Journey of learning in InfoSec
This is part 1 of a four-part series. We’ll introduce the CIA concept overall here in the first of the series. Then cover each component more in-depth in subsequent posts One of the most critical concepts for security professionals is the CIA (confidentiality, integrity, availability) triad. It is at the core of everything we do, …
Continue reading “Introduction to the CIA Triad for Security Professionals”
Security Awareness Training is big topic and it consists mostly of people saying that you need to run phishing campaigns. People are your weakest link, but that’s their nature. It’s more than knowing social engineering, identifying phishing scams in all its forms. You need to train your HR people on listings and job postings. Train …
A lot of people think of InfoSec and immediately think of “hackers.” Writing and running code, discovering vulnerabilities and writing exploits, discovering bugs by reviewing code and looking for failings, and all other activities that look cool when presented on TV and film, where energy drinks cover the desk, and the only light on the …
Lessons learned from the compromise of a child’s accountThis post was originally drafted 2020. My attention to this blog fell off during the last couple of years and I’m working on wanting to do more work. Hopefully, this blog will be a place I use for that and some others will benefit or at least …
Twitter was victimized by a security event earlier this week. Just in case you don’t remember or are reading this post some time after it occurred, this was the event where a number of well-known, verified accounts all started sharing messages for a standard Bitcoin scam. former President Obama, former Vice President Biden, Bill Gates, …