Kevin Mitnick is now working for KnowBe4’s as Chief Hacking Officer. He posted a video on Youtube on Jan 12th 2018 to demonstrate proof of concept that how cloud email accounts like Office 365 can be encrypted in real-time via a phishing email – a ransomcloud attack demo.
Although this is not a new attack capability – there was a detailed paper on how to conduct a ransomcloud attack against MS O365 – the video can be used very well to raise awareness to end users.
CCNA Cyber Ops Badge
Last year I got Cisco scholarship for this course and exam. What it meant to me was not just a no-charge wonderful technical course but also re-ignited my inspiration to learn and take professional certificates after 4 years. The value it brought to me was much more than money. This is a very new cert from Cisco, just released in 2017 and now is still v1.0 so luckily I’m one of the first certified persons in the world.
This is the cert description: “Today’s organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC’s) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats. CCNA Cyber Ops prepares candidates to begin a career working with associate-level cybersecurity analysts within security operations centers.” So basically, this cert focuses on the skills in SOC, CISRT or CERT centers like threat hunting, incident detection, incident handling, forensic etc.
Below is my email to a colleague who asked for my detailed experiences on this certificate, I keep here for reference.
Last Saturday March 10th, I made a short presentation in an activity we call “Coffee & Share”. This is my proposed activity for the local IT group in my city and this presentation is the first session in this activity. I did it in Vietnamese because all of us are Vietnamese. Below is the diagram I created to summarize how to ignite Accountability in each person and how to maintain an Accountable culture in an organization for leaders.
Some photos from the session:
P.S: This post marked 200 posts in this blog. A little milestone for myself.
If you’re pursuing a career in IT security, certifications can only help you. Certification-critics often say a certification means nothing, and acumen and experience are the true differentiators, but as a holder of dozens of IT security certifications, I beg to differ. So do employers.
A particular certification is often the minimum hurdle to getting an one-on-one in-person job interview. If you don’t have the cert, you don’t get invited. Other times, having a particular certification can give you a leg up on competing job candidates who have similar skill sets and experience.
Every certification I’ve gained took focused, goal-oriented study — which employers view favorably, as they do with college degrees. More important, I picked up many new skills and insights in IT security while studying for each certification test. I also gained new perspectives on even familiar information I thought I had already mastered. I became a better employee and thinker because of all the certifications I have studied for and obtained. You will too.
Hadoop, an open-source Apache project, is a framework that can be used for performing operations on data in a distributed environment using a simple programing model called MapReduce. It is also a scalable and fault tolerant system. In the realm of Big Data, Hadoop falls primarily into the distributed processing category but also has a powerful storage capability.
These are some good advices on how to make effective security awareness training.
The main points are:
- Get management buy-in
- Target your security training
- Make it pervasive
- Presentation is everything
- Explain why security policies are needed
- Show users specific examples of security no-nos
- Make it easy for users to comply with security policies
- Maintain the right attitude
- Use the right metrics to gauge effectiveness of training