The Infosec Archives 01.21.2022 - V8
?? Brendon Rod ??
IAM Resilience Evangelist ?? | Startup Afficionado ?? | Go-to-market Architect ??
Hey friends,
Welcome back to the Infosec Archives volume 8.
Did you know what happened on-this-day January 21?
The First Commercial Concorde Flight Generating a sonic boom as it traveled through the atmosphere at supersonic speed, the Concorde, a commercial aircraft built with funding from the British and French governments, began regular service on this day in 1976.
More Events On This Day Demonstrations, known collectively as the Women's March, were held throughout the world to support gender equality, civil rights, and other issues that were expected to face challenges under newly inaugurated U.S. President Donald Trump; it was widely believed to be the largest single-day demonstration in U.S. history.
And now... Let's?dive in?as they say. ??
----------------------------------
News:??
Flights scrapped over 5G concerns
By Jake Perez, Editor at LinkedIn News
Airlines worldwide have suspended or are scrambling to change flights over worries that the rollout of 5G technology near airports could disrupt tech on planes and jeopardize flight safety. Verizon and AT&T delayed plans to activate 5G networks after airline and shipping executives raised concerns, but the wireless carriers' decision came too late to avoid flight disruptions. Emirates' president tells CNN it's "delinquent, utterly irresponsible" that airlines weren't advised of the full extent of potential interference until Tuesday.
Russian government arrests REvil ransomware gang members
Russian authorities have detained 14 individuals suspected to be part of the REvil ransomware-as-a-service (RaaS) operation and confiscated cryptocurrency and fiat money as follows:
·????????more than 426 million rubles (approximately $5,5 million)
·????????600 thousand US dollars
·????????500 thousand euros (approximately $570,000)
?
Jobs ??????
Look, jobs! Come check out two positions on eHealth Security Team.
We have opening for a Junior position for a Security Analyst, and we have open position for a Security Architect. I am not the hiring manager but if you have any questions, feel free to reach out to me.
Careers/Advice: ??
I ran by a post today that mentioned "You have to be a CISSP to be successful in this field". REALLY?
Honestly, it had to be the most misleading post that I had seen in weeks. It drives me crazy that entry level people getting into this field have to read this stuff and be discouraged.
To be transparent, I don't have my CISSP. I looked at it real hard years back, but did not see it adding benefit to my situation. Yes, the CISSP is a great certification, no doubt. However, to say that you have to have it to be "successful" in this field is completely false.
More importantly, let's break down "success".
continue reading>>
How Do I Become A SOC Analyst?
Infosec Wisdom: ??
SOC Analyst Study Guide,
This is a work in progress, however, I have some heavy hitters chime in and help me add some fantastic resources and I would like to introduce this to the community.
This will evolve over time, my main goal was to consolidate my resources into a single pane.
However, the goal of this guide is
"To inform the learner of the required knowledge to become a well-rounded SOC analyst, and to provide said learner with resources to learn, understand and develop these areas"
Thank you to the initial contributors.
This is open to all to duplicate and retrofit into your own study board.
Your Biggest Risk Can Be Handled By Entry-Level Security Professionals
Infosecurity managers are under pressure to find and fill the demand with skilled professionals that can hit the ground running.
But all the skilled professionals are expensive, hard to find and get snapped up quickly in the market.
Therefore, we should build and train the entry-level infosec workforce with phishing incident response skills because this is not hard to teach and can be learnt quickly and with an incredible ROI.
In this episode, i sat down with Eyal Benishti Founder and CEO of IRONSCALES to explore this in more depth.
领英推荐
Mentorship/Education: ????
You need to pick a direction. You need to pick a role.
I like sailing and I like philosophy, so Seneca's quote here really hit me.
If you are starting in cybersecurity, I analogize that to living in Seattle and wanting to sail in Europe. There are many paths. There is a tried and true initial plan to sail to Panama and then work your way across the Caribbean, follow the trade winds up to the Azores, then there might be a shift to your final destination, the Mediterranean or heading North.
Then there are tons of end locations. But, you could also go West across the Pacific. You could go around South America. From the Caribbean, you could go up the East Coast and cross up near Canada and Greenland.
Sorry, I like talking about sailing.
The point: pick an initial destination and get moving or you will go nowhere.
GRC, incident response, security engineering, helpdesk, sysadmin, network engineer, software dev, cloud engineer, vulnerability management, pentesting.
Pick one.
Start
Stay on course and don't get distracted.
Get to a point where you decide whether or not this is for you. Then make your changes.
You will find that planning a trip to Norway and a trip to Greece from Seattle via sailboat will look a lot alike for a long time.
And that is cybersecurity.
A good pentester could learn digital forensics really quickly. An incident response manager probably has a good take on security controls.
Start.
Follow a plan.
And stay on course until you make a conscious decision to change the destination.
Infosec Think Tank: ??
Why is there a lack of Women’s presence in Cybersecurity?
??Controversial but worth reading through the 630+ comments ??
The "lack of women in tech" is NOT due to misogyny.
It's due to a lack of INTEREST.
Women, on average, prefer people over things. This is true across generations and cultures. Multiple studies and decades of research have proven this.
The difference lies simply in how interested men and women are with tech-centric work.
We never question why women dominate the nursing and teaching professions. That's because these professions attract women more than men. These professions are people-centric.
Tech professions attract more men than women. These professions are thing-centric.
Women and men are EQUALLY COMPETENT in tech. That was never the question.
But women and men are NOT EQUALLY INTERESTED in tech.
The "lack of women in tech" is simply a numbers problem.
Not a misogyny problem.
?
Cybersecurity Heroes Podcast: ???
To Protect Against Advanced Email Threats Requires A Different Technology & Approach
Time Stamp 09:29 - Instill distrust in employees
Where Jeremy works in the Midwest people have a tendency to trust and want to help, but that can lead to security mistakes as more business emails are compromised.
“In the Midwest, we very much want to help. And there's nothing wrong with that. I think that's a good mindset to have, but it necessarily doesn't always translate the best into business and when we're talking about security, because we may be helping out the wrong person. Or we might be helping out the adversary at this point in time.
So how do you start to train a little bit of distrust into trusting people and that's where looking at a whole, and we'll talk more about that. How do you start to train people to look at certain things or keep an eye on things? And what can we do to help instill in our users this is what you need to check? Just don't trust because you're getting that email from somebody you do business with on a daily basis.
And I think for us, that's probably the biggest challenge right now is that we have the abuse of trusted contacts through business email compromise. So we're very trusting people in the Midwest. We very much want to help. So when we get that email saying, Hey, I need this done now, we are going to get it done now. So it's instilling that little bit of a pause and asking the question of, well, is this real or is this not.”
Catch all the links to the episode below or search for #CyberSecurityHeroes in your favorite podcast player.
Cyber Security Heroes is brought to you by IRONSCALES.
An email security platform powered by AI, enhanced by thousands of customer security teams and built around detecting and removing threats in the inbox.
?
p.s
If you enjoy the show, we would love a rating or a review so more people like you can find it!
-----------------
Meme of The Week ??
--------------------
That's a wrap for this week's Infosec Archives, see you again next week. ??
Brendon
?
Defending Healthcare, Manufacturing, and Legal from Cyber Chaos | IT, Cloud, and Compliance That Just Works. DM Me, Let’s Talk.
3 年Thank for featuring me on your post! ??Brendon Rod??. Much appreciated. I’m a huge advocate for women on this platform.
IAM Resilience Evangelist ?? | Startup Afficionado ?? | Go-to-market Architect ??
3 年added a job section inside the newsletter, thanks Jessica Boyer. #cyberheroes please feel free to ping me with job openings and ill add each week. Look, jobs! Come check out two positions on eHealth Security Team. We have opening for a Junior position for a Security Analyst, and we have open position for a Security Architect. I am not the hiring manager but if you have any questions, feel free to reach out to me. https://lnkd.in/eUwU2cYM https://lnkd.in/eaQgmXr7