Ransomcloud Proof of Concept from Kevin Mitnick

Kevin Mitnick is now working for KnowBe4’s as Chief Hacking Officer. He posted a video on Youtube on Jan 12th 2018 to demonstrate proof of concept that how cloud email accounts like Office 365 can be encrypted in real-time via a phishing email – a ransomcloud attack demo.

Although this is not a new attack capability – there was a detailed paper on how to conduct a ransomcloud attack against MS O365 – the video can be used very well to raise awareness to end users.

Posted in Security

Cisco CCNA Cyber Ops


CCNA Cyber Ops Badge

Last year I got Cisco scholarship for this course and exam. What it meant to me was not just a no-charge wonderful technical course but also re-ignited my inspiration to learn and take professional certificates after 4 years. The value it brought to me was much more than money. This is a very new cert from Cisco, just released in 2017 and now is still v1.0 so luckily I’m one of the first certified persons in the world.

This is the cert description: “Today’s organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC’s) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats. CCNA Cyber Ops prepares candidates to begin a career working with associate-level cybersecurity analysts within security operations centers.” So basically, this cert focuses on the skills in SOC, CISRT or CERT centers like threat hunting, incident detection, incident handling, forensic etc.

Below is my email to a colleague who asked for my detailed experiences on this certificate, I keep here for reference.

Continue reading

Posted in Certificates, Uncategorized | Tagged | Leave a comment

A short presentation about Accountability

Last Saturday March 10th, I made a short presentation in an activity we call “Coffee & Share”. This is my proposed activity for the local IT group in my city and this presentation is the first session in this activity. I did it in Vietnamese because all of us are Vietnamese. Below is the diagram I created to summarize how to ignite Accountability in each person and how to maintain an Accountable culture in an organization for leaders.CoffeShare01

Some photos from the session:

P.S: This post marked 200 posts in this blog. A little milestone for myself.

Posted in Soft skills, Uncategorized | Tagged | Leave a comment

Top security certifications: Who they’re for, what they cost, and which you need

Source: CSOOnline

If you’re pursuing a career in IT security, certifications can only help you. Certification-critics often say a certification means nothing, and acumen and experience are the true differentiators, but as a holder of dozens of IT security certifications, I beg to differ. So do employers.

A particular certification is often the minimum hurdle to getting an one-on-one in-person job interview. If you don’t have the cert, you don’t get invited. Other times, having a particular certification can give you a leg up on competing job candidates who have similar skill sets and experience.

Every certification I’ve gained took focused, goal-oriented study — which employers view favorably, as they do with college degrees. More important, I picked up many new skills and insights in IT security while studying for each certification test. I also gained new perspectives on even familiar information I thought I had already mastered. I became a better employee and thinker because of all the certifications I have studied for and obtained. You will too.

Continue reading

Posted in Certificates | Tagged , | Leave a comment

Gartner – Critical Capabilities for Public Cloud Infrastructure as a Service

Very detailed analysis. It seems Amazon is the champion!



Posted in cloud, Uncategorized | Leave a comment

Apache Hadoop Explained in 5 Minutes or Less

Hadoop, an open-source Apache project, is a framework that can be used for performing operations on data in a distributed environment using a simple programing model called MapReduce. It is also a scalable and fault tolerant system. In the realm of Big Data, Hadoop falls primarily into the distributed processing category but also has a powerful storage capability.

Apache Hadoop Explained in 5 Minutes or Less

Posted in cloud, Uncategorized | Leave a comment

How to make effective security awareness training


These are some good advices on how to make effective security awareness training.

The main points are:

  1. Get management buy-in
  2. Target your security training
  3. Make it pervasive
  4. Presentation is everything
  5. Explain why security policies are needed
  6. Show users specific examples of security no-nos
  7. Make it easy for users to comply with security policies
  8. Maintain the right attitude
  9. Use the right metrics to gauge effectiveness of training
Posted in Uncategorized | Tagged , | Leave a comment