For attackers and defenders, tools are very important. If a threat actor does not know much about a potential target, they will need to perform some reconnaissance. There are many tools out there that can be leveraged for recon, some of which are readily available on popular operating systems. These tools are not necesarily builtContinue reading “Security+ Journey – DNS for Recon”
Category Archives: Certification_Journey
Security+ Journey – Attack Surface and Vectors
One thing is certain in terms of cybersecurity. Attacks will and do occur regularly. While security is the responsiblity of all employees in an organization, active defense is up to IT and Info Sec teams. One way to help defend organizations effectively and efficiently is to understand the existing attack surface and potential attack vectorsContinue reading “Security+ Journey – Attack Surface and Vectors”
Security+ Journey – Lions, Tigers, and Bears
Yeah I know, I went for the catchy title to try to draw you into reading this. However, when looking at the topic of vulnerabilities, threats, and risks in my list, the title above is what came to mind. Thinking through it though, that title seems to work. Vulnerabilities, threats, and risks are all scaryContinue reading “Security+ Journey – Lions, Tigers, and Bears”
Security+ Journey – Functional Types of Controls
Security controls are put in place ultimately to mitigate and minimize risk for an organization. As covered in a previous post, there are three main categories of security contols. To recap, these categories are technical (logical), operational (physical), and managerial (administrative). While these categories give us an idea of the high level characteristics of theContinue reading “Security+ Journey – Functional Types of Controls”
Cloud Essentials+ Journey – Try Before You Buy
Wouldn’t it be great if everything we wanted to purchase and integrate into our technology stacks would just work the way we wanted without needing to worry about it or even test things out? Well, anyone who has been around technology knows that is not the case. There is not always a ‘one size fitsContinue reading “Cloud Essentials+ Journey – Try Before You Buy”
Security+ Journey – Control Categories
Large concepts within information security are understanding what protections/controls we should have in place and then the actual processes of implementing those controls. The reason we have security controls can point back to the concept of the CIA Triad. To keep our organizations safe and healthy from an information security perspective, we should ensure thatContinue reading “Security+ Journey – Control Categories”
Cloud Essentials+ Journey – Statement of Work
In a previous post in this series, we covered different request documents that are sent to vendors/partners/service providers such as the request for information (RFI), request for proposal (RFP), and request for quote (RFQ). These request documents all deal with different phases of the pre-procurement process of a technology, system, or application. There is anotherContinue reading “Cloud Essentials+ Journey – Statement of Work”
Security+ Journey – Five Info Sec Functions
Something that I really appreciate when learning something new or working with a new technology is a clearly defined concept. When learning basic cloud concepts as part of my Cloud Essentials+ journey, I relied on the definitions from NIST to set the groundwork of my understanding of cloud computing characteristics. Well, NIST was there forContinue reading “Security+ Journey – Five Info Sec Functions”
Cloud Essentials+ Journey – Licensing Models
One major shift to migrating to cloud services was the move from capital expenses to operating expenses. With capital expenditures, we typically pay for assets up front, and own and maintain those assets. On the other hand, with operating expenditures, we are paying for a service, or furthermore, the right to use that service/application/system. ServicesContinue reading “Cloud Essentials+ Journey – Licensing Models”
Security+ Journey – CIA Triad
As with dealing with practically any task, project, or initiative, having a set of guidelines to assist us toward our goals can be very important and beneficial. Information security is no different. Just looking at and thinking about the words information security can be a bit daunting and overwhelming. Where do we even start whenContinue reading “Security+ Journey – CIA Triad”
Netication 