defenders, tools are very important. If a threat actor does not know much about a potential target, they will need to perform some reconnaissance. There are many tools out there that can be leveraged for recon, some of which are readily available on popular operating systems. These tools are not necesarily builtContinue reading “Security+ Journey – DNS for Recon”

Security+ Journey – Attack Surface and Vectors

One thing is certain in terms of cybersecurity. Attacks will and do occur regularly. While security is the responsiblity of all employees in an organization, active defense is up to IT and Info Sec teams. One way to help defend organizations effectively and efficiently is to understand the existing attack surface and potential attack vectorsContinue reading “Security+ Journey – Attack Surface and Vectors”

Security+ Journey – Lions, Tigers, and Bears

Yeah I know, I went for the catchy title to try to draw you into reading this. However, when looking at the topic of vulnerabilities, threats, and risks in my list, the title above is what came to mind. Thinking through it though, that title seems to work. Vulnerabilities, threats, and risks are all scaryContinue reading “Security+ Journey – Lions, Tigers, and Bears”

Security+ Journey – Functional Types of Controls

Security controls are put in place ultimately to mitigate and minimize risk for an organization. As covered in a previous post, there are three main categories of security contols. To recap, these categories are technical (logical), operational (physical), and managerial (administrative). While these categories give us an idea of the high level characteristics of theContinue reading “Security+ Journey – Functional Types of Controls”

Cloud Essentials+ Journey – Try Before You Buy

Wouldn’t it be great if everything we wanted to purchase and integrate into our technology stacks would just work the way we wanted without needing to worry about it or even test things out? Well, anyone who has been around technology knows that is not the case. There is not always a ‘one size fitsContinue reading “Cloud Essentials+ Journey – Try Before You Buy”

Security+ Journey – Control Categories

Large concepts within information security are understanding what protections/controls we should have in place and then the actual processes of implementing those controls. The reason we have security controls can point back to the concept of the CIA Triad. To keep our organizations safe and healthy from an information security perspective, we should ensure thatContinue reading “Security+ Journey – Control Categories”

Cloud Essentials+ Journey – Statement of Work

In a previous post in this series, we covered different request documents that are sent to vendors/partners/service providers such as the request for information (RFI), request for proposal (RFP), and request for quote (RFQ). These request documents all deal with different phases of the pre-procurement process of a technology, system, or application. There is anotherContinue reading “Cloud Essentials+ Journey – Statement of Work”