This blog is about Clever Questions, Answers, Resources, Feeds, Discussions about Tech jobs and careers at MAANGM companies including:
- Meta (Facebook)
- Apple
- Amazon
- AWS
- Netflix
- Google (Alphabet)
- Microsoft

Top-paying Cloud certifications provided by MAANGM:
According to the 2020 Global Knowledge report, the top-paying cloud certifications for the year are (drumroll, please):
- Google Certified Professional Cloud Architect — $175,761
- AWS Certified Solutions Architect – Associate — $149,446
- AWS Certified Cloud Practitioner — $131,465
- Microsoft Certified: Azure Fundamentals — $126,653
- Microsoft Certified: Azure Administrator Associate — $125,993
FAANG – MAANGM Compensation
Legend – Base / Stocks (Total over 4 years) / Sign On
Google (Alphabet)
– 145/270/30 (2017, L4)
– 150/400/30 (2018, L4)
– 155/315/50 (2017, L4)
– 155/650/50 (2017, L4)
– 170/350/50 (2017, L4)
– 170/400/75 (2017, L4)
*Google’s target annual bonus is 15%. Vesting is monthly and has no cliff.
Facebook ( Meta)
– 115/160/100 (2017, E3)
– 160/300/70 (2017, E4)
– 145/220/0 (2017, E4)
– 175/250/0 (2017, E5)
– 160/250/100 (2018, E4)
– 190/500/120 (2017, E5)
– 200/550/50 (2018, E5)
– 210/1000/100 (2017, E6)
*Facebook’s target annual bonus is 10% for E3 and E4. 15% for E5 and 20% for E6. Vesting is quarterly and has no cliff.
LinkedIn (Microsoft)
– 125/150/25 (2016, SE)
– 120/150/10 (2016, SE)
– 170/300/30 (2016, Senior SE)
– 140/250/50 (2017, Senior SE)
Apple
– 110/60/40 (2016, ICT2)
– 120/100/21 (2017, ICT3)
– 135/105/20 (2017, ICT3)
– 160/105/30 (2017, ICT4)
Amazon (AWS)
– 103/65/52 (2016, SDE I)
– 110/200/50 (2016, SDE I)
– 135/70/45 (2016, SDE I)
– 106/60/65 (2017, SDE I)
– 160/160/125 (2017, SDE II)
– 178/175/100 (2017, SDE II)
– 145/120/100 (2018, SDE II)
– 160/320/185 (2018, SDE III)
*Amazon stocks have a 5/15/40/40 vesting schedule and sign on is split almost evenly over the first two years*
Microsoft
– 106/120/15 (2016, SDE)
– 107/90/35 (2016, SDE)
– 107/120/30 (2017, SDE)
– 110/50/20 (2016, SDE)
– 119/25/15 (2017, SDE)
– 130/200/20 (2016, SWE1)
– 120/150/18.5 (2016, SWE1)
– 145/125/15 (2017, SWE1)
– 160/600/50 (2017, SWE II)
Uber
– 110/180/0 (2016, L3)
– 110/150/0 (2016, L3)
– 140/590/0 (2017, L4)
Lyft
– 135/260/60 (2017, L3)
– 170/720/20 (2017, L4)
– 152/327/0 (2017, L4)
– 175/480/0 (2017, L4)
Dropbox
– 167/464/10 (2017, IC2)
– 160/250/10 (2017, IC2)
– 160/300/50 (2017, IC2)
That’s my guess. It hasn’t changed when Google became Alphabet.
FAANG stared as FANG circa 2013. The 2nd A became customary around 2016 as it wasn’t clear whether A referred to Apple or Amazon. Originally, FANG meant “large public, fast growing tech companies”. Now in 2021, the scope of what FANG referred to just doesn’t correspond to these 5 companies.
From an investment perspective (which is the origin of FANG) Facebook stock has grown the slowest of the 5 companies over the past 5 years. And they’re all dwarfed by Tesla.
From an employment desirability perspective (which is the context where FAANG is most used today). Microsoft is very similar to the group. It wasn’t “cool” around 2013 but its stock actually did better than Facebook or Alphabet over the past five years. Other companies like Airbnb, Twitter or Salesforce offer the same value proposition to employees, that is stability and tradable equity as part of the compensation.
FAANG refers to a category more than a specific list of companies.
As a side note, I expect people to routinely call the company Facebook, just like most people still say Google when they really mean Alphabet.
The technical interviews at FAANG companies, in the grand scheme, aren’t very difficult.
People frequently fail FAANG interviews because they choke — they experience anxiety and just forget their knowledge — or they don’t know the material to begin with.
Inverting a binary tree, matching up pairs of brackets, finding the duplicate in an array of distinct integers, etc., are all weeder-questions that should be solvable in 5–10 minutes, if you’re the type to suffer from interview jitters. You should know which data structures to use, intuitively, and you should be doing prep work to cover your knowledge gaps if you don’t.
Harder questions will take longer, but ultimately, you’ll have 45 minutes or so to solve 2–3 questions.
Technical interviews at FAANG companies are only difficult if you have shaky computer science fundamentals. Luckily, the process for cracking the code interview *cough* is very well-documented, hence, you only need to follow the already established strategies. If you’re interested in maximizing income while prioritizing career growth, it behooves you to spend a month or two studying these strategies.
The difficulty of the interview is going to vary more interviewer to interviewer, than company to company. Also, how difficult the questions are is not directly related to how selective the process is; the latter being heavily influenced by business factors currently affecting these companies and what are their current hiring plans.
Comments:
#1: So, how do know you this? You don’t. An affirmative answer to this question can only come from data.
#Answer #1: Fair question. I have been very involved in interviewing in a number of large tech cos. I have read, by now, thousands of interview debriefs. I have also interviewed a fair amount as a candidate, although I have not interviewed in each of the “FAANG” and I have definitely be more often on the interviewing side.
As such, I have seen for the same position, very easy questions and brutally difficult ones; I have seen very promising candidates not brought to onsite interviews because the hiring organization didn’t currently have resources to hire, but also ok-ish candidates given offers because the organization had trouble meeting their hiring targets. As a candidate I also experienced: easy interview exercises but no offer, very hard interview exercises and offer (with the caveat that I never know exactly how well I do, but I certainly can tell if a coding question or a system design question is easy or hard).
So. I am well aware that it’s still anecdotal evidence, but it’s still based on a fairly large sample of interviews and candidates.
#Reply to #1: Nope, you’re wrong. I have experience in the interview process at Amazon and Microsoft and have a different conclusion. Moreover, “experts” in lots of disparate fields make claims that are a bunch of bullcrap due to their own experiential biases. Additionally, you would need to be involved at all of the companies listed, not just some of the them, for that experience to be relevant in answering this question. We need to look at the data. If you don’t have data, I will not trust you just because of “your experience”. I don’t think it’s possible for Jerry C to have the necessary information to justify the confidence that is projected in this answer.
What you need is not so much a list of “incidents” but more generally some self-awareness on what you care about and how you’ve progressed and how you see your career.
The best source for this material is your performance reviews. Ideally you also kept some document about your career goals and/or conversation with your manager. (If you haven’t such documents, it’s never too late to start them!).
You should have 5–6 situations that are fairly recent and that you know on the back of your hand. These must include something difficult, and some of these situations must be focused on interpersonal relationships (or more generally, you should be aware of more situations that involved a difficult interpersonal relation). They may or may not have had a great outcome – it’s ok if you didn’t save the day. But you should always know the outcome both in terms of business and on your personal growth.
Once you have your set of situations and you can easily access these stories / effortlessly remember all details, you’ll find it much easier to answer any behavioral question.
This question (like many other things in life) is much more complicated than it appears on the surface. That’s because it is conflating several very different issues, including:
- What is retirement?
- What is “early”?
- At what age do most software engineers stop working in that role?
- How long do employees stay on average at the FAANGs?
In the “old” days (let’s arbitrarily call that mid-20th century America), the typical worker was white, male and middle class, employed on location at a job for 40–50 hours a week. He began his working career at 18 (after high school) or 22 (after college), and worked continuously for a salary until the age of 65. At that time he retired (“stopped working”) and spent his remaining 5–10 years of life sitting at home watching tv or traveling to places that he had always wanted to visit.
That world has, to a large extent, been transmogrified over the past 50 years. People are working longer, changing employment more frequently, even changing careers and professions as technology and the economy change. The work force is increasingly diverse, and virtually all occupations are open to virtually all people. Over the past two years we have seen that an astonishing number of jobs can be done remotely, and on an asynchronous basis. And all of these changes have disproportionately affected software engineering.
So, let’s begin by laying out some facts:
- When people plan to retire is a factor of their generation: Generation Y — ages 25 to 40 — plans to retire at an average age of 59. For Generation X — now 41 to 56 — the average age is 60. Baby boomers — who range from 57 to 75 — indicated they plan to work longer, with an average expected retirement age of 68.[1]
- The average actual retirement age in the US is 62[2]
- Most software engineers retire between the ages of 45 and 65, with less than 1% of developers working later than 65.[3]
- But those numbers are misleading because many software engineers experience rapid career progression and move out of a pure development role long before they retire.
- The average life expectancy in Silicon Valley is 85 years.[4]
- The tenure of employment at the FAANGs is much shorter than than one might imagine. Unlike in the past, when a person might spend his or her entire career working for one or two employers, here are the average lengths of time that people work at the FAANGs: Facebook 2.5 years, Google 3.2 years, Apple 5 years.[5]
Therefore, if the question assumes that a software engineer gets hired at a FAANG company in his or her 20s, works there for 20 or 30 years as a coder, and then “retires early”, that is just not the way things work.
Much more likely is the scenario in which an engineer graduates from college at 21, gets a masters degree in computer science by 23, starts as a junior engineer at a small or large company for a few years, gets hired into a FAANG by their early 30s, spends 3–5 years coding there, is recruited to join a non-FAANG by their early 40s in a more senior role, and moves into management by their late 40s.
At that point things become a matter of personal preference: truly “retire”, start your own venture; invest in cryptocurrency; move up to senior management; begin a second career; etc.
The fact is that software engineering at a high level (such as would warrant employment at a FAANG in the first place) pays very well in relative terms, and with appropriate self-control and a moderate lifestyle would enable someone to “retire” at a relatively early age. But paradoxically, that same type of person is unlikely to do so.
Are companies like Google and Facebook heaven on earth in terms of workplaces?
No. In fact Google’s a really poor workplace by comparison with most others I’ve had in my career. Having a private office with a door you can close is a real boon to doing thoughtful, creative work, and having personal space so that you can feel psychologically safe is important too.
You don’t get any of that at Google, unless you’re a director or VP and your job function requires closed-door meetings. I have a very nice, state-of-the-art standing desk, with a state-of-the-art monitor, and the only way for me to avoid hearing my tech lead’s conversations is to put headphones on. (You can get very nice, state-of-the-art headphones, too.)
On the other hand, I also have regular access to great food, and an excellent gym, and all the La Croix water I can drink. I get to work on the most incredible technological platform on earth. And the money’s good. But heaven on earth? Nah. That’s one of the reasons the money’s good.
What is the starting salary of a software engineer at Google?
A new grad software engineer (L3) at Google makes a salary around $193,000 including stock compensation and bonus. The industry is getting a lot more competitive and top companies such as Google have to make offers with really generous stock packages. The below diagram shows a breakdown for the salary. View all the crowdsourced reports as well as other levels on Levels.fyi.
Hope that helps!
How I got in to Amazon, Microsoft, Google. All from studying these resources by Alex nguyen @medium
Follow Alex Nguyen on his quest to 30,000 followers on LinkedIn
Alex Nguyen | LinkedIn
Everyone has a study plan and list of resources they like to use. Different plans work for different people and there is no one size fits all.
This by no means is the only list of resources to join a larger technology company. But it is the list of resources I used myself to prepare for all my technology interviews.
Quick Background
I’m a current engineer at Microsoft who previously worked at Amazon for 1 year each respectively. I don’t have a master’s degree and I graduated from NYU, not an Ivy League. I’ll soon be joining Google and the following resources is how I got there.
Yes, the purchasable resources are affiliate links that help support this blog. Regardless, these are the resources I’ve used both purchasable and free.
Coding Resources
Cracking the Coding Interview (CTCI)
This is the simplest book to get anyone started in studying for coding interviews.
If you’re an absolute beginner, I recommend you to start here. The questions have very details explanations that are easy to understand with basic knowledge of algorithms and data structures.
Elements of Programming Interviews (Python, Java, C++)
If you’re a little more experienced, every question in this book is at the interviewing level of all large technology companies.
If you’ve mastered the questions in this book, then you are more than ready for the average technology interview. The book is not as beginner friendly as CTCI but it does include a study plan depending on how much you need to prepare for your interviews. This is my personal favorite book I carried everywhere in university.
NeetCode blind 75 — YouTube
Blind has a list of 75 questions that is generally enough to solve most coding interviews. It’s a very curated and focused list for the most essential algorithms to leverage your time.
The playlist above is one of the clearest explanations I’ve ever seen and highly recommend if you need an explanation on any of the problems.
CSES Problem Set — Tasks
These problems are hard. Really hard for anyone who hasn’t practiced algorithms and is not beginner friendly. But if you are able to complete the sorting and searching section, you will be more capable than the average LeetCode user and be more than ready for your coding interview.
Consider this if you’re comfortable with LeetCode medium questions and find the questions in CTCI too easy.
Algorithm Learning
Introduction to Algorithms (4th Edition)
This is the most common and best textbook anyone could use to learn algorithms. It’s also the textbook my university used personally to learn the core and essential algorithms to most coding problems.
The 4th edition was recently released and is still relevant to MIT students. If you need structure and a traditional classroom setting to study, follow MIT’s algorithm course here.
William Fiset — Graph Theory
Graph theory does come up in interviews (and was a question I had at both Bloomberg and Google). Stay prepared and follow William Fiset’s graph theory explanation.
The diagrams are comprehensive and the step-by-step explanations are the best I’ve ever seen on the topic.
CSES.fi Handbook
This handbook is for people who are strongly proficient with most Leetcode algorithms. It’s a free resource that strongly complements the CSES.fi curriculum.
Competitive Programming 4th Ed.
For the most experienced algorithm enthusiasts, this book will cover every niche data structure and algorithm that could possibly be asked in any coding interview. This level of preparation is not generally needed for FAANG type companies but can show up if you’re considering hedge fund type companies.
System Design
The System Design Interview (Vol. 1, Vol. 2, Online Course + Community)
In my opinion, you will be more than ready for any system design interview using these resources. The diagrams are clear and the explanations are as simple as possible in each book to help you learn system design concepts quickly.
I recommend the online course personally because yes the content from both books is great to own, it’s the online community discord you get access to that makes the yearly subscription worth it. The discord includes mock interview buddies, salary discussion, and over view on each system design topics to study with other users on.
System Design Primer
The system design primer is the best free resource on all things system design. Dig deep into the Git repository and you will learn everything you need to know on system design. It’s all curated in a single repository and the clearly structured to give you a guided curriculum.
Educative’s System Design Interview
This quick overview on system design is great to review if you’re in a rush. The read typically takes users 45 minutes but you’ll be left knowing more system design than the average engineer.
Give it a read. If concepts are unclear or confusing, that might be a sign you’re not ready for interviews.
Object Oriented Design
Design Patterns: : Elements of Reusable Object-Oriented Software
Regardless if you’re learning design patterns for the object-oriented programming interview, you will need to know design patterns as a software engineer at these large companies.
The book is the origin of the world’s most common design patterns today and showing proficiency in these for your object oriented interview is a requirement for certain large technology companies like Amazon.
Head First Design Patterns
The above resource is dense and written in language that’s hard to understand. While the original source material in design patterns is great, it doesn’t help much if it’s difficult to understand.
Consider Head First Design patterns to study a simplified explanation of those common design patterns. It might not be as in-depth as the original source material, but your understanding in design patterns will be more than enough to crack any object-oriented interview.
Closing Thoughts
Honestly, I did not go through all of these resources from cover to cover. If you do, I’m sure you wouldn’t need to study for another interview again. But likely we don’t have the time to do that so make sure that once you understand the core concepts in the any of the above categories that you invest your time moving on to the next.
Again, these are the resources I used and is not at all inclusive of anyone else’s study plan.
My Google L4 interview experience by Alex Nguyen
3 Years ago I applied to Google and was rejected immediately after the phone screen. Fast forward 2022 and was given another chance to re-interview. Here’s how the entire experience went.
Quick Background
I am currently a junior level software engineer at Microsoft (L60) with previous experience at Amazon (SDE I). My tenure is 1 year at Microsoft and 1 year at Amazon.
The first time I applied to Google was fall of my senior year of college at NYU. I failed the phone screen horribly and never thought I would join a company as competitive as Google. But I did not want to count myself out before even interviewing.
Recruiter Screen
I slowly built my LinkedIn to make sure recruiters would notice me whenever I wrote a LinkedIn post. With 15,000 followers at the time, it wasn’t too difficult to have one of them reach out with the chance to interview. A message came in my LinkedIn inbox and I responded promptly to schedule the initial recruiter call.
The chat was focused more on my previous experiences engineering and some of the projects I worked on. It was important to talk about what languages I was using and how much of my day was spent coding (70% of my day at Microsoft).
The recruiter was interested in having me follow through with a full-loop and asked when I would like to go through the process. It was important to me to ask what engineering level I was applying for. He shared it was L3/L4 role where the interviews would calibrate me depending on my performance. Knowing that, I mentioned I’d like to interview 1 month later and asked what the process looked like as explained to me.
- Technical Phone Screen
- 6 Hour Virtual On-site
a. 4 Technical Coding Interviews or 3 Technical Coding Interviews + 1 system design
b. Behavioral “Googliness” interview
Phone Screen
Following the initial recruiter phone screen, I received an email from Google. It explained that I would be exempt from the Google Technical Phone Screen.
Why? I am personally not sure but it likely had to do with prior experience at large technology companies. I was personally surprised because to this day my first Google Phone Screen is still one of the toughest coding interviews I have ever been given.
It looked like that was as relevant as my current work experience and I didn’t have much to complain about moving quicker through the process and directly on-site.
Technical Onsite
Every coding question I had was a coding question that was either on LeetCode or could be solved with the patterns you find solving coding questions. Here’s what my experience for each of them looked like
Coding Interview #1
The interviewer looked like someone who was my age and likely joined Google directly after university. Maybe I wasn’t jealous. Maybe I was.
The question I was given was a string parsing Hash-Map question. Easily doable if you worked through a few medium questions regarding hash-maps and string parsing. But if you’re not careful, you may have fallen into a common trap.
Let me point it out for you. Abstract away the logic for tedious parsing logic by writing something like “parsingFunction()”. Otherwise 30 minutes may pass without you solving the question. I wrote a short “ToDo” mentioning I’d come back to it if the interviewer cared.
Spoiler: The interviewer didn’t care.
They lastly asked me to optimize with a heap and what the running time was. Unlike others who assert the running time, I solved for it and the interview concluded there.
Coding Interview #2
The interviewer who was more senior than the previous interviewer. I heard the coding question and thought the on-site was over.
The thing about some coding questions is whether you see the pattern for the algorithm or not. The recognizing the pattern for the algorithm can be much more difficult than actually writing the code for it. This was one of those interviews.
After hearing the questions I was thinking of ways to brute force the question or if there was a pattern I could see using smaller test cases. I wasn’t able to recognize it and eventually the interviewer told me what the pattern was.
I tried not to come off embarrassed but followed up with the algorithm to implement that pattern and the interviewer gave me the “go ahead” to code. I finished coding the pattern and answer the follow up by the interviewer on how to make my code modular to handle another requirement. This did not require implementation.
Afterwards was a discussion on time and space complexity and the interview was over.
Coding Interview #3
The interviewer was a mid-level engineer who was not as keen on chatting as much as the interviewers.
Some coding interviews are just one interview where you have to get the question correct or not. This one started off easy and iterated to be tougher.
My quick advice to anyone is to never come off arrogant for any coding question. You may know the question is easy and the interviewer likely does as well. Often times it’ll get harder and all that ego will go out the window. Go through the motions and communicate you always do for any other coding problem.
The problem given was directly on LeetCode and I felt more comfortable knowing I had solved this awhile ago before. If you’re familiar with “sliding window” then you more than likely would be able to solve it. But here’s where the challenge was.
After the warm-up question, the follow up had another requirement on top of the previous question. That follow up was more array manipulation. Finally the last iteration was shared.
I implemented the algorithm where Math.max was being called more than necessary. To me it didn’t affect the output of the algorithm and looked like it didn’t matter. But it mattered to the interviewer. I took that feedback and carefully implemented it the way the interviewer asked me to (whether it actually affected the algorithm or not).
Time and space complexity was solved and the interview was over.
Coding Interview #4
This was another interviewer who had joined Google after university and had the same work experience I did.
This prompt was not given to me and I expected I had to write down the details to the question myself. After asking some clarifying questions on what was and wasn’t in scope, I shared my algorithm.
The question was an object-oriented question to implement a graph. If you had taken any university course on graph theory, you would be more than prepared.
The interesting discussion was whether I had to implement the graph with BFS or DFS and explain the pro’s and con’s of each. Afterwards, I decided with BFS (because BFS is easier for me to implement) and the requirement followed up with taking K-most steps iterative.
I’m not sure if that’s the follow-up because I implemented it in BFS or if that was always the follow-up but I quickly adjusted the algorithm and solved for space and time complexity as always.
The Googliness interview
Googliness is just Google’s behavioral interview. Most questions were along the lines of
- Tell me about yourself
- What’s a project you worked on?
- When was a time you implemented a change?
- When was a time you dealt with a coworker who wasn’t pulling their weight?
To prepare for these, I’d recommend learning about the STAR format and outlining your work experiences if you can recall them before interviewing.
This seemed to go well but then I was given a question I didn’t expect. A product question and my thought process on how to work with teammates to answer the question.
My key point of advice: Nothing matters if the user doesn’t want it.
Emphasize how important user research is to build a product that a user will use otherwise everyone’s time could be better invested in other initiatives. Avoid jumping straight into designing the product and coordinating talks with product managers and UX designers.
Offer
2 weeks later, an informal offer was shared with me in my email.
Most of the interview didn’t not pertain to my previous experience directly. A systematic way of approaching, communicating, and implementing coding problems is enough without experience from Amazon/Microsoft.
Follow Alex Nguyen on his quest to 30,000 followers on LinkedIn
Alex Nguyen | LinkedIn
Yes, it is. That’s a very good sign.
That means you interviewed well. Someone else interviewed better for the first role, but the recruiter sees that there other roles for which you might be a better fit.
The eight interviews is a sign that someone in the process wanted you specifically for some role.
I think there may be two different things going on.
First, are you sure whether it’s a FAANG recruiter, or someone from an external sourcing firm which is retained by a FAANG company? I had this experience where someone reached out on LinkedIn and said they were recruiting for a Google role and passed along a job description. As I started asking them questions, it became clear that they just wanted me to fill out an application so that they can pass it to someone else. Now, as it happens, I am a former Google employee, so it quickly became clear that this person was not from Google at all, but just retained to source candidates. The role they wanted me to apply for was not in fact suitable, despite their claim that they reached out to me because I seemed like a good match.
If you are dealing with a case like this, probably what happens is that they source very broadly, basically spamming people, on the chance that some of the people they identify will in fact be a good fit. So they would solicit a resume, pass it to someone who is actually competent to judge, and that person would reject. And the sourcing firm will often ghost you at this point.
If you are dealing with an actual internal recruiter, I think it can be a similar situation. A recruiter often doesn’t really know if you are a fit or not, and it will often be some technical person who decides. That person may spend 30 seconds on your resume and say “no”. And positions get filled too, which would cause everyone in the pipeline to become irrelevant.
In such cases there is no advantage for the recruiter to further interact with you. Now, every place I worked with, I am pretty sure, had a policy that if a recruiter interacted with the candidate at all, they were supposed to formally reject them (via email or phone). But I imagine there’s very little incentive for a recruiter to do it, so they often don’t. And as a candidate, you don’t really have any way to complain about it to the company, unless you have a friend or colleague on the inside. If you do, I suggest you ask them, and it may do some good, if not to you (you are rejected either way), at least to the next applicant.
As a software engineer or programmer, what’s the dumbest line of code you’ve seen in a codebase?
It’s not actually a line of code, so to speak, but lines of code.
I work in Salesforce, and for those who are not familiar with its cloud architecture, a component from QA could be moved to production only if the overall test coverage of the production is 75% or more. Meaning, if the total number of lines of code across all components, including the newly introduced ones, is 10000, enough test classes must be written with appropriate test scenarios so as to cover at least 7500 lines of the lump. This rule is enforced by Salesforce itself, so there’s no going around it. Asserts, on the other hand, could be done without.
If the movement of your components causes a shift in balance in production and tips its overall coverage to below 75%, you are supposed to work on the new components and raise their coverage before deployment. A nightmare of sorts, because there is a good chance your code is all clean and the issue occurs only because of a history of dirty code that had already gone in over years to drag the overall coverage to its teetering edges.
Someone in my previous company found out a sneaky way to smuggle in some code of his (or hers) without having to worry about this problem.
So this is simple math, right? If you have got 5000 lines of code, 3750 must be covered. But what if I have managed to cover only 2500 (50%) and my deadline is dangerously close?
Simple. I add 5000 lines of unnecessary code that I can surely cover by just one function call, so that the overall line number now is 10000 and covered lines are 7500, making my coverage percentage a sweet 75.
For this purpose they introduced a few full classes with a lone method in each of them. The method starts with,
Integer i = 0;
and continues with a repetition of the following line thousands of times.
i++;
And they had the audacity to copy and paste this repetitive ‘code’ throughout a bulky method and across classes in such a reckless manner that you could see a misplaced tab in first line replicated exactly in every 100th line or so.
Now all that is left for you to do is call this method in a test class, and you can cover scores of lines without breaking a sweat. All the code that actually matters may lie untested in automated coverage check, glaring red if one should care to take a look at, but you have effectively hoodwinked Salesforce deployment mechanism.
And the aftermath is even crazier. Seeing the way hoards of components could be moved in without having to embark on the tedious process of writing test classes, this technique acquired a status equivalent to ‘Salesforce best practices’ in our practice. In almost all the main orgs, if you search for it, you can find a class with streams of ‘i++;’ flowing along the screen for as far as you have the patience to scroll down.
Well, these cloaked dastards remained undetected for years before some of the untested scenarios started reeking. More sensible developers fished out the ‘i++;’ classes, raised the alarm and got down to clean up the mess. Just removing those classes drove the overall production coverage to abysmal low, preventing any form of interaction with production. What can I say, that kept many of us busy for at least a month.
I wouldn’t call the ‘developers’ that put this code in dumb. I would rather go for ‘wicked’. The higher heads and testers who didn’t care to look while this passed under their noses do qualify as dumb.
And the code… Man, that’s the dumbest thing I’ve ever seen.
For Google, other than data structure and algorithms, what else should I prepare for in an interview?
Ask your recruiter.
If you are in the pipeline and you have interviews scheduled, then your recruiter will know exactly what loop will be set up for you and what kind of questions you may have. Recruiters try to get their candidates all the information they need to approach the interviews at the top of their potential, so ask the everything you need to know.
The actual answer depends on the candidate level and profile, the composition of the interviews is pretty much bespoke.
Would Elon Musk pass the Google, Amazon, or Facebook technical interview for the software engineer position?
I think it is likely he will pass the interview if the job description includes the following text:
The successful candidate will have built a brand new car and launched it into interplanetary orbit, using a rocket that they also built.
But will he even want the job?
https://www.youtube.com/channel/UCjxhDXgx6yseFr3HnKWasxg
How difficult is it to find highly talented software developers?
Dev: Alright, let the competition begin!
Startup A: We will give you 50% of the revenue!
Startup B: To hell with it, we will give you 100%!
Startup A: Eh… we will give you 150%!
TL;DR: Nearly impossible. If you are a Google-sized company, of course. Totally impossible in other cases.
I run an outsourcing company. Our statistics so far:
- 500 CVs viewed per month
- 50 interview invitations sent per month
- 10 interviews conducted per month
- 1 job offer made (and usually refused) per month
And here we are looking for a mid-level developers in Russia.
Initially we wanted to hire some top-notch engineers and were ready to pay “any sum of money that would fit on the check”. We sent many invitations. Best people laughed at us and didn’t bother. Those who agreed – knew nothing. After that we had to shift our expectations greatly.
Still, we manage to find good developers from time to time. None of them can be considered super-expert, but as a team they cooperate extremely effectively, get the job done and all of them have that engineering spirit and innate curiosity that causes them to improve.
This is as good as an average company can get.
What is something worth knowing that people working at Google know and others don’t?
It takes constant human effort to keep sites like Google and Gmail online. Right now a Google engineer is fixing something that no one will ever know was broken. Some server somewhere is running out of memory, a fiber link has gone down, or a new release has a problem and needs to be rolled back. There are careful procedures, early warnings, and multiple layers of redundancy to ensure that problems never become visible to end users, but.
Sometimes problems do become visible but not in a way that an individual user can attribute to the site. A request might not get a prompt response, or any at all, but the user will probably blame the internet or their computer, not the site. Google itself is very rarely glitchy, but services like image search do sometimes have user visible problems.
And then of course, very rarely, a giant outage brings down something giant like YouTube or Google Cloud. But if it weren’t for an army of very smart, very diligent people, outages would happen much more often.
What do 10x software developers understand that other programmers don’t?
It’s what they don’t understand. 10x software engineers don’t really understand their job description.
They tend to think all these other things are their responsibility. And they don’t necessarily know why they’re doing all these other things. They just sense that it’s the right thing to do. If they spot something is wrong, they will just fix it. Sometimes it even seems like they’re not in control of what they do. It’s like a conscientiousness overdose.
10x engineers are often all over the code base. It is like they had no idea they were just part of one eng team.
Why don’t big tech companies like Google, Microsoft, and Facebook care about work experience and previous projects when interviewing software engineering candidates and rely completely on programming problems?
Thanks for the A2A.
I don’t think the premise behind the question is entirely true. These companies rely completely on programming problems with junior candidates that are not expected to have significant experience . Senior candidates do, in fact, get assessed based on their experience, although it might not always feel like it.
Let me illustrate this with an interview process I went through when interviewing for one of the aforementioned companies (AFAIK it’s typical for all the above). After the phone screen, there was a phone site interview with 5 consecutive interviews – 2 whiteboard coding + 2 whiteboard architecture problems + 1 behaviour interview. On the surface, it looks like experience doesn’t play a part, but, SURPRISE, experience and past projects play part in 3 interviews out of 5. A large part of the behavioural interview was actually discussing past projects and various decisions. As for the architecture problems – it’s true that the problem discussed is a new one, but those are essentially open ended questions, and the candidates experience (or lack thereof) clearly shines through. Unlike the coding exercises, these questions are almost impossible to solve without tackling something similar in the past.
Now, here a few reasons to why the emphasis is still on solving new problems and not diving into the candidates home territory, in no particular order:
- Companies do not want to pass over strong candidates that just happen to be working on some boring stuff.
- Most times companies do not want to clone a system that the candidate has worked on, so the ability to learn from experience, and apply it to new problems is much more valuable.
- When the interviewer asks different candidates to design the same system, they can easily compare different candidates against one another. The interviewer is also guaranteed to have a deep understating of the problem they want the candidate to solve.
- People can exaggerate (if not outright lie) their role in working on a particular project. This might be hard to catch-on in one hour, so it’s to avoid in the first place.
- (This one is a minor concern, but still) Large companies hire by committee, where interviewers are gathered from the whole company. The fact that they shouldn’t discuss previous projects, removes the need to coordinate on questions, by preventing a situation where two interviewers accidentally end up talking about the same system, and essentially doing the interview twice.
I hope that adds some clarity.
As a teenager, what can I do to become an engineer/entrepreneur like Elon Musk? What skills can I start learning to succeed as an engineer/entrepreneur?
Originally Answered: What can I, currently 17 years old, do to become an engineer/entrepreneur like Elon Musk?
This is a quick recap of my earlier response to a similar question on Quora:
I would recommend that you take a close look at the larger scheme of things in your life, by spending some time and effort to design your life blueprint, using Elon Musk as your inspiration and/or visual model.
By the way, here’s my quick snapshot of his beliefs and values:
1) Focus on something that has high value to someone else;
2) Go back to first principles, so as to understand things more deeply and widely, especially their implications;
3) Be very rigourous in your own self analysis; constantly question yourself, especially on the practicality of the idea(s) you have;
4) Be extremely tenacious in your pursuits;
5) Put in 100 hours or more every week, as sweat equity of intense efforts and focused execution count like hell;
6) Constantly think about how you could be doing better, faster, cheaper and smarter;
7) Relentlessly and ruthlessly think about how to make a better world;
Again, here’s my quick snapshot of his unique traits and characteristics:
1) Be a voracious reader.
2) Be intrinsically driven.
3) (F)ollow (o)ne (c)ourse (u)ntil (s)uccess. That’s Focus!
4) Develop a steadfast problem solving attitude.
5) Employ a physics-mind or first principles in problem solving.
6) Work doubly hard, and a lot, and diligently.
7) Welcome negative feedback.
Nonetheless, here is a simple template:
1) First and foremost, know exactly what you want, in terms of compelling, inspiring and overarching long-range goals and objectives:
a) what do I want to be?
b) what do I want to do?
c) what do I want to have?
d) what do I want to improve?
e) what do I want to change?
in tandem with the following major life dimensions in your life:
i) academic pursuit;
ii) mental development;
iii) career aspirations;
iv) physical health;
v) financial wealth;
vi) family relationships;
vii) social networking;
viii) recreational ventures (including hobbies, interests, sports, vacations, etc.);
ix) spiritual development (including contributions to society, volunteering, etc.);
2) Translate all your long-range goals and objectives in (1) into specific, prioritised and executable tasks that you need to accomplish daily, weekly, monthly, quarterly and even annually;
3) With the end in mind as formulated in (1) and (2), work out your start-point, endpoint and the developmental path of transition points in between;
4) Pinpoint specific tasks that you need to accomplish at each transition point till the endpoint;
5) Establish metrics to measure your progress, or milestone accomplishments;
6) Assign and allocate personal accountability, as some tasks may need to be shared, e.g. with team members, if any;
7) Identify and marshal resources that are required to get all the work done;
[I like to call them the 7 M’s: Money; Methods; Men; Machines; Materials; Metrics; and Mojo!]
8) Schedule a timetable for completion of each predefined task;
9) Highlight potential problems or challenges that may crop up along the Highway of Life, as you traverse on it;
10) Brainstorm a slew of possible strategies to deal with (9);
This is your contingency plan.
11) Institute some form of system, like a visual Pert Chart, to track, control and monitor your forward trajectory, as laid out in your systematic game plan, in conjunction with all the critical elements of (4) to (10);
12) Follow-up massively and follow-through consistently your systematic game plan;
13) Put in your sweat equity of intense effort and focused execution;
14) Stay focused on your strategic objectives, but remain flexible in your tactical execution;
Godspeed to you, young man!
Why may a software engineer struggle in a Google/Facebook onsite interview despite solving most of the LeetCode questions?
For a whole bunch of reasons.
You aren’t so stressed and nervous when you are practicing LeetCode, because your career doesn’t depend on how well you do while solving LeetCode.
When solving LeetCode, you aren’t expected to talk to the interviewer to get clarifications on the problem statement or input format. You aren’t expected to get hints and guidance from the interviewer, and to be able to pick them up. You aren’t expected to be able to communicate with other human beings in general, and to be able to talk about technical details of your solution in particular. You aren’t expected to be able to prove and explain your idea in clear, structured way. You aren’t expected to know how to test your solution, how to scale it, or how to adjust it to some unexpected additional constraints or changes. You may not be able to simply get constraints on input size and use them to figure out what is the complexity of expected solution. You have limited amount of time, so if you slowly got through most of the LeetCode, you may still struggle to get stuff done in 45 minutes. And many more… For all these things, you don’t need them to solve LeetCode, so you usually don’t practice them by solving LeetCode; you may not even know that you need to improve something there.
To sum it up: two main reasons are:
- Higher stakes.
- Lack of skills that are required at typical Google/Facebook interview, but not covered by solving LeetCode problems on your own.
You should also keep in mind that LeetCode isn’t the list of problems being asked at Google or Facebook interviews. If anything, it is more of a list of problems that you aren’t going to be asked, because companies ban leaked questions 🙂 You may get a question that is surprisingly different from what you did at LeetCode.
And sometimes you simply have a bad day.
I failed all technical interviews at Facebook, Google, Microsoft, Amazon, and Apple. Should I give up the big companies, keep improving my algorithm skills, and try some small startups?
Originally Answered: I failed all technical interviews at Facebook, Google, Microsoft, Amazon and Apple. Should I give up the big companies and try some small startups?
Wanted to go Anonymous for obvious reasons.
Reality is stranger than Fiction.
In 2010: After graduation, I was interviewed by one of the companies mentioned above for an entry level Software Engineering Role. During the interview, the person tells me: ‘You can never be a Software Engineer’. Seriously? Of-course I didn’t get hired.
In 2013: I interviewed again with the same company but for a different department and got hired.
Fast Forward to 2016 Dec: I received 2 promotions since 2013 and now I am above the grade level of the guy who interviewed me. I remember the date, Dec 14 2016, I went to his desk and asked him to go out for a coffee. Initially he didn’t recognize me but later he did and we went out for a coffee. Needless to say, he was apologetic for his behavior.
For me, it felt REALLY GOOD. Its a story I’ll tell my Grandkids! 🙂
I have 3 years of experience as a software developer. Should I expect algorithms at an interview at FAANG + Microsoft?
Big tech interviews at FAANG companies are intended to determine – as much as possible – whether you’ve got the knowledge and attributes to be a successful employee. A big part of that for software developers is familiarity with a good set of data structures and algorithms. Interview loops vary, but a good working knowledge of common algorithms will almost always come in handy for both interviews and the job.
Algorithm-related to questions I was asked in my first five years, or that I ask people with less than 5 years: sorting, searching, applying hashes correctly, mapping, medians and averages, trees, linked lists, traveling salesman (I was asked this a couple times, never asked it), and many more.
I never recommend an exhaustive months-long review before an interview, but it’s always a good idea to make sure you’re current on your basics: hash tables and sets, string operations, working with arrays and vectors and lists, binary trees, and linked lists.
For more information on how interviews work and what to expect for big tech interviews, you may want to watch some of my videos in this playlist: Big Tech InterviewsVideos about interviewing at the big tech companies like Microsoft, Google/Alphabet, Amazon, and Facebook.
How true is it that learning Python programming language first will make it harder to learn other programming languages later down the line?
Compared to other modern languages, python has two features that make it attractive, and then also make learning a second language difficult if you started with python. The first is that, despite some minor steps to allow annotation, python is loosely and dynamically typed. The second is that python provides a lot of syntactic sugar; this is shorthand, like a map function, where you can apply a function to each element in a data structure.
Do these features make it harder to switch to another language that is strongly and statically typed? For some people, yes, and for others, no.
Some programmers are naturally curious what’s happening under the hood. How are data being represented and manipulated? Why does an operation produce one type of result in one situation, and another type of result in another situation? If you are the kind of person who asks these questions, you are more likely to have an easier time transitioning. If you are a person who finds these questions uninteresting or even distasteful, transitioning to another language can be very painful.
As a software engineer, how do you make your resume stand out from the crowd?
I have excellent skills and experience on my resume, which makes it stand out.
Seriously, there is no magical spell that will make a crappy resume attractive to recruiters. Most people give up believing in magic after they are 5 or 6 years old. A software engineer who believes in magic is not a good candidate for hire.
What are some secrets about working for big tech companies that you didn’t know before joining those companies?
All those complaints you have about their products? The people working there complain about the same exact things. Microsoft employees complain about how slow Outlook is. Google employees complain about everything changing all the time. Salesforce employees complain about how hard our products are to use.
So why don’t we do something about it? There are a few possible answers:
- We are actively doing something about it right now and it will be fixed soon.
- The problem is technically difficult to fix. For example, it’s currently beyond the state of the art to change the wake word (“Alexa”/”OK Google”) to a user-selected word. A variation of this is the problem that’s more expensive to fix than the amount of annoyance saved.
- The team responsible for that functionality has problems. Maybe they have a bad manager or have been reorged a lot, and as a result they haven’t been doing a good job. Even once the problem is solved, it can take a long time to catch up.
- The problem is related to making money. For example, Microsoft used to have a million different versions of Office, each including different programs and license restrictions. It was super confusing. But the bean counters knew how much extra money the company made from these bundles, compared to a simpler scheme, and it was a lot. So the confusion stayed.
- The problem is cultural. For example, Google historically made its reputation by offering new features constantly. Everything about the culture was geared towards change and innovation. When they started making enterprise products, that cultural became baggage.
But none of that keeps the employees from complaining.
I can’t understand the solution of LeetCode. Can I recite and write from my memory them to achieve the effect of learning?
That’s perhaps the first stage of learning, recitation.
Using the four-stage model of learning that goes
- Unconscious Incompetence
- Conscious Incompetence
- Conscious Competence
- Unconscious Competence
that’s maybe a 2 to 2.5 there. You know you haven’t really understood why you are doing things that way and without detailed step-by-step, you don’t yet know how you would design those solutions.
You need to step back a bit, by reviewing some working solutions and then using those as examples of fundamentals. That might mean observing that there is a for() loop, for example – why? What is it there for? How does it work? What would happen if you changed it? If you wanted to use a for loop to write out “hello!” 8 times, how would you code that?
As you build up the knowledge of these fundamental steps, you’ll be able to see why they were strung together the way they were.
Next, practice solving smaller challenges. Use each of these tiny steps to create a solution – one where you understand why you chose the pieces you chose, what part of the problem it solves and how.
As a software engineering hiring manager, would you be concerned if the candidate who has applied for a position has changed 3 jobs in 4 years?
Early 2020 has been a very rough period for many companies who laid off tons of good people, many of which have bounced to a company who was not a good fit and eventually went to a third one. Forced remote work was also difficult for many folks. So in the current context, having changed 3 jobs in the last 4 years is really a non-event.
Now more generally, would my hiring recommendation be influenced by a candidate having changed jobs several times in a short period of time?
The assumption here is that if a candidate has switched jobs 3 times in 4 years, there must be something wrong.
I think this is a very dangerous assumption. There are lots of things that cause people to change jobs, sometimes choice, sometimes circumstances, and they don’t necessarily indicate anything wrong in the candidate. However, what could be wrong in a candidate can be assessed in the interview, such as:
- is the candidate respectful? Is the candidate able to disagree consrtuctively?
- does the candidate collaborate?
- Does the candidate naturally support others?
- Has the candidate experience navigating difficult human situations?
- etc, etc.
There are a lot of signals we can detect in the interview and we can act upon them. Everything that comes outside of the interview / outside of reference check is just bias and should be ignored.
The hiring decision should be evidence-based.
What does it feel like to have an IQ of 140?
My IQ was around 145 the last time I checked (I’m 19).
I feel lots of gratitude for my ability to deeply understand and comprehend ideas and concepts, but it has definitely had its “downsides” throughout my life. I tend to think very deeply about things that I find interesting and this overwhelming desire to understand the world has led me to some dark places. When I was around 9 or 10, I discovered the feeling of existential panic. I had watched an astronomy documentary with my father (who is a geoscience professor) and was completely overwhelmed with the fact that I was living on an unprotected orb, orbiting around a star at speeds far faster than I could even comprehend. I don’t think anyone in my family expected me to really grasp what the documentary was saying so they were a bit alarmed when I spent that whole night and most of the next week panicking and hyperventilating in my bedroom.
I lost my mom to suicide when I was 11 which sent me into a deep depression for several years. I found myself thinking a lot about death and the meaning of human existence in my earlier teenage years. I was really unmotivated to do school work all throughout high school because I found no meaning in it. I didn’t understand why I was alive, or what being alive meant, or if there even was any true meaning to life. I constantly struggled to see how any of it truly mattered in the long run. What was the point of going to the grocery store or hanging out with my friends or getting a drivers license? I was an overdeveloped primate forced to live in and contribute to a social group that I didn’t ask to be in. I was living in a strange universe that made no sense and I was being expected to sit at a desk for 8 hours every day? Surrounded by people who didn’t care about anything except clothing and football games? No way man, count me out. I spent a lot of nights just sitting in my bedroom wondering if anything I did really mattered. Death is inevitable and the whole universe will one day end, what’s the point. I frequently wondered if non-existence was inherently better than existence because of all of the suffering that goes hand in hand with being a conscious being. I didn’t understand how anyone could enjoy playing along in this complex game if they knew they were all going to die eventually.
Heavy stuff, yeah.
When I was 18 I suddenly experienced what some people label as an “ego death” or a “spiritual awakening” in which it suddenly occurred to me that the inevitably of death doesn’t mean that life itself is inherently meaningless. I realized that all of my actions affect the universe and I have the ability to set off chain reactions that will continue to alter the world long after I’m gone. I also realized that even if life is inherently meaningless, then that is all the more reason to enjoy being alive and to experience the beauty and wonder of the world while I’m still around. After that day I began meditating daily to achieve a deeper awareness of myself and try to find inner peace. I began living for the experience of being alive and nothing else. All of this has brought me great peace and has allowed me to enjoy learning again. For so long learning was terrifying to me because it meant that I was going understand new information that could potentially terrify me. Information that I could not unlearn. I have become a very emotionally sensitive person after the death of my mother, so I simply could not handle the weight of learning about existential concepts for a while. Now that I’ve been able to find a state of peace within myself and radically accept the fact that I will die one day (and that I do not know what occurs after death) I have begun to enjoy learning again! I read a lot of nonfiction and fiction alike. I enjoy traveling and seeing the world from as many different perspectives as possible. Talking to new people and attempting to see my world through their eyes is very enjoyable for me. Picking up new skills is generally very easy for me and I spend a lot of my free time pondering philosophical issues, just because it’s fun for me. I’m not a very social person, I like having a few close friends, but I mostly enjoy being alone.
So all in all, I think having an IQ of 140+ is a very turbulent experience that can be very beautiful! When you are able to truly understand deep concepts, it can seriously freak you out, especially when you’re searching for meaning and answers to philosophical problems. If I hadn’t embraced a way of life that revolves around radically acceptance, I don’t think I would have the guts to look as deeply into some things as I do. However, since I do have that safety cushion, I’m able to shape my perception of the world with the knowledge that I learn. This allows me to see incredible beauty in our world and not take things too personally. When I have a rough day, all I need to do is sit on my roof for half an hour and look at the stars. It reminds me that I am a very small animal in a very big place that I know very little about. It really puts all of my silly human problems in perspective.
If no-code is the future, is a CS major even worth it?
If you can explain to me how “no-code is the future”, maybe there’s a useful response to this.
As far as I can tell, “no-code” means that somebody already coded a generic solution and the “no-code” part is just adapting the generic solution for a specific problem.
Somebody had to code the generic solution.
As to the second part, “is a CS major even worth it?” I’ve had a 30+ year career in software engineering, and I didn’t major in CS. That hasn’t kept me from learning CS concepts, it hasn’t kept me from delivering good software, and it hasn’t stopped me from getting software jobs.
Is a CS major even worth it? Only the student knows the answer to that.
How can we solve the issue of English speakers advantage in software programming and computer related fields over other languages speakers, considering the fact that programming languages are mostly English based?
IT’S NOT ABOUT THE PROGRAMMING LANGUAGE:
People have written no-English versions of many programming languages – but they aren’t used as much as you’d think because it’s just not that useful.
Consider the C language – there are no such English words as “int”, “bool”, ”enum”, “struct”, “typedef”, “extern”, or “const”. The words “auto”, “float” and “char” are English words – but with completely different meanings to how they are used in C.
This is the complete list of C “reserved words” – things you’d have to essentially memorize if you’re a non-English speaker…
auto, else, long, switch, break, enum, register, typedef, case, extern, return, union, char, float, short, unsigned, const, for, signed, void, continue, goto, sizeof, volatile, default, if, static, while, do, int, struct, double
…but very few of those words are used in their usual English meanings…and you have to just know what things like “union” mean – even if you’re a native english speaker.
But if you really think there is an advantage to this being your native language then:
#define changer switch
#define compteur register
#define raccord union
…and so on – and now all of your reserved words are in French.
I don’t think it’s going to help much.
IT”S ABOUT LIBRARIES AND DOCUMENTATION:
The problem isn’t something like the C language – we could easily provide translations for the 30 or so reserved words in 50 languages and have a #pragma or a command to the compiler to tell it which language to use.
No problem – easy stuff.
However, libraries are a much bigger problem.
Consider OpenGL – it has 250 named function, and hundreds of #defined tokens.
glBindVertexArray would be glLierTableauDeSommets or something. Making versions of OpenGL for 50 languages would be a hell of a lot more painful.
Then, someone has to write documentation for all of that in all of those languages.
But a program written and compiled against French OpenGL wouldn’t link to a library written in English – which would be a total nightmare.
Worse still, I’ve worked on teams where there were a dozen US programmers, two dozen Russians and a half dozen Ukrainians – spread over two continents – all using their own languages ON THE SAME PIECE OF SOFTWARE.
Without some kind of control – we’d have a random mix of variable and function names in the three languages.
So the rule was WE PROGRAM IN ENGLISH.
But that didn’t stop people from writing comments and documentation in Russian or Ukranian.
SO WHAT IS THE SOLUTION?
I don’t think there actually is a good solution for this…picking one human language for programmers to converse in seems to be the best solution – and the one we have.
So which language should that be?
Well according to:List of languages by total number of speakers – Wikipediahttps://en.wikipedia.org/wiki/List_of_languages_by_total_number_of_speakers
There are 1.3 billion English speakers, 1.1 billion Mandarin speakers, 600 million Hindi speakers, 450 Spanish speakers…and no other language gets over half of that.
So if you have to pick a single language to standardize on – it’s going to be English.
Those who argue that Mandarin should be the choice need to understand that typing Mandarin on any reasonable kind of keyboard was essentially impossible until 1976 (!!) by which time using English-based programming languages was standard. Too late!
SO – ENGLISH IT IS…KINDA.
Even though we seem to have settled on English the problems are not yet over.
British English or US English – or some other dialect?
As a graphics engineer, it took me the best part of a decade to break the habit of spelling “colour” rather than “color” – and although the programming languages out there don’t use that particular word – the OpenGL and Direct3D libraries do – and they use the US English spelling rather than the one that people from England use in “English”.
ARE PROGRAMMERS UNIQUE IN THIS?
No – we have people like airline pilots, ships’ captains.
ICAO (International Civil Aviation Organization), require all pilots to have attained ICAO “Level 4” English ability. In effect, this means that all pilots that fly international routes must speak, read, write, and understand English fluently.
However, that’s not what happened for ships. In 1983 a group of linguists and shipping experts created “Seaspeak”. Most words are still in English – but the grammar is entirely synthetic. In 1988, the International Maritime Organization (IMO) made Seaspeak the official language of the seas.
As a software engineer would you join a well established & reputed tech company although work is less interesting or would you join a startup where the work is more exciting given the compensation for both the positions are comparable?
Here’s the thing. The compensation will never be comparable.
When you join a big tech, public company, all of your compensation is public. Also it’s relatively easy to get a fair estimate of what comp looks like a few years down the road.
When you join a private company, the comp is a bet on a successful exit.
In 2015, Zenefits was a super hot company. Zoom had been around for.4 years and was very confidential.
In a now infamous Quora question[1] a user asked wether they should take an offer at Zenefits or Uber. As a result, The Zenefits CEO rescinded their offer. But most people would have chosen an offer at Zenefits or Uber, whose IPO was the most anticipated back then, over one at Zoom.
And yet Zenefits failed spectacularly, Uber’s IPO was lackluster, while Zoom went beyond all expectations.
So this is mostly about to risk aversion. Going to a large co means a “golden resume” that will always get you interviews, so it has a lot of long term value.
Working in a large company has other benefits. Processes are usually much better and there’s a lot to learn. This is also the opportunity to work on some problems at a huge scale. No one has billions of users outside of Google, Meta, Apple or Microsoft.
But working in a small private company whose valuation explodes is the only way for a software engineer to become very wealthy. The thing is though that it’s impossible for an aspiring employee to tell which company is going to experience that growth versus fail.
Footnotes[1] What is the better way to start my career, Uber or Zenefits?
What are the pros and cons to consider when quitting a job?
Originally Answered: What are the pros and cons of quitting a job?
The pro’s and con’s really depend on the specific situation.
(1) When quitting for a new position…
Pros:
- Better pay & benefits
- More promotion opportunities
- New location
- New challenges (old job may have been boring)
- New job aligned to your interests.
Cons:
- New job/company was seriously misrepresented
- “New boss same as the old boss” (no company is perfect!)
- You might have wanted a new challenge, but you are now over your head.
Note: if you have a job and are not desperate, please do your homework and remember you are also interviewing them! You want a better job in most cases (unless that moving thing is going on).
(2) When quitting over a conflict…
Pros:
- Can sleep at night (providing it was a ethical issue and you were in the right)
- You showed them who is the boss!
- Plus, you wont be on the local news if they get sued, or the IRS does a audit.
- Again, if it was a toxic environment that you get to live as opposed to a stroke on the job! No job is worth it that is impacting your health, including mental health.
Cons:
- No unemployment in most states if you just up and quit.
- Job search with no income puts a lot of pressure at some point to take any job
- the good news though, is you can continue looking while earning a paycheck (and hopefully still growing skills & experience)
The reason so many people are quitting now…
Note there is a third category, when you quit due to a lifestyle change. In this case, we are looking a women quitting to be a full-time mother, or someone going back to school. A spouse getting promoted but with a move might also place the other mate in this position…
Pro:
- You get to live the life you want.
- You are preparing for a better career
Con:
- Loss of income
- Reduced social interaction (for the full-time mom)
Note here that most couples that decide to do the stay at home mom generally plan ahead so one income will cover their expenses.
Second, I also don’t consider serious health issues when you leave the work force in general to fall under the scope of this discussion.
Is practicing 500 programming questions on LeetCode, HackerEarth, etc, enough to prepare for a Google interview?
Originally Answered: Is practicing 500 programming questions on LeetCode, HackerEarth, etc enough to prepare for Google interview?
If you have 6 months to prepare for the interview I would definitely suggest the following things assuming that you have a formal CS degree and/or you have software development experience in some company:
Step 1 (Books/Courses for good understanding)
Go through a good data structure or algorithms book and revise all the topics like hash tables, arrays and strings, trees, graphs, tries, bit hacks, stacks, queues, sorting, recursion, and dynamic programming. Some good books according to me are:
The Algorithm Design Manual: Steven S Skiena: 9781848000698: Amazon.com: Books
Algorithms (4th Edition): Robert Sedgewick, Kevin Wayne: 8601400041420: Amazon.com: Books
There are other books as well and you can use any good book which you are comfortable with.
Some good courses to take on this topic if you need a more thorough understanding: (since you have 6 months time)
Algorithms, Part I – Princeton University | Coursera
Algorithms, Part II – Princeton University | Coursera
The Stanford Coursera algorithms courses are also very good and you can look at them if you have time. It’s a bit more theoretical though.
Step 2 (Programming practice for algorithms and data structures)
Once you are done with Step 1 you need a lot of practice. It need not be a set number of problems like 500 or 1000. The best way to practice problems is to mimic an interview setting and time yourself for half an hour and solve a problem without any distraction. The steps here are to read a problem, think of a brute force solution that works very quickly, and then think of an optimized version that works and then write clean working code and come up with test cases within half an hour. Most of the top companies ask you 1 or 2 medium problems or 1 hard problem in 45 mts to 1 hour. Once you are done solving the problem you can compare your solution with the actual solution and see if there is scope to improve your solution or learn from the actual solution.
If you do the math it takes half an hour to solve a problem and at least 15 mts to look and compare with the correct solution. So 500 problems take 500 * 45 mts = 375 hours. Even if you spend 5 solid hours a day for problem-solving it comes to 75 days (2.5 months). If you are in a full-time job it’s hard to spend so much time every single day. Realistically if you spend 2–3 hours a day we are talking about 5 months just for practicing 500 problems. In my opinion, you don’t need to solve so many problems to crack the interview. All you need is a few problems in each topic and understand the fundamentals really well. The different topics for algo and ds are:
arrays and strings, bit hacks, dynamic programming, graphs, hash tables, linked lists, math problems, priority queues, queues, recursion, sorting, stacks, trees, and tries. As a starter try to solve 4–5 problems in each topic after you finish step 1 and then if you have time solve 2–3 problems a day for fun in each topic and you should be good. Also, it is far better to solve 5 problems than to read 50 problems. In fact, trying to cover problems by reading problems is not going to be of any use.
Step 3 (this can be done in parallel with step 1) (Systems Design)
Practice problems in systems, design (distributed systems, concurrency, OO design). These questions are common in Google and other top companies. The best way to crack this section is to actually do complex systems projects at work or school projects. There are lots of resources online which are very good for preparation for this topic.
Edit: Since I have received some request to point some resources I am listing some of my favorite ones:
Data Manipulation at Scale: Systems and Algorithms – University of Washington | Coursera
HiredInTech’s Training Camp for Coding Interviews
Eventually Consistent – Revisited
Step 4 (behavioral and resume)
Please know your resume in and out and make sure you can explain all the projects mentioned in the resume. You should be able to dive as deep as needed (technically) for the projects mentioned. Also do enough research about the company you are interviewing, the product, engineering culture and have good questions to ask them
Step 5 (mock interviews)
Last but not least please make sure you have some good friends working in a good company or your classmate mock interview you. You also have several resources online for this service. Also, work on the feedback you get from the mock interview. You can also interview a few companies you are not interested to work as a practice interview before your goal companies.
I already know DSA and can solve 40%-50% LeetCode easy problems. Is it possible for me to be prepared for a Google coding interview in the next 2-3 months? If it’s possible, then how?
It is possible for some people; I don’t know whether it is possible for you.
You’re solving 50% of easy problems. Reality check: that’s…cute. Your target success rate, to have a good chance, should be near-100% on Easy, 75% on Medium, and 50% on Hard. On top of that, non-Leetcode rounds like system design should be solid, too.
You can see there’s a big gap between where you are and where you need to be.
The good news is that despite how large that gap is, without a doubt, there have been cases of people being able to learn fast enough to cover that gap in 90 days. These cases are not at all common, and I will warn you that the vast majority of people who are where you are now cannot get to where you need to be in 90 days. So, the odds are against you, but you might be better than the odds would say.
What is special about the situations of the people who can get there that fast? Off the top of my head, the key factors are:
- A strong previous background in CS and algorithms
- Being able to spend a significant amount of time daily to study
- High aptitude / talent / intelligence for learning these sorts of concepts
- Having an effective methodology for learning. The fact that you’re actively solving problems on Leetcode is a decent start here.
If the above factors describe you, you might be better off than the odds would suggest. It is at least possible that you could achieve your goal.
Good luck and happy job hunting!
I have heard I need to spend at least 1000 hours to prepare for the Google or Facebook interview. Is it true?
(Note: I’ve interviewed hundreds of developers in my time at Facebook, Microsoft and now as the co-founder and CEO of Educative. I’ve also failed several coding interviews because I wasn’t prepared. At Educative, we’ve helped thousands of developers level up their careers with hands-on courses on programming languages, system design, and interview prep.)
Is Interview Prep a Full-time Job?
Let’s break it down. A full-time job – 40 hours per week, 52 weeks per year – encompasses 2080 hours. If you take two weeks of vacation, you’re actually working 2,000 hours. The 1,000 hours recommendation is saying you need six months of full-time work to prepare for your interview at a top tech company. Really?
I think three months is a reasonable timeframe to fully prepare. And if you’ve interviewed more recently, studying the specific process of the company where you’re applying can cut that time down to 4-6 weeks of dedicated prep.
I’ve written more about the ideal interview prep roadmap for DEV Community, but I’ll give you the breakdown here.
The “Secret” to a Successful Interview Prep Plan
First of all, I want to be clear that there’s no silver bullet to interview prep. But during my time interviewing candidates at Facebook and Microsoft, I noticed there was one trait that all the best candidates shared: they understood why companies asked the questions they did.
The key to a successful interview prep program is to understand what each question is actually trying to accomplish. Understanding the intent behind every step of the interview process helps you prepare in the right way.
A lot of younger developers think they need to be experts in a few programming languages, or even just one language in order to crack the developer interview. Writing efficient code is a crucial skill, but what software companies are actually looking for (especially the big ones with custom libraries and technology stacks that you will be expected to learn anyway) is an understanding of the various components of engineering, as well as your creative problem-solving ability.
That breaks down into five key areas that “Big Tech” companies are focused on in the interview process:
1. Coding
Interviewers are testing the basics of your ability to code. What language should you be using? Start with the language you know best. Especially in larger companies, new syntaxes can be taught or libraries used if you establish you can execute well. I have interviewed people that used programming languages that I barely know myself. I know C++ inside and out, so even though Python is a more efficient language, I would always personally choose to interview using C++. The most important thing is just to brush up on the basics of your favorite programming language.
The questions in coding interviews focus on generic problem-solving, data structures (Mastering Data Structures: An interview refresher), and algorithms. So revisit concepts that you haven’t touched since undergrad to have a fresh, foundational understanding of topics like complexity analysis (Algorithms and Complexity Analysis: An interview refresher), arrays, queues, trees, tries, hash tables, sorting, and searching. Then practice solving problems using these concepts in the programming language you have chosen.
Coding Interview Preparation | Codinginterview has gathered hundreds of real coding questions asked by top tech companies to get you started.
2. OS and Concurrency Concepts
Whether you’re building a mobile app or web-scale systems, it’s important to understand threads, locks, synchronization, and multi-threading. These concepts are some of the most challenging and factor heavily into your “hiring level” at many organizations. The more expert you are at concurrency, the higher your level, and the better the pay.
Since you’ve already determined the language you’re using in (1), study up on process handling using that same language. Prepare for an interview – Concurrency
3. System Design
Like concurrency problems, system design is now key to the hiring process at most companies, and has an impact on your hiring level.
System Design Interviews (SDIs) are challenging for a couple reasons:
- There isn’t a clear-cut answer to an open-ended question where a candidate must work their way to an efficient, meaningful solution to a general problem with multiple parts.
- Most candidates don’t have a background designing large-scale systems in the first place, as reaching that level is several years into a career path and most systems are designed collaboratively anyway.
For this reason, it is important to spend time clarifying the product and system scope, a quick back-of-the-envelop estimation, defining APIs to address each feature in the system scope and defining the data model. Once this foundational work is done, you can take the data model and features to actually design the system.
If that seems like a daunting task, you can brush up on a few major APIs for free on Educative or dig deeper with our Scalability & System Design learning path, which includes the Grokking the System Design Interview course.
4. Object-Oriented Design
In Object-Oriented Design questions, interviewers are looking for your understanding of design patterns and your ability to transform the requirements into comprehensible classes. You spend most of your time explaining the various components, their interfaces and how different components interact with each other using the interfaces. Interviewers are looking for your ability to identify patterns and to apply effective, time-tested solutions rather than re-inventing the wheel. In a way, it is the partner of the system design interview.
Object-oriented programming deals with bundling certain properties with a specific object, and defining those objects according to its class. From there, you deal with encapsulation, abstraction, inheritance, and polymorphism. [Object-Oriented Basics – Grokking the Object Oriented Design Interview (educative.io)]
5. Cultural Fit
This is the one that doesn’t have a clear cut learning path, and because of that, it is often overlooked by developers. But for established companies like Google and Amazon, culture is one of the biggest factors. The skills you demonstrate in coding and design interviews prove that you know programming. But without the right attitude, are you open to learning? Are you passionate about the product and want to build things with the team? If not, companies can think you’re not worth hiring. No organization wants to create a toxic work environment.
Since every company has a few different distinguishing features in their culture, it’s important to read up on what their values and products are (Coding Interview Preparation | Codinginterview has information on many top tech companies, including Google and Facebook). Then enter the interview track ready to answer these basics:
- Interest in the product, and demonstrate understanding of the business. (Don’t mistake Facebook’s business model, which relies on big data, for AWS or Azure, which facilitate big data as a service. If you’re going into Google, know how user data and personalization is the core of Google’s monetization for its various products and services, while knowing what makes Android unique compared to iOS. Be an advocate.)
- Be prepared to talk about disagreements in the workplace. If you’ve been working for more than a few years, you’ve had disagreements. Even if you’re coming out of school, group projects apply. Companies want to know how you work on a team and navigate conflict.
- Talk about how the company helps you build and execute your own goals both as a technologist and in your career. What are you passionate about?
- Talk about significant engineering accomplishments – what have you built; what crazy/difficult bugs have you solved?
Conclusion
Strategic interview prep is essential if you want to present yourself as the best candidate for an engineering role.
It doesn’t have to take 1,000 hours, nor should it – but at big companies like Google and Facebook where the interview process is so intentional, it will absolutely benefit you to study that process and fully understand the why behind each step.
There are plenty of battle-tested resources linked in my answer that will guide you throughout the prep process, and I hope they can be helpful to you on your career journey.
Happy learning!
I have practiced over 300 algorithms questions on LintCode and LeetCode. I have been unemployed for almost 9 months and I got 8 interviews and all failed in the coding test. I still can’t get any offer. What should I do?
Originally Answered: I have practiced over 300 algorithms questions on LintCode and LeetCode but still can’t get any offer, what should I do?
I have interviewed and been interviewed a number of times, and I have found out that most of the time people (including myself) flunk an interview due to the following reasons:
- Failing to come up with a solution to a problem:
If you can’t come up with even one single solution to a problem, then it’s definitely a red flag since that reflects poorly on your problem solving skills. Also, don’t be afraid to provide a non-optimal solution initially. A non-optimal solution is better than no solution at all. - Coming up with solutions but can’t implement them:
That means you need to work more on your implementation skills. Write lots and lots of code, and make sure you use a whiteboard or pen and paper to mimic the interview experience as much as possible. In an interview you won’t have an IDE with autocomplete and syntax highlighting to help you. Also make sure that you’re very comfortable in your programming language of choice. - Solving the problem but not optimally:
That could mean that you’re missing some fundamental knowledge of data structures and algorithms, so make sure that you know your basics well. - Solving the problem but after a long time, or after receiving too many hints:
Again, you need more problem solving practice. - Solving the problem but with many bugs:
You need to properly test your code after writing it. Don’t wait for the interviewer to point out the bugs for you. You wouldn’t want to hire someone who doesn’t test their code, right? - Failing to ask the interviewer enough questions before diving into the code:
Diving right into the code without asking the interviewer enough questions is definitely a red flag, even if you came up with a good solution. It tells the interviewer that either you’re arrogant, or that you’re reckless. It’s also not in your favor, because you may end up solving the wrong problem. Discussing the problem and asking questions to the interviewer is important because it ensures that both of you are on the same page. The interviewer’s answers to your questions may also provide with some very useful hints that may greatly simplify the problem. - Being arrogant:
If you’re perceived as arrogant, no one will want to hire you no matter how good you are. - Lying on the resume:
Falsely claiming knowledge of something, or lying about employment history is a huge red flag. It shows dishonesty, and no one wants to work with someone who is dishonest.
I hope this helps, and good luck with your future interviews.
How often do tech companies ask LeetCode Hard questions during interviews?
Unless we’re talking about Google, which has problems that are unique to them in comparison to the rest, you can be sure that big tech companies ask LeetCode-style questions quite often. Seeing LeetCode Hard problems specifically, however, is not that common in these interviews, and it’s more likely that you’ll be facing LeetCode Medium questions and one or two Hard questions at best. This is because having a time limit to solve them as well as an interviewer right beside you already adds enough pressure to make these questions feel harder than they normally would be; increasing their difficulty would simply be detrimental to the interviewing process.
I suggest that you avoid using the difficulty of LeetCode questions that you can solve as a way of telling if you’re prepared for your interviews as well because it can be pretty misleading. One reason this is the case is that LeetCode’s environment is different from an interviewing environment; LeetCode cares more about running time and the optimal solution to a problem, while an interviewer cares more about your approach to the question (an intuitive solution can always be optimized further with a discussion between you and the interviewer).
Another reason you should avoid worrying too much about LeetCode-style questions is that FAANG companies are starting to refrain from asking them, as they’re noticing that many candidates come to their interviews already knowing the answer to some of their questions; currently, if your interviewer notices that you already know the answer to the question you’re given, they won’t take it into account and instead will move on to another question, as already knowing how to solve the problem tells them nothing about the way you approach challenging situations in the first place.
Also, you should consider that LeetCode only lets you practice what you already know in coding; if you don’t have a good knowledge of data structures & algorithms beforehand, LeetCode will be a difficult resource to use efficiently, and it also won’t teach you anything about important non-technical skills like communication skills, which is a crucial aspect that interviewers also evaluate. Therefore, I also suggest that you avoid using LeetCode as your only resource to prepare for your technical interviews, as it doesn’t cover everything that you need to learn on its own.
For example, you may want to enroll in a program like Tech Interview Pro as you use LeetCode. TIP is a program that was created by an ex-Google software engineer and was designed to be a “how to get into big tech” course, with over 20 hours of instructional video content on data structures & algorithms and system design.
Another good resource that you could use, this time to cover the behavioral aspect of interviews, is Interviewing.io. With it, you can engage in mock interviews with other software engineers that have worked with Facebook and Google before and also receive feedback on your performance.
You could also read a book like Cracking the Coding Interview, which offers plenty of programming questions that are very similar to what you can expect from FAANG companies, as well as valuable insight into the interviewing process.
Best of luck with your interviews!
Are technical internships like Google, Amazon, and Facebook more selective than getting into Harvard?
Harvard is seen in popular culture as being very selective, and so any funnel which has a conversion rate lower than 5% is going to describe itself as “more selective than Harvard”. “More selective than Harvard” has 70m hits on Google. When Walmart opened a DC store, it hired about 2.5% of the people that sent applications, and ran a story that it was “twice as selective as Harvard”. Tech internships, somewhat unsurprisingly, are harder to get as jobs at Walmart.
Generally speaking, the more LeetCode problems you solve, the better your odds of getting an offer will be. Be careful, however, as using the number of problems you solve on LeetCode as a reference for how ready you are for your technical interviews is misleading, especially if it’s for Google and Facebook. Even if you solve every problem on LeetCode (please don’t try this), there’s still a chance you won’t get an offer, and there are several reasons why.
First of all, coding is not the only thing taken into consideration by interviewers from big tech companies. One of the main things they look for in a candidate is the presence of strong soft skills like teamwork, leadership, and communication. If you’re raising red flags in that department—if the interviewer doesn’t think you have the leadership skills to lead a team down the road, for example—odds are that you’re going to get overlooked. They also expect you’ll be able to clearly explain your thought process before solving a given coding problem, which is something a surprising number of developers have trouble with.
The second problem with using LeetCode alone is that it can only help you practice data structures & algorithms and system design, but not exactly teach you about them. This might not be an issue if you’re solving questions from the Easy section of LeetCode, but once you get to the Medium and Hard problem sets, you’ll need more theoretical knowledge to properly handle these problems.
So, ideally, you’ll want to prepare using resources that help you learn more about DS&A and systems design before you start practicing on LeetCode, and you’ll also want to work on your behavioral skills to ensure you do well there, too. Here are some tools that can help:
- Interviewing.io: A site where you can engage in mock interviews with other software engineers—some of whom have worked at Google and Facebook—and receive immediate, objective feedback on your performance.
- Tech Interview Pro: An interview prep program designed by a former Google software engineer that includes 150+ instructional video lessons on data structures & algorithms, systems design, and the interview process as a whole. TIP members also get access to a private Facebook group of 1,500+ course graduates who’ve used what they learned in the course to land jobs at Google, Facebook, and other big tech companies.
- Educative’s Scalability & System Design for Developers Course: An introductory systems design course that will teach you how to think about architecture trade-offs and design systems at scale for enterprise-level software.
So, using LeetCode on its own would prepare you well for questions about data structures & algorithms, but may leave you unprepared for questions related to systems design and the behavioral aspect of your interviews. But by complementing LeetCode with other resources, you’ll put yourself in a much better position to receive an offer from Google, Facebook, or anyone else. Best of luck.
Dmitry Aliev is correct that this
was introduced into the language before references.
I’ll take this question as an excuse to add a bit more color to this
.
C++ evolved from C via an early dialect called “C with Classes”, which was initially implemented with Cpre, a fancy “preprocessor” targeting C that didn’t fully parse the “C with Classes” language. What it did was add an implicit this
pointer parameter to member functions. E.g.:
- struct S {
- int f();
- };
was translated to something like:
- int f__1S(S *this);
(the funny name f__1S
is just an example of a possible “mangling” of the name of S::f
, which allows traditional linkers to deal with the richer naming environment of C++).
What might comes as a surprise to the modern C++ programmer is that in that model this
is an ordinary parameter variable and therefore it can be assigned to! Indeed, in the early implementations that was possible:
- struct S {
- int n;
- S(S *other) {
- this = other; // Possible in C with Classes.
- this->n = 42; // Same as: other->n = 42;
- }
- };
Interestingly, an idiom arose around this ability: Constructors could manage class-specific memory allocation by “assigning to this” before doing anything else in the constructor. E.g.:
- struct S {
- S() {
- this = my_allocator(sizeof(S));
- …
- }
- ~S() {
- my_deallocator(this);
- this = 0; // Disabled normal destructor post-processing.
- }
- …
- };
That technique (brittle as it was, particularly when dealing with derived classes) became so widespread that when C with Classes was re-implemented with a “real” compiler (Cfront), assignment to this
remained valid in constructors and destructors even though this
had otherwise evolved into an immutable expression. The C++ front end I maintain still has modes that accept that anachronism. See also section 17 of the old Cfront manual found here, for some fun reminiscing.
When standardization of C++ began, the core language work was handled by three working groups: Core I dealt with declarative stuff, Core II dealt with expression stuff, and Core III dealt with “new stuff” (templates and exception handling, mostly). In this context, Core II had to (among many other tasks) formalize the rules for overload resolution and the binding of this
. Over time, they realized that that name binding should in fact be mostly like reference binding. Hence, in standard C++ the binding of something like:
- struct S {
- int n;
- int f() const {
- return this->n;
- }
- } s = { 42 };
- int r = s.f();
is specified to be approximately like:
- struct S { int n; } s = { 42 };
- int f__1S(S const &__this) {
- return (&__this)->n;
- }
- int r = f__1S(s);
In other words, the expression this
is now effectively a kind of alias for &__this
, where __this is just a name I made up for an unnamable implicit reference parameter.
C++11 further tweaked this by introducing syntax to control the kind of reference that this
is bound from. E.g.,
- struct S {
- int f() const &;
- int g() &&;
- };
can be thought of as introducing hidden parameters as follows:
- int f__1S(S const &__this);
- int g__1S(S &&__this);
That model was relatively well-understood by the mid-to-late 1990s… but then unfortunately we forgot about it when we introduced lambda expression. Indeed, in C++11 we allowed lambda expressions to “capture” this
:
- struct S {
- int n;
- int f() {
- auto lm = [this]{ return this->n; };
- return lm();
- }
- };
After that language feature was released, we started getting many reports of buggy programs that “captured” this
thinking they captured the class value, when instead they really wanted to capture __this
(or *this
). So we scrambled to try to rectify that in C++17, but because lambdas had gotten tremendously popular we had to make a compromise. Specifically:
- we introduced the ability to capture
*this
- we allowed
[=, this]
since now[this]
is really a “by reference” capture of*this
- even though
[this]
was now a “by reference” capture, we left in the ability to write[&, this]
, despite it being redundant (compatibility with earlier standards)
Our tale is not done, however. Once you write much generic C++ code you’ll probably find out that it’s really frustrating that the __this
parameter cannot be made generic because it’s implicitly declared. So we (the C++ standardization committee) decided to allow that parameter to be made explicit in C++23. For example, you can write (example from the linked paper):
- struct less_than {
- template <typename T, typename U>
- bool operator()(this less_than self,
- T const& lhs, U const& rhs) {
- return lhs < rhs;
- }
- };
In that example, the “object parameter” (i.e., the previously hidden reference parameter __this
) is now an explicit parameter and it is no longer a reference!
Here is another example (also from the paper):
- struct X {
- template <typename Self>
- void foo(this Self&&, int);
- };
- struct D: X {};
- void ex(X& x, D& d) {
- x.foo(1); // Self=X&
- move(x).foo(2); // Self=X
- d.foo(3); // Self=D&
- }
Here:
- the type of the object parameter is a deducible template-dependent type
- the deduction actually allows a derived type to be found
This feature is tremendously powerful, and may well be the most significant addition by C++23 to the core language. If you’re reasonably well-versed in modern C++, I highly recommend reading that paper (P0847) — it’s fairly accessible.
When an employee is hired, there is a step in the process where they are given a stack of documents to sign that (anecdotally) I’ll venture maybe 1 in 1,000 actually read. One of the least understood (or read) is the notice that the company controls, collects and analyzes all communications, internet activity and data stored on company-owned or -managed devices and systems.
This includes network traffic that flows across their servers. It’s safe to assume that mid-to-large employers are fully aware of the amount of on-the-clock time employees spend shopping, tweeting or watching YouTube, and know which employees are spending inordinate amounts of ‘company time’ shopping on Amazon rather than tackling assignments.
This also include Bring Your Own Device policies— where employees are allowed to use their personal smartphone, tablet or laptop for business purposes. Companies don’t always ‘exploit’ the policy for nefarious surveillance purposes, but employers are within their rights to collect information like location data from your BYOD smartphone both on and off the clock.
An example of where this can hurt employees is when they start to look for another job.
If you email/Slack/message your supervisor and ask for a personal day off to attend to a family matter, but your device logs show you are accessing job-search sites and your location data suggests your aren’t at home or even within the radius of a competitor’s office, they know. This tends to make your boss cranky, and can adversely impact your employment to the point of losing your job.
I disagree with this kind of intrusive surveillance, and the presumption of guilt employees face when they take steps to protect themselves by using encrypted tools like Signal, proxy servers or switching devices to Airplane Mode intrudes on the employee’s legitimate rights to privacy: you may not want your employer to know that you’re seeing a psychiatrist on your lunch hour, and they really have no reasonable expectation for you to disclose this (or not take steps to conceal it.)
- Workplace Privacy and Employee Monitoring
- PDF: https://www.privacyrights.org/printpdf/67553
- This is Your Wakeup Call on Employee Privacy
Facebook recruiting breaking poaching agreements really lead to measurable higher salaries at Google?
I think so. I remember there was a noticeable number of people going to Facebook, and some discussion of it among the employees. And then there was an explicit event where Google rearranged its compensation strategy. Everyone got a huge raise just at that moment, and from that point on the salaries and stock grants became close to the top of the market, as they need to be for a company that hires top talent.
I have no internships. I just graduated with a degree in CS. How can I get a job at FAANG?
If you can’t get FAANG to pay attention to you, you probably need to get another job first. Perhaps one of the companies that are considered to be pretty good would be interested.
It is actually quite hard to get an entry-level role at a top tech company, because where you went to college (and internships, which you don’t have) plays a disproportionate role. It’s not surprising, because what else can they go on? Interviewing is expensive, and there are hundreds of applicants per opening, so they want to pre-filter candidates somehow.
Once you have a few years of experience, things look a little better, especially if you climb up the prestige pole. For instance, Microsoft (or Twitter where I work today) isn’t FAANG, but you can be sure that recruiters would take applicants from there seriously, and you would have a good chance to get an interview. But the main factor is what you manage to do in your time at work. If you do well, get promoted, demonstrate clear impact (that you can articulate externally), build your professional network, that would improve your chances to both get your foot in the door, and also to pass the interviews.
There are also other things you can do, but I think they depend on luck too much. Slowly improving your portfolio is the way to go, I think.
What’s the best future web programming language to work in a big company like Google, Facebook, and Microsoft?
All of these companies assume that if you know the front-end domain, you can learn whatever technology du jour to become a front-end developer, and besides, if you don’t know anything about front-end, you can still grow into a front-end developer if that’s the path you’re interested in.
That being said, TypeScript is increasingly becoming the standard way to write client-side web code. Both Microsoft and Google are very committed to TS, while Facebook uses JavaScript with Flow. Google also uses Dart for some of its front end.
Likewise, there are a number of technologies on which the larger companies have taken diverging choices. Google is very committed to gRPC, I mean, g stands for Google; while Facebook is behind graphQL. (graph being, originally. the “social graph” of Facebook). AFAIK, Microsoft uses both.
Neither Google nor Facebook have ever really embraced node.js. This would have seemed odd a few years ago but now the web ecosystem is generally turning away from tools and web servers written in node.js. I don’t know for sure what Microsoft uses for its web servers.
Facebook is unsurprisingly very committed to React and React Native. Google though uses a number of web frameworks, including non-open sourced ones, and among others Angular and Flutter. Microsoft, AFAIK, uses React and React Native and Angular.
But all these skills are transferable. If you understand React, it’s easy to learn Angular and conversely; TypeScript and Flow have similarities, etc.
One common denominator is HTML, CSS, web APIs and web standards, which are always relevant.
Is 40 too old to apply for an SDE role in FAANG?
Not at all, I applied for a role with Google the month before my 52nd birthday.
Nobody ever asked me during the application and interview process, “Can you keep up with these young kids and with new technologies?”
Doesn’t matter if you’re 22 or 52 when you join Google — during your first year you’re going to soak up knowledge like it came from a fire hose.
If that sounds interesting to you, then by all means, apply!
How can I figure out if my interviewer is impressed in an Amazon interview? My interviewers gave reactions after every answer such as wonderful, very good, I love it. Is this usual?
Your goal, in an interview, is not to impress your interviewer, but to demonstrate that you have the necessary skill set to be hired.
In a large tech company, the threshold to be considered “impressive” is pretty high… you have people that had superlative achievements in their field (or outside of tech), and in their day to day they’re just treated like normal people. I never interviewed for Amazon, but I interviewed (and got hired) at both Facebook and Google, and both of my interviewer brackets included folks who had their own Wikipedia entry (and since then, all of my Facebook interviewers had amazing careers and most got their own Wikipedia page). So that’s the caliber of folks that your interviewers work with on a daily basis.
So your interviewer is not going to be impressed by your interview performance. That said, I’ve observed that many tech employees treat others as if they could be the next Ada Lovelace or the next Steve Jobs no matter their current achievements. This is not forced, but it’s an attitude that comes naturally because we’ve observed so many people achieve greatness. Interviewers would love nothing more than to give the highest recommendation for the candidate that they are seeing right now, it’s very fulfilling (conversely, having to reject a candidate is always a bit frustrating). So I think it’s fair that your interviewer is hoping you can become a superstar, but that hope is the same as for every other candidate and not directly linked to how well you are doing right now.
Google’s interview process leans towards making sure that an unsuitable candidate is not hired, they are ok if a few suitable candidates are missed in the process.
There is also a factor of chance involved in the process. Here is a story to prove that:
I have personally asked at least 5 engineers at Google if they would be willing to interview again assuming they would be offered 1.5 times their current compensation. Obviously they loose the job if they don’t clear the interview. I am yet to meet somebody willing to take this bargain , I wont take it either.
Btw google also offers anybody who leaves google to comeback and join at the same level without an interview if they comeback within 2 years. My guess is that they also realize the chance involved.
Not clearing an interview at google is an indicator of only one thing, that you did not clear a google interview. Don’t draw conclusions about your ability based on this.
What laptop do FAANG software developers seem to prefer? Why?
At Google there’s a selection of laptops you can choose from: a couple of Macs, a couple of Chromebooks, a couple of Linux laptops and a couple of windows laptops. Usually there’s a smaller, lighter version, for people who favor portability, and a larger version if you prefer a larger screen.
I’ve seen developers use all. I’d guess that Macs are most common (but under 50%} and Windows machines are least common.
I use a Chromebook (well, two Chromebooks). You turn it on, you log in and it looks exactly the same as your other Chromebook. This saves me carrying a laptop between work and home. If you work from another office, you don’t need to carry your laptop, you just grab one off the shelf, log in, and it looks the same as the computer you left at home.
(I tried using a Mac, I couldn’t get used to it, I didn’t know how to do anything, the keyboard shortcuts drove me crazy and so I gave it back and got a Chromebook).
Why is employee activism seen more in Google but not in other companies like Facebook and Amazon?
Google and Meta (formerly Facebook) have a long-standing culture where employees believe that they’re hot stuff and that the company has to keep them happy because the company needs them as much as they need the company. Amazon doesn’t have that, probably because they fire people pretty often, making many of the remaining employees feel disposable.
Google and Meta have different concepts of culture fit—or at least they did historically. At Google, culture fit means “don’t be a person who’s hard to work with”. At Meta, culture fit means “be a person who believes that we are doing great things here and who will be excited to work hard on those great things”. As a result, it tends to be easy for Meta to keep convincing their existing employees that the company is doing the right thing. Google, on the other hand, ends up with a significant proportion of employees who are not easily convinced, and demand change.
Though it’s been so long since I’ve actually worked in the tech industry that I’m not sure if Meta still fits the description I gave above, and there are signs that Google has been trending away from the description I gave above.
The question was:
Why is employee activism seen more in Google but not in other companies like Facebook and Amazon?
When people who have PhDs want work in FAANG, do many of them gravitate more towards Google than any of the other FAANG companies?
Just to add a small note to Dimitriy’s great answer, computer science PhDs tend to be analytical and hyperrational. Working for Google is probably the single best “pass” to choosing whatever the hell you want for the rest of your career, or at least for the next step or two. I think some CS PhDs work for Google not because it’s what they want, but because they don’t know what they want, and if you don’t know what you want and you can get a job there, it would be hard to do better than Google. Why not make $250,000 a year while figuring out your next step? The other companies in this so-called “top-tier” have issues; they are potentially great employers, but their issues make them anywhere from slightly to dramatically less attractive.
Why is it much harder to get into trading firms and hedge funds such as Jane Street and Two Sigma than FAANG/top tier companies?
The main factor why top prop trading firms and hedge funds are difficult to get into compared to tech companies is their size.
According to Wikipedia Two Sigma has about 1600 employees[1] and Jane Street has about 1900 employees .[2] Even the largest hedge fund, Bridgewater, only has 1500[3] and the third largest hedge fund, Renaissance Technology manages $130 billion with 310 employees.
Maybe these numbers on Wikipedia aren’t exact but I’d bet they’re well within the ballpark of being accurate.
Facebook has nearly 60,000 employees ,[4] Amazon has 160,000 ,[5] Apple has 154,000,[6] Netflix has around 12,000[7], and Google has 140,000[8]. Again, maybe these number aren’t precise but I don’t feel like doing more in depth research.
However, it’s pretty obvious to see that the big tech companies employ multiples of what those finance firms do and quite simply there are far more opportunities at those tech companies. More seats mean it’s going to be less competitive to be hired.
Second, those top hedge funds and prop trading firms pay well. Like really well.
And Jane Street’s 2020 graduate hires straight from college were paid a $200k annual base salary, plus a $100k sign-on bonus, plus a $100k-$150k guaranteed performance bonus. Junior bankers’ high salaries look a little paltry by comparison.[9]
So a new college grad makes $400-$450k. That’s a 22–23 year old making that. That same article found documents that said the average per employee in their London office was $1.3 million. Some make more and some make less, but that’s an eye wateringly high number when you consider all of the admin and support aren’t making close to that.
A friend’s younger brother worked at Jane Street about 10 years ago. He may still but I haven’t talked to her much since we moved. He was a rock star at Jane Street, and while I’m relying on my memory of a 10 year old conversation so I may not be totally accurate, he was in his late 20’s or early 30’s and made $4 million (and it may actually have been $8M) that year.
I know tech people are paid well but I doubt many, if any, make $400-$450k in year one and are making millions by their late 20’s is unheard of unless they founded or join a startup at the right time.
In addition, the interview processes at those firms is insanely difficult. I’ve never worked or interviewed at them but I’ve heard war stories. Just to get your foot in the door is nearly impossible then getting an offer to work there is basically impossible
My friend’s brother was half way through an absolutely top PhD program in Physics when he was recruited by them. I don’t consider myself a slouch and I’ve met a ton of highly intelligent people, but this guy was like his brain was plugged into a computer and the internet. And he was a dynamic personality.
They hire the absolute best of the best and because they’re small and privately held they don’t actually ever need to hire or grow because the public markets can’t punish their stock price because they don’t have one. If some of those top investment firms can’t find the right fit they may simply not need to make a hire right then and can wait. They’re not big banks like Goldman that need to hire X number of analysts and associates because they need to replace the people who left.
So the main reasons that it’s tougher to get into a top hedge fund or prop trading firm than big tech is because they’re much smaller, they pay more, they are even more diligent in their hiring practices, and they hire very intelligent people.
Footnotes
[2] Jane Street Capital – Wikipedia
[3] Bridgewater Associates – Wikipedia
[4] Number of Facebook Employees 2022/2023: Compensation, Tenure & Perks – Financesonline.com
[5] Amazon tops 1M U.S. employees
[7] number of nextflix employees
[9] Jane Street paid staff $1.3m as profits soared
What would happen to Google if they lost all their source code?
If that were to happen, we’ll have bigger problems to deal with. The Google monorepo exists on tens of thousands of machines. That would mean: every data center, every workstation used by Google would suddenly be out of commission – not just turned off, but so that storage isn’t even available. This is only possible in a complete doomsday scenario.
Do FAANG developers have a hard time finding another job with higher salary given the fact FAANG salaries are top of the line?
It’s generally possible to find better compensated jobs for people with experience in big tech cos. This experience is very desirable for companies in fast growth mode – not just the technical expertise but also knowledge of processes of world-class engineering organizations. Smaller but fast-growing companies can offer better packages but with an element of risk – if the company ends up failing, the employee will only get their salary.
- Apple’s entry-level MacBook Pro M2 has slower SSD speeds than its M1 counterpartby /u/LordofWhore (/r/Technology) on June 27, 2022 at 8:45 am
submitted by /u/LordofWhore [link] [comments]
- Apple Blueberry Cakeby Kesari (Apple on Medium) on June 27, 2022 at 8:39 am
Apple Blueberry CakeContinue reading on Medium »
- How to Transfer Data from Android Phone to iPhoneby Alan Jack (Apple on Medium) on June 27, 2022 at 8:37 am
Apple’s devices are notorious for their closed software. So when I moved from an Android phone to an iPhone a few weeks ago, my main…Continue reading on Medium »
- google hum to search doesn't work on ios.by /u/magaloopaloopo (Google) on June 27, 2022 at 8:28 am
ive tried every method, opening google assistant and google then force-closing both then opening google again. it didn't work. all apps are up to date but idk why it just doesn't work on ios but works on my android phone submitted by /u/magaloopaloopo [link] [comments]
- What's Coming to Netflix (July 2022)by /u/oAnmatriXo (Netflix) on June 27, 2022 at 8:27 am
submitted by /u/oAnmatriXo [link] [comments]
- Importing Resources Into Cloudformation Stackby Ivelina Yordanova (AWS on Medium) on June 27, 2022 at 8:25 am
Fixing “resource already exists” error or stacks stuck in “UPDATE_ROLLBACK_FAILED” stateContinue reading on Better Programming »
- Hackers can bring ships and planes to a grinding halt. And it could become much more commonby /u/GoMx808-0 (/r/Technology) on June 27, 2022 at 8:23 am
submitted by /u/GoMx808-0 [link] [comments]
- 日文資訊搜尋by こゆき (Google on Medium) on June 27, 2022 at 7:52 am
偶然地,我看到關鍵評論網有一篇投書抱怨日本Google最近(?)變得非常難用,完全都是廣告或內容農場。Continue reading on 再忙也要來本書 »
- Is applying onion juice good for hair?by Iqra Tariq (Google on Medium) on June 27, 2022 at 7:21 am
As we are moving toward a modern life, the urge for the achievement of every goal of life in this modern era becomes popular. In this goal…Continue reading on Medium »
- Man from Toronto Disappearedby /u/Terrible-Handle (Netflix) on June 27, 2022 at 7:07 am
My wife and I were watching the Man from Toronto last night. She fell asleep and didn’t finish it. This morning she woke up and tried to put it on, but it’s nowhere to be found. WTF happened? submitted by /u/Terrible-Handle [link] [comments]
- Gurman : le nouveau HomePod arrive en 2023, avec la puce S8 et une qualité audio similaire à celle…by ActuTech (Apple on Medium) on June 27, 2022 at 6:59 am
Continue reading on Medium »
- Google Walletby /u/Lorenzo_1723 (Google) on June 27, 2022 at 6:58 am
Is there any news about Google Wallet? At Google I/O we got: "rolling out globally in the next few weeks". I mean, it's been something like 50 days and we haven't heard anything about it. Does anyone know something about its release? I'm really looking forward to it. submitted by /u/Lorenzo_1723 [link] [comments]
- AWS Machine Learning Engineer Scholarship Programby Karan Kumar (AWS on Medium) on June 27, 2022 at 6:53 am
AWS and Udacity are collaborating to educate developers of all skill levels on machine learning concepts. I will tell all the strings att…Continue reading on Medium »
- Lambda Function to schedule with Amazon EventBridge using Java.by Swapnil Watkar (AWS on Medium) on June 27, 2022 at 6:49 am
Amazon EventBridge is a serveless event bus service.We will be creating events through Amazon EventBridge rules which trigger our Lambda…Continue reading on Medium »
- Everything you need to know about the all-new M2 MacBook Air: The World’s best-selling laptop gets…by Benjamin Lindeen (Apple on Medium) on June 27, 2022 at 6:27 am
It should be a surprise to no one that another year brings even more hardware releases from the largest company in the world. At this…Continue reading on Medium »
- Shot Blasting Solutions provider Indiaby /u/Shrinath-Technicals (Google) on June 27, 2022 at 6:25 am
We are a Shot Blasting Solutions provider in India and looking for more opportunities. How we can explore more opportunities worldwide. Looking for companies that can provide us with work as well as establish a partnership. Check our service on the website https://www.shrinathtechnicals.com/services/ submitted by /u/Shrinath-Technicals [link] [comments]
- Critics On AWS Costsby Yaniv Beaudoin (AWS on Medium) on June 27, 2022 at 6:18 am
Public cloud providers are marketing geniuses. They convinced us that using cloud environment is cheap. It’s not. It has many benefits but…Continue reading on Medium »
- IaC on AWS: What and How?by Gloria Tan (AWS on Medium) on June 27, 2022 at 6:10 am
One interesting new concept I learnt when I was an intern at AWS is Infrastructure as Code (IaC). IaC refers to provision, management and…Continue reading on Medium »
- 5 Short Courses to Boost your Data Science Skills [Part 7]by Youssef Hosni (AWS on Medium) on June 27, 2022 at 6:08 am
Boosting your data science skills with these 5 short courses [ Deploying your models into production version]Continue reading on MLearning.ai »
- Microsoft.....WE REVOLT!by /u/AfellowPlayer103 (Microsoft) on June 27, 2022 at 6:06 am
Do not add chat report shit to minecraft it'll ruin the game u need to understand microsoft PLEASE submitted by /u/AfellowPlayer103 [link] [comments]
- Customer Surveys❔ Easily❕by Не лише телефонія ☎️ (Google on Medium) on June 27, 2022 at 5:47 am
As you may know, the new Webitel version provides the ability to create dynamic dialog forms for agents. Today I will show you one of the…Continue reading on Medium »
- The iPhone 14 Pro will have a screen that stays on all the time and show the new lock screen…by Derek (Apple on Medium) on June 27, 2022 at 5:42 am
It is commonly anticipated that the iPhone 14 Pro versions will include always-on screens. These displays will enable users to access…Continue reading on Medium »
- Software Development Servicesby Technical Core Engineers (Tecoreng) (Google on Medium) on June 27, 2022 at 5:35 am
At Technical Core Engineers, we serve you with start to finish programming counselling and improvement arrangements. While giving…Continue reading on Medium »
- iPhone student discountby Themad Gamer (Apple on Medium) on June 27, 2022 at 5:27 am
Hurry up!!. Get the latest iPhone student discounts in 2023. Here you get to know how to claim offers and products under this program.Continue reading on Medium »
- AWS Elastic Beanstalk Configurationby SAURAV KUMAR (AWS on Medium) on June 27, 2022 at 5:27 am
Continue reading on Medium »
- Apple FrittersSourceby React Amsterdam (Apple on Medium) on June 27, 2022 at 5:23 am
Apple FrittersSourceContinue reading on Medium »
- Demystifying: Google Tag Managerby S. Khan (Google on Medium) on June 27, 2022 at 5:01 am
A short guide to learning Google tag managerContinue reading on Makers Byte »
- Valorant will start listening to your voice chat in Julyby /u/jormungandrsjig (/r/Technology) on June 27, 2022 at 4:55 am
submitted by /u/jormungandrsjig [link] [comments]
- How I made an App to Read to me the Top Posts from Reddit with AWSby manu muraleedharan (AWS on Medium) on June 27, 2022 at 4:51 am
Summary:Continue reading on CodeX »
- Juicy & Tender Kofta Recipe (Meat ball)by Peter Norman (Google on Medium) on June 27, 2022 at 4:49 am
What is meatball?Continue reading on Medium »
- Man vs Bee or Mr. Bean who got married, had a daughter but still lives alone?by /u/summaiyah99 (Netflix) on June 27, 2022 at 4:47 am
Watched it last night. I felt like this was another long and funny Mr. Bean episode that we all never knew we wanted but we're happy now that it exists. Nonetheless, a pleasant nostalgia for the 90s people. (spoiler Alert) But, there's something that I missed. Was the paintings fake or real? The house owner was a fraud because he was getting insurance money off of fake paintings all along? submitted by /u/summaiyah99 [link] [comments]
- Energy-hungry data centers are quietly moving into citiesby /u/ChickenTeriyakiBoy1 (/r/Technology) on June 27, 2022 at 4:47 am
submitted by /u/ChickenTeriyakiBoy1 [link] [comments]
- WU Executive Academy Vienna Austria Scholarshipby Peter Norman (Google on Medium) on June 27, 2022 at 4:46 am
WU Executive Academy Vienna Austria Scholarship for Women Leaders are open at WU Executive Academy in the class 2022–2023.Continue reading on Medium »
- Money Heist Korea Is The Lowest Effort Series Ever Madeby /u/archerV34 (Netflix) on June 27, 2022 at 4:45 am
I started watching the first episode today, and I am very disappointed. It all started great, you know with a brand new conext, but when I heard Professor, I thought that all they did was re-branding the original Money Heist series with a Korean skin. The city names and the carachter personalities only confirmed this. Come on! At least pick new names ffs! And when they showed the scene with the Unified Money Factory (I watched it in French, sorry for poor translation), I just hopped off. All they did was mooshing up elements from the earlier series. Please, share your thoughts in the comments, I'm really curious if this post is legit or I am just a raging bitch. submitted by /u/archerV34 [link] [comments]
- Issue with Netflix video resolution on PS5by /u/aw_sum (Netflix) on June 27, 2022 at 4:45 am
On PS5, Netflix's resolution automatically sets to lower than the native resolution, even though my connection is fully capable of UHD streaming. My TV set supports up to 4k HDR 120hz. Is there a way to manually set the resolution on Netflix like on YouTube, or am I just stuck watching 1080p content at 720p? submitted by /u/aw_sum [link] [comments]
- Bruby /u/zcarp7220 (Microsoft) on June 27, 2022 at 4:37 am
submitted by /u/zcarp7220 [link] [comments]
- Google’s Acting Like Crazy Latelyby Nikhil Vemu (Google on Medium) on June 27, 2022 at 4:06 am
Oh hi!Continue reading on Medium »
- EMQX + NLB (AWS) + EKS — Preserve Client IPby Nirav Thakkar (AWS on Medium) on June 27, 2022 at 4:00 am
How to preserve the client-ip address when the EMQX cluster managed by AWS EKS and NLB is in-front.Continue reading on Medium »
- Check out ♥︎Teal hearts!♥︎'s video! #TikTokby /u/Top-Court-9758 (Google) on June 27, 2022 at 3:55 am
submitted by /u/Top-Court-9758 [link] [comments]
- Install Kube2iam on Amazon EKSby lff l (AWS on Medium) on June 27, 2022 at 3:54 am
To access resources in AWS, a POD running in EKS can use either ways to grant the permission:Continue reading on Medium »
- Ads Are Officially Coming to Netflixby /u/mookiebomber (/r/Technology) on June 27, 2022 at 3:46 am
submitted by /u/mookiebomber [link] [comments]
- Google Drive Request dilemmaby /u/Ilearnyourphrases (Google) on June 27, 2022 at 3:40 am
Throwaway because I overthink EVERYTHING and I'm kinda freaking out rn. To give a quick draft of the situation, I video chat with my girfriend very regularly. Things progressed and progressed until sometimes we would get a little frisky on cam. Upon her request, she asked for me to start screen recording our sessions and send them to her so we could watch them later on, which I thought was a fun idea. I sent her our movie through Google Drive and, interestingly, today (a few days later) I got an email that the file was being requested to be viewed by someone and asking for my permission. I was rly confused at first and a little hurt bcs I thought maybe my girl had shared it somehow with someone else without my consent, but then I checked closer and I saw that the request comes from someone with an address that ends in lers. google, which sounds really bad Now I'm freaking out and rly confused on why that would be the case. submitted by /u/Ilearnyourphrases [link] [comments]
- 'How to move to Canada' — Google searches jumped 850% after abortion rulingby /u/Paneraiguy1 (/r/Technology) on June 27, 2022 at 3:39 am
submitted by /u/Paneraiguy1 [link] [comments]
- Software Engineer at Google Interview Experienceby Jyotish Bhaskar (Google on Medium) on June 27, 2022 at 3:22 am
Hello there,Continue reading on Medium »
- From Linux to MacOSby Jason Huang (Apple on Medium) on June 27, 2022 at 2:56 am
Continue reading on Medium »
- Remarkable Wallpapers For Your iPhones & Androidsby Simple Alpaca (Apple on Medium) on June 27, 2022 at 2:40 am
Hey 😊! I get a ton of requests about the wallpapers I use in my videos, so, here are most of the wallpapers I use in my videos!Continue reading on Medium »
- Is what this reviewer said true about Alder Lake? That P/E cores don't behave well with Windows 11 and that's why so many 12th gen laptops have bad battery life? Why hasn't Intel officially made a statement about this? Microsoft? I'm surprised this is the first time I've ever seen this mentionedby /u/OmegaMalkior (Microsoft) on June 27, 2022 at 2:31 am
submitted by /u/OmegaMalkior [link] [comments]
- Period apps deleted over privacy concerns for women seeking abortions in post-Roe worldby /u/redhatGizmo (/r/Technology) on June 27, 2022 at 2:29 am
submitted by /u/redhatGizmo [link] [comments]
- Money Heist: Koreaby /u/aliygdeyef (Netflix) on June 27, 2022 at 1:30 am
I'm watching the show because a lot of K-drama actors I follow are in it and I'm noticing a very very similar story to the original money heist. Did Netflix seriously just make the same show but as a K-drama??? edit: I've only seen episode 1 and 2 of the original money heist so I'm enjoying this one but it must be a huge letdown to fans of the original series Here Netflix had the chance to do something big and creative as a spin-off to the original series but it's just a korean knockoff (albeit done well) submitted by /u/aliygdeyef [link] [comments]
- Buy Now Pay Later Continues To Boomby CouponBirds (Apple on Medium) on June 27, 2022 at 1:26 am
Apple launched its Apple Pay Later service for iPhone and Mac users in the U.S. at its Worldwide Developers Conference from June 6 to 10…Continue reading on Medium »
- Question about extended coverage (Canada)by /u/NoPause_2021 (Microsoft) on June 27, 2022 at 1:08 am
First time ever buying a laptop and considering buying a Microsoft Surface Go 2 laptop for my son as he’ll be needing one next year for school. Just wondering if there are any pros/cons to purchasing it through Costco with their extended coverage or is it better to get it from Microsoft with their extended warranty in case something happens to it? Tia. submitted by /u/NoPause_2021 [link] [comments]
- Google clarifies it uses only first 15 MB of webpage for Search rankingsby /u/Metanism_ (Google) on June 27, 2022 at 12:54 am
submitted by /u/Metanism_ [link] [comments]
- Rhythm+Flow France: Translation Helpby /u/sunsNr0ses (Netflix) on June 27, 2022 at 12:45 am
Are there any French speakers who would be able to translate the rap battle from Episode 5 “Rap Battles” between KT Gorique and Semaya? Things got heated in the episode during their rap battle and I had no idea what they said to each other that was so triggering. Anyone able to help by translating so I can appreciate these vicious punchlines? Thank you in advance !! submitted by /u/sunsNr0ses [link] [comments]
- Does Love Death and Robots contain nudity?by /u/05ar (Netflix) on June 27, 2022 at 12:31 am
I've seen some clips and i think it would be interesting to watch with my family because we like very violent stuff, but we don't like the other kind of nsfw, I would check myself but I don't want to spoil myself, can anyone who has watched the series tell me? submitted by /u/05ar [link] [comments]
- Brave CEO slams DuckDuckGo — Microsoft deal comes to lightby Tech House (Google on Medium) on June 27, 2022 at 12:02 am
The CEO of Brave, a crypto-focused browser(opens in new tab), has attacked competitor DuckDuckGo for its Microsoft ties and the broader…Continue reading on Medium »
- Internet history, texts, and location data could all be used as criminal evidence in states where abortion becomes illegal post-Roe, digital rights advocates warnby /u/chrisdh79 (/r/Technology) on June 26, 2022 at 11:27 pm
submitted by /u/chrisdh79 [link] [comments]
- COVID is Dying Down, Can’t We Get “The Society” and “I Am Not Okay with This” Season 2 Now?by /u/tvShowBuff (Netflix) on June 26, 2022 at 11:17 pm
For those that don’t remember Netflix renewed these two shows “The Society” and “I Am Not Okay with This” but then decided to cancel both of them simultaneously. they stated that COVID was their primary reason for cancelling the shows. However COVID is far less of an issue now with restrictions being eased or completely lifted. So with that being said, shouldn’t they at the very least be considering reviving these two great shows now? After all they did promise us a season 2. Or at the very least they could give new statements and explain why they won’t be reversing their decision with COVID mostly behind us. The Society renewal petition. I am Not Okay with This renewal petition EDIT: Plus they were both left on cliffhangers! submitted by /u/tvShowBuff [link] [comments]
- LEGO | Stranger Things Season 4 Vol 1 | Custom Lego Setsby /u/Imaginary-Gap-8948 (Netflix) on June 26, 2022 at 10:53 pm
submitted by /u/Imaginary-Gap-8948 [link] [comments]
- Netflix Has to Change - captainmidnightby /u/chirruphowlinkeeaahh (Netflix) on June 26, 2022 at 10:52 pm
submitted by /u/chirruphowlinkeeaahh [link] [comments]
- State (and future) of the Minecraft Java Edition Communityby /u/Ironzombie39 (Microsoft) on June 26, 2022 at 10:44 pm
submitted by /u/Ironzombie39 [link] [comments]
- Amazon Is Intimidating and Harassing Organizing Workers in Montrealby /u/psychothumbs (/r/Technology) on June 26, 2022 at 9:57 pm
submitted by /u/psychothumbs [link] [comments]
- Shuttle between Redmond campus and Bellevue downtownby /u/Prompt_Evening (Microsoft) on June 26, 2022 at 9:53 pm
Are there shuttles that go back and forth between Redmond campus and Bellevue DT? How frequent are they and how long is the commute on average? submitted by /u/Prompt_Evening [link] [comments]
- Netflix will collaborate again with Behaviour Interactive: Stranger Things returns to Dead by Daylight at Christmas 2022, Chapter with Vecna in the worksby /u/NiitoIsHere (Netflix) on June 26, 2022 at 8:57 pm
submitted by /u/NiitoIsHere [link] [comments]
- Episodes released weeklyby /u/tiita (Netflix) on June 26, 2022 at 8:23 pm
Am I the only one to truly hate this? I get sometimes they are released as they are made available, but I truly despise having to wait for a week to watch the next episode. A month or more to get to the end.. Amazon prime, panamount+, Disney+ applet they all do it. I much rather have the whole season available and watch it as I can, want or feel like it They could at least perhaps put an icon or something to show that a serie is in progress. Yes sometimes they do put new episodes weekly but not always or sometimes they mark them incorrectly.. I guess the solution would be to wait for them but still, it pisses me off.. submitted by /u/tiita [link] [comments]
- Subtitles bugby /u/sc00ney (Netflix) on June 26, 2022 at 7:54 pm
I can't be the only one having this issue, but for several months now I've been having issues with subtitles. Specifically, English language content that had periodic subtitles. The latest example is Call Me By Your Name, which has a lot of Italian dialogue. I can turn subtitles on for ALL the dialogue, but I only want it for the Italian dialogue. Anyone had this issue and been able to resolve it? submitted by /u/sc00ney [link] [comments]
- Either a massive plot hole in Bly Manor, or I'm just rlly stupid.by /u/h0rible8ilence (Netflix) on June 26, 2022 at 7:54 pm
I've just finished rewatching the Haunting of Bly Manor, and I can't wrap my head around this. Near the end of episode 9, we learn that the bride's middle name is Flora. Then, when Jamie is having flashbacks of what the crew looked like when they were younger, we see the bride turn into Flora. But it's her middle name? Why would the whole family including mother and father refer to her as her middle name, and the help in the house aswell? Also she was 8, how would she know to reply to her middle name instead of her real name? We know miles' full name is miles Dominic wingrave, so why isn't he referred to as Dominic? Maybe she changed her name, but there is no mention of it anywhere. In just really confused. It's one of my fav shows on netflix but idk, I need this answered, I don't get it. submitted by /u/h0rible8ilence [link] [comments]
- HOW TO SOUND LIKE THE NETFLIX SHOW - DARK!!!by /u/Charlie-Hunt (Netflix) on June 26, 2022 at 6:54 pm
submitted by /u/Charlie-Hunt [link] [comments]
- Just ban me from this shithole subreddit alreadyby /u/Far_Distribution1400 (Microsoft) on June 26, 2022 at 6:37 pm
submitted by /u/Far_Distribution1400 [link] [comments]
- snowflakesby /u/lhayes238 (Netflix) on June 26, 2022 at 6:32 pm
Holy shit is this show tone deaf. Wow some rich kids went camping and now they know what it's like to live a rough life? Holy fuck I wish I could afford to go camping, how about instead of a camping trip Netflix you just make them for like 3 months in poverty with no help, do that and then at the end the prize is nothing, the prize is knowing that you're not actually poor. None of these idiots changed, what a joke submitted by /u/lhayes238 [link] [comments]
- Despite its draining power, NASA’s InSight Mars lander is determined to squeeze as much science as it can until the very last momentby /u/speckz (/r/Technology) on June 26, 2022 at 6:22 pm
submitted by /u/speckz [link] [comments]
- Fierce local battles over power lines are a bottleneck for clean energyby /u/thebelsnickle1991 (/r/Technology) on June 26, 2022 at 6:12 pm
submitted by /u/thebelsnickle1991 [link] [comments]
- Your data is worth more than your life to tech companiesby /u/giuliomagnifico (/r/Technology) on June 26, 2022 at 6:09 pm
submitted by /u/giuliomagnifico [link] [comments]
- Better Call Saul completely unavailable ?by /u/No_I_Deer (Netflix) on June 26, 2022 at 6:03 pm
I got through season 1 and part of season 2. I come to watch it today and all it says is "remind me" for when the show is available. I looked and some shows work but for example breaking bad says the same thing. Any fix as I know it was available just last week submitted by /u/No_I_Deer [link] [comments]
- Surface Upgrade Helpby /u/_therthon (Microsoft) on June 26, 2022 at 5:34 pm
Hi all, I currently have a Surface Tablet from 2017 which is now showing signs of age e.g. being quite slow. I'm looking to upgrade to another Surface and like the Surface Laptop Studio but it is quite pricey. Is it worth it? I use the Surface for personal use only. Thanks! submitted by /u/_therthon [link] [comments]
- Is this email trustworthy?? Help please!by /u/xNuclear1234 (Google) on June 26, 2022 at 5:01 pm
So recently I was contacting google support through email and I'm not sure if this email address is them since it confuses me that they replied from India even though my devices or account region is in India. This is the email address that contacted me: google-p2bmediation@google.com submitted by /u/xNuclear1234 [link] [comments]
- Fintechs face reckoning as easy money dries upby /u/Soupjoe5 (/r/Technology) on June 26, 2022 at 4:57 pm
submitted by /u/Soupjoe5 [link] [comments]
- The Man From Toronto- Movie Reviewby /u/According2Ash (Netflix) on June 26, 2022 at 4:46 pm
submitted by /u/According2Ash [link] [comments]
- will shutting off my laptop for 2-3 months kill it?by /u/coldfries_ (Microsoft) on June 26, 2022 at 3:23 pm
I have an HP laptop that I bought last summer, my laptop has been working, sleeping, or shut off for 2 weeks max its entire life. Now that I have summer vacation from hs I don't really need my laptop for a while. Will shutting it off for that long damage the battery like in a car? submitted by /u/coldfries_ [link] [comments]
- Google pay issueby /u/todderz57 (Google) on June 26, 2022 at 3:15 pm
Google pay says my phone may be rooted or altered in some way. I was working before but now doesn't submitted by /u/todderz57 [link] [comments]
- Paralyzed race driver completes Goodwood hill climb using head movement to steerby /u/Captain_Smartass_ (/r/Technology) on June 26, 2022 at 3:09 pm
submitted by /u/Captain_Smartass_ [link] [comments]
- Mexico’s Pemex to Invest $2B to Reduce Methane Pollution Amid Growing Concern Over Emissionsby /u/Wagamaga (/r/Technology) on June 26, 2022 at 2:36 pm
submitted by /u/Wagamaga [link] [comments]
- Will my Microsoft Office be deleted after resetting?by /u/alexzioxvi (Microsoft) on June 26, 2022 at 2:16 pm
I wanted to reset my pc because I want to be sure there are no viruses on my computer. But I am worrying that my Word, Powerpoint, Excel, etc. will be deleted. Will it be? submitted by /u/alexzioxvi [link] [comments]
- Tom Hanks or Tom Cruiseby /u/allpoliticsislocal (Netflix) on June 26, 2022 at 1:38 pm
Both Tom’s came to fame in the 1980’s. Both have made over 50 films. I don’t think Tom Cruise has ever made a bad movie but Tom Hanks pushed the envelope further as an actor. What is your ranking between the Tom’s? [US] submitted by /u/allpoliticsislocal [link] [comments]
- Google engineer identifies anonymous faces in WWII photos with AI facial recognitionby /u/geoxol (/r/Technology) on June 26, 2022 at 1:28 pm
submitted by /u/geoxol [link] [comments]
- Is the Sopranos on Netflix in any country?by /u/DustyMartin04 (Netflix) on June 26, 2022 at 1:19 pm
It’s not here on any streaming service I have in Australia, but I do have a VPN, is there any way to watch it? Never seen it but I love Breaking Bad and BCS and plenty of people recommend the Sopranos so I thought I’d give it a shot submitted by /u/DustyMartin04 [link] [comments]
- Google and Apple may face another FTC probe over 'harmful' mobile trackersby /u/trainedcovering161 (/r/Technology) on June 26, 2022 at 11:35 am
submitted by /u/trainedcovering161 [link] [comments]
- Recommendation for series that is suitable for a 12 year old?by /u/HelenEk7 (Netflix) on June 26, 2022 at 11:32 am
We a are looking for some series to watch over the summer holiday, which is something the whole family can watch together. Which means it needs to be suitable and fun for a 12 year old as well. submitted by /u/HelenEk7 [link] [comments]
- For people seeking abortions, digital privacy is suddenly criticalby /u/Sumit316 (/r/Technology) on June 26, 2022 at 10:28 am
submitted by /u/Sumit316 [link] [comments]
- New Israeli military technology allows operators to 'see through walls'by /u/trainedcovering161 (/r/Technology) on June 26, 2022 at 10:18 am
submitted by /u/trainedcovering161 [link] [comments]
- Every new passenger car sold in the world will be electric by 2040, says Exxon Mobil CEO Darren Woodsby /u/Wagamaga (/r/Technology) on June 26, 2022 at 9:56 am
submitted by /u/Wagamaga [link] [comments]
- Switzerland’s driverless underground freight project gets start dateby /u/nixass (/r/Technology) on June 26, 2022 at 9:36 am
submitted by /u/nixass [link] [comments]
- The Old / New M2 MacBook Proby /u/zangah_ (r/Apple: Unofficial Apple Community) on June 26, 2022 at 6:18 am
submitted by /u/zangah_ [link] [comments]
- I made a Mac app that remaps the globe key (fn key) to do things like opening Launchpad or capturing the screen. It is called GlobeKey and it’s free.by /u/Sstarfree (r/Apple: Unofficial Apple Community) on June 26, 2022 at 6:02 am
submitted by /u/Sstarfree [link] [comments]
- Google playby /u/WEEEBBER9999 (Google) on June 26, 2022 at 4:44 am
Google ALWAYS has to muck things up Where did Google hide the apps I have not installed. I am trying to find an app I used before but I cannot because my library only list the ones I already have on my device. submitted by /u/WEEEBBER9999 [link] [comments]
- Raytheon, Northrop advance in competition to develop hypersonic weapons interceptorby /u/jormungandrsjig (/r/Technology) on June 26, 2022 at 4:28 am
submitted by /u/jormungandrsjig [link] [comments]
- I can’t choose between a windows laptop or a MacBookby /u/frozenball824 (Microsoft) on June 26, 2022 at 3:49 am
I’m in the market for a new laptop. I really like apple’s design language yet I’m so confused when using the operating system. When I was at the store testing it, I tried to install a few games to test how they ran yet I couldn’t figure out how to install things on Mac until my brother helped me. I also couldn’t figure out how to do basic shortcuts, how to make the windows full screen without making them extend to the entire display, etc. I have an iPad and an iPhone yet I don’t see how they are supposed to work flawlessly together. I don’t think I’ve ever used one to complement the other. On the other hand, windows laptops break down more frequently. The build quality is subpar and their can be improvements. I love how the operating system is though. I would 100% choose windows over macOS however I would choose the build quality of a Mac over most windows laptops. What do you think I should choose? submitted by /u/frozenball824 [link] [comments]
- How do i get in contact with a live agent?by /u/TalShee (Microsoft) on June 26, 2022 at 3:25 am
My ethernet suddenly doesn’t have a valid IP configuration and i need admin to fix it, but my dad, who is admin, is across the ocean and ghosting my emails. i’m wondering if i can get someone over at IT to override his admin and fix the problem. submitted by /u/TalShee [link] [comments]
- 13-inch MacBook Pro with M2 review: Incremental upgrade and unexcitingby /u/Marcio0324 (r/Apple: Unofficial Apple Community) on June 26, 2022 at 1:51 am
submitted by /u/Marcio0324 [link] [comments]
- Google Pixel 7 roll outby /u/Helen_Magnus_ (Google) on June 26, 2022 at 1:40 am
What's the likelihood in the next Google roll out they're going to release a phone smaller than the Google Pixel 6? I have a google pixel 3 and I'd love to buy another google phone. But I'm not willing to go to a large size phone submitted by /u/Helen_Magnus_ [link] [comments]
- Should Apple start implementing HDMI 2.1 in order to support 120Hz displays for devices that are equipped with a M1 Max or better?by /u/DC9V (r/Apple: Unofficial Apple Community) on June 26, 2022 at 1:19 am
The only Apple device that seems to support HDMI 2.1 is the Apple TV 4K, as far as I'm concerned. However, it is limited to 60FPS. Modern Apple products like the Mac Studio, should definitely be able to run 4K displays at a 120Hz refresh rate while making use of already existing and well established adaptive sync technologies like FreeSync. Many people seem to argue that you won't need high refresh rate monitors unless you're gaming, but that's really not the case. Apps like Affinity designer could benefit from lower input latency. In fact any app that requires precise input, like military apps, could benefit from it. On my PC, I've disabled V-sync for Affinity designer, and capped the frame rate to 720 FPS. I've also put a filter on one of my USB ports so I can use my Wacom tablet at a polling rate of 1000Hz. The result is less input variance when drawing lines, and an overall more responsive feel due to the reduction in frame time. Since 720 is a multiple of both 144 and 60, the screen tearing should be hardly noticeable as long as your GPU can provide a stable frame rate. It should work especially well in applications that have a fixed physics tick rate. submitted by /u/DC9V [link] [comments]
How to prepare for FAANG – MAANGM jobs interviews
FAANG – MAANGM Job interviews Q&A
Tips to succeed at FAANGM companies
Recipes to succeed in corporate, how to navigate the job world.
I’m going to read between the lines and assume that you are working at a grade below senior at a company which is not a FAANG. I’m also assuming that you feel that you are ready and that you’ve already done the obvious, read the books, practiced questions etc.
Your senior eng interview has 3 facets, coding, system design and behavioral.
Your levers to do better at each are:
- To get better at coding interviews, interview more candidates. Seeing what others do well and less well is very helpful. This really applies to all sorts of interviews but IMO is most helpful for coding interviews.
- To get better at system design interviews, read more design docs at your existing company, attend more design reviews, and force yourself to participate. Comment, ask questions. It doesn’t matter if you’re off the mark. See what doesn’t make sense to you and challenge it.
- To get better at behavioral interviews, read your perf packets and the feedback from your coworkers. Read the docs that you wrote on your career plans (If you don’t have any, ask yourself why and start one). Reflect, regularly, on what has been hardest in your career, what you have done very well, where you struggled, what you would do differently.
I’d like to answer first in general — about attrition rates in the tech sector — and then about Amazon specifically.
Industry-Wide Retention
Retention in the US high-tech industry is very challenging. I believe there are two main reasons for that.
First, there is an acute shortage of qualified workers, which means companies are desperate to get employees anywhere they can, including — sometimes mainly — by poaching them from other companies. This is why so many companies moved into the Seattle East Side in the ’90s or South Lake Union in the last five years, for example: to poach from Microsoft and Amazon, respectively.
I remember the crazy late-90’s in the Israel high-tech industry. People would come in, work for 6–12 months, then jump ship for a fancier title and a bump in pay. It was insane; it was disgusting (I mean that literally: I would sometimes feel physically sick thinking about how stupid it all was.)
The second reason — which I’m not as certain about — is that the high-tech industry is so incredibly dynamic. Things change constantly: new companies spring up and grow like crazy (Uber anyone?); “old” companies that were considered the cream of the crop a couple of years ago are suddenly untouchable (Yahoo!). New technologies explode onto the scene and old ones stagnate.
Not only does that create a lot of churn as companies keep growing and shrinking; it also creates incredible pressure on tech workers to stay on top of their game. We’re always looking for the next big technology, the next big field, then next big product… The sad part is that a lot of it is just hype, but the psychological pressure is real enough, and it makes people move around always looking for the next great opportunity.
Amazon
The reason I want to talk about Amazon — which generally suffers from the same problems I’ve described above — is that there’s a perception in the public that Amazon is somehow worse than the rest of the industry; that it has awful attrition, because it’s a terrible place to work. I’ve tackled that in a couple of other answers (e.g. this one and this one), but it’s a very persistent myth.
Much of the fault is in reports like this one from PayScale, which then get regurgitated in hundreds of stories like this one (from BuzzFeed). The basic story seems very simple: the average tenure of an Amazon employee is about a year, which is — undoubtedly — really low, even in tech-industry terms.
That’s a great example of (supposedly) Benjamin Disraeli’s famous quote, “lies, damned lies and statistics”. There are at least two reasons why this number is completely meaningless:
- Short tenure does not mean high attrition: in the last 6–7 years the number of employees at Amazon has grown exponentially, and I mean this literally:
- Source: Amazon: number of employees 2017 | Statista
This means that at any time, pretty much, about 20–40% of all Amazon employees have joined less than a year ago. It’s no really surprising that they have a short tenure, is it?
Measuring retention is not trivial, but this methodology is just plain dumb (or maybe intentionally misleading). - Amazon is not (only) a tech company: sure, if you compare Amazon to Google and Facebook it comes out bad. But unlike those companies, the majority of Amazon employees are not tech workers. They’re warehouse workers, drivers, customer-service people, etc. Many of them are temp workers, and many others are not considering the job as a career.
There is a good discussion to be had about how Amazon treats these workers and whether it can do better, but it makes no sense to compare it with Microsoft or Apple; Walmart and Target would be much better comparisons.
A Twitter List by enoumen
AWS Azure Google Cloud Certifications Testimonials and Dumps
Do you want to become a Professional DevOps Engineer, a cloud Solutions Architect, a Cloud Engineer or a modern Developer or IT Professional, a versatile Product Manager, a hip Project Manager? Therefore Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career.
85% of hiring managers say cloud certifications make a candidate more attractive.
Build the skills that’ll drive your career into six figures.
In this blog, we are going to feed you with AWS Azure and GCP Cloud Certification testimonials and Frequently Asked Questions and Answers Dumps.
#djamgatech #aws #azure #gcp #ccp #az900 #saac02 #saac03 #az104 #azai #dasc01 #mlsc01 #scsc01 #azurefundamentals #awscloudpractitioner #solutionsarchitect #datascience #machinelearning #azuredevops #awsdevops #az305 #ai900
- Is MeasureUp Microsoft Official Practice Test AZ-900 a good study material to prepare for exam AZ-900: Microsoft Azure Fundamentals?by /u/NeHeMueL (Microsoft Azure Certifications) on June 27, 2022 at 4:15 am
Hi folks, I've been studying for the exam AZ-900 with MS Learn, and I had received a MeasureUp practice test key. So, I would to know, how accurate is the MeasureUp Microsoft Official Practice Test AZ-900 compare to the real exam? submitted by /u/NeHeMueL [link] [comments]
- Is it possible to avoid being charged for Azure disk storage?by /u/SpartanJ5 (Microsoft Azure Certifications) on June 27, 2022 at 3:13 am
I created an Azure account earlier this year so that I can have a lab environment to play around in to get experience that would eventually help me start on the path of getting certified as well as general experience since I don't currently use Azure for my current work duties. However, I have been getting charged $6 each month event though my vm has been shut down and deallocated for a few months now. I finally logged in to see what I can do about it and discovered that it appears I am being charged for the disk space for my OS. Is there a way around not being charged other than deleting my vm and storage each time I try and do some lab work? BTW, I've already exhausted the free azure subscription quite some time ago so that's not an option. submitted by /u/SpartanJ5 [link] [comments]
- AZ-104 - Can someone help me with this DNS question?by /u/ericjansen88 (Microsoft Azure Certifications) on June 26, 2022 at 7:17 pm
I dont understand this question. What does the DNS suffix configured inside the Windows Server tell us? https://preview.redd.it/0t2g7npim0891.png?width=1187&format=png&auto=webp&s=353261b9638c7ddaeee1619d3faa5137e3c1f8d1 submitted by /u/ericjansen88 [link] [comments]
- New AZ-900by /u/okja11 (Microsoft Azure Certifications) on June 26, 2022 at 5:19 pm
Folks who have taken or have an idea about the new AZ-900: How's it different from the old version in terms of a) scope and b) difficulty? Are the old resources cited in this group still relevant? If NOT, 3) Can you suggest new materials? Thank you!!! submitted by /u/okja11 [link] [comments]
- Azure Databricks Platform Admin Certificationby /u/riverrockrun (Microsoft Azure Certifications) on June 26, 2022 at 1:30 pm
Has anyone taken the "Azure Databricks Platform Admin Certification" from Databricks? If so, what are the best practice tests to try? I found some on Udemy but they have a low rating. Don't want dumps but some legit practice tests to learn from. I've been through the Databricks learning plan for the platform but would like to take a few practice tests before spending $200 on the real one. Thanks! submitted by /u/riverrockrun [link] [comments]
- AZ 400 - Labs or no Labs?by /u/ahmedtm1 (Microsoft Azure Certifications) on June 26, 2022 at 5:05 am
I have my exam on 30 June. I'm giving online exam. I have some questions, regarding to exam. - Should I expect labs in my exam? - If yes, then what should I prepare for labs. - How much marks for labs? - How many labs? - What will be the complexity of these labs. - How much time shall I have? Some says labs are no longer included in exam. Is that true? Also, if there's any learning resources for labs, pls share. Thanks submitted by /u/ahmedtm1 [link] [comments]
- AZ 900 Study Materialby /u/ogvoidwalker2014 (Microsoft Azure Certifications) on June 26, 2022 at 2:30 am
Hey everyone, Studying for Azure Fundamentals cert with MS Learn, Adam Marczak, and John Savill material. I want to make sure I’m studying the most current version of the exam. Has the exam changed much over the years? Any other places I should study from? Thanks! submitted by /u/ogvoidwalker2014 [link] [comments]
- Passed AZ-900 todayby /u/cloudsandbox (Microsoft Azure Certifications) on June 26, 2022 at 12:48 am
Spend all of one week reviewing and then took the AZ-900 today and passed with an 835. I expected it to be a bit tougher. Great experience though. John Savill’s videos and Microsoft Learn were enough for it. Next is the AZ-104, which I know is not going to be easy. I am going to set a goal of getting it with it 3 months though. submitted by /u/cloudsandbox [link] [comments]
- How to study for AZ-104by /u/job_equals_reddit (Microsoft Azure Certifications) on June 25, 2022 at 7:57 pm
Hi guys, I currently work as L1/L2 helpdesk and am looking to upskill myself by learning how to Administrate Azure. My current game plan: Watch the AZ-104 course on FreeCodeCamp and follow along if they have labs Read Exam Ref AZ-104 cover-to-cover Do the labs on the Microsoft Github page Will this be a recipe for first time success? I'm basing this gameplan on how I'm studying for the CCNA. Please help as I'd really like to learn and acquire this certificate. submitted by /u/job_equals_reddit [link] [comments]
- Would you say getting certified is enough to work as a Cloud Architect/Engineerby /u/CerealBit (Microsoft Azure Certifications) on June 25, 2022 at 10:49 am
How could would you say do the certs (especially Associate + Expert) prepare you for a job as a Cloud Architect? Would you say you feel competent enough to consult a customer in this context and design cloud native architecture afterwards (learning-on-the-job pretty much)? I'm currently working as a senior consultant and software engineer (7 years of experience). I have two offers with Senior Cloud Architect positions. I designed a SaaS architecture in Azure but only have around 1 year of cloud experience in the cloud. I have some doubts about my skillset, given that I know some Senior Cloud Architects with < 10 years of experience... Thanks! submitted by /u/CerealBit [link] [comments]
- Passed AZ-900 and MS-900 both in same week!by /u/EnthusiasmCrafty5986 (Microsoft Azure Certifications) on June 25, 2022 at 10:12 am
Used Adam Marczak to pass AZ-900, passed in two weeks spending a couple of hours a night. MS-900 passed after two days of study. Planning on now completing AZ-104, I use Azure typically daily in my Senior IT Engineer role over the last couple of months. How long has it taken people with similar experience with Azure to pass AZ-104? What is the best way to prepare, planning on using John Savill’s study material as I’m more of a doer/visual learner than written? Also hoping my firm will soon close their deal with LinkedIn learning so I can use that platform too. Any advice also appreciated! submitted by /u/EnthusiasmCrafty5986 [link] [comments]
- Obligatory I passed my AZ-900 earlier this morningby /u/Skandiluz (Microsoft Azure Certifications) on June 24, 2022 at 11:24 pm
As the title says, spent around 2 weeks studying for it. I was initially typing notes out, as I always do, but about a week into it, I was only on module 2. I decided to just learn visually and poke around in the Azure portal while reading the docs. Scheduled my exam for today and finished it in about 20 minutes. Here’s how I did it, for anyone looking to take it. Used the MS Learn for Azure Fundamentals. I did every single unit including the examples. A After this I did the first exam from TutorialsDojo and got a 75%. Felt really good about that. Did a little more studying and took the second exam, got a 64%. Turns out I had a lot of gaps. Went through John Savills exam cram and used the az-900 playlist for specific videos. Took the TD exam 2 again, got an 85%. Yesterday, I on and off studied all day, mostly in spurts so I wouldn’t try to cram too much. I did exam 3 last night and got an 70% and the final exam an hour after the 3rd in which I got a 90%. As of now, I’m already jumping straight into the AZ-104 then I’ll probably take the SC-900 followed by the AZ-500 submitted by /u/Skandiluz [link] [comments]
- Would getting Azure certifications while already working in Azure DevOps justify me to ask for higher compensation?by /u/DelicateJohnson (Microsoft Azure Certifications) on June 24, 2022 at 9:40 pm
I moved up in my company to Junior DevOps Engineer and have been studying various AZ-400 courses pick and choosy like to help me grasp what I need to do in the moment. Usually once I get the basics I then work with other members of my team to create solutions. I only have my AZ-900, and to get the AZ-400 I need to do the AZ-104 or AZ-204. I feel a bigger affinity to the AZ-204 since I have a strong C# and Powershell background and automation and program concepts are easy for me. Be that as it may, would it be worth my time to get the AZ-204 and AZ-400 in that it would give me more negotiating power for higher compensation, or since I am already doing the job should my projects and experience be worth more at this point than certs? tl;dr are azure certs more important to get your foot in the door or do they still hold value if you are already in the door submitted by /u/DelicateJohnson [link] [comments]
- Azure Data Science Associate for Rby /u/BigDeezerrr (Microsoft Azure Certifications) on June 24, 2022 at 4:13 pm
I am a Data Scientist looking to pickup the Azure Data Scientist Associate certification. I noticed all lessons use Python as the statistical programming language of choice. Azure supports the R programming language, which I primarily use for my work. Does anyone know if there is a certification version that uses R for the lessons? https://docs.microsoft.com/en-us/learn/certifications/azure-data-scientist/#certification-exam-disclaimers submitted by /u/BigDeezerrr [link] [comments]
- AZ-500 Fail Helpby /u/LET828 (Microsoft Azure Certifications) on June 24, 2022 at 3:37 pm
Question - I have just taken the AZ 500 and scored 643 (Fail) I had a scenario at the end with 9 tasks first 2 were ok, Register an app and then create a directory with User1. The next task is where things went horribly wrong it wanted me to setup a virtual network to Virtual network VMT1 -VMT2, I searched the resources found the virtual network but then it took me to the register free trial page, I checked the subscriptions and there weren't any, I wasn't able to complete any of the other tasks for the same reason was I doing something stupid any advice would be helpful. submitted by /u/LET828 [link] [comments]
- Passed MS-500 todayby /u/Nan0_0 (Microsoft Azure Certifications) on June 24, 2022 at 12:32 pm
Today i passed the MS-500 after 5 weeks of studying almost every evening. I used the following resources: MS-500 Exam guide book by: Peter Rising MS-500 Udemy course by: John Cristopher My own M365 developer tenant MeasureUP practise test submitted by /u/Nan0_0 [link] [comments]
- Certified Azure Fundamentalsby /u/PeeIsFresh (Microsoft Azure Certifications) on June 24, 2022 at 10:43 am
Passed on June 9. No breaks. I jumped on the path of Windows Server Hybrid Administrator Associate 1st. AZ-800 I don't realize the depth of AD DS and the generous amount I actually know. I still call it, what I meet it as 24 years ago: ADS submitted by /u/PeeIsFresh [link] [comments]
- AZ-720 results have been released!by /u/notapplemaxwindows (Microsoft Azure Certifications) on June 24, 2022 at 9:19 am
Results have been release for the AZ-720. Well done to all those who have passed! submitted by /u/notapplemaxwindows [link] [comments]
- AZ-900 PearsonVue Practice Testsby /u/Wonderful_Jacket_371 (Microsoft Azure Certifications) on June 24, 2022 at 9:04 am
I have been practicing with PearsonVue. Has this been a sufficient exam-prep for anybody else? submitted by /u/Wonderful_Jacket_371 [link] [comments]
- AZ-104 retakeby /u/JacobTriesTech (Microsoft Azure Certifications) on June 24, 2022 at 8:34 am
AZ-104 is the only AZ exam that I need to retake. Does anyone have any tips on what to expect, and do I just use the same learning material I used as when I first studied for the exam? submitted by /u/JacobTriesTech [link] [comments]
- fastest way to pass az-900 examby /u/theghostsaaa (Microsoft Azure Certifications) on June 24, 2022 at 5:48 am
Hello all, i wanted to take my az-900 exam soon, and i already studied it via adam course and finished watching the ms learn videos "still didn't get my voucher yet" is there a way to do a full review and preparation for the exam in few hours? Thank you all, submitted by /u/theghostsaaa [link] [comments]
- Passed the SC-400 today!by /u/fuzzyfrank (Microsoft Azure Certifications) on June 23, 2022 at 11:21 pm
Now I have the MS-500, AZ-500, and SC-400. Gonna work my way through the other SCs and try to get the SC-100 by January, hopefully! submitted by /u/fuzzyfrank [link] [comments]
- I passed Azure 900 today.by /u/bluehawana (Microsoft Azure Certifications) on June 23, 2022 at 9:44 pm
It is not that hard so I passed with 835 of 900 in 30 mins. Many questions regarding PAAS, IAAS, SAAS, so you must make sure you know them entirely. Just schedule the exam and pass it to start your cloud career. By the way, I used Microsoft voucher to take the exam for free by attenting Microsoft training day. I hope you guys good luck with your certifications and could take this advantage as well. Happy midsommar for all Swedish people by the way. submitted by /u/bluehawana [link] [comments]
- AI-900 down and only SC-900 to go before choosing a track.by /u/Kenobicheated (Microsoft Azure Certifications) on June 23, 2022 at 9:16 pm
AI-900 wasn't bad at all. The MeasureUP covered the content quite well and John Savill Cram was the icing on test day of course. SC-900 surprising seems to contain much from AZ-900 but only more in depth so I'm encouraged so far. submitted by /u/Kenobicheated [link] [comments]
- New courses and updates from AWS Training and Certification in June 2022by Training and Certification Blog Editor (AWS Training and Certification Blog) on June 23, 2022 at 4:29 pm
Check out the latest courses and offerings from AWS Training and Certification, including courses on managing containers, serverless solutions, hybrid storage solutions, large-scale workloads, AWS configurations, machine learning fundamentals, AWS billing & cost management, and common cloud workload use cases for the financial services industry.
- 30% off of Microsoft official practice tests from MeasureUp.by /u/teriaavibes (Microsoft Azure Certifications) on June 23, 2022 at 2:11 pm
submitted by /u/teriaavibes [link] [comments]
- General availability: Edge Secured-Core for Windows IoTby Azure service updates on June 22, 2022 at 4:00 pm
Edge Secured-Core is a certification program that extends the Secured-Core label into IoT and Edge devices.
- The timing’s right for recent graduates to develop cloud skillsby Kevin Kelly (AWS Training and Certification Blog) on June 21, 2022 at 6:26 pm
Editor’s note: This post is a letter to recent graduates from Kevin Kelly, the director of Cloud Career Training Programs at Amazon Web Services (AWS). He shares his cloud education and training philosophy and how it will continue to impact our daily lives. He includes advice on cloud learning for graduates to consider while exploring
- AWS re/Start program provides cloud education to refugeesby Training and Certification Blog Editor (AWS Training and Certification Blog) on June 20, 2022 at 4:13 pm
AWS re/Start is proud to announce the launch of a new cohort in Amsterdam. On World Refugee Day, AWS, Accenture, and Refugee Talent Hub are joining forces to help refugees in The Netherlands reskill into cloud computing careers.
- New Twitch Series – AWS Cloud Quest: Cloud Practitioner launches June 22by Lauren Cutlip (AWS Training and Certification Blog) on June 20, 2022 at 4:01 pm
Interested in cloud computing but looking for a fun, interactive, and informal learning option? Join us for the free, six-episode Twitch Series, AWS Cloud Quest: Cloud Practitioner to learn Amazon Web Services (AWS) Cloud concepts in a live gaming environment.
- Google helps Indonesia advance education on cloud, machine learning, and mobile development through Bangkit academyby (Training & Certifications) on June 16, 2022 at 4:00 pm
Indonesia is leading the way for digital transformation in Southeast Asia. According to Google’s e-Conomy South East Asia report, the country’s 2030 Gross Merchandise Value - the value of online retailing to consumers - could be twice the value of the whole of Southeast Asia today. This growth means that many companies need more qualified IT graduates and employees with digital skills than they have today. Fast-growing tech companies need more qualified IT graduates, and employees with digital skills. According to the World Bank, Indonesia needs an additional nine million people with digital skills by 2030. The shortage of technical talent reiterates the need to invest in a reliable skills pipeline. Following years of digital talent developments in Indonesia, Google has become a supporter of Bangkit, an academy designed to produce high-caliber technical talent for Indonesian technology companies and startups. Bangkit has facilitated a multi-stakeholder collaboration between Google, government, industry, and universities across Indonesia. Last year, the President of Indonesia and the Ministry of Education and Culture, Research, and Technology, acknowledged Bangkit’s significant impact, with 3,000 students completing nearly 15,000 courses and specialisations. Building on last year’s success, Bangkit started its 2022 program in February, offering three learning paths to students:Cloud computing with Google Cloud, preparing students for the Google Associate Cloud Engineer certification. Some of the course components are also available online Mobile development with Android, preparing students for the Google Associate Android Developer exam. An online version is available here. Machine learning with Tensorflow, getting students ready to take the Tensorflow Developer certification. Some of the online courses are available here for others.Bangkit 2022 has enrolled 3,100 university students who will take a five month study course, obtaining university study credit, as well as industry certifications. The program accepts diverse cohorts of people who are passionate about preparing for a tech career in the near future, with support and encouragement for women, people with disabilities, and students from across Indonesia to apply. Since its pilot in 2019, Bangkit has been guided by three principles: Industry-led: provides curriculum and instructors from industry experts, including Google, GoTo and Traveloka. Instructors include key figures such as Laurence Moroney (Google, Lead AI Advocate), Google Developer Experts, and other committed professionals. Immersive: combines online learning methods conducted in both individual and group settings. Interdisciplinary: contains knowledge and best practices in tech, soft skills, and English to provide complete career readiness. The program runs from February to July 2022, and has a 900-hour curriculum throughout the 18-week learning experience. Benefits for students participating in Bangkit include:Study credit conversion Job opportunities at our career fairGoogle Cloud, TensorFlow and AAD exam vouchersIncubation funds and mentorship support from industryTowards the end of Bangkit 2022, students will team up for the Capstone Project challenge to propose solutions to some of the nation’s most pressing problems, such as environmentalism, accessibility, and more. The top 15 teams will be selected to receive funding to incubate their capstone projects. These education and career-preparedness offerings are provided at no cost.Google is partnering with industry, governments, universities, and employers to help meet the skill demands of today. From supporting the State of Ohio to offer tech skills to residents, to working with the University of Minnesota-Rochester to create a customized health sciences degree program, Google is here to help our partners prepare those they serve for a cloud-first world.
- Steps to start your AWS Certification journeyby Siddharth Pasumarthy (AWS Training and Certification Blog) on June 15, 2022 at 5:31 pm
Are you contemplating pursuing an AWS Certification? Learn about the different levels of certification and how to prepare with the training resources available from AWS.
- Unveiling the 2021 Google Cloud Partner of the Year Award Winnersby (Training & Certifications) on June 14, 2022 at 3:50 pm
It’s time to celebrate! Join us in congratulating the 2021 Google Cloud Partner of the Year Award winners. As cloud computing and emerging technologies improve how we connect, share information, and conduct business, these partners helped customers turn challenges into opportunities. We’re proud to work alongside our partners and support customers as they innovate their businesses and accelerate their digital transformations. Congratulations to these winners for their creative spirit, collaborative drive, and customer-first approach; we are proud to recognize you and to call you our partners!Kudos to the 2021 winners:We're proud, grateful, and—above all—excited for what's next. As our network of partners continues to grow, we invite you to learn more about the Google Cloud Partner Advantage Program and how you can get involved by visiting our partner page.Related ArticleCelebrating the winners of the 2021 Google Cloud Customer AwardsCustomers have won Google Cloud Awards for innovation, excellence and transformation during another exciting year in the cloud.Read Article
- Google Cloud supports higher education with Cloud Digital Leader programby (Training & Certifications) on June 8, 2022 at 4:00 pm
College and university faculty can now easily teach cloud literacy and digital transformation with the Cloud Digital Leader track, part of the Google Cloud career readiness program. The new track is available for eligible faculty who are preparing their students for a cloud-first workforce. As part of the track, students will build their cloud literacy and learn the value of Google Cloud in driving digital transformation, while also preparing for the Cloud Digital Leader certification exam. Apply today!Cloud Digital Leader career readiness trackThe Cloud Digital Leader career readiness track is designed to equip eligible faculty with the resources needed to prepare their students for the Cloud Digital Leader certification. This Google Cloud certification requires no previous cloud computing knowledge or hands-on experience. The training path enables students to build cloud literacy and learn how to evaluate the capabilities of Google Cloud in preparation for future job roles. The curriculumFaculty members can access this curriculum as part of the Google Cloud Career Readiness program. Faculty from eligible institutions can apply to lead students through the no-cost program which provides access to the four-course on-demand training, hands-on practice to supplement the learning, and additional exam prep resources. Students who complete the entire program are eligible to apply for a certification exam discount. The Cloud Digital Leader track is the third program available for classroom use, joining the Associate Cloud Engineer and Data Analyst tracks. Cloud resources for your classroomReady to get started? Apply today to access the Cloud Digital Leader career readiness track for your classroom. Read the eligibility criteria for faculty. You can preview the course content at no cost.Related ArticleRead Article
- AWS Training now available to FutureLearn’s diverse learner communityby Training and Certification Blog Editor (AWS Training and Certification Blog) on June 7, 2022 at 4:42 pm
Our newest AWS Training Partner, FutureLearn, now offers two foundational courses to their diverse community of learners to take their first step toward building cloud knowledge - no prior experience necessary . . .
- Wanna learn Cloud & Devops?by /u/ahmedtm1 (Google Cloud Platform Certification) on June 5, 2022 at 10:41 am
I have created a repo that includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes. Keep learning and Pls share. Also, feel free to contribute. Repo link: https://github.com/ahmedtariq01/Cloud-DevOps-Learning-Resources submitted by /u/ahmedtm1 [link] [comments]
- Instructor led training for google cloud professional solution architect certification examby /u/asolanki1991 (Google Cloud Platform Certification) on June 2, 2022 at 10:51 am
Please advise which is the best instructor led training for google cloud professional solution architect certification exam . I don't want just pass exam , I want to have practical knowledge which is required in the industry. submitted by /u/asolanki1991 [link] [comments]
- Would completing this path be enough for GCP ML Engineer Certification?by /u/FlanTricky8908 (Google Cloud Platform Certification) on May 29, 2022 at 7:01 am
I am going through this learning path offered by Google itself: https://cloud.google.com/training/machinelearning-ai/#data-scientist-learning-path Does anyone have experience with it? Will I need to study anything else before I can confidently take ML Engineer exam? submitted by /u/FlanTricky8908 [link] [comments]
- Why IT leaders choose Google Cloud certification for their teamsby (Training & Certifications) on May 27, 2022 at 4:00 pm
As organizations worldwide move to the cloud, it’s become increasingly crucial to provide teams with confidence and the right skills to get the most out of cloud technology. With demand for cloud expertise exceeding the supply of talent, many businesses are looking for new, cost-effective ways to keep up.When ongoing skills gaps stifle productivity, it can cost you money. In Global Knowledge’s 2021 report, 42% of IT decision-makers reported having “difficulty meeting quality objectives” as a result of skills gaps, and, in an IDC survey cited in the same Global Knowledge report, roughly 60% of organizations described a lack of skills as a cause for lost revenue. In today’s fast-paced environment, businesses with cloud knowledge are in a stronger position to achieve more. So what more could you be doing to develop and showcase cloud expertise in your organization?Google Cloud certification helps validate your teams’ technical capabilities, while demonstrating your organization’s commitment to the fast pace of the cloud.What certification offers that experience doesn’t is peace of mind. I’m not only talking about self-confidence, but also for our customers. Having us certified, working on their projects, really gives them peace of mind that they’re working with a partner who knows what they’re doing. Niels Buekers, managing director at Fourcast BVBAWhy get your team Google Cloud certified?When you invest in cloud, you also want to invest in your people. Google Cloud certification equips your teams with the skills they need to fulfill your growing business. Speed up technology implementation Organizations want to speed up transformation and make the most of their cloud investment.Nearly 70% of partner organizations recognize that certifications speed up technology implementation and lead to greater staff productivity, according to a May 2021 IDC Software Partner Survey. The same report also found that 85% of partner IT consultants agree that “certification represents validation of extensive product and process knowledge.”Improve client satisfaction and successGetting your teams certified can be the first step to improving client satisfaction and success. Research of more than 600 IT consultants and resellers in a September 2021 IDC study found that “fully certified teams met 95% of their clients’ objectives, compared to a 36% lower average net promoter score for partially certified teams.”Motivate your team and retain talentIn today’s age of the ongoing Great Resignation, IT leaders are rightly concerned about employee attrition, which can result in stalled projects, unmet business objectives, and new or overextended team members needing time to ramp up. In other words, attrition hurts.But when IT leaders invest in skills development for their teams, talent tends to stick around. According to a business value paper from IDC, comprehensive training leads to 133% greater employee retention compared to untrained teams. When organizations help people develop skills, people stay longer, morale improves, and productivity increases. Organizations wind up with a classic win-win situation as business value accelerates. Finish your projects ahead of scheduleWith your employees feeling supported and well equipped to handle workloads, they can also stay engaged and innovate faster with Google Cloud certifications. “Fully certified teams are 35% more likely than partially certified teams to finish projects ahead of schedule, typically reaching their targets more than two weeks early,” according to research in an IDC InfoBrief.Certify your teamsGoogle Cloud certification is more than a seal of approval – it can be your framework to increase staff tenure, improve productivity, satisfy your customers, and obtain other key advantages to launch your organization into the future. Once you get your teams certified, they’ll join a trusted network of IT professionals in the Google Cloud certified community, with access to resources and continuous learning opportunities.To discover more about the value of certification for your team, download the IDC paper today and invite your teams to join our upcoming webinar and get started on their certification journey.Related ArticleHow to become a certified cloud professionalHow to become a certified cloud professionalRead Article
- GETTING THIS ERROR DEPLOYING FUNCTION WHAT WILL DO WNYONE TELL MEby /u/CutEnvironmental3615 (Google Cloud Platform Certification) on May 27, 2022 at 12:06 pm
submitted by /u/CutEnvironmental3615 [link] [comments]
- New courses and updates from AWS Training and Certification in May 2022by Training and Certification Blog Editor (AWS Training and Certification Blog) on May 24, 2022 at 4:25 pm
Check out news and updates from AWS Training and Certification for cloud learners, AWS customers, and AWS Partners for May 2022. New digital courses focus on cloud essentials, networking basics, compute, container management, and audit activities. Classroom training also is available for learning about securing workloads on the AWS Cloud and building a data warehousing solution, and there are certification updates for Advanced Networking – Specialty, Solutions Architect – Professional, and SAP on AWS – Specialty . . .
- Public preview: Azure Communication Services APIs in US Government cloudby Azure service updates on May 24, 2022 at 4:00 pm
Use Azure Communication Services APIs for voice, video, and messaging in US Government cloud.
- New Research shows Google Cloud Skill Badges build in-demand expertiseby (Training & Certifications) on May 19, 2022 at 4:00 pm
We live in a digital world, and the future of work is in the cloud. In fact, 61% of HR professionals believe hiring developers will be their biggest challenge in the years ahead.1During your personal cloud journey, it’s critical to build and validate your skills in order to evolve with the rapidly changing technology and business landscape.That is why we created skill badges - a micro-credential issued by Google Cloud to demonstrate your cloud competencies and your commitment to staying on top of the latest Google Cloud solutions and products. To better understand the value of skills badges to holders’ career goals, we commissioned a third-party research firm, Gallup, to conduct a global study on the impact of Google Cloud skill badges. Skill badge earners overwhelmingly gain value from and are satisfied with Google Cloud skill badges.Skill badge holders state that they feel well equipped with the variety of skills gained through skill badge attainment, that they are more confident in their cloud skills, are excited to promote their skills to their professional network, and are able to leverage skill badges to achieve future learning goals, including a Google Cloud certification. 87% agree skill badges provided real-world, hands-on cloud experience286% agree skill badges helped build their cloud competencies2 82% agree skill badges helped showcase growing cloud skills290% agree that skill badges helped them in their Google Cloud certification journey274% plan to complete a Google Cloud certification in the next six months2Join thousands of other learners and take your career to the next level with Google Cloud skill badges.To learn more, download the Google Cloud Skills Badge Impact Report at no cost.1. McKinsey Digital,Tech Talent Technotics: Ten new realities for finding, keeping, and developing talent , 20222. Gallup Study, sponsored by Google Cloud Learning: "Google Cloud Skill Badge Impact report", May 2022Related ArticleHow to prepare for — and ace — Google’s Associate Cloud Engineer examThe Cloud Engineer Learning Path is an effective way to prepare for the Associate.Read Article
- Top five reasons AWS Partners should take AWS Trainingby Training and Certification Blog Editor (AWS Training and Certification Blog) on May 16, 2022 at 4:27 pm
Are you new to an Amazon Web Services (AWS) Partner business and the cloud? Not sure where to start your cloud learning journey? It may feel daunting but AWS offers Partner-exclusive courses to make it easier to understand cloud fundamentals. In fewer than 30 minutes, you can begin boosting your confidence and credibility with both customers and your organization . . .
- When Artificial Intelligence becomes more than a passionby Training and Certification Blog Editor (AWS Training and Certification Blog) on May 5, 2022 at 6:01 pm
Learn how AWS Certifications can help you validate your knowledge and enhance your credibility. Dipayan Das updated his artificial intelligence (AI) skills with AWS Training and Certification. He shares the resources he used and the impact of his training, including his ability to add value to his organization and clients. . .
- If you are looking for a Job relating to azure try r/AzureJobsby /u/whooyeah (Microsoft Azure Certifications) on May 5, 2022 at 10:41 am
submitted by /u/whooyeah [link] [comments]
- GCP Certification missing certificatesby /u/ProtossforAiur (Google Cloud Platform Certification) on May 2, 2022 at 8:31 am
These certifications are a scam. They will provide you with a link of the certificate after that they can remove the link whenever they want. If you get certified make sure you download in pdf. Google doesn't keep backup of certificates. Yes you heard that right.we asked a copy of certification which was because the link was not working they replied they couldn't submitted by /u/ProtossforAiur [link] [comments]
- How we’re keeping up with the increasing demand for the Google Workspace Administrator roleby (Training & Certifications) on April 29, 2022 at 4:00 pm
We’ve rebranded the Professional Collaboration Engineer Certification to the Professional Google Workspace Administrator Certification and updated the learning path. To mark the moment, we sat down with Erik Geerdink from SADA to talk about how the Google Workspace Administrator role and demand for this skill set has changed over the years. Erik is a Deployment Engineer and Pod Lead. He holds a Professional Google Workspace Administrator Certificationand has worked with Google Workspace for more than six years.What was it like starting out as a Google Workspace Administrator?When I first started, I was doing Google Workspace Support as a Level 2 Administrator. At that time, there were fewer admin controls for Google Workspace. There were calendar issues, some mail routing issues, maybe a little bit of data loss prevention (DLP), but that was about it.About 5 years ago, I transferred into Google Deployment and really got to see all that went on with deploying Google Workspace and troubleshooting advanced issues. Since then, what you can accomplish in the admin console has really taken off. There’s still Gmail and Calendar configurations, but the security posture that Google offers now—they’ve really upped their game. The extent of DLP isn’t just Gmail and Drive anymore; it extends into Chat. And we’re doing a lot of Context-Aware Access to make sure users only have as much access as IT compliance allows in our deployments. Calendar interop, which allows users in different systems to see availability, has been a big area of focus as well.How has the Google Workspace Administrator role changed over the last few years? It used to be that you were a systems admin who also took care of the Google portion as well. But with Google Workspace often being the entry point to Google Cloud, we’ve had to become more knowledgeable about the platform as a whole. Now, we not only do training with Google Workspace admins for our projects, we also talk to their Google Cloud counterparts as well.Google Workspace is changing all the time, and the weekly updates that Google sends out are great. As an engineering team, every week on Wednesday, we review each Google Workspace update that’s come out to understand how they affect us, our clients, and our upcoming projects. There’s a lot to it. It’s not just a little admin role anymore. It’s a strategic technology role.What motivated you to get Google Cloud Certified?I spent the first 15 years of my career doing cold server room roles, and I knew I had to get cloudy. I wanted to work with Google, and it was a no-brainer given the organization’s reputation for innovation. I knew this certification exam was the one to get me in the door. The Professional Google Workspace Administrator certification was required to level up as an administrator and to make sure our business kept getting the most out of Google Workspace. How has the demand for certified Google Workspace Admins changed recently? Demand has absolutely gone up. We are growing so much, and we need more professionals with this certification. It’s required for all of our new hires. When I see a candidate that already has the certification, they go to the top of the list. I’ll skip all the other resumes to find someone who has this experience. We’re searching globally—not just in North America—to find the right people to fill this strategic role.Explore the new learning pathIn order to keep up with the changing demands of this role, we’ve rebranded the Professional Collaboration Engineer Certification to the Professional Google Workspace Administrator Certification and updated the learning path. The learning path now aligns with the improved admin console. We’ve replaced the readings with videos for a better learning experience: in total, we added 17 new videos across 5 courses to match new features and functionality. Earn the Professional Google Workspace Administrator Certification to distinguish yourself among your peers and showcase your skills.Related ArticleUnlock collaboration with Google Workspace EssentialsIntroducing Google Workspace Essentials Starter, a no-cost offering to bring modern collaboration to work.Read Article
- How one learner earned four AWS Certifications in four monthsby Training and Certification Blog Editor (AWS Training and Certification Blog) on April 28, 2022 at 4:16 pm
Ever wonder what it takes to earn an AWS Certification? Imagine earning four in four months. Rola Dali, a senior software developer at Local Logic, shares her experience and insights about challenging herself to do just that. She breaks down the resources she found most helpful and her overall motivation to invest in her cloud learning journey . . .
- Build your cloud skills with no-cost access to Google Cloud training on Courseraby (Training & Certifications) on April 28, 2022 at 4:00 pm
Attracting talented individuals with cloud skills is critical to success, as organizations continue to adopt and optimize cloud technology. The lack of cloud expertise and experience is a top and growing challenge for businesses as they expand their cloud footprint and search for skilled talent. To help meet this need, we are now offering access to over 500 Google Cloud self-paced labs made available on Coursera. A selected collection of the most popular self-paced labs, known as projects, are available at no cost for one month from April 28 - May 29, 2022. Learners can choose their preferred format to claim one month free access to either a top Google Cloud Project, course, Specialization or Professional Certificate.What is a lab?A lab is a learning experience where you complete a scenario based use case by following a set of instructions in a specified amount of time in an interactive hands-on environment. Labs are completed in the real Google Cloud Console and other Google Cloud products using temporary credentials, as opposed to a simulation or demo environment and take 30 - 90 minutes to complete (depending on difficulty level). Our goal is to enable you to apply your new skills and be effective immediately in real-world cloud technology settings.Many of these labs, known in Coursera as projects, include a variety of tasks and activities for you to choose from to best fit your needs. Combine bite-size individual labs to create a personalized set of learning and upskilling with clear application in a sandbox environment. Labs are available for all skill levels, and cover a wide range of topics:Cloud essentialsCloud engineering and architectureMachine learningData analytics and engineeringDevOpsHere is a roundup of some popular and trending labs right now:Getting Started with Cloud Shell and gcloudKubernetes Engine: Qwik StartIntroduction to SQL for BigQuery and Cloud SQLMigrating a Monolithic Website to Microservices on Google Kubernetes EngineGet a feel for the lab experienceCreating a Virtual Machine is one of our most popular labs, taking place directly in Google Cloud Console. In this beginner level project, you will learn how to create a Google Compute Engine virtual machine and understand zones, regions and machine types. It takes 40 minutes to complete and you’ll earn a shareable certificate.As an example of more advanced content, Predict Baby Weight with TensorFlow on AI Platformrequires experience to train, evaluate and deploy a machine learning model to predict a baby’s weight. The lab activities are completed in a real cloud environment, not in a simulation or demo environment. It takes 90 minutes to complete and you will earn a shareable certificate.Kick off your no-cost learning journey todayFor direct access to self-paced labs, we recommend that you get started by taking a look at Coursera’s Collection Page, where you can browse labs/projects by our most popular topics, or explore the full catalog to find the cloud projects that are right for your career goals by browsing Google Cloud ‘projects’ on Coursera.The month of free Google Cloud learning on Coursera is available from April 28 - May 29, 2022, so join us to evolve your skill set and cloud knowledge.Ready to start your learning Google Cloud at no-cost for 30 days? Sign uphere.Related ArticleTraining more than 40 million new people on Google Cloud skillsTo help more than 40 million people build cloud skills, Google Cloud is offering limited time no-cost access to all training contentRead Article
- 3 tier application gcp terraform codeby /u/savetheQ (Google Cloud Platform Certification) on April 25, 2022 at 7:48 pm
Hi folks, anyone has some sample git for 3 tier application gcp terraform code. submitted by /u/savetheQ [link] [comments]
- Professional Cloud Architect - materials recommendations needed.by /u/theGrEaTmPm (Google Cloud Platform Certification) on April 24, 2022 at 10:56 am
Hi, What materials did you use when preparing for Professional Cloud Architect? Do you have any proven materials? How much time did you spend getting ready for the exam? Thanks in advance for your help. submitted by /u/theGrEaTmPm [link] [comments]
- How to prepare for — and ace — Google’s Associate Cloud Engineer examby (Training & Certifications) on April 22, 2022 at 4:00 pm
Do you want to get out of the server room and into the cloud? Now’s the time to sign up for our Cloud Engineer Learning Path — now with the newly refreshed Preparing for the Associate Cloud Engineer certification course — and start working toward your Associate Cloud Engineer certification. Earning your Associate Cloud Engineer certification sends a strong signal to potential employers about what you can accomplish in Google Cloud. Associate Cloud Engineers can deploy and secure applications and infrastructure, maintain enterprise solutions to ensure they meet performance metrics, and monitor the operations of multiple projects in the cloud. Associate Cloud Engineers have also demonstrated that they can use the Google Cloud Console and the command-line interface to maintain and scale deployed cloud solutions that leverage Google-managed or self-managed services on Google Cloud.Many Associate Cloud Engineers come from the on-premises world of racking and stacking servers and are ready to upgrade their skills to the cloud era. Achieving an Associate Cloud Engineer certification is a great step towards growing a career in IT, opening you up to become a cloud developer or architect, cloud security engineer, cloud systems engineer, or network engineer, among others.The Associate Cloud Engineer learning pathBefore attempting the Associate Cloud Engineer exam, we recommend that you have 6+ months hands-on experience with Google Cloud products and solutions. While you’re gaining that experience, a good way to enhance your preparation is to follow the Cloud Engineer Learning Path, which consists of on-demand courses, hands-on labs, and the opportunity to earn skill badges. Here are our recommended steps:1. Understand what’s on the exam: Review the exam guide to determine if your skills align with the topics on the exam.2. Create your study plan with the Preparing for Your Associate Cloud Engineer Journey: This course helps you structure your preparation for the Associate Cloud Engineer exam. You will learn about the Google Cloud domains covered by the exam and how to create a study plan to improve your domain knowledge.3. Start preparing: Follow the Cloud Engineer learning path, where you’ll dive into Google Cloud services such as Compute Engine, Google Kubernetes Engine, App Engine, Cloud Storage, Cloud SQL, and BigQuery. 4. Earn skills badges: Demonstrate your growing Google Cloud skills by sharing your earned skill badges along the way. Skill badges that will help you prepare for the Associate Cloud Engineer certification include:Perform Foundational Infrastructure Tasks in Google CloudAutomating Infrastructure on Google Cloud with TerraformCreate and Manage Cloud ResourcesSet Up and Configure a Cloud Environment in Google Cloud5. Review additional resources: Test your knowledge with some sample exam questions here.6. Certify: Finally, register for the exam and select whether to take it remotely or at a nearby testing center. Start your prep to become an Associate Cloud Engineer Take the next step towards becoming a cloud engineer and develop the recommended hands-on experience by earning the recommended skill badges. Register here and get 30 days free access to the cloud engineer learning path on Google Cloud Skills Boost!Related ArticleThis year, resolve to become a certified Professional Cloud Developer – here’s howFollow this Google Cloud Skills Boost learning path to help you earn your Google Cloud Professional Developer certification.Read Article
- New to GCP and looking for a study group!by /u/sulliv16 (Google Cloud Platform Certification) on April 19, 2022 at 4:15 pm
As the title states, I am starting my venture into GCP and would love to get connected with a few people to help with accountability and share insight as we learn! I have around 3 years working with AWS and have my solutions architect professional and security specialty very there. I know next to nothing about GCP, but am very familiar with cloud concepts and it has been my work focus the past 2 years. Let me know if you would interested to link up and start learning together! Thanks all submitted by /u/sulliv16 [link] [comments]
- GCP Professional Cloud Architect Certification Blog.by /u/HamanSharma (Google Cloud Platform Certification) on April 17, 2022 at 12:24 am
Check out the preparation guide for GCP Cloud Architect Certification with tips and resources - https://blog.reviewnprep.com/gcp-cloud-architect. Hope this helps everyone preparing for this certification. submitted by /u/HamanSharma [link] [comments]
- Introducing the Professional Cloud Database Engineer certificationby (Training & Certifications) on April 12, 2022 at 3:00 pm
Today, we’re pleased to announce the new Professional Cloud Database Engineer certification, in beta, to help database engineers translate business and technical requirements into scalable and cost-effective database solutions. By participating in the beta, you will directly influence and enhance the learning and career path for other Cloud Database Engineers. And upon passing the exam, you will become one of the first Google Cloud Certified Cloud Database Engineers in the industry. The cloud database space is evolving rapidly with the worldwide cloud database market projected to reach $68.5 billion by 2026. As more databases move to fully managed cloud database services, the traditional database engineer is now being tasked to handle more nuanced and advanced functions. In fact, there is a massive need for database engineers to lead strategic decision-making and distinguish themselves with a more developed and advanced skill set than what the industry previously called for. Why the certification is importantCloud Database Engineers are critical to the success of your organization and that’s why this new certification from Google Cloud is so important. These engineers are uniquely skilled at designing, planning, testing, implementing, and monitoring databases including migration processes. Additionally, they provide the right guidance about which databases are best for a company’s specific use cases and they’re able to guide developers when making decisions about which databases to use when building applications. These engineers lead migration efforts while ensuring customers are getting the most out of their database investment. This new certification will validate a developer’s ability to: Design scalable cloud database solutionsManage a solution that can span multiple databasesPlan and execute on database migrationsDeploy highly scalable databases in Google CloudBefore your exam, be sure to check out the exam guide to familiarize yourself with the topics covered, and round out your skills by following the Database Engineer Learning Path which includes online training, in-person classes, hands-on labs, and additional resources to help you prepare for your exam. I am excited to welcome you to the program. Sign up now and save 40% on the cost of the certification.Related ArticleGoogle Cloud’s key investment areas to accelerate your database transformationThis blog focuses on the 6 key database investment areas that help you accelerate your digital transformation journey.Read Article
- Train your organization on Google Cloud Skills Boostby (Training & Certifications) on April 7, 2022 at 1:00 pm
Enterprises are moving to cloud computing at an accelerated pace, estimating that 85% of enterprises will adopt a cloud first principle by 2025 (Gartner®, Gartner says Cloud will be the Centerpiece of the New Digital Experience, Laurence Goasduff, November 10, 2021). There are countless reasons why enterprises are moving to the cloud - from reduced IT costs and increased scalability, to improved security and efficiency. However this rapid change has presented a challenge - how will organizations build the skills they need to accelerate cloud adoption within their organization? The answer is comprehensive training. We commissioned IDC in March 2022 , an independent market intelligence firm, to write a white paper that studied the impact of comprehensive training and certification on cloud adoption. When organizations are trained they see:Significantly greater improvement in top business priorities - 133% greater improvement on employee retention and 56% greater improvement in customer experience scoresAccelerated cloud adoption, reduced time to value, and greater ROI - trained organizations are 10X more likely to implement cloud in 2 yearsGreater performance improvements - in areas like leveraging data analytics, protecting data, and jumpstarting innovationIDC White Paper, sponsored by Google Cloud Learning: "To Maximize Your Cloud Benefits, Maximize Training" - Doc #US48867222, March 2022To learn more, download the white paper.Build Team Skills in Google Cloud Skills Boost Coupling the research above with our commitment to equip more than 40 million people with cloud skills, we are excited to provide business organizations with a comprehensive platform to help address their teams’ cloud skilling needs. Google Cloud Skills Boost combines award winning learning experiences with the ability to earn credentials to validate learning, which can be managed and delivered directly by Google Cloud with enterprise level features. These features allow Organization leaders to manage access and user permissions for their team, and drive effective business outcomes using learning analytics. In addition, administrators will be able to grant access to the Google Cloud content catalog to individuals on their team. This catalog includes hundreds of courses, labs, and credentials authored by Google Cloud experts to help their teams learn and validate their cloud skills.Organizations can trial these features today through an exclusive no cost trial (based on eligibility). Contact your account team to learn more about your eligibility for the trial and how to set up your organization on Google Cloud Skills Boost. New to Google Cloud? Visit ourteam training page and complete the learning assessment to understand your team’s training needs and get connected with an account team. Ready to get started?Google Cloud Learning is committed to helping you accelerate the rate of cloud adoption in your organization through enabling team training. Contact your account team to learn more about your eligibility for the no cost trial and how to set up your organization on Google Cloud Skills Boost. New to Google Cloud? Visit ourteam training page and complete the learning assessment to understand your team’s training needs and get connected with an account team. Click here to learn more about how comprehensive training impacts cloud adoption.GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.Related ArticleWomen Techmakers journey to Google Cloud certificationGoogle Cloud is creating more opportunities in the credentialing space with a certification journey for Ambassadors of the Women Techmake...Read Article
- Looking for Good Practice Examsby /u/zeeplereddit (Google Cloud Platform Certification) on April 3, 2022 at 10:15 pm
I have done some googling on practice exams for the Google Cloud Digital Leader exam and I have only come across the Udemy offering. I have done Udemy courses before but I have no idea what their practice exams are like. Is there anyone here with any advice or suggestions in this regard? submitted by /u/zeeplereddit [link] [comments]
- General availability: Azure Database for PostgreSQL - Hyperscale (Citus) now FedRAMP High compliantby Azure service updates on March 30, 2022 at 4:01 pm
Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure is now compliant with FedRAMP High.
- Best Podcasts for Cert Seekers?by /u/zeeplereddit (Google Cloud Platform Certification) on March 24, 2022 at 10:07 pm
Hi folks, I am greatly looking forward to embarking on my new adventure of getting several Google Certs. To that end, I am wondering what are the best podcasts to listen to during my commute back and forth from work? The types of podcasts I am hopeful of include those that discuss the exams, goes over sample questions in high detail, interviews people who have taken the test, and also, any podcasts that discuss the concepts that I will be wrapping my head around while I go after the certs. Thanks in advance! submitted by /u/zeeplereddit [link] [comments]
- Accelerating Government Compliance with Google Cloud’s Professional Service Organizationby (Training & Certifications) on March 21, 2022 at 5:00 pm
Did you know that by 2025, enterprise IT spending on public cloud computing will overtake traditional IT spending? In fact, 51% of IT spend in application software, infrastructure software, business process services, and system infrastructure will transition to the public cloud, compared to 41% in 20221.. As enterprises continue to rapidly shift to the cloud, government agencies must prioritize and accelerate security and compliance implementation. In May 2021, the White House issued an Executive Order requiring US Federal agencies to accelerate cloud adoption, embrace security best practices, develop plans to implement Zero Trust architectures, and map implementation frameworks to FedRAMP. The Administration’s focus on secure cloud adoption marks a critical shift to prioritizing cybersecurity at scale. Google Cloud’s Public Sector Professional Services Organization (PSO) has committed to helping customers meet security and compliance requirements in the cloud through specialized consulting engagements. Accelerating Authority to Operate (ATO)The Federal Risk and Authorization Management Program (FedRAMP) was established in 2011 as a government-wide program that promotes the adoption of secure cloud services across the federal government. FedRAMP provides a standardized approach to security and risk assessment for cloud technologies and federal agencies. US Federal agencies are required to utilize and implement FedRAMP cloud service offerings as part of the “Cloud First” federal cloud computing strategy.While Google Cloud provides a FedRAMP-authorized cloud services platform and a robust catalog of FedRAMP-approved products and services (92 services and counting), customers are still tasked with achieving Agency ATO for the products and services they use, and Google Cloud provides many resources to assist customers with this journey. Google Cloud’s FedRAMP package can be accessed by completing the FedRAMP Package Access Request Form and submitting it to info@fedramp.gov. Additionally, customers can use Google’s NIST 800-53 ATO Accelerator as a starting point for documenting control implementation. Finally, Google Cloud’s Public Sector PSO offers the following strategic consulting engagements to help customers streamline the Agency ATO process.Cloud Discover: FedRAMP is a six-week interactive workshop to support customers that are just getting started with the ATO process on Google Cloud. Customers are educated on FedRAMP fundamentals, Google’s security and compliance posture, and how to approach ATO on Google Cloud. Through deep-dive interviews and design sessions, PSO helps customers craft an actionable ATO plan, assess FedRAMP readiness, and develop a conceptual ATO boundary. This engagement helps organizations establish a clear understanding and roadmap for FedRAMP ATO on Google Cloud.FedRAMP Security Review is a ten to twelve week engagement that aids customers in FedRAMP operational readiness. PSO consultants perform detailed FedRAMP architecture reviews to identify potential gaps in NIST 800-53 security control implementation and Google Cloud secure architecture best practices. Findings from the security reviews are shared with the customer along with configuration guidance and recommendations. This engagement helps organizations prepare for the third-party or independent security assessment that is required for FedRAMP ATO.Cloud Deploy: FedRAMP is a multi-month engagement designed to help customers document the details of their FedRAMP System Security Plan (SSP) and corresponding NIST 800-53 security controls, in preparation for Agency ATO on Google Cloud at FedRAMP Low, Moderate, or High. PSO collaborates with customers to develop a detailed technical infrastructure design document and security control matrix capturing evidence of the FedRAMP system architecture, security control implementation, data flows and system components. PSO can also partner with a third-party assessment organization (3PAO) or an independent assessor (IA) to support customer efforts for FedRAMP security assessment. This engagement helps customer system owners prepare for Agency ATO assessment and package submission.Developing a Zero Trust StrategyIn addition to providing FedRAMP enablement, Public Sector PSO has partnered with the Google Cloud Chief Information Security Officer (CISO) team to assist organizations with developing a zero trust architecture and strategy.Zero Trust Foundations is a seven-week engagement co-delivered by Google Cloud’s CISO and PSO teams. CISO and PSO educate customers on zero trust fundamentals, Google’s journey to zero trust through BeyondCorp, and defense in depth best practices. The CISO team walks customers through a Zero Trust Assessment (ZTA) to understand the organization’s current security posture and maturity. Insights from the ZTA enable the CISO team to work with the customer to identify an ideal first-mover workload for zero trust adoption. Following the CISO ZTA, PSO facilitates a deep-dive Zero Trust Workshop (ZTW), collaborating with key customer stakeholders to develop a NIST 800-207 aligned, cloud-agnostic zero trust architecture for the identified first-mover workload. The zero trust architecture is part of a comprehensive zero trust strategy deliverable that is based on focus areas called out in the Office of Management and Budget (OMB) Federal Zero Trust Strategy released January 2022. Scaling Secure Cloud Adoption with PSOPublic Sector PSO enables customer success by sharing our technical expertise, providing cloud strategy, implementation guidance, training and enablement using our proven methodology. As enterprise IT, operations, and organizational models continue to evolve, our goal is to help government agencies accelerate their security and compliance journeys in the cloud. To learn more about the work we are doing with the federal government, visit cloud.google.com/solutions/federal-government. 1 Gartner Says More Than Half of Enterprise IT Spending in Key Market Segments Will Shift to the Cloud by 2025
- GCP - PCNE (Thoughts on ACG/A cloud guru) training materialby /u/friday963 (Google Cloud Platform Certification) on March 20, 2022 at 1:21 am
Has anyone here done the PCNE exam and used A cloud guru as their primary study resource? If so what is your thoughts on the quality of the study material, is it enough to pass the cert or was much more external resources needed? So far I've done qwiklabs and acg for the PCNE exam, I think qwiklabs has a better lab environment but acg has a better video series. Either way I've not taken the exam but have scheduled it for later this month and am trying to gauge the level of difficulty. submitted by /u/friday963 [link] [comments]
- exam of GCP Professional Cloud Architectby /u/meokey (Google Cloud Platform Certification) on March 11, 2022 at 9:43 pm
I'm working on the courses of PCA and wondering what the exam would be like ... is there hands-on lab test in the exam? Do I have to remember all these command line tools and their arguments to pass the exam? Thanks. submitted by /u/meokey [link] [comments]
- Which video course?by /u/Bollox427 (Google Cloud Platform Certification) on March 8, 2022 at 8:40 pm
I would like to learn the fundamentals of GCP and then move on to Security and ML. I know Coursera do courses but is there anyone else of note? How do other course suppliers compare to Coursera? Is Coursera seen as an official education partner for the Google Cloud? submitted by /u/Bollox427 [link] [comments]
- Women Techmakers journey to Google Cloud certificationby (Training & Certifications) on March 8, 2022 at 5:00 pm
In many places across the globe, March is celebrated as Women’s History Month, and March 8th, specifically, marks the day known around the world as International Women’s Day. Here at Google, we’re excited to celebrate women from all backgrounds and are committed to increasing the number of women in the technology industry. Google’s Women Techmakers community provides visibility, community, and resources for women in technology to drive participation and innovation in the field. This is achieved by hosting events, launching resources, and piloting new initiatives with communities and partners globally. By joining Women Techmakers, you'll receive regular emails with access to resources, tools and opportunities from Google and Women Techmakers partnerships to support you in your career.Google Cloud, in partnership with Women Techmakers, has created an opportunity to bridge the gaps in the credentialing space by offering a certification journey for Ambassadors of the Women Techmakers community. Participants will have the opportunity to take part in a free-of-charge, 6-week cohort learning journey, including: weekly 90-minute exam guide review sessions led by a technical mentor, peer-to-peer support in the form of an Online Community, and 12 months access to Google Cloud's on-demand learning platform, Google Cloud Skills Boost. Upon completion of the coursework required in the learning journey, participants will receive a voucher for the Associate Cloud Engineer certification exam. This program, and other similar offerings such as Cloud Career Jumpstart, and the learning journey for members transitioning out of the military, are just a few examples of the investment Google Cloud is making into the future of the technology workforce. Are you interested in staying in the loop with future opportunities with Google Cloud? Join our community here.Related ArticleCloud Career Jump Start: our virtual certification readiness programCloud Career Jump Start is Google Cloud’s first virtual Certification Journey Learning program for underrepresented communities.Read Article
- Study path for GCP Professional Cloud Architectby /u/Prime367 (Google Cloud Platform Certification) on March 7, 2022 at 4:50 pm
Hi Folks, Thanks for your time. I have been working as AWS Architect for 4-5 years, have several AWS certifications, including the Solution architect professional. I am supporting a GCP implementation for the past year or so, and want to go for GCP Cloud Architect certification now. Need some help with Which courses are best for the GCP Cloud Architect exam? Which practice tests do we need to do. I know it's difficult to clear certifications without doing any practice tests. Thanks in advance. submitted by /u/Prime367 [link] [comments]
- which certification should i do?by /u/ParticularFactor353 (Google Cloud Platform Certification) on March 7, 2022 at 4:34 pm
background: i am a fresher just joined a company and got the ETL domain ,and working on Bigquery scripts and composer, dataflow from past 6 months now i want to do some gcp certification so where should i begin? submitted by /u/ParticularFactor353 [link] [comments]
- AWS & Azure Certified, how to start on GCP ACE? (Advice requested)by /u/skelldog (Google Cloud Platform Certification) on March 6, 2022 at 5:34 am
Sorry, I know some of this has been discussed, but as things change regulary, I would appreciate any suggestions people are willing to share. I currently hold the three Associate certs from AWS and Azure Administrator Associate. I have been in IT for longer than I care to admit. I was thinking of bypassing Cloud Digital Leader and going directly to ACE? Between work and other options, I have access to most of the popular training programs (ITPro, AcloudGuru, Lynda, Qwiklabs, Acloudguru,Whizlabs, Udemy) I see the most recommendations for the Udemy course by Dan Sullivan, is this my best choice? My time is always limited, and I would like to pick the course that gives the most bang for the buck (Or time in this case) I already purchased the tutorials Dojo self-test last time they had a sale (Jon Bonso does some great work!) I would appreciate any other suggestions anyone is willing to offer. Thanks for reading this! submitted by /u/skelldog [link] [comments]
- Digital Cloud Leader exam vouchersby /u/pillairohit (Google Cloud Platform Certification) on March 3, 2022 at 5:39 pm
Hi all. Does GCP have online webinars/trainings that gives attendees exam vouchers? Similar to Microsoft Azure online webinars for AZ900? I'm asking for the Digital Cloud Leader certification exam. Thank you for your help and time. submitted by /u/pillairohit [link] [comments]
- General availability: Asset certification in Azure Purview data catalogby Azure service updates on February 28, 2022 at 5:00 pm
Data stewards can now certify assets that meet their organization's quality standards in the Azure Purview data catalog
- GCP Associate Cloud Engineer Study Guideby /u/ravikirans (Google Cloud Platform Certification) on February 21, 2022 at 12:08 pm
https://ravikirans.com/gcp-associate-cloud-engineer-exam-study-guide/ To view all the other GCP study Guides, check here https://ravikirans.com/category/gcp/ submitted by /u/ravikirans [link] [comments]
- Sentinel Installationby /u/ribcap (Google Cloud Platform Certification) on February 20, 2022 at 7:30 pm
Hey Everyone! So I'm in the process of scheduling an exam and have created my biometric profile but can't seem to install Sentinel. Anyone else have this issue? I've tried Chrome, Firefox, and even Safari. I click on the install link and literally nothing happens....nothing downloaded or anything. Any ideas? Edit: I have not actually scheduled the exam...just trying to get everything else in place first. Should I schedule the exam prior to installing Sentinel? Rib submitted by /u/ribcap [link] [comments]
- Gcp exam fee reimbursementby /u/Aamirmir111 (Google Cloud Platform Certification) on February 17, 2022 at 2:15 pm
If one clears a gcp certification exam.. is there any policy for fee reimbursement?? submitted by /u/Aamirmir111 [link] [comments]
- Generally available: Azure Database for PostgreSQL – Hyperscale (Citus) new certificationsby Azure service updates on February 16, 2022 at 5:00 pm
New compliance certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure.
- Google Cloud Fundamentals Full Course For Beginners Only 2022 | GCP Certifiedby /u/ClayDesk (Google Cloud Platform Certification) on February 14, 2022 at 12:30 pm
submitted by /u/ClayDesk [link] [comments]
- Google Cloud Platform Service Comparisonby /u/lervz_ (Google Cloud Platform Certification) on February 12, 2022 at 3:35 pm
To anyone who has AWS/Azure background and is new to Google Cloud Platform, you will find this service comparison made by Google very helpful. AWS, Azure, GCP Service Comparison And for those who are preparing for the Google Associate Cloud Engineer Certification exam, check these resources from Tutorials Dojo. Google Certified Associate Cloud Engineer Practice Exams Google Certified Associate Cloud Engineer Study Guide Google Cloud Platform Cheat Sheets submitted by /u/lervz_ [link] [comments]
- Unified data and ML: 5 ways to use BigQuery and Vertex AI togetherby (Training & Certifications) on February 9, 2022 at 4:00 pm
Are you storing your data in BigQuery and interested in using that data to train and deploy models? Or maybe you’re already building ML workflows in Vertex AI, but looking to do more complex analysis of your model’s predictions? In this post, we’ll show you five integrations between Vertex AI and BigQuery, so you can store and ingest your data; build, train and deploy your ML models; and manage models at scale with built-in MLOps, all within one platform. Let’s get started!April 2022 update: You can now register and manage BigQuery ML models with Vertex AI Model Registry, a central repository to manage and govern the lifecycle of your ML models. This enables you to easily deploy your BigQuery ML models to Vertex AI for real time predictions. Learn more in this video about “ML Ops in BigQuery using Vertex AI.”Import BigQuery data into Vertex AIIf you’re using Google Cloud, chances are you have some data stored in BigQuery. When you’re ready to use this data to train a machine learning model, you can upload your BigQuery data directly into Vertex AI with a few steps in the console:You can also do this with the Vertex AI SDK:code_block[StructValue([(u'code', u'from google.cloud import aiplatform\r\n\r\ndataset = aiplatform.TabularDataset.create(\r\n display_name="my-tabular-dataset",\r\n bq_source="bq://project.dataset.table_name",\r\n)'), (u'language', u''), (u'caption', <wagtail.wagtailcore.rich_text.RichText object at 0x3e61f5819150>)])]Notice that you didn’t need to export our BigQuery data and re-import it into Vertex AI. Thanks to this integration, you can seamlessly connect your BigQuery data to Vertex AI without moving your data from the cloud.Access BigQuery public datasets This dataset integration between Vertex AI and BigQuery means that in addition to connecting your company’s own BigQuery datasets to Vertex AI, you can also utilize the 200+ publicly available datasets in BigQuery to train your own ML models. BigQuery’s public datasets cover a range of topics, including geographic, census, weather, sports, programming, healthcare, news, and more. You can use this data on its own to experiment with training models in Vertex AI, or to augment your existing data. For example, maybe you’re building a demand forecasting model and find that weather impacts demand for your product; you can join BigQuery’s public weather dataset with your organization’s sales data to train your forecasting model in Vertex AI.Below, you’ll see an example of importing the public weather data from last year to train a weather forecasting model:Accessing BigQuery data from Vertex AI Workbench notebooksData scientists often work in a notebook environment to do exploratory data analysis, create visualizations, and perform feature engineering. Within a managed Workbench notebook instance in Vertex AI, you can directly access your BigQuery data with a SQL query, or download it as a Pandas Dataframe for analysis in Python.Below, you’ll see how you can run a SQL query on a public London bikeshare dataset, then download the results of that query as a Pandas Dataframe to use in my notebook:Analyze test prediction data in BigQueryThat covers how to use BigQuery data for training models in Vertex AI. Next, we’ll look at integrations between Vertex AI and BigQuery for exporting model predictions. When you train a model in Vertex AI using AutoML, Vertex AI will split your data into training, test, and validation sets, and evaluate how your model performs on the test data. You also have the option to export your model’s test predictions to BigQuery so you can analyze them in more detail:Then, when training completes, you can examine your test data and run queries on test predictions. This can help determine areas where your model didn’t perform as well, so you can take steps to improve your data next time you train your model.Export Vertex AI batch prediction resultsWhen you have a trained model that you’re ready to use in production, there are a few options for getting predictions on that model with Vertex AI:Deploy your model to an endpoint for online predictionExport your model assets for on-device predictionRun a batch prediction job on your modelFor cases in which you have a large number of examples you’d like to send to your model for prediction, and in which latency is less of a concern, batch prediction is a great choice. When creating a batch prediction in Vertex AI, you can specify a BigQuery table as the source and destination for your prediction job: this means you’ll have one BigQuery table with the input data you want to get predictions on, and Vertex AI will write the results of your predictions to a separate BigQuery table.With these integrations, you can access BigQuery data, and build and train models. From there Vertex AI helps you:Take these models into production Automate the repeatability of your model with managed pipelines Manage your models performance and reliability over timeTrack lineage and artifacts of your models for easy-to-manage governance Apply explainability to evaluate feature attributions What’s Next?Ready to start using your BigQuery data for model training and prediction in Vertex AI? Check out these resources:Codelab: Training an AutoML model in Vertex AICodelab: Intro to Vertex AI WorkbenchDocumentation: Vertex AI batch predictionsVideo Series: AI Simplified: Vertex AIGitHub: Example NotebooksTraining: Vertex AI: Qwik StartAre there other BigQuery and Vertex AI integrations you’d like to see? Let Sara know on Twitter at @SRobTweets.Related ArticleWhat is Vertex AI? Developer advocates share moreDeveloper Advocates Priyanka Vergadia and Sara Robinson explain how Vertex AI supports your entire ML workflow—from data management all t...Read Article
- Curso, videos o link para sacar la gcp cloud engineer associateby /u/ahelord (Google Cloud Platform Certification) on February 5, 2022 at 3:26 am
Hola quisiera preguntar cuál es el mejor curso, videos o página para aprender gcp y pasar la certificación de associate submitted by /u/ahelord [link] [comments]
- Access role-based Google Cloud training free of chargeby (Training & Certifications) on February 3, 2022 at 5:00 pm
Google Cloud is now offering 30 days no-cost access to Google Cloud Skills Boost, the definitive destination for skills development, to complete role-based training. Choose from the following eight learning paths, which include interactive labs and opportunities to earn skill badges to demonstrate your cloud knowledge: Getting Started with Google Cloud, Cloud Architect, Cloud Engineer, Data Analyst, Data Engineer, DevOps Engineer, Machine Learning Engineer and Cloud Developer learning path. Read below to find out more about each learning path. Getting Started with Google CloudIn this path, you’ll learn about Google Cloud fundamentals such as core infrastructure, big data and machine learning (ML). You’ll also find out how to write gcloud commands, use Cloud Shell, deploy virtual machines, and run containerized applications on Google Kubernetes Engine (GKE).Cloud ArchitectIf you’re looking to learn how to design, develop, and manage cloud solutions, this is the path for you. You’ll learn how to perform infrastructure tasks like using Cloud Monitoring, Cloud Identity and Access Management (Cloud IAM), and more. The path will end with how to architect with Google Compute Engine and GKE. For a guided walkthrough of how to get started with Cloud IAM and Monitoring, register here to join me on February 10. You’ll also have a chance to get your questions answered live by Google Cloud experts via chat. Cloud EngineerTo learn how to plan, configure, set up, and deploy cloud solutions, take this learning path. You’ll learn how to get started with Google Compute Engine, Terraform in a cloud environment, GKE, and more. Data AnalystThis learning path will teach you how to gather and analyze data to identify trends and develop valuable insights to help solve problems. You’ll be introduced to BigQuery, Looker, LookML, BigQuery ML, and Data Catalog. Data EngineerInterested in designing and building systems that collect the data used for business decisions? Select this path. You’ll learn how to modernize data lakes and data warehouses with Google Cloud. Afterwards, you will also discover how to use Dataflow for serverless data processing and more. DevOps EngineerA DevOps Engineer is responsible for defining and implementing best practices for efficient and reliable software delivery and infrastructure management. This learning path will show you how to build an SRE culture, use Google Cloud Operations Suite for DevOps, and more. Machine Learning EngineerChoose this path for courses and labs on how to design, build, productionize, optimize, operate, and maintain ML systems. You’ll discover how to use TensorFlow, MLOps tools, VertexAI, and more. Cloud DeveloperA Cloud Developer designs, builds, analyzes, and maintains cloud-native applications. This path will teach you how to use Cloud Run and Firebase for serverless app development. You’ll also learn how to deploy to Kubernetes in Google Cloud. To learn more about the basics of Google Cloud infrastructure before getting started with a learning path, register here. Ready for your role-based training? Sign up here.Related Article2022 Resolution: Learn Google Cloud, free of chargeTechnical practitioners and developers can start 2022 with free introductory training on how to use Google Cloud.Read Article
- General availability: Azure Database for PostgreSQL – Hyperscale (Citus) new certificationsby Azure service updates on February 2, 2022 at 5:00 pm
New compliance certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure.
- Does anyone have gcp exam vouchers? Or anyone knows where can we get it from?by /u/Aamirmir111 (Google Cloud Platform Certification) on February 1, 2022 at 11:36 am
submitted by /u/Aamirmir111 [link] [comments]
- Let’s have a chat about using dumpsby /u/whooyeah (Microsoft Azure Certifications) on January 31, 2022 at 9:49 pm
This keeps coming up recently so it’s important we have a sticky chat about it that everyone can see. Dumps are essentially cheating. They go against what the exams were designed to do in teaching you azure skills. For this reason they are also against the terms of service from Microsoft for taking the exam. It’s annoying as a professional because you will be in a job interview and hear the hiring manager say things like “MCP exams are worthless because everyone just uses dumps”. Which is heart breaking when you have spent so much time studying the subject knowledge and validating your skills with the exam. As a hiring manager it is annoying because I’ve interviewed candidates in the past with an MCSD and it was clear they had no usable information because they cheated with dumps. You will notice in the side bar rule 1. Breaking this will result in a ban. submitted by /u/whooyeah [link] [comments]
- This year, resolve to become a certified Professional Cloud Developer – here’s howby (Training & Certifications) on January 28, 2022 at 5:00 pm
Do you have a New Year’s resolution to improve your career prospects? Sign up here for 30 days no-cost access to Google Cloud Skills Boost to help you on your way to becoming a certified Professional Cloud Developer. According to third-party IT training firm Global Knowledge, two Google Cloud Certified Professional certifications topped its list of the highest-paid IT certifications in 2021. Once you register, you’ll have an opportunity to take the Cloud Developer learning path, which consists of on-demand labs and courses, coveringGoogle Cloud infrastructure fundamentals, application development in the cloud, security, monitoring and troubleshooting, Kubernetes, Cloud Run, Firebase and more. Along the way, you’ll have an opportunity to earn skill badges to demonstrate your cloud knowledge and access resources to help you prepare for the Professional Cloud Developer certification.Click to enlargeFor example, once you’ve completed the Google Cloud Fundamentals, Core Infrastructure course, in person or on-demand, you can take the Getting Started With Application Development course, where you’ll learn how to design and develop cloud-native applications that integrate managed services from Google Cloud, including Cloud Client Libraries, the Cloud SDK, and Firebase SDKs, an overview of your storage options, and best practices for using Datastore and Cloud Storage.We’re also thrilled to announce that one of the most popular trainings in the Cloud Developer path, Application Development with Cloud Run, is now available on-demand, in addition to via live instruction. This is a great chance to get up to speed on this fully-managed, serverless compute platform at your own pace. Cloud Run marries the goodness of serverless and containers, and is fast becoming one of the most powerful ways to build and run a true cloud-native application. Moving down the proposed learning path, you can show off your Google Cloud chops with skill badges that you can display as part of your Google Developer Profile alongside your membership in the Google Cloud Innovators program, on social media, and on your resumé. There are a wide variety of interesting skills badge for cloud developers like the Serverless Cloud Run Development Quest, or Deploy to Kubernetes in Google Cloud, and many of them take just a couple of hours to complete.With these classes under your belt and Skills Badges on your profile, you’ll be in a good place to start preparing for the Professional Cloud Developer certification exam, using the proposed exam guide and sample questions to show the way. Here’s to earning your certification in 2022, and to a great future!Related Article2022 Resolution: Learn Google Cloud, free of chargeTechnical practitioners and developers can start 2022 with free introductory training on how to use Google Cloud.Read Article
- Generally available: Azure Database for PostgreSQL – Hyperscale (Citus): New certificationsby Azure service updates on January 19, 2022 at 5:00 pm
New compliance certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure.
- Technical Training Made Easy and Accessible, the Google Cloud wayby (Training & Certifications) on January 14, 2022 at 12:40 pm
Cloud engineers face a constant barrage of new cloud services, products, and innovations. By late 2021, Google Cloud alone had released thousands of new features across hundreds of services. Couple this with other technologies and service releases, and it quickly becomes a herculean task for engineers to navigate, consume, and stay current on the ever changing technology landscape. We have heard from engineers this often leads to anxiety and frustration as engineers struggle to keep up. They are faced with a plethora of training options but often lack the time and funding. Google Cloud has reinvigorated technical training to make it more informative and applicable to public sector customers and partners. We aim to maximize your training experience so you can get targeted training when you need it. The Google Cloud Public Sector Technical Learning Series addresses customer feedback and provides fun and practical training. Sessions are currently running every two weeks. “Short and sweet” technical topics geared to subjects you care aboutGeneric training doesn't always resonate with public sector technologists. Our new curriculum targets specific public sector use cases, is delivered by customer engineers, and can be accomplished in less than two hours. This means participants can apply the learnings directly to real-life challenges quickly. Easy to find, easy to enroll Training opportunities should always be at your fingertips. Our automated training platform will ensure that you only need to enroll once. The system will automatically notify you of upcoming sessions so you can plan in advance and at your convenience. Sessions will be offered on a recurring basis to meet the needs of your organization.Fun and engagingTypical training sessions often include a sea of glazed eyes, unresponsive to basic prompts, falling asleep at our desks, we have all been there. But it doesn't have to be this way. Our goal is to infuse Google culture into our training through interactive exchanges and tangible rewards to keep participants inspired and engaged.Traditional technology training doesn’t always help you navigate the nuts and bolts of how to effectively introduce a product into an organization. But we know that technology doesn’t operate in isolation; it supports and becomes part of a living organism, managed by humans and confined by other components of an organization’s structure (e.g. existing systems or decentralized business units). Part of a larger community of like-minded engineersLearning with - and from - a community of peers is one way to overcome the challenges and complexities of applying new technology within a complex organization. We created the Public Sector Connect community for this very reason. It is one example of how we surface best practices for public sector innovators. During weekly “Coffee Hours” and working sessions, our community members share their journey and lessons learned with each other. We know that innovation evolves through iteration and diverse perspectives, and Public Sector Connect is committed to helping surface critical challenges and solutions, and connecting those who are solving similar problems. Join the community today.
- 2022 Resolution: Learn Google Cloud, free of chargeby (Training & Certifications) on January 12, 2022 at 5:00 pm
Start your 2022 New Year’s resolutions by learning at no cost how to use Google Cloud with the following training opportunities:30 day access to Google Cloud Skills Boost Register by January 31, 2022 and claim 30 days free access to Google Cloud Skills Boost to complete the Getting Started with Google Cloud learning path. Google Cloud Skills Boost is the definitive destination for skills development where you can personalize learning paths, track progress, and validate your newly-earned expertise with skill badges. The Getting Started with Google Cloud learning path will give you the opportunity to earn three skill badges after you complete hands-on labs and courses designed for aspiring cloud engineers and architects. It covers the fundamentals of Google Cloud including core infrastructure, big data and ML, writing gcloud commands, using Cloud Shell, deploying virtual machines, and running containerized applications on GKE.Cloud OnBoard: half day training on getting started with Google Cloud fundamentalsAttend the Getting Started Cloud OnBoard on January 20 for a comprehensive Google Cloud orientation. Google Cloud experts will show you how to execute your compute, available storage options, how to secure your data, and available Google Cloud managed services. Cloud Study Jam: expert-guided hands-on labGoogle Cloud experts will walk you through a hands-on lab included in Google Cloud Skill Boost’s Getting Started with Google Cloud learning path when you join our Cloud Study Jam on January 27. Google Cloud experts will also answer questions live via chat during this event.Related ArticleBuild your data analytics skills with the latest no cost BigQuery trainingsTo help you make the most of BigQuery, we’re offering no cost, on-demand training opportunitiesRead Article
- Google Cloud doubles-down on ecosystem in 2022 to meet customer demandby (Training & Certifications) on January 11, 2022 at 3:00 pm
Google Cloud has been a partner-focused business from day one. As we reflect on 2021 and look forward to what’s ahead, I want to say “thank you” to our ecosystem for all of the amazing innovations and services you provided our mutual customers over the last year. In 2021, we faced unprecedented demand from businesses as they turned to the cloud to digitally transform their organizations. This surge in cloud deployments meant we increasingly turned to our ecosystem to help customers create customized implementations with our systems integrators (SIs), build packaged solutions with our independent software vendors (ISVs), or coach employees how to best use new cloud technologies with our consulting and training firms.To continue meeting growing customer demand in 2022 and beyond, I am pleased to share that we are bringing together our ecosystem and channel sales teams into a single partner organization to bring a more streamlined go-to-market approach for our partners and customers. In support of this change, we plan to more than double our spend in support of our partner ecosystem over the next few years, including rolling out increased co-innovation resources for partners, more incentives and co-marketing funds, and a larger commitment to training and enablement—all with a goal of continuing our joint momentum in the market.Providing leads and new go-to-market programs for consulting partnersThe need for highly-skilled partners to accelerate digital transformation for customers has never been greater, and our ecosystem of services partners continues to gain tremendous opportunities to deliver high-value implementation and professional services, industry solutions, and digital transformation expertise. In 2022, we are investing in our SIs by:Moving to a partner-led, partner-delivered approach for professional services needed by our customers, particularly through expanded work with partners. This will include new programs for lead generation and lead sharing with our SI partners.Increasing our investment with SIs in deploying go-to-market programs for industry-specific SI solutions, as well as creating more pre-integrated industry ISV and Google Cloud AI solutions together with our SI partners.Accelerating critical training, specialization, and certification programs in support of our goal of training 40 million new people on Google Cloud. This includes new programs for experienced practitioners, and a hybrid learning modality that combines online and in-person learning supported by Google mentors. Accelerating growth for ISV partners with more resourcesIn 2021, our ISV partners helped build unique integrations with Google Cloud capabilities in AI, ML, data, analytics, and security for our mutual customers. In fact, our marketplace third-party transaction value was up more than 500% YoY from 2020 (Q1-Q3). In 2022, we are deepening our commitment to our ISV partners’ success by:Making significant investments in new Google Cloud Marketplace functionality, including adding new technical resources that will help accelerate how ISVs distribute their apps and solutions. Coupled with this, we’re also lowering the Marketplace rate to 3% for eligible solutions, helping drive more adoption with customers. Expanding our regional sales and technical teams who are dedicated to supporting ISVs, and at the same time increasing market development funds (MDF) to drive further sales growth for our ISVs.Dedicating additional technical resources to help ISVs move to more modern SaaS delivery models, as well as to optimize and supercharge their apps for their customers by leveraging Google Cloud technologies.Creating new monetization models for ISVs using Google Distributed Cloud to deliver products across hybrid environments, multiple clouds, and at the network edge. ISVs will be able to build industry-specific 5G and edge solutions leveraging our ecosystem of telecommunication providers and 140+ Google network edge locations.Increasing funds for ISVs to accelerate customer cloud migrations by offsetting infrastructure costs during migration (ISV Cloud Acceleration Program).Launching new program incentives to drive a thriving channelSince the launch of our Partner Advantage program, we have increased funds for our channel partners tenfold. In 2021, to extend this momentum, we expanded our incentive portfolio for resellers to support their long-term growth and profitability. In 2022, we are increasing our investment in partner programs even further, including:Significantly expanding incentives to reward partners who source and grow customer engagements, and for those who deliver exceptional customer experiences and critical implementation services.Evolving to industry-standard compensation plans for our direct sellers, and rewarding our channel partners for implementation (vs. reselling) for larger enterprise customers.Significantly increasing co-marketing funding for our channel partners to accelerate demand generation and time-to-close.Growing our learning resources, including launching more than 10 new Expertises and Specializations, and expanding our certification programs for partners to deliver the highest levels of Google Cloud expertise to customers.Launching a new program for resellers to support customers via offerings on the Google Cloud Marketplace.Sharing a toolkit to bring the best of Google’s diversity, equity, and inclusion (DEI) resources to our ecosystem of partners, including programs to develop inclusive marketing strategies and deploy DEI training within their own organizations.As we kick off 2022, it’s clear that the trend of digital transformation will only continue to drive customer demand for the cloud and, more importantly, a need for services, support, and solutions from our partners. We believe that by centralizing our partner groups into a single organization and by more than doubling our spend in support of our partner ecosystem over the next few years, we will help accelerate our joint momentum in the market around the world. For more information on these new programs and resources, please reach out to your Partner Account Manager or login to your Partner Advantage portal at partneradvantage.goog.
- Are you a multicloud engineer yet? The case for building skills on more than one cloudby (Training & Certifications) on January 7, 2022 at 5:00 pm
Over the past few months, I made the choice to move from the AWS ecosystem to Google Cloud — both great clouds! — and I think it’s made me a stronger, more well-rounded technologist.But I’m just one data point in a big trend. Multicloud is an inevitability in medium-to-large organizations at this point, as I and others have been saying for awhile now. As IT footprints get more complex, you should expect to see a broader range of cloud provider requirements showing up where you work and interview. Ready or not, multicloud is happening.In fact, Hashicorp’s recent State of Cloud Strategy Survey found 76% of employers are already using multiple clouds in some fashion, with more than 50% flagging lack of skills among their employees as a top challenge to survival in the cloud.That spells opportunity for you as an engineer. But with limited time and bandwidth, where do you place your bets to ensure that you’re staying competitive in this ever-cloudier world?You could pick one cloud to get good at and stick with it; that’s a perfectly valid career bet. (And if you do bet your career on one cloud, you should totally pick Google Cloud! I have reasons!) But in this post I’m arguing that expanding your scope of professional fluency to at least two of the three major US cloud providers (Google Cloud, AWS, Microsoft Azure) opens up some unique, future-optimized career options.What do I mean by ‘multicloud fluency’? For the sake of this discussion, I’m defining “multicloud fluency” as a level of familiarity with each cloud that would enable you to, say, pass the flagship professional-level certification offered by that cloud provider–for example, Google Cloud’s Professional Cloud Architect certification or AWS’s Certified Solutions Architect Professional. Notably, I am not saying that multicloud fluency implies experience maintaining production workloads on more than one cloud, and I’ll clarify why in a minute.How does multicloud fluency make you a better cloud engineer?I asked the cloud community on Twitter to give me some examples of how knowledge of multiple clouds has helped their careers, and dozens of engineers responded with a great discussion.Turns out that even if you never incorporate services from multiple clouds in the same project — and many people don’t! — there’s still value in understanding how the other cloud lives.Learning the lingua franca of cloudI like this framing of the different cloud providers as “Romance languages” — as with human languages in the same family tree, clouds share many of the same conceptual building blocks. Adults learn primarily by analogy to things we’ve already encountered. Just as learning one programming language makes it easier to learn more, learning one cloud reduces your ramp-up time on others.More than just helping you absorb new information faster, understanding the strengths and tradeoffs of different cloud providers can help you make the best choice of services and architectures for new projects. I actually remember struggling with this at times when I worked for a consulting shop that focused exclusively on AWS. A client would ask “What if we did this on Azure?” and I really didn’t have the context to be sure. But if you have a solid foundational understanding of the landscape across the major providers, you can feel confident — and inspire confidence! — in your technical choices.Becoming a unicornTo be clear, this level of awareness isn’t common among engineering talent. That’s why people with multicloud chops are often considered “unicorns'' in the hiring market. Want to stand out in 2022? Show that you’re conversant in more than just one cloud. At the very least, it expands the market for your skills to include companies that focus on each of the clouds you know.Taking that idea to its extreme, some of the biggest advocates for the value of a multicloud resumé are consultants, which makes sense given that they often work on different clouds depending on the client project of the week. Lynn Langit, an independent consultant and one of the cloud technologists I most respect, estimates that she spends about 40% of her consulting time on Google Cloud, 40% on AWS, and 20% on Azure. Fluency across providers lets her select the engagements that are most interesting to her and allows her to recommend the technology that provides the greatest value.But don’t get me wrong: multicloud skills can also be great for your career progression if you work on an in-house engineering team. As companies’ cloud posture becomes more complex, they need technical leaders and decision-makers who comprehend their full cloud footprint. Want to become a principal engineer or engineering manager at a mid-to-large-sized enterprise or growing startup? Those roles require an organization-wide understanding of your technology landscape, and that’s probably going to include services from more than one cloud. How to multicloud-ify your careerWe’ve established that some familiarity with multiple clouds expands your career options. But learning one cloud can seem daunting enough, especially if it’s not part of your current day job. How do you chart a multicloud career path that doesn’t end with you spreading yourself too thin to be effective at anything?Get good at the core conceptsYes, all the clouds are different. But they share many of the same basic approaches to IAM, virtual networking, high availability, and more. These are portable fundamentals that you can move between clouds as needed. If you’re new to cloud, an associate-level solutions architect certification will help you cover the basics. Make sure to do hands-on labs to help make the concepts real, though — we learn much more by doing than by reading.Go deep on your primary cloudFundamentals aside, it’s really important that you have a native level of fluency in one cloud provider. You may have the opportunity to pick up multicloud skills on the job, but to get a cloud engineering role you’re almost certainly going to need to show significant expertise on a specific cloud.Note: If you’re brand new to cloud and not sure which provider to start with, my biased (but informed) recommendation is to give Google Cloud a try. It has a free tier that won’t bill you until you give permission, and the nifty project structure makes it really easy to spin up and tear down different test environments.It’s worth noting that engineering teams specialize, too; everybody has loose ends, but they’ll often try to standardize on one cloud provider as much as they can. If you work on such a team, take advantage of the opportunity to get as much hands-on experience with their preferred cloud as possible.Go broad on your secondary cloudYou may have heard of the concept of T-shaped skills. A well-rounded developer is broadly familiar with a range of relevant technologies (the horizontal part of the “T”), and an expert in a deep, specific niche. You can think of your skills on your primary cloud provider as the deep part of your “T”. (Actually, let’s be real — even a single cloud has too many services for any one person to hold in their heads at an expert level. Your niche is likely to be a subset of your primary cloud’s services: say, security or data.)We could put this a different way: build on your primary cloud, get certified on your secondary. This gives you hirable expertise on your “native” cloud and situational awareness of the rest of the market. As opportunities come up to build on that secondary cloud, you’ll be ready.I should add that several people have emphasized to me that they sense diminishing returns when keeping up with more than one secondary cloud. At some point the cognitive switching gets overwhelming and the additional learning doesn’t add much value. Perhaps the sweet spot looks like this: 1< 2 > 3.Bet on cloud-native services and multicloud toolingThe whole point of building on the cloud is to take advantage of what the cloud does best — and usually that means leveraging powerful, native managed services like Spanner and Vertex AI. On the other hand, the cloud ecosystem has now matured to the point where fantastic, open-source multicloud management tooling for wrangling those provider-specific services is readily available. (Doing containers on cloud? Probably using Kubernetes! Looking for a DevOps role? The team is probably looking for Terraform expertise no matter what cloud they major on.) By investing learning time in some of these cross-cloud tools, you open even more doors to build interesting things with the team of your choice.Multicloud and youWhen I moved into the Google Cloud world after years of being an AWS Hero, I made sure to follow a new set of Google Cloud voices like Stephanie Wong and Richard Seroter. But I didn’t ghost my AWS-using friends, either! I’m a better technologist (and a better community member) when I keep up with both ecosystems. “But I can hardly keep up with the firehose of features and updates coming from Cloud A. How will I be able to add in Cloud B?” Accept that you can’t know everything. Nobody does. Use your broad knowledge of cloud fundamentals as an index, read the docs frequently for services that you use a lot, and keep your awareness of your secondary cloud fresh:Follow a few trusted voices who can help you filter the signal from the noiseAttend a virtual event once a quarter or so; it’s never been easier to access live learningBuild a weekend side project that puts your skills into practiceUltimately, you (not your team or their technology choices!) are responsible for the trajectory of your career. If this post has raised career questions that I can help answer, please feel free to hit me up on Twitter. Let’s continue the conversation.Related ArticleFive do’s and don’ts of multicloud, according to the expertsWe talked with experts about why to do multicloud, and how to do it right. Here is what we learned.Read Article
- How to become a certified cloud professionalby (Training & Certifications) on December 15, 2021 at 6:00 pm
Achieving a certification is seen as a stamp of approval validating one's skills and expertise to perform a given job role. Google Cloud Certification program brings a framework to help equip organizations develop talent for the future. These certifications are not just about Google Cloud technologies. Just like the real-world, examinees are expected to know the vast array of technologies they may encounter in their day-to-day jobs. The question you might be asking yourself is: How do I become a certified cloud professional? First, let us share some tips with you on gaining hands-on experience with Google Cloud by introducing skill badges. Watch this video to learn more:The more skill badges you achieve, the stronger your readiness becomes.The next question you may be asking yourself is: should I go for the associate or the professional level exam?The associate level certification is focused on the fundamental skills of deploying, monitoring, and maintaining projects on Google Cloud. This certification is a good starting point for those new to cloud and can be used as a path to professional level certifications. Watch this video to learn about the Associate Cloud Engineer exam by Google Cloud.Professional certifications span key technical job functions and assess advanced skills in design, implementation, and management. These certifications are recommended for individuals with industry experience and familiarity with Google Cloud products and solutions.We’d recommend you start with reviewing the certification exam website and look for the descriptions of the role you think is most appropriate for you. The exam guide in particular is a helpful resource because it outlines the domains covered by the exam. As an example, check out the exam guide and the introduction video for the Professional Cloud Developer certification.Setting a goal of achieving a certification is a personal and professional milestone! As much as we wish all of you interested in Google Cloud certification best of luck in earning them, we have one final reminder: please study to learn, not just to pass. The learning mindset is what keeps the technology exploration journey interesting. Happy learning and send your questions our way on LinkedIn to Magda Jary and Priyanka Vergadia.
- Azure Database for PostgreSQL – Hyperscale (Citus): New toolkit certifications generally availableby Azure service updates on December 15, 2021 at 5:00 pm
New Toolkit certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure.
- Azure VMware Solution achieves FedRAMP High Authorizationby Azure service updates on September 15, 2021 at 11:53 pm
With this certification, U.S. government and public sector customers can now use Azure VMware Solution as a compliant FedRAMP cloud computing environment, ensuring it meets the demanding standards for security and information protection.
- Azure expands HITRUST certification across 51 Azure regionsby Azure service updates on August 23, 2021 at 9:38 pm
Azure expands offering and region coverage to Azure customers with its 2021 HITRUST validated assessment.
- Azure Database for PostgreSQL - Hyperscale (Citus) now compliant with additional certificationsby Azure service updates on June 9, 2021 at 4:00 pm
New certifications are now available for Hyperscale (Citus) on Azure Database for PostgreSQL, a managed service running the open-source Postgres database on Azure.
- Azure expands PCI DSS certificationby Azure service updates on March 15, 2021 at 5:02 pm
You can now leverage Azure’s Payment Card Industry Data Security Standard (PCI DSS) certification across all live Azure regions.
- 172 Azure offerings achieve HITRUST certificationby Azure service updates on February 3, 2021 at 10:24 pm
Azure expands its depth of offerings to Azure customers with its latest independent HITRUST assessment.
- Azure achieves its first PCI 3DS certificationby Azure service updates on February 3, 2021 at 10:24 pm
Azure’s PCI 3DS Attestation of Compliance, PCI 3DS Shared Responsibility Matrix, and PCI 3DS whitepaper are now available.
- Azure Databricks Achieves FedRAMP High Authorization on Microsoft Azure Governmentby Azure service updates on November 25, 2020 at 5:00 pm
With this certification, customers can now use Azure Databricks to process the U.S. government’s most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial assets.
- New SAP HANA Certified Memory-Optimized Virtual Machines now availableby Azure service updates on November 12, 2020 at 5:01 pm
We are expanding our SAP HANA certifications, enabling you to run production SAP HANA workloads on the Edsv4 virtual machines sizes.
- Azure achieves Service Organization Controls compliance for 14 additional servicesby Azure service updates on November 11, 2020 at 5:10 pm
Azure gives you some of the industry’s broadest certifications for the critical SOC 1, 2, and 3 compliance offering, which is widely used around the world.
- Announcing the unified Azure Certified Device programby Azure service updates on September 22, 2020 at 4:05 pm
A unified and enhanced Azure Certified Device program was announced at Microsoft Ignite, expanding on previous Microsoft certification offerings that validate IoT devices meet specific capabilities and are built to run on Azure. This program offers a low-cost opportunity for device builders to increase visibility of their products while making it easy for solution builders and end customers to find the right device for their IoT solutions.
- IoT Security updates for September 2020by Azure service updates on September 22, 2020 at 4:05 pm
New Azure IoT Security product updates include improvements around monitoring, edge nesting and the availability of Azure Defender for IoT.
- Azure Certified for Plug and Play is now availableby Azure service updates on August 27, 2020 at 12:21 am
IoT Plug and Play device certification is now available from Microsoft as part of the Azure Certified device program.
- Azure France has achieved GSMA accreditationby Azure service updates on August 6, 2020 at 5:45 pm
Azure has added an important compliance offering for telecommunications in France, the Global System for Mobile Communications Association (GSMA) Security Accreditation Scheme for Subscription Management (SAS-SM).
- Azure Red Hat OpenShift is now ISO 27001 certifiedby Azure service updates on July 21, 2020 at 4:00 pm
To help you meet your compliance obligations across regulated industries and markets worldwide, Azure Red Hat OpenShift is now ISO 27001 certified.
- Azure Lighthouse updates—April 2020by Azure service updates on June 1, 2020 at 4:00 pm
Several critical updates have been made to Azure Lighthouse, including FEDRAMP certification, delegation opt-out, and Azure Backup reports.
- Azure NetApp Files—New certifications, increased SLA, expanded regional availabilityby Azure service updates on May 19, 2020 at 4:00 pm
The SLA guarantee for Azure NetApp Files has increased to 99.99 percent. In addition, NetApp Files is now HIPAA and FedRAMP certified, and regional availability has been increased.
- Kubernetes on Azure Stack Hub in GAby Azure service updates on February 25, 2020 at 5:00 pm
We now support Kubernetes cluster deployment on Azure Stack Hub, a certified Kubernetes Cloud Provider. Install Kubernetes using Azure Resource Manager templates generated by ACS Engine on Azure Stack Hub.
- Azure Firewall Spring 2020 updatesby Azure service updates on February 19, 2020 at 5:00 pm
Excerpt: Azure Firewall is now ICSA Labs certified. In addition, several key Azure Firewall capabilities have recently been released into general availability (GA) and preview.
- Azure IoT C# and Java SDKs release new long-term support (LTS) branchesby Azure service updates on February 14, 2020 at 5:00 pm
The Azure IoT Java and C# SDKs have each now released new long-term support (LTS) branches.
- HPC Cache receives ISO certifications, adds stopping feature, and new regionby Azure service updates on February 11, 2020 at 5:00 pm
Azure HPC Cache has received new SO27001, 27018 and 27701 certifications, adds new features to manage storage caching in performance-driven workloads and expands service access to Korea Central.
- Azure Blueprint for FedRAMP High now available in new regionsby Azure service updates on February 3, 2020 at 5:00 pm
The Azure Blueprint for FedRAMP High is now available in both Azure Government and Azure Public regions. This is in addition to the Azure Blueprint for FedRAMP Moderate released in November, 2019.
- Azure Databricks Is now HITRUST certifiedby Azure service updates on January 22, 2020 at 5:01 pm
Azure Databricks is now certified for the HITRUST Common Security Framework (HITRUST CSF®), the most widely coveted security accreditation for the healthcare industry. With this certification, health care customers can now use volumes of clinical data to drive innovation using Azure Databricks, without any worry about security and risk.
- Microsoft plans to establish new cloud datacenter region in Qatarby Azure service updates on December 11, 2019 at 8:00 pm
Microsoft recently announced plans to establish a new cloud datacenter region in Qatar to deliver its intelligent, trusted cloud services and expand the Microsoft global cloud infrastructure to 55 cloud regions in 20 countries.
- Azure NetApp Files HANA certification and new region availabilityby Azure service updates on November 4, 2019 at 5:00 pm
Azure NetApp Files , one of the fastest growing bare-metal Azure services, has achieved SAP HANA certification for both scale-up and scale-out deployments.
- Azure achieves TrueSight certificationby Azure service updates on September 23, 2019 at 5:00 pm
Azure achieved certification for TruSight, an industry-backed, best-practices third-party assessment utility.
- IoT Plug and Play Preview is now availableby Azure service updates on August 21, 2019 at 4:00 pm
With IoT Plug and Play Preview, solution developers can start using Azure IoT Central to build solutions that integrate seamlessly with IoT devices enabled with IoT Plug and Play.
- View linked GitHub activity from the Kanban boardby Azure service updates on June 21, 2019 at 5:00 pm
We continue to enhance the Azure Boards integration with GitHub. Now you can get information of your linked GitHub commits, pull requests and issues on your Kanban board. This information will give you a quick sense of where an item is at and allow you to directly navigate out to the GitHub commit, pull request, or issue for more details.
- Video Indexer is now ISO, SOC, HiTRUST, FedRAMP, HIPAA, PCI certifiedby Azure service updates on April 2, 2019 at 9:08 pm
Video Indexer has received new certifications to fit with enterprise certification requirements.
- Video Indexer is now ISO, SOC, HiTRUST, FedRAMP, HIPAA, PCI certifiedby Azure service updates on March 26, 2019 at 9:06 pm
Video Indexer has received new certifications to fit with enterprise certification requirements.
- Azure South Africa regions are now availableby Azure service updates on March 7, 2019 at 6:00 pm
Azure services are available from new cloud regions in Johannesburg (South Africa North) and Cape Town (South Africa West), South Africa. The launch of these regions is a milestone for Microsoft.
- Azure DevOps Roadmap update for 2019 Q1by Azure service updates on February 14, 2019 at 8:22 pm
We updated the Features Timeline to provide visibility on our key investments for this quarter.
- Kubernetes on Azure Stack in previewby Azure service updates on November 1, 2018 at 7:00 pm
We now support Kubernetes cluster deployment on Azure Stack, a certified Kubernetes Cloud Provider. Install Kubernetes using Azure Resource Manager templates generated by ACS-Engine on Azure Stack.
- Azure Stack—FedRAMP High documentation now availableby Azure service updates on November 1, 2018 at 7:00 pm
FedRAMP High documentation is now available for Azure Stack customers.
- Azure Stack Infrastructure—compliance certification guidanceby Azure service updates on November 1, 2018 at 7:00 pm
We have created documentation to describe how Azure Stack infrastructure satisfies regulatory technical controls for PCI-DSS and CSA-CCM.
- Logic Apps is ISO, HIPAA, CSA STAR, PCI DSS, SOC, and EU Model Clauses compliantby Azure service updates on July 18, 2017 at 5:05 pm
The Logic Apps feature of Azure App Service is now ISO/IEC 27001, ISO/IEC 27018, HIPAA, CSA STAR, PCI DSS, SOC, and EU Model Clauses compliant.
- Apache Kafka on HDInsight with Azure Managed Disksby Azure service updates on June 30, 2017 at 3:44 pm
We're pleased to announce Apache Kafka with Azure Managed Disks Preview on the HDInsight platform. Users will now be able to deploy Kafka clusters with managed disks straight from the Azure portal, with no signup necessary.
- Azure Backup for Windows Server system stateby Azure service updates on June 14, 2017 at 10:54 pm
Customers will now be able to to perform comprehensive, secure, and reliable Windows Server recoveries. We Will be extending the data backup capabilities of the Azure Backup agent so that it will now integrate with the Windows Server Backup feature, available natively on every Windows Server.
- Azure Data Catalog is ISO, CSA STAR, HIPAA, EU Model Clauses compliantby Azure service updates on March 7, 2017 at 12:00 am
Azure Data Catalog is ISO/IEC 27001, ISO/IEC 27018, HIPAA, CSA STAR, and EU Model Clauses compliant.
- Azure compliance: Azure Cosmos DB certified for ISO 27001, HIPAA, and the EU Model Clausesby Azure service updates on March 25, 2016 at 10:00 am
The Azure Cosmos DB team is excited to announce that Azure Cosmos DB is ISO 27001, HIPAA, and EU Model Clauses compliant.
- Compliance updates for Azure public cloudby Azure service updates on March 16, 2016 at 9:24 pm
We’re adding more certification coverage to our Azure portfolio, so regulated customers can take advantage of new services.
- Protect and recover your production workloads in Azureby Azure service updates on October 2, 2014 at 5:00 pm
With Azure Site Recovery, you can protect and recover your production workloads while saving on capital and operational expenditures.
- ISO Certification expanded to include more Azure servicesby Azure service updates on January 17, 2014 at 1:00 am
Azure ISO Certification expanded to include SQL Database, Active Directory, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Multi-Factor Authentication, and HDInsight.
Top-paying Cloud certifications:
Google Certified Professional Cloud Architect — $175,761/yearAWS Certified Solutions Architect – Associate — $149,446/year
Azure/Microsoft Cloud Solution Architect – $141,748/yr
Google Cloud Associate Engineer – $145,769/yr
AWS Certified Cloud Practitioner — $131,465/year
Microsoft Certified: Azure Fundamentals — $126,653/year
Microsoft Certified: Azure Administrator Associate — $125,993/year
A Twitter List by enoumen
A Twitter List by enoumen
Djamgatech: Multilingual and Platform Independent Cloud Certification and Education App for AWS, Azure, Google Cloud
The Cloud Education Certification App is an EduFlix App for AWS, Azure, Google Cloud Certification Prep [Android, iOS]
Technology is changing and is moving towards the cloud. The cloud will power most businesses in the coming years and is not taught in schools. How do we ensure that our kids and youth and ourselves are best prepared for this challenge?
Building mobile educational apps that work offline and on any device can help greatly in that sense.
The ability to tab on a button and learn the cloud fundamentals and take quizzes is a great opportunity to help our children and youth to boost their job prospects and be more productive at work.
The App covers the following certifications :
AWS Cloud Practitioner Exam Prep CCP CLF-C01, Azure Fundamentals AZ 900 Exam Prep, AWS Certified Solution Architect Associate SAA-C02 Exam Prep, AWS Certified Developer Associate DVA-C01 Exam Prep, Azure Administrator AZ 104 Exam Prep, Google Associate Cloud Engineer Exam Prep, Data Analytics for AWS DAS-C01, Machine Learning for AWS and Google, AWS Certified Security – Specialty (SCS-C01), AWS Certified Machine Learning – Specialty (MLS-C01), Google Cloud Professional Machine Learning Engineer and more… [Android, iOS]

[appbox appstore 1560083470-iphone screenshots]
The App covers the following cloud categories:
AWS Technology, AWS Security and Compliance, AWS Cloud Concepts, AWS Billing and Pricing , AWS Design High Performing Architectures, AWS Design Cost Optimized Architectures, AWS Specify Secure Applications And Architectures, AWS Design Resilient Architecture, Development With AWS, AWS Deployment, AWS Security, AWS Monitoring, AWS Troubleshooting, AWS Refactoring, Azure Pricing and Support, Azure Cloud Concepts , Azure Identity, governance, and compliance, Azure Services , Implement and Manage Azure Storage, Deploy and Manage Azure Compute Resources, Configure and Manage Azure Networking Services, Monitor and Backup Azure Resources, GCP Plan and configure a cloud solution, GCP Deploy and implement a cloud solution, GCP Ensure successful operation of a cloud solution, GCP Configure access and security, GCP Setting up a cloud solution environment, AWS Incident Response, AWS Logging and Monitoring, AWS Infrastructure Security, AWS Identity and Access Management, AWS Data Protection, AWS Data Engineering, AWS Exploratory Data Analysis, AWS Modeling, AWS Machine Learning Implementation and Operations, GCP Frame ML problems, GCP Architect ML solutions, GCP Prepare and process data, GCP Develop ML models, GCP Automate & orchestrate ML pipelines, GCP Monitor, optimize, and maintain ML solutions, etc.. [Android, iOS]
The App covers the following Cloud Services, Framework and technologies:
AWS: VPC, S3, DynamoDB, EC2, ECS, Lambda, API Gateway, CloudWatch, CloudTrail, Code Pipeline, Code Deploy, TCO Calculator, SES, EBS, ELB, AWS Autoscaling , RDS, Aurora, Route 53, Amazon CodeGuru, Amazon Bracket, AWS Billing and Pricing, Simply Monthly Calculator, cost calculator, Ec2 pricing on-demand, IAM, AWS Pricing, Pay As You Go, No Upfront Cost, Cost Explorer, AWS Organizations, Consolidated billing, Instance Scheduler, on-demand instances, Reserved instances, Spot Instances, CloudFront, Workspace, S3 storage classes, Regions, Availability Zones, Placement Groups, Amazon lightsail, Redshift, EC2 G4ad instances, DAAS, PAAS, IAAS, SAAS, NAAS, Machine Learning, Key Pairs, AWS CloudFormation, Amazon Macie, Amazon Textract, Glacier Deep Archive, 99.999999999% durability, AWS Codestar, Amazon Neptune, S3 Bucket, EMR, SNS, Desktop As A Service, Emazon EC2 for Mac, Aurora Postgres SQL, Kubernetes, Containers, Cluster.
Azure: Virtual Machines, Azure App Services, Azure Container Instances (ACI), Azure Kubernetes Service (AKS), and Windows Virtual Desktop, Virtual Networks, VPN Gateway, Virtual Network peering, and ExpressRoute, Container (Blob) Storage, Disk Storage, File Storage, and storage tiers, Cosmos DB, Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL, and SQL Managed Instance, Azure Marketplace, Azure consumption-based mode, management groups, resources and RG, Geographic distribution concepts such as Azure regions, region pairs, and AZ Internet of Things (IoT) Hub, IoT Central, and Azure Sphere, Azure Synapse Analytics, HDInsight, and Azure Databricks, Azure Machine Learning, Cognitive Services and Azure Bot Service, Serverless computing solutions that include Azure Functions and Logic Apps, Azure DevOps, GitHub, GitHub Actions, and Azure DevTest Labs, Azure Mobile, Azure Advisor, Azure Resource Manager (ARM) templates, Azure Security, Privacy and Workloads, General security and network security, Azure security features, Azure Security Centre, policy compliance, security alerts, secure score, and resource hygiene, Key Vault, Azure Sentinel, Azure Dedicated Hosts, Concept of defense in depth, NSG, Azure Firewall, Azure DDoS protection, Identity, governance, Conditional Access, Multi-Factor Authentication (MFA), and Single Sign-On (SSO),Azure Services, Core Azure architectural components, Management Groups, Azure Resource Manager,
Google Cloud Platform: Compute Engine, App Engine, BigQuery, Bigtable, Pub/Sub, flow logs, CORS, CLI, pod, Firebase, Cloud Run, Cloud Firestore, Cloud CDN, Cloud Storage, Persistent Disk, Kubernetes engine, Container registry, Cloud Load Balancing, Cloud Dataflow, gsutils, Cloud SQL,
2022 AWS Cloud Practitioner Exam Preparation
Cloud Education Certification: Eduflix App for Cloud Education and Certification (AWS, Azure, Google Cloud) [Android, iOS]
Features:
– Practice exams
– 1000+ Q&A updated frequently.
– 3+ Practice exams per Certification
– Scorecard / Scoreboard to track your progress
– Quizzes with score tracking, progress bar, countdown timer.
– Can only see scoreboard after completing the quiz.
– FAQs for most popular Cloud services
– Cheat Sheets
– Flashcards
– works offline
Note and disclaimer: We are not affiliated with AWS, Azure, Microsoft or Google. The questions are put together based on the certification study guide and materials available online. The questions in this app should help you pass the exam but it is not guaranteed. We are not responsible for any exam you did not pass.
Important: To succeed with the real exam, do not memorize the answers in this app. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.
CyberSecurity 101 and Top 25 AWS Certified Security Specialty Questions and Answers Dumps
Almost 4.57 billion people were active internet users as of July 2020, encompassing 59 percent of the global population. 94% of enterprises use cloud. 77% of organizations worldwide have at least one application running on the cloud. This results in an exponential growth of cyber attacks. Therefore, CyberSecurity is one the biggest challenge to individuals and organizations worldwide: 158,727 cyber attacks per hour, 2,645 per minute and 44 every second of every day.
In this blog, we cover the Top 25 AWS Certified Security Specialty Questions and Answers Dumps and all latest and relevant information about CyberSecurity including:
- CyberSecurity Key Terms
- CyberSecurity Certification Roadmap
- Hacking Tools Cheat Sheet
- Wireshark Cheat Sheet
- CyberSecurity Top Posts on Reddit
- Best CyberSecurity Books
- Best CyberSecurity Online Training
- Best CyberSecurity Courses
- Best CyberSecurity Podcasts
- Best Cybersecurity Youtube Channels
- CyberSecurity Jobs
- CyberSecurity Cheat Sheets
- How SSl Certificates Works
- Penetration Testing Terms
- CyberSecurity Post COVID-19
- CyberSecurity Questions and Answers
- What are the best ways to protect yourself on the internet?
- Who are the notable hackers
- History of RansomWare
I- The AWS Certified Security – Specialty (SCS-C01) examination is intended for individuals who perform a security role. This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform.
It validates an examinee’s ability to demonstrate:
An understanding of specialized data classifications and AWS data protection mechanisms.
An understanding of data-encryption methods and AWS mechanisms to implement them.
An understanding of secure Internet protocols and AWS mechanisms to implement them.
A working knowledge of AWS security services and features of services to provide a secure production environment.
Competency gained from two or more years of production deployment experience using AWS security services and features.
The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements.

An understanding of security operations and risks.
Below are the Top 25 AWS Certified Security Specialty Questions and Answers Dumps including Notes, Hint and References:
Question 1: When requested through an STS API call, credentials are returned with what three components?
ANSWER1:
Notes/Hint1:
Reference1: Security Token, Access Key ID, Secret Access Key
Get mobile friendly version of the quiz @ the App Store
Question 2: A company has AWS workloads in multiple geographical locations. A Developer has created an Amazon Aurora database in the us-west-1 Region. The database is encrypted using a customer-managed AWS KMS key. Now the Developer wants to create the same encrypted database in the us-east-1 Region. Which approach should the Developer take to accomplish this task?
ANSWER2:
Notes/Hint2:
Reference2: copies an encrypted snapshot, KMS Keys are Region-specific
Get mobile friendly version of the quiz @ the App Store
Question 3: A corporate cloud security policy states that communication between the company’s VPC and KMS must travel entirely within the AWS network and not use public service endpoints. Which combination of the following actions MOST satisfies this requirement? (Select TWO.)
ANSWER3:
Notes/Hint3:
Reference3: AWS KMS
Get mobile friendly version of the quiz @ the App Store
Question 4: An application team is designing a solution with two applications. The security team wants the applications’ logs to be captured in two different places, because one of the applications produces logs with sensitive data. Which solution meets the requirement with the LEAST risk and effort?
ANSWER4:
Notes/Hint4:
Reference4: Amazon CloudWatch Logs log group.
Get mobile friendly version of the quiz @ the App Store
Question 5: A security engineer must set up security group rules for a three-tier application:
- Presentation tier – Accessed by users over the web, protected by the security group presentation-sg
- Logic tier – RESTful API accessed from the presentation tier through HTTPS, protected by the security group logic-sg
- Data tier – SQL Server database accessed over port 1433 from the logic tier, protected by the security group data-sg
ANSWER5:
Notes/Hint5:
Reference5: n-tier architecture
Get mobile friendly version of the quiz @ the App Store
Question 6: A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider. Which combination of the following actions should the engineer take to enable users to be authenticated into the web application and call APIs? (Select THREE).
ANSWER6:
Notes/Hint6:
Reference6: user pool attributes Amazon API Gateway
Get mobile friendly version of the quiz @ the App Store
Question 7: A company is hosting a web application on AWS and is using an Amazon S3 bucket to store images. Users should have the ability to read objects in the bucket. A security engineer has written the following bucket policy to grant public read access:
ANSWER7:
Notes/Hint7:
Reference7: IAM Policy – Access to S3 bucket
Get mobile friendly version of the quiz @ the App Store
Question 8: A company decides to place database hosts in its own VPC, and to set up VPC peering to different VPCs containing the application and web tiers. The application servers are unable to connect to the database. Which network troubleshooting steps should be taken to resolve the issue? (Select TWO.)
ANSWER8:
Notes/Hint8:
Reference8: route tables , rules to the security group , security group in the other VPC
Get mobile friendly version of the quiz @ the App Store
Question 9: A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The security team has the following requirements for the architecture:
- Data must be encrypted in transit.
- Data must be encrypted at rest.
- The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.
ANSWER9:
Notes/Hint9:
Reference9: Bucket encryption using KMS, privileges granted data in transit
Get mobile friendly version of the quiz @ the App Store
Question 10: A security engineer must ensure that all API calls are collected across all company accounts, and that they are preserved online and are instantly available for analysis for 90 days. For compliance reasons, this data must be restorable for 7 years. Which steps must be taken to meet the retention needs in a scalable, cost-effective way?
ANSWER10:
Notes/Hint10:
Reference10: lifecycle policies
Get mobile friendly version of the quiz @ the App Store
Question 11: A security engineer has been informed that a user’s access key has been found on GitHub. The engineer must ensure that this access key cannot continue to be used, and must assess whether the access key was used to perform any unauthorized activities. Which steps must be taken to perform these tasks?
ANSWER11:
Notes/Hint11:
Reference11: malicious activities
Get mobile friendly version of the quiz @ the App Store
Question 12: You have a CloudFront
A) CloudFront
B) The ‘*’ path
ANSWER12:
Notes/Hint12:
Reference12: CloudFront
Get mobile friendly version of the quiz @ the App Store
Question 13: An application running
ANSWER13:
Notes/Hint13:
Reference13: S3
Get mobile friendly version of the quiz @ the App Store
Question 14: An organization is
ANSWER14:
Notes/Hint14:
Reference14: AWS
Get mobile friendly version of the quiz @ the App Store
Question 15: From a security
ANSWER15:
Notes/Hint15:
Reference15: IAM
Get mobile friendly version of the quiz @ the App Store
Question 16: A company is storing an
ANSWER16:
Notes/Hint16:
Reference16: IAM Roles for EC2
Get mobile friendly version of the quiz @ the App Store
Question 17: While signing in REST/
ANSWER17:
Notes/Hint17:
Reference17: Rest API
Get mobile friendly version of the quiz @ the App Store
Question 18: You are using AWS
ANSWER18:
Notes/Hint18:
Reference18: KMS
Get mobile friendly version of the quiz @ the App Store
Question 19: Your company has
ANSWER2:
Notes/Hint19:
Reference19: About Web Identity Federation
Get mobile friendly version of the quiz @ the App Store
Question 20: Your application
ANSWER20:
Notes/Hint20:
Reference20: Cognito Streams
ANSWER21:
Notes/Hint21:
Reference21: AWS Key
Question 22: Which of the following
ANSWER22:
Notes/Hint22:
Reference22: KMS
ANSWER23:
Notes/Hint23:
Reference23: Envelope encryption
Question 24: Which command can you
ANSWER24:
Notes/Hint24:
Reference24: AWS
Question 25: If an EC2 instance uses an instance role, key rotation is automatic and handled by __.
ANSWER25:
Notes/Hint25:
Reference25: IAM/STS
Get mobile friendly version of the quiz @ the App Store
II- SOURCES:
0- Djamga Cloud Security Playlist on Youtube:
1- Developer Certified Exam Prep Pro App
2- Prepare for Your AWS Certification Exam
CYBERSECURITY KEY TERMS
-
- Cryptography: Practice and study of techniques for secure communication in the presence of third parties called adversaries.
-
- Hacking: catch-all term for any type of misuse of a computer to break the security of another computing system to steal data, corrupt systems or files, commandeer the environment or disrupt data-related activities in any way.
-
- Cyberwarfare: Uuse of technology to attack a nation, causing comparable harm to actual warfare. There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists
-
- Penetration testing: Colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment.
-
-
- Malwares: Any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
- Malware Analysis Tool: Any .Run Malware hunting with live access to the heart of an incident https://any.run/Malware Analysis Total: VirusTotal – Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community https://www.virustotal.com/gui/
-
-
- VPN: A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, although not an inherent, part of a VPN connection.
-
- Antivirus: Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
-
- DDos: A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers,” it generally means it has become a victim of a DDoS attack.
-
- Fraud Detection: Set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud detection is applied to many industries such as banking or insurance. In banking, fraud may include forging checks or using stolen credit cards.
-
- Spywares: Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user; for example by violating their privacy or endangering their device’s security.
- Spoofing: Disguising a communication from an unknown source as being from a known, trusted source
- Pharming: Malicious websites that look legitimate and are used to gather usernames and passwords.
- Catfishing: Creating a fake profile for fraudulent or deceptive purposes
-
- SSL: Stands for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
- Phishing emails: Disguised as trustworthy entity to lure someone into providing sensitive information
-
- Intrusion detection System: Device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.
-
- Encryption: Encryption is the method by which information is converted into secret code that hides the information’s true meaning. The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.
-
- MFA: Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials in order to authenticate their identity. In IT, these credentials take the form of passwords, hardware tokens, numerical codes, biometrics, time, and location.
-
- Vulnerabilities: A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.
-
- SQL injections: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
-
- Cyber attacks: In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.
-
- Confidentiality: Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.
-
- Secure channel: In cryptography, a secure channel is a way of transferring data that is resistant to overhearing and tampering. A confidential channel is a way of transferring data that is resistant to overhearing, but not necessarily resistant to tampering.
-
- Tunneling: Communications protocol that allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.
-
- SSH: Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
-
- SSL Certificates: SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information.
-
- Phishing: Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
-
- Cybercrime: Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may threaten a person, company or a nation’s security and financial health.
-
- Backdoor: A backdoor is a means to access a computer system or encrypted data that bypasses the system’s customary security mechanisms. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.
-
- Salt and Hash: A cryptographic salt is made up of random bits added to each password instance before its hashing. Salts create unique passwords even in the instance of two users choosing the same passwords. Salts help us mitigate rainbow table attacks by forcing attackers to re-compute them using the salts.
-
- Password: A password, sometimes called a passcode,[1] is a memorized secret, typically a string of characters, usually used to confirm the identity of a user.[2] Using the terminology of the NIST Digital Identity Guidelines,[3] the secret is memorized by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol,[4] the verifier is able to infer the claimant’s identity.
-
- Fingerprint: A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal.
-
- Facial recognition: Facial recognition works better for a person as compared to fingerprint detection. It releases the person from the hassle of moving their thumb or index finger to a particular place on their mobile phone. A user would just have to bring their phone in level with their eye.
-
- Asymmetric key ciphers versus symmetric key ciphers (Difference between symmetric and Asymmetric encryption): The basic difference between these two types of encryption is that symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses public key for encryption and a private key for decryption.
-
- Decryption: The conversion of encrypted data into its original form is called Decryption. It is generally a reverse process of encryption. It decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password.
-
- Algorithms: Finite sequence of well-defined, computer-implementable instructions, typically to solve a class of problems or to perform a computation.
-
- Authentication: is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing’s identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate,[1] determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.
-
- DFIR: Digital forensic and incident response: Multidisciplinary profession that focuses on identifying, investigating, and remediating computer network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, an kinds of targets. We’ll discuss those more below.
-
-
- OTP: One Time Password: A one-time password, also known as one-time PIN or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device
-
-
- Proxy Server and Reverse Proxy Server:A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server.
LATEST CYBER SECURITY NEWS
Cybersecurity Certification

WireShark Cheat Sheet

HACKING TOOLS CHEAT SHEET

Top CyberSecurity All Time Posts
Show All Around Defender Primers
- Linux CLI 101 https://wiki.sans.blue/Tools/pdfs/LinuxCLI101.pdf
- Linux CLI https://wiki.sans.blue/Tools/pdfs/LinuxCLI.pdf
- PowerShell Primer https://wiki.sans.blue/Tools/pdfs/PowerShell.pdf
- PowerShell Get-WinEvent https://wiki.sans.blue/Tools/pdfs/Get-WinEvent.pdf
Show Offensive * Exploit Database
Offensive * Exploit Database – The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. https://www.exploit-db.com/
CYBERSECURITY NEWS
- Krebs On Security In depth security news and investigation https://krebsonsecurity.com/
- Dark Reading Cyber security’s comprehensive news site is now an online community for security professionals. https://www.darkreading.com/
- The Hacker News – The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts. https://thehackernews.com
- SecuriTeam – A free and independent source of vulnerability information. https://securiteam.com/
- SANS NewsBites – “A semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.” Published for free on Tuesdays and Fridays. https://www.sans.org/newsletters/newsbites
CYBERSECURITY YOUTUBE CHANNELS
This list was originally forked/curated from here: https://wportal.xyz/collection/cybersec-yt1 on (7/29/2020) Attribution and appreciation to d4rckh
- Djamga Technology
- SimplyCyber Weekly vids, Simply Cyber brings Information security related content to help IT or Information Security professionals take their career further, faster. Current cyber security industry topics and techniques are explored to promote a career in the field. Topics cover offense, defense, governance, risk, compliance, privacy, education, certification, conferences; all with the intent of professional development. https://www.youtube.com/c/GeraldAuger
- IPPSec https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
- Tradecraft Security Weekly – Want to learn about all of the latest security tools and techniques? https://wiki.securityweekly.com/Tradecraft_Security_Weekly
- Derek Rook – CTF/Boot2root/wargames Walkthrough – lots of lengthy screenshot instructional vids https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA
- Adrian Crenshaw – lots of lengthy con-style talks https://www.youtube.com/user/irongeek
- LionSec – lots of brief screenshot instructional vids, no dialog https://www.youtube.com/channel/UCCQLBOt_hbGE-b9I696VRow
- Zer0Mem0ry – lots of brief c++ security videos, programming intensive https://www.youtube.com/channel/UCDk155eaoariJF2Dn2j5WKA
- webpwnized – lots of brief screenshot vids, some CTF walkthroughs https://www.youtube.com/channel/UCPeJcqbi8v46Adk59plaaXg
- Waleed Jutt – lots of brief screenshot vids covering web security and game programming https://www.youtube.com/channel/UCeN7cOELsyMHrzfMsJUgv3Q
- Troy Hunt – lone youtuber, medium length news videos, 16K followers, regular content https://www.youtube.com/channel/UCD6MWz4A61JaeGrvyoYl-rQ
- Tradecraft Security Weekly – Want to learn about all of the latest security tools and techniques?https://wiki.securityweekly.com/Tradecraft_Security_Weekly
- SSTec Tutorials – lots of brief screenshot vids, regular updates https://www.youtube.com/channel/UCHvUTfxL_9bNQgqzekPWHtg
- Shozab Haxor – lots of screenshot style instructional vids, regular updates, windows CLI tutorial https://www.youtube.com/channel/UCBwub2kRoercWQJ2mw82h3A
- Seytonic – variety of DIY hacking tutorials, hardware hacks, regular updates https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeA
- Security Weekly – regular updates, lengthy podcast-style interviews with industry pros https://www.youtube.com/channel/UCg–XBjJ50a9tUhTKXVPiqg
- SecureNinjaTV – brief news bites, irregular posting, 18K followers https://www.youtube.com/channel/UCNxfV4yR0nIlhFmfwcdf3BQ
- Samy Kamkar’s Applied hacking https://www.youtube.com/user/s4myk
- rwbnetsec – lots of medium length instructional videos covering tools from Kali 2.0, no recent posts. https://www.youtube.com/channel/UCAJ8Clc3188ek9T_5XTVzZQ
- Penetration Testing in Linux https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA
- Pentester Academy TV – lots of brief videos, very regular posting, up to +8 a week https://www.youtube.com/channel/UChjC1q6Ami7W0E71TzPZELA
- Open SecurityTraining – lots of lengthy lecture-style vids, no recent posts, but quality info. https://www.youtube.com/channel/UCthV50MozQIfawL9a_g5rdg
- NetSecNow – channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids https://www.youtube.com/channel/UC6J_GnSAi7F2hY4RmnMcWJw
- Metasploitation – lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids. https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZrg
- LiveOverflow – Lots of brief-to-medium instructional vids, covering things like buffer overflows and exploit writing, regular posts. https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
- LionSec – lots of brief screenshot instructional vids, no dialog https://www.youtube.com/channel/UCCQLBOt_hbGE-b9I696VRow
- Latest Hacking News 10K followers, medium length screenshot videos, no recent releases https://www.youtube.com/user/thefieldhouse/feed
- John Hammond – Solves CTF problems. contains penTesting tips and tricks https://www.youtube.com/user/RootOfTheNull
- JackkTutorials – lots of medium length instructional vids with some AskMe vids from the youtuber https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA
- iExplo1t – lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts https://www.youtube.com/channel/UCx0HClQ_cv0sLNOVhoO2nxg/videos
- HACKING TUTORIALS – handful of brief screenshot vids, no recent posts. https://www.youtube.com/channel/UCbsn2kQwNxcIzHwbdDjzehA
- HackerSploit – regular posts, medium length screenshot vids, with dialog https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
- GynvaelEN – Security streams from Google Researcher. Mainly about CTFs, computer security, programing and similar things. https://www.youtube.com/channel/UCCkVMojdBWS-JtH7TliWkVg
- Geeks Fort – KIF – lots of brief screenshot vids, no recent posts https://www.youtube.com/channel/UC09NdTL2hkThGLSab8chJMw
- Error 404 Cyber News – short screen-shot videos with loud metal, no dialog, bi-weekly https://www.youtube.com/channel/UC4HcNHFKshqj-aeyi6imW7Q
- Don Does 30 – amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers https://www.youtube.com/channel/UCarxjDjSYsIf50Jm73V1D7g
- Derek Rook – CTF/Boot2root/wargames Walkthrough – lots of lengthy screenshot instructional vids, https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA
- DemmSec – lots of pen testing vids, somewhat irregular uploads, 44K followers https://www.youtube.com/channel/UCJItQmwUrcW4VdUqWaRUNIg
- DEFCON Conference – lots of lengthy con-style vids from the iconical DEFCON https://www.youtube.com/channel/UC6Om9kAkl32dWlDSNlDS9Iw
- DedSec – lots of brief screenshot how-to vids based in Kali, no recent posts. https://www.youtube.com/channel/UCx34ZZW2KgezfUPPeL6m8Dw
- danooct1 – lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followers https://www.youtube.com/channel/UCqbkm47qBxDj-P3lI9voIAw
- BalCCon – Balkan Computer Congress – Long con-style talks from the Balkan Computer Congress, doesn’t update regularlyhttps://www.youtube.com/channel/UCoHypmu8rxlB5Axh5JxFZsA
- Corey Nachreiner – security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule https://www.youtube.com/channel/UC7dUL0FbVPGqzdb2HtWw3Xg
- Adrian Crenshaw – lots of lengthy con-style talks https://www.youtube.com/user/irongeek
- 0x41414141 – Channel with couple challenges, well explained https://www.youtube.com/channel/UCPqes566OZ3G_fjxL6BngRQ
- HackADay – Hackaday serves up Fresh Hacks Every Day from around the Internet. https://hackaday.com/
- TheCyberMentor – Heath Adams uploads regular videos related to various facets of cyber security, from bug bounty hunts to specific pentest methodologies like API, buffer overflows, networking. https://www.youtube.com/c/TheCyberMentor/
- Grant Collins – Grant uploads videos regarding breaking into cybersecurity, various cybersecurity projects, building up a home lab amongst many others. Also has a companion discord channel and a resource website. https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA/featured
CYBERSECURITY PODCASTS:
- Risky Business Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals. https://risky.biz/
- Pauls Security Weekly This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. https://securityweekly.com/category-shows/paul-security-weekly/
- Security Now – Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. https://twit.tv/shows/security-now
- Daily Information Security Podcast (“StormCast”) Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute. https://isc.sans.edu/podcast.html
- ShadowTalk Threat Intelligence Podcast by Digital Shadow_. The weekly podcast highlights key findings of primary-source research our Intelligence Team is conducting, along with guest speakers discussing the latest threat actors, campaigns, security events and industry news. https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk
- Don’t Panic – The Unit 42 Podcast Don’t Panic! is the official podcast from Unit 42 at Palo Alto Networks. We find the big issues that are frustrating cyber security practitioners and help simplify them so they don’t need to panic. https://unit42.libsyn.com/
- Recorded Future Recorded Future takes you inside the world of cyber threat intelligence. We’re sharing stories from the trenches and the operations floor as well as giving you the skinny on established and emerging adversaries. We also talk current events, technical tradecraft, and offer up insights on the big picture issues in our industry. https://www.recordedfuture.com/resources/podcast/
- The Cybrary Podcast Listen in to the Cybrary Podcast where we discuss a range topics from DevSecOps and Ransomware attacks to diversity and how to retain of talent. Entrepreneurs at all stages of their startup companies join us to share their stories and experience, including how to get funding, hiring the best talent, driving sales, and choosing where to base your business. https://www.cybrary.it/info/cybrary-podcast/
- Cyber Life The Cyber Life podcast is for cyber security (InfoSec) professionals, people trying to break into the industry, or business owners looking to learn how to secure their data. We will talk about many things, like how to get jobs, cover breakdowns of hot topics, and have special guest interviews with the men and women “in the trenches” of the industry. https://redcircle.com/shows/cyber-life
- Career Notes Cybersecurity professionals share their personal career journeys and offer tips and advice in this brief, weekly podcast from The CyberWire. https://www.thecyberwire.com/podcasts/career-notes
Below podcasts Added from here: https://infosec-conferences.com/cybersecurity-podcasts/
- Down the Security Rabbithole http://podcast.wh1t3rabbit.net/ Down the Security Rabbithole is hosted by Rafal Los and James Jardine who discuss, by means of interviewing or news analysis, everything about Cybersecurity which includes Cybercrime, Cyber Law, Cyber Risk, Enterprise Risk & Security and many more. If you want to hear issues that are relevant to your organization, subscribe and tune-in to this podcast.
- The Privacy, Security, & OSINT Show https://podcasts.apple.com/us/podcast/the-privacy-security-osint-show/id1165843330 The Privacy, Security, & OSINT Show, hosted by Michael Bazzell, is your weekly dose of digital security, privacy, and Open Source Intelligence (OSINT) opinion and news. This podcast will help listeners learn some ideas on how to stay secure from cyber-attacks and help them become “digitally invisible”.
- Defensive Security Podcast https://defensivesecurity.org/ Hosted by Andrew Kalat (@lerg) and Jerry Bell (@maliciouslink), the Defensive Security Podcasts aims to look/discuss the latest security news happening around the world and pick out the lessons that can be applied to keeping organizations secured. As of today, they have more than 200 episodes and some of the topics discussed include Forensics, Penetration Testing, Incident Response, Malware Analysis, Vulnerabilities and many more.
- Darknet Diaries https://darknetdiaries.com/episode/ Darknet Diaries Podcast is hosted and produced by Jack Rhysider that discuss topics related to information security. It also features some true stories from hackers who attacked or have been attacked. If you’re a fan of the show, you might consider buying some of their souvenirs here (https://shop.darknetdiaries.com/).
- Brakeing Down Security https://www.brakeingsecurity.com/ Brakeing Down Security started in 2014 and is hosted by Bryan Brake, Brian Boettcher, and Amanda Berlin. This podcast discusses everything about the Cybersecurity world, Compliance, Privacy, and Regulatory issues that arise in today’s organizations. The hosts will teach concepts that Information Security Professionals need to know and discuss topics that will refresh the memories of seasoned veterans.
- Open Source Security Podcast https://www.opensourcesecuritypodcast.com/ Open Source Security Podcast is a podcast that discusses security with an open-source slant. The show started in 2016 and is hosted by Josh Bressers and Kurt Siefried. As of this writing, they now posted around 190+ podcasts
- Cyber Motherboard https://podcasts.apple.com/us/podcast/cyber/id1441708044 Ben Makuch is the host of the podcast CYBER and weekly talks to Motherboard reporters Lorenzo Franceschi-Bicchierai and Joseph Cox. They tackle topics about famous hackers and researchers about the biggest news in cybersecurity. The Cyber- stuff gets complicated really fast, but Motherboard spends its time fixed in the infosec world so we don’t have to.
- Hak5 https://shop.hak5.org/pages/videos Hak5 is a brand that is created by a group of security professionals, hardcore gamers and “IT ninjas”. Their podcast, which is mostly uploaded on YouTube discusses everything from open-source software to penetration testing and network infrastructure. Their channel currently has 590,000 subscribers and is one of the most viewed shows when you want to learn something about security networks.
- Threatpost Podcast Series https://threatpost.com/category/podcasts/ Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide. With an award-winning editorial team produces unique and high-impact content including security news, videos, feature reports and more, with their global editorial activities are driven by industry-leading journalist Tom Spring, editor-in-chief.
- CISO-Security Vendor Relationship Podcast https://cisoseries.com Co-hosted by the creator of the CISO/Security Vendor Relationship Series, David Spark, and Mike Johnson, in 30 minutes, this weekly program challenges the co-hosts, guests, and listeners to critique, share true stories. This podcast, The CISO/Security Vendor Relationship, targets to enlighten and educate listeners on improving security buyer and seller relationships.
- Getting Into Infosec Podcast Stories of how Infosec and Cybersecurity pros got jobs in the field so you can be inspired, motivated, and educated on your journey. – https://gettingintoinfosec.com/
- Unsupervised Learning Weekly podcasts and biweekly newsletters as a curated summary intersection of security, technology, and humans, or a standalone idea to provoke thought, by Daniel Miessler. https://danielmiessler.com/podcast/
SECURITY BOOKS:
- Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems (O’Reilly) By Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield https://landing.google.com/sre/books/
- Security Engineering By Ross Anderson – A guide to building dependable distributed systems. (and Ross Anderson is brilliant //OP editorial) https://www.cl.cam.ac.uk/~rja14/book.html
- The Cyber Skill Gap By Vagner Nunes – The Cyber Skill Gap: How To Become A Highly Paid And Sought After Information Security Specialist! (Use COUPON CODE: W4VSPTW8G7 to make it free) https://payhip.com/b/PdkW
- The Beginner’s Guide to Information Security By Limor Elbaz – Offers insight and resources to help readers embark on a career in one of the 21st century’s most important—and potentially lucrative—fields. https://www.amazon.com/Beginners-Guide-Information-Security-Kickstart-ebook/dp/B01JTDDSAM
- Free Springer Textbooks Valid at least through July, Springer is providing free access to several hundred titles in its eBook collection. Books are available via SpringerLink and can be viewed online or downloaded as PDF or EBUP files. Disciplines include computer science, networking, cryptography, digital forensics, and others. https://link.springer.com/search/page/1?facet-content-type=%22Book%22&package=mat-covid19_textbooks&facet-language=%22En%22&sortOrder=newestFirst&showAll=true
- Texas A&M Security Courses The web-based courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power the global economy remain intact and secure. The web-based courses are offered through three discipline-specific tracks: general, non-technical computer users; technical IT professionals; and business managers and professionals. https://teex.org/program/dhs-cybersecurity/
CYBERSECURITY TRAINING:
- WebSecurity Academy Free online web security training from the creators of Burp Suite https://portswigger.net/web-security
- Mosse Cyber Security Institute Introduction to cybersecurity free certification with 100+ hours of training, no expiry/renewals, https://www.mosse-institute.com/certifications/mics-introduction-to-cyber-security.html
- BugCrowd University Free bug hunting resources and methodologies in form of webinars, education and training. https://www.bugcrowd.com/hackers/bugcrowd-university/
- Certified Network Security Specialist Certification and training; Expires Aug 31 2020 Use coupon code #StaySafeHome during checkout to claim your free access. Offer is valid till 31/08/2020. £500.00 Value https://www.icsi.co.uk/courses/icsi-cnss-certified-network-security-specialist-covid-19
- Metasploit Unleashed Most complete and in-depth Metasploit guide available, with contributions from the authors of the No Starch Press Metasploit Book. https://www.offensive-security.com/metasploit-unleashed/
- AWS Cloud Certified Get skills in AWS to be more marketable. Training is quality and free. https://www.youtube.com/watch?v=3hLmDS179YE Have to create an AWS account, Exam is $100.
- SANS Faculty Free Tools List of OSS developed by SANS staff. https://www.sans.org/media/free/free-faculty-tools.pdf?msc=sans-free-lp
- “Using ATT&CK for Cyber Threat Intelligence Training” – 4 hour training The goal of this training is for students to understand the following: at: https://attack.mitre.org/resources/training/cti/
- Coursera -“Coursera Together: Free online learning during COVID-19” Lots of different types of free training. https://blog.coursera.org/coursera-together-free-online-learning-during-covid-19/
- Fortinet Security Appliance Training Free access to the FortiGate Essentials Training Course and Network Security Expert courses 1 and 2 https://www.fortinet.com/training/cybersecurity-professionals.html
- Chief Information Security Officer (CISO) Workshop Training – The Chief Information Security Office (CISO) workshop contains a collection of security learnings, principles, and recommendations for modernizing security in your organization. This training workshop is a combination of experiences from Microsoft security teams and learnings from customers. – https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop
- CLARK Center Plan C – Free cybersecurity curriculum that is primarily video-based or provide online assignments that can be easily integrated into a virtual learning environments https://clark.center/home
- Hack.me is a FREE, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party interested in Web Application Security. https://hack.me/
- Hacker101 – Free classes for web security – https://www.hacker101.com/
- ElasticStack – Free on-demand Elastic Stack, observability, and security courses. https://training.elastic.co/learn-from-home
- Hoppers Roppers – Community built around a series of free courses that provide training to beginners in the security field. https://www.hoppersroppers.org/training.html
- IBM Security Learning Academy Free technical training for IBM Security products. https://www.securitylearningacademy.com/
- M.E. Kabay Free industry courses and course materials for students, teachers and others are welcome to use for free courses and lectures. http://www.mekabay.com/courses/index.htm
- Open P-TECH Free digital learning on the tech skills of tomorrow. https://www.ptech.org/open-p-tech/
- Udemy – Online learning course platform “collection from the free courses in our learning marketplace” https://www.udemy.com/courses/free/
- Enroll Now Free: PCAP Programming Essentials in Python https://www.netacad.com/courses/programming/pcap-programming-essentials-python Python is the very versatile, object-oriented programming language used by startups and tech giants, Google, Facebook, Dropbox and IBM. Python is also recommended for aspiring young developers who are interested in pursuing careers in Security, Networking and Internet-of-Things. Once you complete this course, you are ready to take the PCAP – Certified Associate in Python programming. No prior knowledge of programming is required.
- Packt Web Development Course Web Development Get to grips with the fundamentals of the modern web Unlock one year of free online access. https://courses.packtpub.com/pages/free?fbclid=IwAR1FtKQcYK8ycCmBMXaBGvW_7SgPVDMKMaRVwXYcSbiwvMfp75gazxRZlzY
- Stanford University Webinar – Hacked! Security Lessons from Big Name Breaches 50 minute cyber lecture from Stanford.You Will Learn: — The root cause of key breaches and how to prevent them; How to measure your organization’s external security posture; How the attacker lifecycle should influence the way you allocate resources https://www.youtube.com/watch?v=V9agUAz0DwI
- Stanford University Webinar – Hash, Hack, Code: Emerging Trends in Cyber Security Join Professor Dan Boneh as he shares new approaches to these emerging trends and dives deeper into how you can protect networks and prevent harmful viruses and threats. 50 minute cyber lecture from Stanford. https://www.youtube.com/watch?v=544rhbcDtc8
- Kill Chain: The Cyber War on America’s Elections (Documentary) (Referenced at GRIMMCON), In advance of the 2020 Presidential Election, Kill Chain: The Cyber War on America’s Elections takes a deep dive into the weaknesses of today’s election technology, an issue that is little understood by the public or even lawmakers. https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections
- Intro to Cybersecurity Course (15 hours) Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion. https://www.netacad.com/portal/web/self-enroll/c/course-1003729
- Cybersecurity Essentials (30 hours) Foundational knowledge and essential skills for all cybersecurity domains, including info security, systems sec, network sec, ethics and laws, and defense and mitigation techniques used in protecting businesses. https://www.netacad.com/portal/web/self-enroll/c/course-1003733
- Pluralsight and Microsoft Partnership to help you become an expert in Azure. With skill assessments and over 200+ courses, 40+ Skill IQs and 8 Role IQs, you can focus your time on understanding your strengths and skill gaps and learn Azure as quickly as possible.https://www.pluralsight.com/partners/microsoft/azure
- Blackhat Webcast Series Monthly webcast of varying cyber topics. I will post specific ones in the training section below sometimes, but this is worth bookmarking and checking back. They always have top tier speakers on relevant, current topics. https://www.blackhat.com/html/webcast/webcast-home.html
- Federal Virtual Training Environment – US Govt sponsored free courses. There are 6 available, no login required. They are 101 Coding for the Public, 101 Critical Infrastructure Protection for the Public, Cryptocurrency for Law Enforcement for the Public, Cyber Supply Chain Risk Management for the Public, 101 Reverse Engineering for the Public, Fundamentals of Cyber Risk Management. https://fedvte.usalearning.gov/public_fedvte.php
- Harrisburg University CyberSecurity Collection of 18 curated talks. Scroll down to CYBER SECURITY section. You will see there are 4 categories Resource Sharing, Tools & Techniques, Red Team (Offensive Security) and Blue Teaming (Defensive Security). Lot of content in here; something for everyone. https://professionaled.harrisburgu.edu/online-content/
- OnRamp 101-Level ICS Security Workshop Starts this 4/28. 10 videos, Q&A / discussion, bonus audio, great links. Get up to speed fast on ICS security. It runs for 5 weeks. 2 videos per week. Then we keep it open for another 3 weeks for 8 in total. https://onramp-3.s4xevents.com
- HackXOR WebApp CTF Hackxor is a realistic web application hacking game, designed to help players of all abilities develop their skills. All the missions are based on real vulnerabilities I’ve personally found while doing pentests, bug bounty hunting, and research. https://hackxor.net/
- Suricata Training 5-part training module using a simulation as a backdrop to teach how to use Suricata. https://rangeforce.com/resource/suricata-challenge-reg/
- flAWS System Through a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS). Multiple levels, “Buckets” of fun. http://flaws.cloud/
- Stanford CS 253 Web Security A free course from Stanford providing a comprehensive overview of web security. The course begins with an introduction to the fundamentals of web security and proceeds to discuss the most common methods for web attacks and their countermeasures. The course includes video lectures, slides, and links to online reading assignments. https://web.stanford.edu/class/cs253
- Linux Journey A free, handy guide for learning Linux. Coverage begins with the fundamentals of command line navigation and basic text manipulation. It then extends to more advanced topics, such as file systems and networking. The site is well organized and includes many examples along with code snippets. Exercises and quizzes are provided as well. https://linuxjourney.com
- Ryan’s Tutorials A collection of free, introductory tutorials on several technology topics including: Linux command line, Bash scripting, creating and styling webpages with HTML and CSS, counting and converting between different number systems, and writing regular expressions. https://ryanstutorials.net
- The Ultimate List of SANS Cheat Sheets Massive collection of free cybersecurity cheat sheets for quick reference (login with free SANS account required for some penetration testing resources). https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
- CYBER INTELLIGENCE ANALYTICS AND OPERATIONS Learn:The ins and outs of all stages of the intelligence cycle from collection to analysis from seasoned intel professionals. How to employ threat intelligence to conduct comprehensive defense strategies to mitigate potential compromise. How to use TI to respond to and minimize impact of cyber incidents. How to generate comprehensive and actionable reports to communicate gaps in defenses and intelligence findings to decision makers. https://www.shadowscape.io/cyber-intelligence-analytics-operat
- Linux Command Line for Beginners 25 hours of training – In this course, you’ll learn from one of Fullstack’s top instructors, Corey Greenwald, as he guides you through learning the basics of the command line through short, digestible video lectures. Then you’ll use Fullstack’s CyberLab platform to hone your new technical skills while working through a Capture the Flag game, a special kind of cybersecurity game designed to challenge participants to solve computer security problems by solving puzzles. Finally, through a list of carefully curated resources through a series of curated resources, we’ll introduce you to some important cybersecurity topics so that you can understand some of the common language, concepts and tools used in the industry. https://prep.fullstackacademy.com/
- Hacking 101 6 hours of free training – First, you’ll take a tour of the world and watch videos of hackers in action across various platforms (including computers, smartphones, and the power grid). You may be shocked to learn what techniques the good guys are using to fight the bad guys (and which side is winning). Then you’ll learn what it’s like to work in this world, as we show you the different career paths open to you and the (significant) income you could make as a cybersecurity professional. https://cyber.fullstackacademy.com/prepare/hacking-101
- Choose Your Own Cyber Adventure Series: Entry Level Cyber Jobs Explained YouTube Playlist (videos from my channel #simplyCyber) This playlist is a collection of various roles within the information security field, mostly entry level, so folks can understand what different opportunities are out there. https://www.youtube.com/playlist?list=PL4Q-ttyNIRAqog96mt8C8lKWzTjW6f38F
- NETINSTRUCT.COM Free Cybersecurity, IT and Leadership Courses – Includes OS and networking basics. Critical to any Cyber job. https://netinstruct.com/courses
- HackerSploit – HackerSploit is the leading provider of free and open-source Infosec and cybersecurity training. https://hackersploit.org/
- Resources for getting started (Free and Paid)Practice
- DetectionLab (Free)
- LetsDefend.io (Free/Paid)
- DetectionLabELK (Free)
Log Analysis
- malware-traffic-analysis (Free)
- Practical Packet Analysis (Book) Chris Sanders
- Logging and Log Management by Anton A. Chuvakin , Kevin J. Schmidt (Book)
- Sigma (Tool)
- SysmonSearch (Tool)
Network Monitoring
- Applied Network Security Monitoring: Collection, Detection, and Analysis (Book)
- Open Security Training
- SANS Reading Room
Linux Distributions
- Security Onion
- The Appliance for Digital Investigation and Analysis (ADIA) https://forensics.cert.org/#ADIA
- SANS Investigative Forensic Toolkit (SIFT) Workstation
Memory Analysis Tools
Professional Training
- FOR578: Cyber Threat Intelligence (Paid)
- SEC511: Continuous Monitoring & Security Operations (Paid)
- SEC445: SIEM Design & Implementation (Paid)
- AEGIS Certification (Paid)
Conferences
- Virus Bulletin
- SANS Blue Team Summit
- Blueteamcon
CYBERSECURITY COURSES: (Multi-week w/Enrollment)
- Computer Science courses with video lectures Intent of this list is to act as Online bookmarks/lookup table for freely available online video courses. Focus would be to keep the list concise so that it is easy to browse. It would be easier to skim through 15 page list, find the course and start learning than having to read 60 pages of text. If you are student or from non-CS background, please try few courses to decide for yourself as to which course suits your learning curve best. https://github.com/Developer-Y/cs-video-courses?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com
- Cryptography I -offered by Stanford University – Rolling enrollment – Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. https://www.coursera.org/learn/crypto
- Software Security Rolling enrollment -offered by University of Maryland, College Park via Coursera – This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them — such as buffer overflows, SQL injection, and session hijacking — and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. https://www.coursera.org/learn/software-security
- Intro to Information Security Georgia Institute of Technology via Udacity – Rolling Enrollment. This course provides a one-semester overview of information security. It is designed to help students with prior computer and programming knowledge — both undergraduate and graduate — understand this important priority in society today. Offered at Georgia Tech as CS 6035 https://www.udacity.com/course/intro-to-information-security–ud459
- Cyber-Physical Systems Security Georgia Institute of Technology via Udacity – This course provides an introduction to security issues relating to various cyber-physical systems including industrial control systems and those considered critical infrastructure systems. 16 week course – Offered at Georgia Tech as CS 8803 https://www.udacity.com/course/cyber-physical-systems-security–ud279
- Finding Your Cybersecurity Career Path – University of Washington via edX – 4 weeks long – self paced – In this course, you will focus on the pathways to cybersecurity career success. You will determine your own incoming skills, talent, and deep interests to apply toward a meaningful and informed exploration of 32 Digital Pathways of Cybersecurity. https://www.edx.org/course/finding-your-cybersecurity-career-path
- Building a Cybersecurity Toolkit – University of Washington via edX – 4 weeks self-paced The purpose of this course is to give learners insight into these type of characteristics and skills needed for cybersecurity jobs and to provide a realistic outlook on what they really need to add to their “toolkits” – a set of skills that is constantly evolving, not all technical, but fundamentally rooted in problem-solving. https://www.edx.org/course/building-a-cybersecurity-toolkit
- Cybersecurity: The CISO’s View – University of Washington via edX – 4 weeks long self-paced – This course delves into the role that the CISO plays in cybersecurity operations. Throughout the lessons, learners will explore answers to the following questions: How does cybersecurity work across industries? What is the professionals’ point of view? How do we keep information secure https://www.edx.org/course/cybersecurity-the-cisos-view
- Introduction to Cybersecurity – University of Washington via edX – In this course, you will gain an overview of the cybersecurity landscape as well as national (USA) and international perspectives on the field. We will cover the legal environment that impacts cybersecurity as well as predominant threat actors. – https://www.edx.org/course/introduction-to-cybersecurity
- Cyber Attack Countermeasures New York University (NYU) via Coursera – This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema. – https://www.coursera.org/learn/cyber-attack-countermeasures
- Introduction to Cyber Attacks New York University (NYU) via Coursera – This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. https://www.coursera.org/learn/intro-cyber-attacks
- Enterprise and Infrastructure Security New York University (NYU) via Coursera – This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks. https://www.coursera.org/learn/enterprise-infrastructure-security
- Network Security Georgia Institute of Technology via Udacity – This course provides an introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas. – https://www.udacity.com/course/network-security–ud199
- Real-Time Cyber Threat Detection and Mitigation – New York University (NYU) via Coursera This course introduces real-time cyber security techniques and methods in the context of the TCP/IP protocol suites. Explanation of some basic TCP/IP security hacks is used to introduce the need for network security solutions such as stateless and stateful firewalls. Learners will be introduced to the techniques used to design and configure firewall solutions such as packet filters and proxies to protect enterprise assets. https://www.coursera.org/learn/real-time-cyber-threat-detection
CYBERSECURITY JOBS:
CYBERSECURITY Cheat sheets
- Privilege-Escalation: This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples. https://github.com/Ignitetechnologies/Privilege-Escalation
- Malware analysis tools and resources. https://github.com/rshipp/awesome-malware-analysis
- Analyzing Malicious Documents Cheat Sheet https://zeltser.com/analyzing-malicious-documents/
- ReverseEngineering Cheat Sheet https://www.cybrary.it/wp-content/uploads/2017/11/cheat-sheet-reverse-v6.png
- SQL Injection | Various DBs http://pentestmonkey.net/category/cheat-sheet/sql-injection
- Nmap Cheat Sheet and Pro Tips https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
- PENTESTING LocalFileInclude Cheat Sheet https://highon.coffee/blog/lfi-cheat-sheet/
- Penetration Testing Tools Cheat Sheet https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
- Reverse Shell Cheat Sheet https://highon.coffee/blog/reverse-shell-cheat-sheet/
- nbtscan Cheat Sheet https://highon.coffee/blog/nbtscan-cheat-sheet/
- Linux Commands Cheat Sheet https://highon.coffee/blog/linux-commands-cheat-sheet/
- Kali Linux Cheat Sheet https://i.redd.it/9bu827i9tr751.jpg
- Hacking Tools Cheat Sheet (Diff tools) https://i.redd.it/fviaw8s43q851.jpg
- Google Search Operators: The Complete List (42 Advanced Operators) https://ahrefs.com/blog/google-advanced-search-operators/
- (Multiple) (Good) Cheat Sheets – Imgur https://imgur.com/gallery/U5jqgik
- Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
- Shodan Query Filters https://github.com/JavierOlmedo/shodan-filters
- Getting Real with XSS – A reference on the new technquies to XSS https://labs.f-secure.com/blog/getting-real-with-xss/
SANS Massive List of Cheat Sheets Curated from here: https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
General IT Security * Windows and Linux Terminals & Command Lines https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltea7de5267932e94b/5eb08aafcf88d36e47cf0644/Cheatsheet_SEC301-401_R7.pdf
- TCP/IP and tcpdump https://www.sans.org/security-resources/tcpip.pdf?msc=Cheat+Sheet+Blog
- IPv6 Pocket Guide https://www.sans.org/security-resources/ipv6_tcpip_pocketguide.pdf?msc=Cheat+Sheet+Blog
- Powershell Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf146e4f361db3938/5e34a7bc946d717e2eab6139/power-shell-cheat-sheet-v41.pdf
- Writing Tips for IT Professionals https://zeltser.com/writing-tips-for-it-professionals/
- Tips for Creating and Managing New IT Products https://zeltser.com/new-product-management-tips/
- Tips for Getting the Right IT Job https://zeltser.com/getting-the-right-it-job-tips/
- Tips for Creating a Strong Cybersecurity Assessment Report https://zeltser.com/security-assessment-report-cheat-sheet/
- Critical Log Review Checklist for Security Incidents https://zeltser.com/security-incident-log-review-checklist/
- Security Architecture Cheat Sheet for Internet Applications https://zeltser.com/security-architecture-cheat-sheet/
- Tips for Troubleshooting Human Communications https://zeltser.com/human-communications-cheat-sheet/
- Security Incident Survey Cheat Sheet for Server Administrators https://zeltser.com/security-incident-survey-cheat-sheet/
- Network DDoS Incident Response Cheat Sheet https://zeltser.com/ddos-incident-cheat-sheet/
- Information Security Assessment RFP Cheat Sheet https://zeltser.com/cheat-sheets/
Digital Forensics and Incident Response
- SIFT Workstation Cheat Sheet https://digital-forensics.sans.org/media/sift_cheat_sheet.pdf?msc=Cheat+Sheet+Blog
- Plaso Filtering Cheat Sheet https://digital-forensics.sans.org/media/Plaso-Cheat-Sheet.pdf?msc=Cheat+Sheet+Blog
- Tips for Reverse-Engineering Malicious Code https://digital-forensics.sans.org/media/reverse-engineering-malicious-code-tips.pdf?msc=Cheat+Sheet+Blog
- REMnux Usage Tips for Malware Analysis on Linux https://digital-forensics.sans.org/media/remnux-malware-analysis-tips.pdf?msc=Cheat+Sheet+Blog
- Analyzing Malicious Documents https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf?msc=Cheat+Sheet+Blog
- Malware Analysis and Reverse-Engineering Cheat Sheet https://digital-forensics.sans.org/media/malware-analysis-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- SQlite Pocket Reference Guide https://digital-forensics.sans.org/media/SQlite-PocketReference-final.pdf?msc=Cheat+Sheet+Blog
- Eric Zimmerman’s tools Cheat Sheet https://digital-forensics.sans.org/media/EricZimmermanCommandLineToolsCheatSheet-v1.0.pdf?msc=Cheat+Sheet+Blog
- Rekall Memory Forensics Cheat Sheet https://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf?msc=Cheat+Sheet+Blog
- Linux Shell Survival Guide https://digital-forensics.sans.org/media/linux-shell-survival-guide.pdf?msc=Cheat+Sheet+Blog
- Windows to Unix Cheat Sheet https://digital-forensics.sans.org/media/windows_to_unix_cheatsheet.pdf?msc=Cheat+Sheet+Blog
- Memory Forensics Cheat Sheet https://digital-forensics.sans.org/media/volatility-memory-forensics-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- Hex and Regex Forensics Cheat Sheet https://digital-forensics.sans.org/media/hex_file_and_regex_cheat_sheet.pdf?msc=Cheat+Sheet+Blog
- FOR518 Mac & iOS HFS+ Filesystem Reference Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt61c336e02577e733/5eb0940e248a28605479ccf0/FOR518_APFS_CheatSheet_012020.pdf
- The majority of DFIR Cheat Sheets can be found here –> https://digital-forensics.sans.org/community/cheat-sheets?msc=Cheat+Sheet+Blog.
Penetration Testing * Swiss Army Knife collection of PenTesting Cheatsheets https://github.com/swisskyrepo/PayloadsAllTheThings
- SQLite Injection Cheat Sheet https://github.com/unicornsasfuel/sqlite_sqli_cheat_sheet
- SSL/TLS Vulnerability Cheat Sheet https://github.com/IBM/tls-vuln-cheatsheet
- Windows Intrusion Discovery Cheat Sheet v3.0 https://pen-testing.sans.org/retrieve/windows-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- Intrusion Discovery Cheat Sheet v2.0 (Linux) https://pen-testing.sans.org/retrieve/linux-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- Intrusion Discovery Cheat Sheet v2.0 (Windows 2000) https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltd6fa777a3215f34a/5eb08aae08d37e6d82ef77fe/win2ksacheatsheet.pdf
- Windows Command Line https://pen-testing.sans.org/retrieve/windows-command-line-sheet.pdf?msc=Cheat+Sheet+Blog
- Netcat Cheat Sheet https://pen-testing.sans.org/retrieve/netcat-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- Misc Tools Cheat Sheet https://pen-testing.sans.org/retrieve/misc-tools-sheet.pdf?msc=Cheat+Sheet+Blog
- Python 3 Essentials https://www.sans.org/blog/sans-cheat-sheet-python-3/?msc=Cheat+Sheet+Blog
- Windows Command Line Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt4e45e00c2973546d/5eb08aae4461f75d77a48fd4/WindowsCommandLineSheetV1.pdf
- SMB Access from Linux Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blta6a2ae64ec0ed535/5eb08aaeead3926127b4df44/SMB-Access-from-Linux.pdf
- Pivot Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt0f228a4b9a1165e4/5ef3d602395b554cb3523e7b/pivot-cheat-sheet-v1.0.pdf
- Google Hacking and Defense Cheat Sheet https://www.sans.org/security-resources/GoogleCheatSheet.pdf?msc=Cheat+Sheet+Blog
- Scapy Cheat Sheet https://wiki.sans.blue/Tools/pdfs/ScapyCheatSheet_v0.2.pdf
- Nmap Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blte37ba962036d487b/5eb08aae26a7212f2db1c1da/NmapCheatSheetv1.1.pdf
Cloud Security Cheat sheets
- Multicloud Cheat Sheet https://www.sans.org/security-resources/posters/cloud/multicloud-cheat-sheet-215?msc=blog-ultimate-list-cheat-sheets
CYBERSECURITY Q&A
AWS Certified Developer A. PRO
Source: What is the best cheap Wi-Fi cracking/hacking adapter?
Hey everyone, I’ve started getting into hacking, and would like to know the cheapest but best Wi-Fi cracking/deauthing/hacking adapter. I’m on a fairly tight budget of 20AUD and am willing to compromise if needed. Priority is a card with monitor mode, then cracking capabilities, then deauthing, etc. Thank you guys! By the way, if there are any beginner tips you are willing to give, please let me know!
How SSL Certificates Work
- A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.
- The web server sends the browser/server a copy of its SSL certificate.
- The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.
- The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.
- Encrypted data is shared between the browser/server and the web server.
There are many benefits to using SSL certificates. Namely, SSL customers can:
- Utilize HTTPs, which elicits a stronger Google ranking
- Create safer experiences for your customers
- Build customer trust and improve conversions
- Protect both customer and internal data
- Encrypt browser-to-server and server-to-server communication
- Increase security of your mobile and cloud apps
Penetration Testing Terms
Penetration Testing Terms to know:
- Authentication — The process of checking if a user is allowed to gain access to a system. eg. Login forms with username and password.
- Authorization — Checking if the authenticated user has access to perform an action. eg. user, admin, super admin roles.
- Audit — Conduct a complete inspection of an organization’s network to find vulnerable endpoints or malicious software.
- Access Control List — A list that contains users and their level of access to a system.
- Aircrack-ng — Wifi penetration testing software suite. Contains sniffing, password cracking, and general wireless attacking tools.
- Backdoor — A piece of code that lets hackers get into the system easily after it has been compromised.
- Burp Suite — Web application security software, helps test web apps for vulnerabilities. Used in bug bounty hunting.
- Banner Grabbing — Capturing basic information about a server like the type of web server software (eg. apache) and services running on it.
- Botnet — A network of computers controlled by a hacker to perform attacks such as Distributed Denial of Service.
- Brute-Force Attack — An attack where the hacker tries different login combinations to gain access. eg. trying to crack a 9 -digit numeric password by trying all the numbers from 000000000 to 999999999
- Buffer Overflow — When a program tries to store more information than it is allowed to, it overflows into other buffers (memory partitions) corrupting existing data.
- Cache — Storing the response to a particular operation in temporary high-speed storage is to serve other incoming requests better. eg. you can store a database request in a cache till it is updated to reduce calling the database again for the same query.
- Cipher — Cryptographic algorithm for encrypting and decrypting data.
- Code Injection — Injecting malicious code into a system by exploiting a bug or vulnerability.
- Cross-Site Scripting — Executing a script on the client-side through a legitimate website. This can be prevented if the website sanitizes user input.
- Compliance — A set of rules defined by the government or other authorities on how to protect your customer’s data. Common ones include HIPAA, PCI-DSS, and FISMA.
- Dictionary Attack — Attacking a system with a pre-defined list of usernames and passwords. eg. admin/admin is a common username/password combination used by amateur sysadmins.
- Dumpster Diving — Looking into a company’s trash cans for useful information.
- Denial of Service & Distributed Denial of Service — Exhausting a server’s resources by sending too many requests is Denial of Service. If a botnet is used to do the same, its called Distributed Denial of Service.
- DevSecOps — Combination of development and operations by considering security as a key ingredient from the initial system design.
- Directory Traversal — Vulnerability that lets attackers list al the files and folders within a server. This can include system configuration and password files.
- Domain Name System (DNS) — Helps convert domain names into server IP addresses. eg. Google.com -> 216.58.200.142
- DNS Spoofing — Trikcnig a system’s DNS to point to a malicious server. eg. when you enter ‘facebook.com’, you might be redirected to the attacker’s website that looks like Facebook.
- Encryption — Encoding a message with a key so that only the parties with the key can read the message.
- Exploit — A piece of code that takes advantage of a vulnerability in the target system. eg. Buffer overflow exploits can get you to root access to a system.
- Enumeration — Mapping out all the components of a network by gaining access to a single system.
- Footprinting — Gathering information about a target using active methods such as scanning and enumeration.
- Flooding — Sending too many packets of data to a target system to exhaust its resources and cause a Denial of Service or similar attacks.
- Firewall — A software or hardware filter that can be configured to prevent common types of attacks.
- Fork Bomb — Forking a process indefinitely to exhaust system resources. Related to a Denial of Service attack.
- Fuzzing — Sending automated random input to a software program to test its exception handling capacity.
- Hardening — Securing a system from attacks like closing unused ports. Usually done using scripts for servers.
- Hash Function — Mapping a piece of data into a fixed value string. Hashes are used to confirm data integrity.
- Honey Pot — An intentionally vulnerable system used to lure attackers. This is then used to understand the attacker’s strategies.
- HIPAA — The Health Insurance Portability and Accountability Act. If you are working with healthcare data, you need to make sure you are HIPAA compliant. This is to protect the customer’s privacy.
- Input Validation — Checking user inputs before sending them to the database. eg. sanitizing form input to prevent SQL injection attacks.
- Integrity — Making sure the data that was sent from the server is the same that was received by the client. This ensures there was no tampering and integrity is achieved usually by hashing and encryption.
- Intrusion Detection System — A software similar to a firewall but with advanced features. Helps in defending against Nmap scans, DDoS attacks, etc.
- IP Spoofing — Changing the source IP address of a packet to fool the target into thinking a request is coming from a legitimate server.
- John The Ripper — Brilliant password cracking tool, runs on all major platforms.
- Kerberos — Default authorization software used by Microsoft, uses a stronger encryption system.
- KeyLogger — A software program that captures all keystrokes that a user performs on the system.
- Logic Bombs — A piece of code (usually malicious) that runs when a condition is satisfied.
- Light Weight Directory Access Protocol (LDAP) — Lightweight client-server protocol on Windows, central place for authentication. Stores usernames and passwords to validate users on a network.
- Malware — Short for “Malicious Software”. Everything from viruses to backdoors is malware.
- MAC Address — Unique address assigned to a Network Interface Card and is used as an identifier for local area networks. Easy to spoof.
- Multi-factor Authentication — Using more than one method of authentication to access a service. eg. username/password with mobile OTP to access a bank account (two-factor authentication)
- MD5 — Widely used hashing algorithm. Once a favorite, it has many vulnerabilities.
- Metasploit — All in one penetration testing framework that helps to successfully exploit vulnerabilities and gain access to target systems.
- Meterpreter — An advanced Metasploit payload that lives in memory and hard to trace.
- Null-Byte Injection — An older exploit, uses null bytes (i.e. %00, or 0x00 in hexadecimal) to URLs. This makes web servers return random/unwanted data which might be useful for the attacker. Easily prevented by doing sanity checks.
- Network Interface Card(NIC) — Hardware that helps a device connect to a network.
- Network Address Translation — Utility that translates your local IP address into a global IP address. eg. your local IP might be 192.168.1.4 but to access the internet, you need a global IP address (from your router).
- Nmap — Popular network scanning tool that gives information about systems, open ports, services, and operating system versions.
- Netcat — Simple but powerful tool that can view and record data on a TCP or UDP network connections. Since it is not actively maintained, NCat is preferred.
- Nikto — A popular web application scanner, helps to find over 6700 vulnerabilities including server configurations and installed web server software.
- Nessus — Commercial alternative to NMap, provides a detailed list of vulnerabilities based on scan results.
- Packet — Data is sent and received by systems via packets. Contains information like source IP, destination IP, protocol, and other information.
- Password Cracking — Cracking an encrypted password using tools like John the Ripper when you don’t have access to the key.
- Password Sniffing — Performing man-in-the-middle attacks using tools like Wireshark to find password hashes.
- Patch — A software update released by a vendor to fix a bug or vulnerability in a software system.
- Phishing — Building fake web sites that look remarkably similar to legitimate websites (like Facebook) to capture sensitive information.
- Ping Sweep — A technique that tries to ping a system to see if it is alive on the network.
- Public Key Cryptography — Encryption mechanism that users a pair of keys, one private and one public. The sender will encrypt a message using your public key which then you can decrypt using your private key.
- Public Key Infrastructure — A public key infrastructure (PKI) is a system to create, store, and distribute digital certificates. This helps sysadmins verify that a particular public key belongs to a certain authorized entity.
- Personally Identifiable Information (PII) — Any information that identified a user. eg. Address, Phone number, etc.
- Payload — A piece of code (usually malicious) that performs a specific function. eg. Keylogger.
- PCI-DSS — Payment Card Industry Data Security Standard. If you are working with customer credit cards, you should be PCI-DSS compliant.
- Ransomware — Malware that locks your system using encryption and asks you to pay a price to get the key to unlock it.
- Rainbow Table — Pre calculated password hashes that will help you crack password hashes of the target easily.
- Reconnaissance — Finding data about the target using methods such as google search, social media, and other publicly available information.
- Reverse Engineering — Rebuilding a piece of software based on its functions.
- Role-Based Access — Providing a set of authorizations for a role other than a user. eg. “Managers” role will have a set of permissions while the “developers” role will have a different set of permissions.
- Rootkit — A rootkit is a malware that provides unauthorized users admin privileges. Rootkits include keyloggers, password sniffers, etc.
- Scanning — Sending packets to a system and gaining information about the target system using the packets received. This involved the 3-way-handshake.
- Secure Shell (SSH) — Protocol that establishes an encrypted communication channel between a client and a server. You can use ssh to login to remote servers and perform system administration.
- Session — A session is a duration in which a communication channel is open between a client and a server. eg. the time between logging into a website and logging out is a session.
- Session Hijacking — Taking over someone else’s session by pretending to the client. This is achieved by stealing cookies and session tokens. eg. after you authenticate with your bank, an attacker can steal your session to perform financial transactions on your behalf.
- Social Engineering — The art of tricking people into making them do something that is not in their best interest. eg. convincing someone to provide their password over the phone.
- Secure Hashing Algorithm (SHA) — Widely used family of encryption algorithms. SHA256 is considered highly secure compared to earlier versions like SHA 1. It is also a one-way algorithm, unlike an encryption algorithm that you can decrypt. Once you hash a message, you can only compare with another hash, you cannot re-hash it to its earlier format.
- Sniffing — performing man-in-the-middle attacks on networks. Includes wired and wireless networks.
- Spam — Unwanted digital communication, including email, social media messages, etc. Usually tries to get you into a malicious website.
- Syslog — System logging protocol, used by system administrators to capture all activity on a server. Usually stored on a separate server to retain logs in the event of an attack.
- Secure Sockets Layer (SSL) — Establishes an encrypted tunnel between the client and server. eg. when you submit passwords on Facebook, only the encrypted text will be visible for sniffers and not your original password.
- Snort — Lightweight open-source Intrusion Detection System for Windows and Linux.
- SQL Injection — A type of attack that can be performed on web applications using SQL databases. Happens when the site does not validate user input.
- Trojan — A malware hidden within useful software. eg. a pirated version of MS office can contain trojans that will execute when you install and run the software.
- Traceroute — Tool that maps the route a packet takes between the source and destination.
- Tunnel — Creating a private encrypted channel between two or more computers. Only allowed devices on the network can communicate through this tunnel.
- Virtual Private Network — A subnetwork created within a network, mainly to encrypt traffic. eg. connecting to a VPN to access a blocked third-party site.
- Virus — A piece of code that is created to perform a specific action on the target systems. A virus has to be triggered to execute eg. autoplaying a USB drive.
- Vulnerability — A point of attack that is caused by a bug / poor system design. eg. lack of input validation causes attackers to perform SQL injection attacks on a website.
- War Driving — Travelling through a neighborhood looking for unprotected wifi networks to attack.
- WHOIS — Helps to find information about IP addresses, its owners, DNS records, etc.
- Wireshark — Open source program to analyze network traffic and filter requests and responses for network debugging.
- Worm — A malware program capable of replicating itself and spreading to other connected systems. eg. a worm to built a botnet. Unlike Viruses, Worms don’t need a trigger.
- Wireless Application Protocol (WAP) — Protocol that helps mobile devices connect to the internet.
- Web Application Firewall (WAF) — Firewalls for web applications that help with cross-site scripting, Denial of Service, etc.
- Zero-Day — A newly discovered vulnerability in a system for which there is no patch yet. Zero-day vulnerabilities are the most dangerous type of vulnerabilities since there is no possible way to protect against one.
- Zombie — A compromised computer, controlled by an attacker. A group of zombies is called a Botnet.
CyberSecurity Post COVID-19
How does Covid19 affect cyber risk?
- Increased distributed working: With organizations embracing work from home, incremental risks have been observed due to a surge in Bring Your Own Device (BYOD), Virtual Private Network (VPN), Software As A Service (SaaS), O365 and Shadow IT, as it could be exploited by various Man-in-the-Middle (MITM) attack vectors.
- Reimagine Business Models: Envisioning new business opportunities, modes of working, and renewed investment priorities. With reduced workforce capability, compounded with skill shortages, staff who are focusing on business as usual tasks can be victimized, via social engineering.
- Digital Transformation and new digital infrastructure: With the change in nature for organizations across the industrial and supply chain sector – security is deprioritized. Hardening of the industrial systems and cloud based infrastructure is crucial as cyber threats exploit these challenges via vulnerability available for unpatched systems.
- With an extreme volume of digital communication, security awareness is lowered with increased susceptibility. Malicious actors are using phishing techniques to exploit such situations.
Re-evaluate your approach to cyber
-
- Which cyber scenarios your organization appears to be preparing for or is prepared?
-
- Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
-
- What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
- What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
The organizations should reflect the following scenarios at a minimum and consider:
-
- Which cyber scenarios your organization appears to be preparing for or is prepared?
-
- Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
-
- What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
-
- What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
- To tackle the outcome from the above scenarios, the following measures are the key:
Inoculation through education: Educate and / or remind your employees about –
-
- Your organization’s defense – remote work cyber security policies and best practices
-
- Potential threats to your organization and how will it attack – with a specific focus on social engineering scams and identifying COVID-19 phishing campaigns
- Assisting remote employees with enabling MFA across the organization assets
Adjust your defenses: Gather cyber threat intelligence and execute a patching sprint:
-
- Set intelligence collection priorities
-
- Share threat intelligence with other organizations
-
- Use intelligence to move at the speed of the threat
- Focus on known tactics, such as phishing and C-suite fraud.
-
Prioritize unpatched critical systems and common vulnerabilities.
Enterprise recovery: If the worst happens and an attack is successful, follow a staged approach to recovering critical business operations which may include tactical items such as:
-
- Protect key systems through isolation
-
- Fully understand and contain the incident
-
- Eradicate any malware
-
- Implement appropriate protection measures to improve overall system posture
-
- Identify and prioritize the recovery of key business processes to deliver operations
- Implement a prioritized recovery plan
Cyber Preparedness and Response: It is critical to optimize the detection capability thus, re-evaluation of the detection strategy aligned with the changing landscape is crucial. Some key trends include:
-
- Secure and monitor your cloud environments and remote working applications
-
- Increase monitoring to identify threats from shadow IT
- Analyze behavior patterns to improve detection content
Finding the right cyber security partner: To be ready to respond identify the right partner with experience and skillset in Social Engineering, Cyber Response, Cloud Security, and Data Security.
Critical actions to address
At this point, as the organizations are setting the direction towards the social enterprise, it is an unprecedented opportunity to lead with cyber discussions and initiatives. Organizations should immediately gain an understanding of newly introduced risks and relevant controls by:
-
- Getting a seat at the table
-
- Understanding the risk prioritization:
-
- Remote workforce/technology performance
-
- Operational and financial implications
-
- Emerging insider and external threats
- Business continuity capabilities
Assessing cyber governance and security awareness in the new operating environment
Assessing the highest areas of risk and recommend practical mitigation strategies that minimize impact to constrained resources.
Keeping leadership and the Board apprised of ever-changing risk profile
Given the complexity of the pandemic and associated cyber challenges, there is reason to believe that the recovery phase post-COVID-19 will require unprecedented levels of cyber orchestration, communication, and changing of existing configurations across the organization.
CyberSecurity: Protect Yourself on Internet
-
- Use two factor authentication when possible. If not possible, use strong unique passwords that are difficult to guess or crack. This means avoiding passwords that use of common words, your birthdate, your SSN, names and birthdays of close associates, etc.
-
- Make sure the devices you are using are up-to-date and have some form of reputable anti-virus/malware software installed.
-
- Never open emails, attachments, programs unless they are from a trusted source (i.e., a source that can be verified). Also disregard email or web requests that ask you to share your personal or account information unless you are sure the request and requestor are legitimate.
-
- Try to only use websites that are encrypted. To do this, look for either the trusted security lock symbol before the website address and/or the extra “s” at the end of http in the URL address bar.
-
- Avoid using an administrator level account when using the internet.
-
- Only enable cookies when absolutely required by a website.
-
- Make social media accounts private or don’t use social media at all.
-
- Consider using VPNs and encrypting any folders/data that contains sensitive data.
- Stay away from using unprotected public Wi-Fi networks.
-
-
Social media is genetically engineered in Area 51 to harvest as much data from you as possible. Far beyond just having your name and age and photograph.
-
-
-
Never use the same username twice anywhere, or the same password twice anywhere.
-
-
-
Use Tor/Tor Browser whenever possible. It’s not perfect, but it is a decent default attempt at anonymity.
-
-
-
Use a VPN. Using VPN and Tor can be even better.
-
-
-
Search engines like DuckDuckGo offer better privacy (assuming they’re honest, which you can never be certain of) than Google which, like social media, works extremely hard to harvest every bit of data from you that they can.
-
-
-
Never give your real details anywhere. Certainly not things like your name or pictures of yourself, but even less obvious things like your age or country of origin. Even things like how you spell words and grammatical quirks can reveal where you’re from.
-
-
-
Erase your comments from websites after a few days/weeks. It might not erase them from the website’s servers, but it will at least remove them from public view. If you don’t, you can forget they exist and you never know how or when they can and will be used against you.
-
-
With Reddit, you can create an account fairly easily over Tor using no real information. Also, regularly nuke your accounts in case Reddit or some crazy stalker is monitoring your posts to build a profile of who you might be. Source: Reddit
Notable Hackers
- Adrian Lamo – gained media attention for breaking into several high-profile computer networks, including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest. Lamo was best known for reporting U.S. soldier Chelsea Manning to Army criminal investigators in 2010 for leaking hundreds of thousands of sensitive U.S. government documents to WikiLeaks.
- Albert Gonzales – an American computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 to 2007: the biggest such fraud in history.
- Andrew Auernheimer (known as Weev) – Went to jail for using math against AT&T website.
- Barnaby Jack – was a New Zealand hacker, programmer and computer security expert. He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage. Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.
- Benjamin Delpy – Mimikatz
- DVD-Jon – He wrote the DeCSS software, which decodes the Content Scramble System used for DVD licensing enforcement.
- Eric Corley (known as Emmanuel Goldstein) – 2600
- Gary McKinnon – a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,” although McKinnon himself states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. 👽🛸
- George Hotz aka geohot – “The former Facebook engineer took on the giants of the tech world by developing the first iPhone carrier-unlock techniques,” says Mark Greenwood, head of data science at Netacea, “followed a few years later by reverse engineering Sony’s PlayStation 3, clearing the way for users to run their own code on locked-down hardware. George sparked an interest in a younger generation frustrated with hardware and software restrictions being imposed on them and led to a new scene of opening up devices, ultimately leading to better security and more openness.”
- Guccifer 2.0 – a persona which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event.
- Hector Monsegur (known as Sabu) – an American computer hacker and co-founder of the hacking group LulzSec. He Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups.
- Jacob Appelbaum – an American independent journalist, computer security researcher, artist, and hacker. He has been employed by the University of Washington, and was a core member of the Tor project, a free software network designed to provide online anonymity.
- James Forshaw – one of the world’s foremost bug bounty huners
- Jeanson James Ancheta – On May 9, 2006, Jeanson James Ancheta (born 1985) became the first person to be charged for controlling large numbers of hijacked computers or botnets.
- Jeremy Hammond – He was convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to the whistle-blowing website WikiLeaks, and sentenced to 10 years in prison.
- John Draper – also known as Captain Crunch, Crunch or Crunchman (after the Cap’n Crunch breakfast cereal mascot), is an American computer programmer and former legendary phone phreak.
- Kevin Mitnick – Free Kevin
- Kimberley Vanvaeck (known as Gigabyte) – a virus writer from Belgium known for a long-standing dispute which involved the internet security firm Sophos and one of its employees, Graham Cluley. Vanvaeck wrote several viruses, including Quis, Coconut and YahaSux (also called Sahay). She also created a Sharp virus (also called “Sharpei”), credited as being the first virus to be written in C#.
- Lauri Love – a British activist charged with stealing data from United States Government computers including the United States Army, Missile Defense Agency, and NASA via computer intrusion.
- Michael Calce (known as MafiaBoy) – a security expert from Île Bizard, Quebec who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
- Mudge – Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.
- Phineas Fisher – vigilante hacker god
- PRAGMA – Also known as Impragma or PHOENiX, PRAGMA is the author of Snipr, one of the most prolific credential stuffing tools available online.
- The 414s – The 414s were a group of computer hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank, in 1982 and 1983.
- The Shadow Brokers – is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products.[6] The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA’s Tailored Access Operations unit.
Notable Viruses & Worms
- Anna Kournikova
- Blaster
- Code Red
- Conficker
- ILOVEYOU virus
- Melissa virus
- Morris Worm
- MyDoom
- Santy
- Slammer
- Storm Worm
- Stuxnet
- WannaCry virus
- Welchia
History
- The Strange History of Ransomware
The first ransomware virus predates e-mail, even the Internet as we know it, and was distributed on floppy disk by the postal service. It sounds quaint, but in some ways this horse-and-buggy version was even more insidious than its modern descendants. Contemporary ransomware tends to bait victims using legitimate-looking email attachments — a fake invoice from UPS, or a receipt from Delta airlines. But the 20,000 disks dispatched to 90 countries in December of 1989 were masquerading as something far more evil: AIDS education software.
How to protect sensitive data for its entire lifecycle in AWS

You can protect data in-transit over individual communications channels using transport layer security (TLS), and at-rest in individual storage silos using volume encryption, object encryption or database table encryption. However, if you have sensitive workloads, you might need additional protection that can follow the data as it moves through the application stack. Fine-grained data protection techniques such as field-level encryption allow for the protection of sensitive data fields in larger application payloads while leaving non-sensitive fields in plaintext. This approach lets an application perform business functions on non-sensitive fields without the overhead of encryption, and allows fine-grained control over what fields can be accessed by what parts of the application. Read m ore here…
Cybersecurity Breaking News – Top Stories
- NSO Confirms Pegasus Spyware Used by at least 5 European Countriesby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 27, 2022 at 6:14 am
The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a report from Politico.
- Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keysby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 27, 2022 at 5:58 am
Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as
- Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spywareby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 27, 2022 at 5:57 am
A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect — Android's built-in malware defense service — to protect all users, Benoit Sevens and Clement Lecigne of Google Threat
- Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attackby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 27, 2022 at 5:55 am
A suspected ransomware intrusion attempt against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously
- Learn NIST Inside Out With 21 Hours of Training @ 86% OFFby noreply@blogger.com (The Hacker News) (The Hacker News) on June 25, 2022 at 10:30 am
In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework — a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course helps you
- New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcutsby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 25, 2022 at 4:05 am
A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities
- State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacksby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 25, 2022 at 4:04 am
A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora,
- Apple and Android phones hacked by Italian spyware, Google saysby /u/wewewawa (cybersecurity) on June 24, 2022 at 11:47 pm
submitted by /u/wewewawa [link] [comments]
- SMTP for Phishing service?by /u/Ricardoh2 (cybersecurity) on June 24, 2022 at 9:44 pm
Hello community, I tell you that I lead ethical phishing projects and I have come across many email sending service stopers (SMTP open realy), do you know any that have served them for mass mailing and that "allow" ethical phishing exercises? submitted by /u/Ricardoh2 [link] [comments]
- I’ve managed to get a cyber job!by /u/Untraveled (cybersecurity) on June 24, 2022 at 8:13 pm
I first managed to get into an IT role around this time last year. Coming from a banking background and an accounting degree it was a bit of an uphill battle. After a couple of years of working in banking, I realised I have a passion for IT and security specifically. As I work for a massive outsourcing company, there are tons of opportunities with different career paths which allowed me to secure my first role as a service desk analyst. The role was easy enough and not too technical so I was using my free time to upskill using things like TryHackMe and YouTube. Even then, I didn’t feel like I was at a level to get into a cybersec role, regardless, I applied for a role in the SOC that my outsourcing company works for. Did a few interviews and as expected, I got rejected. I was given a training plan and was told to reapply in 6 months to a year. This was a month ago. Yesterday, I was surprised to see the head of security send me a message to have a chat today. I tempered my expectations and assumed he was checking up on how my training was going. Turns out a role has become available and I was offered the job. I can’t wait to get started even though I was told the learning curve will be practically vertical. Definitely going to be a bit of imposter syndrome in the first couple of months. I just wanted to share this and celebrate this online before I reveal to my friends! submitted by /u/Untraveled [link] [comments]
- Binaries for REby /u/Owt2getcha (cybersecurity) on June 24, 2022 at 8:05 pm
Hello all! I am wondering if anyone knows a good resource for binaries with exploited software that I could reverse engineer and add to my summer projects? Turned out I really enjoyed doing this in school and would love to get more comfortable with it. Thank you! submitted by /u/Owt2getcha [link] [comments]
- Has anyone here used AWS for malware analysis?by /u/that-gostof-de-past (cybersecurity) on June 24, 2022 at 6:37 pm
Ive received a few phishing emails and id like to do some analysis. I don't want anything touching my home network. Has anyone used AWS for this ? submitted by /u/that-gostof-de-past [link] [comments]
- How do password managers fit within your security model?by /u/Graham-1Password (cybersecurity) on June 24, 2022 at 6:10 pm
Hey folks - I work for 1Password helping guide our product roadmap, and, even though I've browsed this sub for a while personally, I'm coming to you to get your thoughts on password managers and their place in your company's larger security model. I've got nothing to sell and have just noticed the quality of conversation in this sub, hence me wanting to see what you folks think. (Mods have approved this, so, thanks!) I work on making sure we're building the right things for our business customers, and reddit gives me that frank, honest feedback I find so useful in so many other things in my life... To that end: How much do you feel like using (or not) a password manager makes an actual difference in your company's overall security posture? For your larger IAM systems and policies, how do you try and secure access to apps/services that aren't SSO-enabled and still need a username/password? Or does SSO cover off enough of your services that you aren't too concerned with the others? Does it fall to you folks in CyberSec to create and manage policies for how other sensitive info is shared? For example, other stuff can be stored/shared in 1Password (Credit cards, developer secrets like SSH keys, ...) - would you consider this stuff part of access management, in a sense, to try and keep organized with how that stuff is securely accessed? Happy to get your thoughts (the good, the bad, and/or the ugly) about any of this stuff, and even your more general opinions on how useful password managers seem to you. We've been building this tool for 15+ years and have always tried to keep a close connection to our users, even as we've grown. I'm hoping we keep it that way, so here's to me asking all of you! submitted by /u/Graham-1Password [link] [comments]
- IDS needed / recommendations?by /u/thelizardking43 (cybersecurity) on June 24, 2022 at 4:27 pm
Are IDS's antiquated and instead Huntress, Crowsdtrike, or other threat hunting services sufficient / superior? Are there IDS's you'd recommend? submitted by /u/thelizardking43 [link] [comments]
- A daily updated summary of the most frequent types of security incidents being reported by CISA, CERT-FR, MA-CERT, ZeroDayInitiative and IBMCloud.by /u/karimhabush (cybersecurity) on June 24, 2022 at 4:16 pm
submitted by /u/karimhabush [link] [comments]
- Best RSS feeds for your Intelby /u/securethelogs (cybersecurity) on June 24, 2022 at 3:24 pm
Hey guys, I’m just wanting to know what’s your best RSS feeds in keeping up to date with the world of Security. Things like BleepingComputer or TheHackerNews. Just curious 🙂 submitted by /u/securethelogs [link] [comments]
- SMS phishing is way too easyby /u/speckz (cybersecurity) on June 24, 2022 at 3:10 pm
submitted by /u/speckz [link] [comments]
- $100 million worth of crypto has been stolen in another major hackby /u/jivatman (cybersecurity) on June 24, 2022 at 3:05 pm
submitted by /u/jivatman [link] [comments]
- What is the best method for users to securely submit malware samples?by /u/tsuto (cybersecurity) on June 24, 2022 at 2:38 pm
As the title says, I’m wondering if there are any industry standards or best practices for how to actually move malware samples, memory dumps, etc from place to place? The idea would not be an end user really but rather forensic analysts being able to transfer artifacts they’ve extracted to dedicated reverse engineering teams. Worth mentioning that the RE group would be a subcontractor and needs to have a system for submitting tickets as well as files in a secure way between organizations. Is there anything your company uses that you’d recommend? submitted by /u/tsuto [link] [comments]
- Top cybersecurity stories for the week of 06-20-22 to 06-24-22by /u/CISO_Series_Producer (cybersecurity) on June 24, 2022 at 2:10 pm
Top cybersecurity stories for the week of 06-20-22 to 06-24-22 Below are the top headlines we’ve been reporting this whole week on Cyber Security Headlines. If you’d like to hear and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Marnie Wilking, CISO, Wayfair. If you want to get involved you can watch live and participate in the discussion on LinkedIn Live (register), or you can just subscribe to the Cyber Security Headlines podcast and get it into your feed. Here are some of the stories we'll be covering: US DoJ announces shut down of Russian RSOCKS Botnet An international police operation that involved law enforcement partners from Germany, the Netherlands, and the U.K. shut down the RSOCKS botnet which was composed of millions of compromised computers and other electronic devices around the world. This included industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. It had also expanded into compromising additional types of devices, including Android devices and conventional computers. The operators behind the RSOCKS botnet offered their clients access to IP addresses assigned to the compromised devices to route internet traffic. (Security Affairs) Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS The ransomware, tracked as “QNAPCrypt” and “eCh0raix,” is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends .encrypt extension to filenames of encrypted files. It has been active since at least 2019, and we reported on the last wave of attacks back in December 2021, In May 2021, QNAP warned customers of threat actors that are targeting its NAS devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability on devices using weak passwords. Experts are now reporting a surge in eCh0raix infections in industry forums. (Security Affairs) Chrome extensions can be used for fingerprinting There have long been ways to use browser information to fingerprint users. However a web developer who goes by ‘z0ccc’ released the site “Extension Fingerprint,” which can generate a tracking hash based on a browser’s installed Chrome extensions alone. Some extensions use a secret token that is required for external pages to view if it’s installed, but z0ccc found that comparing loading times for the protection extensions can reveal which ones are installed. Bleeping Computer found that installing 3 to 4 extensions brough the percentage of users with the same extensions to as low as 0.006%. The approach works for Chrome and Edge browsers, but not on Firefox, which use unique Firefox extension IDs for every browser instance. The developer claims that while every browser can’t be uniquely identified by extensions alone, it could be easily combined with other information to create a truly unique ID. (Bleeping Computer) Overconfidence in API security leaves orgs at high risk Radware’s 2022 State of API Security report reveals a sharp increase in API usage due to reliance on cloud infrastructure and other intersystem communications. While 92% of those surveyed believe they have adequate protection for their APIs, 62% admit a third or more of APIs are undocumented, leaving organizations vulnerable to cyber threats, such as database exposures, data breaches, and scraping attacks. Additionally, half of respondents indicated their existing tools provide only partial or minimal API protection highlighting that cyber security leaders may have a false sense of security when it comes to their APIs. Michelle McLean, Vice President at Salt Security, said the findings reinforce that API security is vastly under prioritized, and the time is now to turn the dial and incorporate adequate solutions as old tools are not enough. (Security Magazine) Daycare apps found insecure The Electronic Frontier Foundation looked into the security used by daycare apps, which are often required when enrolling children. It found that almost all apps lack any kind of 2FA, with one of the more popular Brightwheel claiming it was the “1st partner to offer this level of security.” It also found many apps had weak password policies, used undisclosed Facebook trackers, and had cleartext traffic enabled. The EFF wasn’t the first to highlight these issues, but found that many app makers lacked basic emails to send security issues to, and often were unresponsive. A previous Australian study found that just 14% of vendors responded to security issues with daycare apps. The EFF also points out that regulations like COPPA don’t apply to these applications. (EFF) DARPA finds blockchains aren’t all that decentralized A new report from the Defense Advanced Research Project looking into if blockchains are decentralized found some “unintended centralities” leading the authors to believe that many blockchains could eventually have power centralized with a few select individuals or groups. The paper found the cryptographic underpinning of blockchain “quite robust.” But it points out that three ISPs saw 60% of all Bitcoin traffic, opening the door to these providers having the ability to restrict certain transactions, letting it become a majority voice in consensus of what actually gets written to the blockchain. The report also points out that 21% of Bitcoin nodes run older versions of the Bitcoin client that are vulnerable to attacks. (Gizmodo) Cloud email threats soar 101% in a year Trend Micro announced this number as their observation of growth in email-borne cyber-threats that they blocked last year. They also note a 138% year-on-year increase in phishing emails, of which 40% were credential phishing attempts. They also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware. Another security company, Proofpoint warned in a new report of the continued dangers posed by social engineering, highlighting how many users don’t realize that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said. (Infosecurity) Microsoft's AI spots ransomware attacks before they get started Microsoft is focusing on disrupting the earliest stages of a ransomware attack with AI enhancements for Microsoft Defender for Endpoint. In what the company calls "early incrimination," they are developing machine learning (ML) algorithms to determine "malicious intent" in files, processes, user accounts, and devices. Microsoft engineers have developed three sets of AI-generated inputs that independently generate a risk score determining whether an entity is likely involved in an active ransomware attack: • Time-based and statistical analysis of security alerts at the organizational level • Graph-based aggregation of suspicious events across devices • Device-based monitoring to flag suspicious activities By correlating these datasets, Defender can detect patterns and connections that might have been missed otherwise. If a high enough confidence level is reached, it automatically blocks the files and entities involved in the ransomware. (ZDNet) submitted by /u/CISO_Series_Producer [link] [comments]
- Ferret: Automatically finding RFC compliance bugs in DNS nameserversby /u/speckz (cybersecurity) on June 24, 2022 at 12:52 pm
submitted by /u/speckz [link] [comments]
- State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacksby /u/Cultural_Budget6627 (cybersecurity) on June 24, 2022 at 11:29 am
submitted by /u/Cultural_Budget6627 [link] [comments]
- Cybersecurity career path podcastby /u/gormami (cybersecurity) on June 24, 2022 at 10:53 am
Suzanne Gorman (no relation) and some friends did a great podcast talking about some of the different careers within the cybersecurity field. For a lot of the folks here that are asking about what to expect in the field, or thinking about it without a strong understanding of what the opportunities are, take a listen. It may help you understand that it is not a monolithic field, and there are many different types of opportunities for different types of thinkers and skill sets. https://lnkd.in/gnJd4dSH submitted by /u/gormami [link] [comments]
- NSO claims 'more than 5' EU states used its Pegasus spywareby /u/Illustrious_Yard_576 (cybersecurity) on June 24, 2022 at 10:00 am
submitted by /u/Illustrious_Yard_576 [link] [comments]
- Interview catch22by /u/Relative_Ad197 (cybersecurity) on June 24, 2022 at 7:39 am
Hello friend, managers and engineers, I have a dilemma. What would you do if you had a candidate you were interviewing show up to an interview for a security engineer position, and inform you that they found a vulnerability, showed you it and told you how to patch it! Would you hire them? Not hire them? Why or why not? What do you do in this situation? Insider threats are some of the biggest risks to companies. On the other hand they helped you fix something which was missed. submitted by /u/Relative_Ad197 [link] [comments]
- Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Databy noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 24, 2022 at 7:37 am
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,
- Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Databy /u/sanket-darji (cybersecurity) on June 24, 2022 at 6:31 am
submitted by /u/sanket-darji [link] [comments]
- Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Insideby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 24, 2022 at 3:09 am
A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity
- Leaving military roleby /u/grillle (cybersecurity) on June 24, 2022 at 1:30 am
After leaving the service I find myself in a weird position where I have to sell my current military specific training and experience (not that much, and probably outdated) to a completely new market of employers. Any tips on how I can hit the ground running in this new world? Should I focus my energy on certifications like OSCP or CISSP, maybe get a degree in cyber security or the like? One last question, how do you find a skill tree to focus on out of the multitude of things. do you guys just gorge on certs and experience and flow into a path? Thanks if you read this far 🙂 submitted by /u/grillle [link] [comments]
- Daily Cyber Briefby /u/RandyMarsh_Lorde (cybersecurity) on June 24, 2022 at 12:58 am
submitted by /u/RandyMarsh_Lorde [link] [comments]
- What is it like to to be an Cybersecuirty engineer for a major defense contractor?by /u/Mr_Hexx (cybersecurity) on June 23, 2022 at 8:19 pm
I start my internship next week and wanted to know what I'm getting myself into (what it's like working for a defense contractor in cyber) and wanted some advice. From my understanding they have secure cloud platform and that'll be where most of my work comes from. I'll be most likely doing a lot of risk assessments since he mention that in the interview along with my experiences with STIGs and crypto key management . I interned at a manufacturing company for a year and a half prior to this as a mainframe systems admin. I picked up any work that was security related with my typical duties, setting up Splunk for the z/os environment and the z/os TPM for a hardware migration to name the big ones. What is the culture and work flow like? And pro's and con's? Tips for someone starting a cybersecurity engineer role? submitted by /u/Mr_Hexx [link] [comments]
- Asking workers for once: why is there a cybersecurity skills gap?by /u/ChelseaJumbo2022 (cybersecurity) on June 23, 2022 at 4:23 pm
I am doing a research project on this issue right now— looking at cybersecurity capacity building efforts in the US, UK, Australia, and Israel. Everyone agrees that there’s a skills gap. Very few propose scalable solutions or offer reasons that fully explain the issue. I’m dismayed that there are so many surveys asking employers what they need from workers but very little out there (that I’ve found) on what workers are experiencing re barriers to entry, retention, upskilling, etc. Please share your thoughts, experiences, and any resources you think I should look into. Thank you! EDIT: wow, thank you for all the replies! To assuage any doubt, I’m not planning on using comments as ‘research’. This is just me dicking around on Reddit. Apologies that that wasn’t said from the start. Thank you everyone who replied!! submitted by /u/ChelseaJumbo2022 [link] [comments]
- CISA warns over software flaws in industrial control systemsby /u/kugkug (cybersecurity) on June 23, 2022 at 4:08 pm
submitted by /u/kugkug [link] [comments]
- Entry level opportunityby /u/TheRealBuzz128 (cybersecurity) on June 23, 2022 at 2:32 pm
Right now I’m about to graduate and get my BS in IT from a legit school. I currently got a part job as an IT Help Specialist at a small corporation to get some work experience before I graduate. This corporation has a small IT team so I’m working next to the IT director and the systems administrator. They include me for everything, even all the meetings with programmers, vendors etc, I’m there sitting and listening and giving my views. I got my sec+ a few weeks ago and with the little knowledge I have I wrote a proposal to have a phishing server and some security awareness training done. To my surprise my boss called me in and tells me that they loved my idea and that should be my big project for the next quarter, and also I got an extra work station assigned to me just to do that. My boss also gave me 90 mins every day I work to train and learn about any subject related to cyber security and he is willing to pay for learning material. We have a meeting every week, and so far they have made some changes based on my advice such as encrypting emails, using bitlocker, and to setup a dns sinkhole. Why am I writing all this? Well after reading a very interesting post here on reddit, I feel like I might have found a place were I can start my entry level cybersecurity career? The pay is not good at the moment, and we are going to talk about a full time job once I graduate this December, but this has me thinking, maybe I should stay at my current job, where they allow me to gain cybersecurity experience and then after some time try to get that next level dream job? Instead of going for a better paid IT job right after graduation that might not let me develop my security skills. submitted by /u/TheRealBuzz128 [link] [comments]
- Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediationby noreply@blogger.com (The Hacker News) (The Hacker News) on June 23, 2022 at 11:07 am
When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report. The survey report,
- New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Serversby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 23, 2022 at 10:34 am
An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at government and military entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell
- Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacksby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 23, 2022 at 6:36 am
QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an
- Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraineby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 23, 2022 at 6:19 am
The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism
- Europol Busts Phishing Gang Responsible for Millions in Lossesby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 23, 2022 at 6:18 am
Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and
- Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendorsby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 23, 2022 at 6:18 am
Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology (OT) vendors due to what researchers call are "insecure-by-design practices." Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. "Exploiting these
- Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Serviceby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 22, 2022 at 3:05 pm
A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a
- Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaignby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 22, 2022 at 10:08 am
A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis
- RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealerby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 22, 2022 at 5:41 am
The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in
- Former Amazon Employee Found Guilty in 2019 Capital One Data Breachby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 21, 2022 at 1:05 pm
A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected
- Mitigate Ransomware in a Remote-First Worldby noreply@blogger.com (The Hacker News) (The Hacker News) on June 21, 2022 at 11:34 am
Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge for organizations everywhere. 2021 was a case study in ransomware due to the wide variety of attacks, significant financial and economic impact, and diverse ways that organizations responded. These attacks should be seen as a
- New NTLM Relay Attack Lets Attackers Take Control Over Windows Domainby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 21, 2022 at 9:05 am
A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory
- Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wildby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 21, 2022 at 6:18 am
A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to
- Do You Have Ransomware Insurance? Look at the Fine Printby noreply@blogger.com (The Hacker News) (The Hacker News) on June 20, 2022 at 1:34 pm
Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current
- BRATA Android Malware Gains Advanced Mobile Threat Capabilitiesby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 20, 2022 at 6:18 am
The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which
- Over a Dozen Flaws Found in Siemens' Industrial Network Management Systemby noreply@blogger.com (Ravie Lakshmanan) (The Hacker News) on June 20, 2022 at 5:11 am
Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution
Big Data and Data Analytics 101 – Top 50 AWS Certified Data Analytics – Specialty Questions and Answers Dumps
In this blog, we talk about big data and data analytics; we also give you the last updated top 50 AWS Certified Data Analytics – Specialty Questions and Answers Dumps
The AWS Certified Data Analytics – Specialty (DAS-C01) examination is intended for individuals who perform in a data analytics-focused role. This exam validates an examinee’s comprehensive understanding of using AWS services to design, build, secure, and maintain analytics solutions that provide insight from data.
The AWS Certified Data Analytics – Specialty (DAS-C01) covers the following domains:
Domain 1: Collection 18%
Domain 2: Storage and Data Management 22%
Domain 3: Processing 24%
Domain 4: Analysis and Visualization 18%
Domain 5: Security 18%

Below are the Top 20 AWS Certified Data Analytics – Specialty Questions and Answers Dumps and References –
Top 100 Data Science and Data Analytics Interview Questions and Answers
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question1: What combination of services do you need for the following requirements: accelerate petabyte-scale data transfers, load streaming data, and the ability to create scalable, private connections. Select the correct answer order.
A) Snowball, Kinesis Firehose, Direct Connect
B) Data Migration Services, Kinesis Firehose, Direct Connect
C) Snowball, Data Migration Services, Direct Connect
D) Snowball, Direct Connection, Kinesis Firehose
ANSWER1:
Notes/Hint1:
Reference1: Big Data Analytics Options
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
ANSWER2:
Notes/Hint2:
Reference1: Relationalize PySpark
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 3: There is a five-day car rally race across Europe. The race coordinators are using a Kinesis stream and IoT sensors to monitor the movement of the cars. Each car has a sensor and data is getting back to the stream with the default stream settings. On the last day of the rally, data is sent to S3. When you go to interpret the data in S3, there is only data for the last day and nothing for the first 4 days. Which of the following is the most probable cause of this?
A) You did not have versioning enabled and would need to create individual buckets to prevent the data from being overwritten.
B) Data records are only accessible for a default of 24 hours from the time they are added to a stream.
C) One of the sensors failed, so there was no data to record.
D) You needed to use EMR to send the data to S3; Kinesis Streams are only compatible with DynamoDB.
ANSWER3:
Notes/Hint3:
Reference3: Kinesis Extended Reading
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 4: A publisher website captures user activity and sends clickstream data to Amazon Kinesis Data Streams. The publisher wants to design a cost-effective solution to process the data to create a timeline of user activity within a session. The solution must be able to scale depending on the number of active sessions.
Which solution meets these requirements?
A) Include a variable in the clickstream data from the publisher website to maintain a counter for the number of active user sessions. Use a timestamp for the partition key for the stream. Configure the consumer application to read the data from the stream and change the number of processor threads based upon the counter. Deploy the consumer application on Amazon EC2 instances in an EC2 Auto Scaling group.
B) Include a variable in the clickstream to maintain a counter for each user action during their session. Use the action type as the partition key for the stream. Use the Kinesis Client Library (KCL) in the consumer application to retrieve the data from the stream and perform the processing. Configure the consumer application to read the data from the stream and change the number of processor threads based upon the
counter. Deploy the consumer application on AWS Lambda.
C) Include a session identifier in the clickstream data from the publisher website and use as the partition key for the stream. Use the Kinesis Client Library (KCL) in the consumer application to retrieve the data from the stream and perform the processing. Deploy the consumer application on Amazon EC2 instances in an
EC2 Auto Scaling group. Use an AWS Lambda function to reshard the stream based upon Amazon CloudWatch alarms.
D) Include a variable in the clickstream data from the publisher website to maintain a counter for the number of active user sessions. Use a timestamp for the partition key for the stream. Configure the consumer application to read the data from the stream and change the number of processor threads based upon the counter. Deploy the consumer application on AWS Lambda.
ANSWER4:
Notes/Hint4:
Reference4: UpdateShardCount API
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 5: Your company has two batch processing applications that consume financial data about the day’s stock transactions. Each transaction needs to be stored durably and guarantee that a record of each application is delivered so the audit and billing batch processing applications can process the data. However, the two applications run separately and several hours apart and need access to the same transaction information. After reviewing the transaction information for the day, the information no longer needs to be stored. What is the best way to architect this application?
A) Use SQS for storing the transaction messages; when the billing batch process performs first and consumes the message, write the code in a way that does not remove the message after consumed, so it is available for the audit application several hours later. The audit application can consume the SQS message and remove it from the queue when completed.
B) Use Kinesis to store the transaction information. The billing application will consume data from the stream and the audit application can consume the same data several hours later.
C) Store the transaction information in a DynamoDB table. The billing application can read the rows while the audit application will read the rows then remove the data.
D) Use SQS for storing the transaction messages. When the billing batch process consumes each message, have the application create an identical message and place it in a different SQS for the audit application to use several hours later.
SQS would make this more difficult because the data does not need to persist after a full day.
ANSWER5:
Notes/Hint5:
Reference5: Amazon Kinesis
Get mobile friendly version of the quiz @ the App Store
[appbox appstore 1604021741-iphone screenshots]
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 6: A company is currently using Amazon DynamoDB as the database for a user support application. The company is developing a new version of the application that will store a PDF file for each support case ranging in size from 1–10 MB. The file should be retrievable whenever the case is accessed in the application.
How can the company store the file in the MOST cost-effective manner?
A) Store the file in Amazon DocumentDB and the document ID as an attribute in the DynamoDB table.
B) Store the file in Amazon S3 and the object key as an attribute in the DynamoDB table.
C) Split the file into smaller parts and store the parts as multiple items in a separate DynamoDB table.
D) Store the file as an attribute in the DynamoDB table using Base64 encoding.
ANSWER6:
Notes/Hint6:
Reference6: S3 Storage Cost – DynamODB Storage Cost
Question 7: Your client has a web app that emits multiple events to Amazon Kinesis Streams for reporting purposes. Critical events need to be immediately captured before processing can continue, but informational events do not need to delay processing. What solution should your client use to record these types of events without unnecessarily slowing the application?
A) Log all events using the Kinesis Producer Library.
B) Log critical events using the Kinesis Producer Library, and log informational events using the PutRecords API method.
C) Log critical events using the PutRecords API method, and log informational events using the Kinesis Producer Library.
D) Log all events using the PutRecords API method.
ANSWER2:
Notes/Hint7:
Reference7: PutRecords API
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 8: You work for a start-up that tracks commercial delivery trucks via GPS. You receive coordinates that are transmitted from each delivery truck once every 6 seconds. You need to process these coordinates in near real-time from multiple sources and load them into Elasticsearch without significant technical overhead to maintain. Which tool should you use to digest the data?
A) Amazon SQS
B) Amazon EMR
C) AWS Data Pipeline
D) Amazon Kinesis Firehose
ANSWER8:
Notes/Hint8:
Reference8: Amazon Kinesis Firehose
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 9: A company needs to implement a near-real-time fraud prevention feature for its ecommerce site. User and order details need to be delivered to an Amazon SageMaker endpoint to flag suspected fraud. The amount of input data needed for the inference could be as much as 1.5 MB.
Which solution meets the requirements with the LOWEST overall latency?
A) Create an Amazon Managed Streaming for Kafka cluster and ingest the data for each order into a topic. Use a Kafka consumer running on Amazon EC2 instances to read these messages and invoke the Amazon SageMaker endpoint.
B) Create an Amazon Kinesis Data Streams stream and ingest the data for each order into the stream. Create an AWS Lambda function to read these messages and invoke the Amazon SageMaker endpoint.
C) Create an Amazon Kinesis Data Firehose delivery stream and ingest the data for each order into the stream. Configure Kinesis Data Firehose to deliver the data to an Amazon S3 bucket. Trigger an AWS Lambda function with an S3 event notification to read the data and invoke the Amazon SageMaker endpoint.
D) Create an Amazon SNS topic and publish the data for each order to the topic. Subscribe the Amazon SageMaker endpoint to the SNS topic.
ANSWER9:
Notes/Hint9:
Reference9: Amazon Managed Streaming for Kafka cluster
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 10: You need to filter and transform incoming messages coming from a smart sensor you have connected with AWS. Once messages are received, you need to store them as time series data in DynamoDB. Which AWS service can you use?
A) IoT Device Shadow Service
B) Redshift
C) Kinesis
D) IoT Rules Engine
ANSWER10:
Notes/Hint10:
Reference10: The IoT rules engine
Get mobile friendly version of the quiz @ the App Store
Question 11: A media company is migrating its on-premises legacy Hadoop cluster with its associated data processing scripts and workflow to an Amazon EMR environment running the latest Hadoop release. The developers want to reuse the Java code that was written for data processing jobs for the on-premises cluster.
Which approach meets these requirements?
A) Deploy the existing Oracle Java Archive as a custom bootstrap action and run the job on the EMR cluster.
B) Compile the Java program for the desired Hadoop version and run it using a CUSTOM_JAR step on the EMR cluster.
C) Submit the Java program as an Apache Hive or Apache Spark step for the EMR cluster.
D) Use SSH to connect the master node of the EMR cluster and submit the Java program using the AWS CLI.
ANSWER11:
Notes/Hint11:
Reference11: Automating analytics workflows on EMR
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 12: You currently have databases running on-site and in another data center off-site. What service allows you to consolidate to one database in Amazon?
A) AWS Kinesis
B) AWS Database Migration Service
C) AWS Data Pipeline
D) AWS RDS Aurora
ANSWER12:
Notes/Hint12:
Reference12: DMS
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 13: An online retail company wants to perform analytics on data in large Amazon S3 objects using Amazon EMR. An Apache Spark job repeatedly queries the same data to populate an analytics dashboard. The analytics team wants to minimize the time to load the data and create the dashboard.
Which approaches could improve the performance? (Select TWO.)
A) Copy the source data into Amazon Redshift and rewrite the Apache Spark code to create analytical reports by querying Amazon Redshift.
B) Copy the source data from Amazon S3 into Hadoop Distributed File System (HDFS) using s3distcp.
C) Load the data into Spark DataFrames.
D) Stream the data into Amazon Kinesis and use the Kinesis Connector Library (KCL) in multiple Spark jobs to perform analytical jobs.
E) Use Amazon S3 Select to retrieve the data necessary for the dashboards from the S3 objects.
ANSWER13:
Notes/Hint13:
Reference13: Spark DataFrames
Question 14: You have been hired as a consultant to provide a solution to integrate a client’s on-premises data center to AWS. The customer requires a 300 Mbps dedicated, private connection to their VPC. Which AWS tool do you need?
A) VPC peering
B) Data Pipeline
C) Direct Connect
D) EMR
ANSWER14:
Notes/Hint14:
Reference14: Direct Connect
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 15: Your organization has a variety of different services deployed on EC2 and needs to efficiently send application logs over to a central system for processing and analysis. They’ve determined it is best to use a managed AWS service to transfer their data from the EC2 instances into Amazon S3 and they’ve decided to use a solution that will do what?
A) Installs the AWS Direct Connect client on all EC2 instances and uses it to stream the data directly to S3.
B) Leverages the Kinesis Agent to send data to Kinesis Data Streams and output that data in S3.
C) Ingests the data directly from S3 by configuring regular Amazon Snowball transactions.
D) Leverages the Kinesis Agent to send data to Kinesis Firehose and output that data in S3.
ANSWER15:
Notes/Hint15:
Reference15: Kinesis Firehose
Question 16: A data engineer needs to create a dashboard to display social media trends during the last hour of a large company event. The dashboard needs to display the associated metrics with a latency of less than 1 minute.
Which solution meets these requirements?
A) Publish the raw social media data to an Amazon Kinesis Data Firehose delivery stream. Use Kinesis Data Analytics for SQL Applications to perform a sliding window analysis to compute the metrics and output the results to a Kinesis Data Streams data stream. Configure an AWS Lambda function to save the stream data to an Amazon DynamoDB table. Deploy a real-time dashboard hosted in an Amazon S3 bucket to read and display the metrics data stored in the DynamoDB table.
B) Publish the raw social media data to an Amazon Kinesis Data Firehose delivery stream. Configure the stream to deliver the data to an Amazon Elasticsearch Service cluster with a buffer interval of 0 seconds. Use Kibana to perform the analysis and display the results.
C) Publish the raw social media data to an Amazon Kinesis Data Streams data stream. Configure an AWS Lambda function to compute the metrics on the stream data and save the results in an Amazon S3 bucket. Configure a dashboard in Amazon QuickSight to query the data using Amazon Athena and display the results.
D) Publish the raw social media data to an Amazon SNS topic. Subscribe an Amazon SQS queue to the topic. Configure Amazon EC2 instances as workers to poll the queue, compute the metrics, and save the results to an Amazon Aurora MySQL database. Configure a dashboard in Amazon QuickSight to query the data in Aurora and display the results.
ANSWER16:
Notes/Hint16:
Reference16: Amazon Kinesis Data Analytics can query data in a Kinesis Data Firehose delivery stream in near-real time using SQL
Question 17: A real estate company is receiving new property listing data from its agents through .csv files every day and storing these files in Amazon S3. The data analytics team created an Amazon QuickSight visualization report that uses a dataset imported from the S3 files. The data analytics team wants the visualization report to reflect the current data up to the previous day. How can a data analyst meet these requirements?
A) Schedule an AWS Lambda function to drop and re-create the dataset daily.
B) Configure the visualization to query the data in Amazon S3 directly without loading the data into SPICE.
C) Schedule the dataset to refresh daily.
D) Close and open the Amazon QuickSight visualization.
ANSWER17:
Notes/Hint17:
Reference17: Amazon QuickSight and SPICE
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 18: You need to migrate data to AWS. It is estimated that the data transfer will take over a month via the current AWS Direct Connect connection your company has set up. Which AWS tool should you use?
A) Establish additional Direct Connect connections.
B) Use Data Pipeline to migrate the data in bulk to S3.
C) Use Kinesis Firehose to stream all new and existing data into S3.
D) Snowball
ANSWER18:
Notes/Hint18:
Reference18: Snowball
Question 19: You currently have an on-premises Oracle database and have decided to leverage AWS and use Aurora. You need to do this as quickly as possible. How do you achieve this?
A) It is not possible to migrate an on-premises database to AWS at this time.
B) Use AWS Data Pipeline to create a target database, migrate the database schema, set up the data replication process, initiate the full load and a subsequent change data capture and apply, and conclude with a switchover of your production environment to the new database once the target database is caught up with the source database.
C) Use AWS Database Migration Services and create a target database, migrate the database schema, set up the data replication process, initiate the full load and a subsequent change data capture and apply, and conclude with a switch-over of your production environment to the new database once the target database is caught up with the source database.
D) Use AWS Glue to crawl the on-premises database schemas and then migrate them into AWS with Data Pipeline jobs.
https://aws.amazon.com/dms/
ANSWER2:
Notes/Hint19:
Reference19: DMS
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]
Question 20: A financial company uses Amazon EMR for its analytics workloads. During the company’s annual security audit, the security team determined that none of the EMR clusters’ root volumes are encrypted. The security team recommends the company encrypt its EMR clusters’ root volume as soon as possible.
Which solution would meet these requirements?
A) Enable at-rest encryption for EMR File System (EMRFS) data in Amazon S3 in a security configuration. Re-create the cluster using the newly created security configuration.
B) Specify local disk encryption in a security configuration. Re-create the cluster using the newly created security configuration.
C) Detach the Amazon EBS volumes from the master node. Encrypt the EBS volume and attach it back to the master node.
D) Re-create the EMR cluster with LZO encryption enabled on all volumes.
ANSWER20:
Notes/Hint20:
Reference20: EMR Cluster Local disk encryption
Question 21: A company has a clickstream analytics solution using Amazon Elasticsearch Service. The solution ingests 2 TB of data from Amazon Kinesis Data Firehose and stores the latest data collected within 24 hours in an Amazon ES cluster. The cluster is running on a single index that has 12 data nodes and 3 dedicated master nodes. The cluster is configured with 3,000 shards and each node has 3 TB of EBS storage attached. The Data Analyst noticed that the query performance of Elasticsearch is sluggish, and some intermittent errors are produced by the Kinesis Data Firehose when it tries to write to the index. Upon further investigation, there were occasional JVMMemoryPressure errors found in Amazon ES logs.
What should be done to improve the performance of the Amazon Elasticsearch Service cluster?
Djamga Data Sciences Big Data – Data Analytics Youtube Playlist
2- Prepare for Your AWS Certification Exam
3- LinuxAcademy
Big Data – Data Analytics Jobs:
Big Data – Data Analytics – Data Sciences Latest News:
[appbox googleplay com.dataanalyticsexamprep.app]
[appbox microsoftstore 9NWSDDCMCF6X-mobile screenshots]