An intentionally insecure web application that provides a controlled environment to practice, learn, and test web application securityContinue reading on Medium »

Setting Up Wazuh Server on UbuntuContinue reading on Medium »

Setting Up Wazuh Server on UbuntuContinue reading on Medium »

Unfortunately, global tensions are evermore present and reliable information is inevitably a crucial part of the growing number of…Continue reading on Medium »

Top 10 Leadership and Management links of the week, curated by Corix Partners Founder and CEO JC Gaillard, focusing on cyber security of…Continue reading on The Corix Partners Friday Reading List »

FYI Solutions offers top-tier Network Monitoring Services for unbeatable cyber security to keep your networks safe. Visit…Continue reading on Medium »

Hey there, hope you’re all doing well… Yep, I’m doing just fine too.Continue reading on Medium »

Investing in India as an NRI: A Comprehensive Tax GuideContinue reading on Medium »

An In-Depth Look at the Security Lapses That Led to Uber’s 2022 Cyber CatastropheContinue reading on Medium »

A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the…Continue reading on Medium »

Recently, a concerning wave of cyber-attacks has unfolded across Eastern Europe, particularly affecting nations such as Estonia and…Continue reading on Medium »

By using the “AWS Console Mobile Application” we can view/manage a selected set of resources on AWS. Also, we can receive push…Continue reading on Medium »

This is the second blog post of me documenting my journey learning Ethical Hacking from Scratch.Continue reading on Medium »

In the current fast-paced environment safety and efficiency are the top priorities for both businesses and other organizations in a…Continue reading on Medium »

Learn how Disney+ Hotstar fights piracy at galactic scale — how we pushed the envelope on CDN processing limits to secure our contentContinue reading on Disney+ Hotstar »

A workforce management system is what you need when you want to make the functioning of your business coherent and less time-intensive. To…Continue reading on Medium »

IntroductionContinue reading on Medium »

Our rapidly changing technology solely depends on data, through which AI gives us the power to challenge the impossible. The demand for…Continue reading on Medium »

VPN technologies have significantly evolved, transitioning from specialized tools to fundamental safeguards for internet use in both…Continue reading on Medium »

This is a Maven plugin developed to simplify the process of scanning Docker images for vulnerabilities using Trivy. https://github.com/orladigital/trivy-maven-plugin submitted by /u/netodeveloper [link] [comments]

Was on the phone with a bank and one of the menu options was asking to opt in to there voice recognition things to confirm identity’s. What do you guys think about this ? submitted by /u/Developer-01 [link] [comments]

Our QSA is telling us that we can't have public Wi-Fi available during any events on our campus where outside vendors might be present because vendors will use it and that would "make us a service provider to them." For example, some special shop selling food or trinkets at an event. She says since we have a contract with the card brands already, this becomes our problem regardless of any relationship or contracts we develop with these vendors. The vendors would obviously be using their own equipment and merchant IDs. I'd argue this stance technically prevents all public Wi-Fi if the entity takes credit cards on site. Seems to me, the terms of service provided with the public Wi-Fi should be able to limit what "cardholder data" services we are providing for the vendor, which is none beyond the pipe to the internet and a corner to set their booth up in. The PCI DSS says that ISPs that only provide that pipe are excluded, so why aren't we? As such, we're going to have several vendors that refuse to come in the future, since we'd be requiring them to use an unreliable hotspot deep inside of buildings instead of our robust Wi-Fi infrastructure. I think this is putting us at a competitive disadvantage, and think that most places would accept this level of risk. I'm sure the QSAs have to toe the line carefully here because some place will otherwise try and find themselves a loophole. What am I missing? submitted by /u/Longjumping-Tea-9382 [link] [comments]

submitted by /u/CEHParrot [link] [comments]

submitted by /u/blahdidbert [link] [comments]

This is a scenario that's doing my head in... Internal users either accidentally or on purpose - emailing corporate info to wrong recipients Could be an 'oopsie daisy' I clicked on the wrong contact, or, I'm about to resign, so I'll send all this to my personal account Not to interested in HR discussions here (I have a plan for thai) The typical incident response for incorrect recipient email ultimately ends with 'contact the recipient, ask them to delete email' There is always a doubt that lingers- did they male copies, forward it on etc So, what steps would you suggest to prevent emails going to wrong recipients I've thought about encryption - but I'm not sure if this is the correct option, as the mail is going to a known recipient (just the wrong one) We have dlp - but not sure what use cases would help here What would this brains-trust suggest submitted by /u/SuicidalReincarnate [link] [comments]

I’m working on a project that needs to be accompanied by an attack graph prior to engaging. I need to include assets, attack path or kill chain, vulnerabilities/exploits (e.g. CVE, CWE, Payload details), TTPs, and other supporting information. I’m not entirely convinced that the attack graph needs all of this information and I’m curious if anyone has a format, standard, or tools they use when mapping out attack graphs. Examples where possible would be a godsend. Links or references equally appreciated. Thanks in advance. submitted by /u/Missing_Space_Cadet [link] [comments]

I'm seeking input from professionals on the above certification, does it have recognition among payment industry professionnels. My search on Google didn't provide any third party opinion. It looks to me as a wrapper for PCI-DSS and alike, but does it worth it ? Here is the link to the training details. Thanks inadvance for any input. submitted by /u/kilogigabyte [link] [comments]

Our office recently had a very clever email attack which was caught before any damages. Ive been directed to research possible future prevention of the same thing happening because Im pretty sure its a vulnerability outside of our organization and will start to be more common. An email communication was intercepted with an attachment that had our companies ACH info for the recipient end customer to provide a payment to. The WORD document was modified and then reforwarded to the correct recipient with a copy of the email chain but the domain names all included an "s" at the end. ie [user@reddits.com](mailto:user@reddits.com) which was very hidden at first glance and likely easy to miss. The modified document included some very clever subterfuge to change all the contact details and phone#s so there was no direct way to contact the us as the sender for questioning. After a bit of investigation, I think the point of attach is the end user is using a GoDaddy hosted account for their emails and it is likely a result of multiple breaches in 2020-2022. I have a feeling that attackers have server level access to GoDaddys hosted shared servers to view end users emails or this end user has some sort of malware on their host. It is unclear if the end user ever received our original email and just didnt respond to it. Im positive our O365 account(s) are not compromised or any of the workstations on our network. The email was a 1:1 copy of the original with the exception of the attachment contents and email address containing the domain name modification. The end user confirmed via phone that they had a similar incident 6 months prior. Is email end to end encryption the best choice here and should we use it for everything or just those that are sensitive? Any guidance is appreciated. submitted by /u/evolooshun [link] [comments]

Three years ago I was a high school English teacher. Today, I'm a cybersecurity engineer. This is how I did it (and what mistakes to avoid). Shameless plug (My video series: https://www.youtube.com/@Kyle.Marvin/) Cybersecurity Overview Three questions to start us off: 1. What is Information Technology and what other IT jobs besides security pay well? What is cybersecurity and what your job duties would be? And what is this about red/blue/purple teams that make up IT Security? Main IT Domains 1. Networking. Network engineers design, implement, and manage network infrastructure, such as routers, switches, and firewalls. 2. Cloud. Cloud engineers do the same, but with cloud-based infrastructure and services. System Administration. System administrators handle user account management, data backups, and system updates. 4. Help Desk. Help Desk technicians serve as the first point of contact for users seeking assistance. Cybersecurity Analyst / Engineer Job duties: Investigating security alerts, such as potential malware on a machine 2. Reviewing emails for indicators such as malicious links or attachments 3. DNS Filtering so that if a user does click a link, it doesn’t have a malicious effect 4. Conducting vulnerability assessments to find weaknesses in our infrastructure 5. Developing security policies, like Acceptable Use documents 6. Implementing security controls like MFA and EDR Incident response during a data breach 8. Training users to have a security mindset Audit for compliance to industry regulations such as HIPAA and PCI DSS 10. Identity Protection to ensure only authorized users gain access to company resources Red vs. Blue vs. Purple Blue Team: Their job is to set up a company’s defenses. Like mentioned earlier: they do email security, endpoint protection, DNS filtering, and respond to alerts. Their job is to try and keep all the bad actors out. Red Team: These folks get paid to be “ethical” or “white hat” hackers. Yes - companies pay people to try and break through the blue team’s defenses. They may use social engineering (the act of manipulating people) or they may use technical skills, such as finding exploits and vulnerabilities in defenses. Purple Team: Sometimes, the red and blue teams come together for military style exercises where the red team tries to break into something and the blue team defends. These are called purple team exercises. A few companies will even have a dedicated role for purple teamers to manage these exercises. Why Choose Cybersecurity? 1. I work more with things now than I do with people. There are people-centered security positions, but there are also positions that focus on (non-coding) tech skills. 2. Median pay is $120,000 a year Information Security Analysts : Occupational Outlook Handbook: : U.S. Bureau of Labor Statistics (bls.gov) 3. Job growth of 32% into 2032 Cybersecurity Salary Guide: How Much Can You Earn? – Forbes Advisor 4. Cybercrime is MASSIVELY profitable. Companies need digital police. They need YOU. 2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics (cybersecurityventures.com) 5. Make a positive impact on the world by thwarting cybercrime. Security (and IT) Certifications Certification: CompTIA A+ Why: It helped me get interviews and ultimately land an entry-level IT role. Who’s it for: Folks with no background in tech looking to break into the industry. Certification: CompTIA Network+ Why: You may need more than A+ on your resume to land a job. Also, you NEED to know how networking works. Who’s it for: Folks with no background in tech looking to break into the industry. If you already have an IT job, skip the test, but study the material! (CCNA is a good alternative IF you want to do network security). Certification: CompTIA Security+ Why: Allows you to apply for secret and top secret security positions (DoD certified). Gives a good theoretical understanding of security. Who’s it for: Folks with tech background looking to break into cybersecurity. Then I would get one of the following: Certification: BTL1 Blue Team Level 1 Certification » Security Blue Team Why: Good entry-level certification to build hands-on defensive skills Certification: eJPT eJPT Certification - INE Security Why: Good entry-level certification to build hands-on offensive skills Certification: PNPT Practical Network Penetration Tester (PNPT) - TCM Security (tcm-sec.com) Why: Good entry-level certification to build hands-on offensive skills Honorable Mentions Google IT Support Professional Google IT Support Professional Certificate | Coursera Google Cybersecurity Professional Google Cybersecurity Professional Certificate | Coursera Why Honorable only? They did not help me land a job, but have excellent content. CompTIA moved the needle for me in terms of interviews of job offers. Security Projects Email Security Buy a domain and get yourself a personalized email address. Configure the DNS records (SPF, DMARC) to ensure it’s secure. You can add this address to your resume and highlight it as a skill you now have experience with! SO many companies do not have DMARC setup correctly and this is a HIGH demand skill. Email is the number 1 path for threat actors to compromise accounts. Knowing how to secure email is a must. Antivirus Find and install a free antivirus program, such as MalwareBytes on virtual machine. Look through all the configurations and see what changes you can make. While on the virtual machine, download Potentially Unwanted Programs (PUPs) and see how the AV reacts. Try downloading EICAR (European Institute for Computer Anti-Virus Research) and testing with that. See if you can block files by hash. If you can, create a .exe file with some code from ChatGPT (maybe a PowerShell script that grabs system info and writes it to a .txt file), grab its hash, block it in the AV by adding the hash, then try to execute the file. Security Awareness Training Go through your personal email, hit your spam/junk folder, and you won’t have to dig long. Find out how to determine what malicious indicators are, and then create thorough walk-throughs on a few emails, highlighting what evidence you found, and how that evidence led to your conclusion. Post these on Medium for visibility. Create a mini-course on educating users to not click on links, input their credentials, download files, verify if an email is from a trusted sender, etc. You can take this to the next level by automating portions of this process: have a python script scan the headers, pull just the info you require, and then utilize APIs to analyze that data. Network Security pfSense is an open source firewall that you can setup in your home environment. OR if you have a spare Raspberry PI, then setup OpenWRT. Either are great options. If you are not an active administrator of your home network, now is the time to start! Learning to secure your home environment will go a long way to securing an enterprise environment. Frankly you can just start off with the gear you have and see what options you can enable to increase security. DNS Filtering You can set up OpenDNS for 20$ a year or free! Download, install, setup, and test. Can you get to websites you shouldn’t? What can you block? What should you block? What should an organization block to increase productivity and security? Up your DNS filtering game by setting up multiple profiles that allow certain users access to some sites that others don’t have access to. For instance, allow Facebook for someone and block it for another user. Document this process! Create a write-up or video or podcast. Post it online and share it with the community. Password manager Managing passwords is a pain. Do you know how many accounts you have? do you know if any have been compromised? So many folks use multiple open-source PWMs, such as chrome, firefox, edge…and more. Consolidate your passwords into a single location, update them to be secure, delete old/unnecessary accounts, enable MFA where you can. Do you already pay for Nord VPN? Well they include a PWM. Or there’s a ton of options out there that are really affordable. Do some research: should you use a cloud PWM? Or should you setup an on-prem Raspberry PI PWM? Find the option that suits your needs and get it going! Bonus Projects 1. Eric Capuano wrote a 4-part blog series that details how to set up a homelab SOC Analyst style. https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro 2. Reverse Malware Analysis by TCM Security https://academy.tcm-sec.com/ Wargames Capture-the-Flag (CTF) events are cybersecurity competitions designed to test participants' skills in various aspects of information security. They involve solving a series of challenges that simulate real-world security scenarios. Participants are often organized into teams and compete to uncover hidden flags or solve puzzles to score points. Six Reasons to Compete in a Wargame 1. CTF challenges cover a wide range of technical areas, including network security, cryptography, web security, reverse engineering, forensics, and more. 2. Participants must apply problem-solving techniques, analyze vulnerabilities, devise strategies, and explore different approaches to overcome obstacles. 3. Events often require participants to work together to solve challenges and maximize their score. The ability to work well in a team is highly valuable in real-world cybersecurity scenarios. 4. CTFs put participants under pressure to solve challenges within a limited timeframe, which helps develop time management skills, improve decision-making under pressure, and enhance your ability to prioritize tasks effectively. 5. Engaging in the CTF community allows participants to network, exchange knowledge, and build relationships that can be beneficial for career advancement and future collaborations. 6. Placing in the top 3 in a CTF is an accomplishment worth noting on your resume and demonstrates to employers that you have the previously mentioned skills. Types of Wargames Jeopardy In this type of CTF, teams are given a board that looks like jeopardy with certain categories, such as OSINT, PWN, Crypto, etc. and there are multiple tasks worth varying points, for instance, PWN for 500. Completing these tasks awards points to a team. Attack-Defense A “gameserver” is provided by the organizers and runs throughout the competition and periodically stores flags on your Vulnbox The Vulnbox is your running instance of the virtual machine given to you by the organizers. It runs all the services that the gameserver uses to store flags. Your job is to protect your flags by securing the services and ensure your VM is not exploitable (the Defense part of the game). The other teams all have their vulnboxes, and after about an hour, the network will open up so that the other teams can start exploiting (aka the Attack phase) your machine and find flags. Successfully stealing and submitting flags from the Vulnbox of other teams determines your attack score! Technical Preparation College Is college required? No. Does it help? Yes. I have a B.A. in English – not tech related at all and this was more than sufficient to get a job. Many of my coworkers do not have degrees at all. WGU has a popular program - Cybersecurity Courses Online – Bachelor’s Degree | WGU Bootcamps Required? No. Helpful? Maybe. Check out pay-what-you-can training from SANS instructors at Antisyphon https://www.antisyphontraining.com/ or Popular YouTuber and Security Engineer Josh Madakor also has a bootcamp. https://www.youtube.com/@JoshMadakor Technical Skills Development Defensive Skill Building 1. Blue Team Labs Online BTLO (blueteamlabs.online) Offensive Skill Building (ethical hacking, penetration testing, application security) 1. Hack the Box a. Academy (for beginners) Best Online Cybersecurity Courses & Certifications | HTB Academy (hackthebox.com) b. Labs (beginner to advanced) Hack The Box :: Login 2. TryHackMe TryHackMe | Cyber Security Training Podcasts Darknet Diaries – True stories from the dark side of the internet by Jack Rhysider (SO GOOD). Darknet Diaries – True stories from the dark side of the Internet. Daily Cyber Threat Brief - Do You Know How EPIC Simply Cyber Is? (Max Nitro Edition) (youtube.com) Books 1. Dark Territory: The Secret History of Cyber War by Fred Kaplan Dark Territory recounts the history of cyber warfare in the United States before the word “Cyber” was even coined. It covers a comprehensive understanding of how America began its cyber programs from the Cold War up through the Obama administration. It is less about specific cyber attacks or exploits, although it does cover many, and more about the history behind the CIA, NSA, FBI, and all the other alphabet soup of the American government. 2. You’ll See This Message When It’s Too Late by Josephine Wolff The first section recounts 3 major financially motivated cyber incidents: TXJ breach, South Carolina Department of Revenue (SCDOR) and the Zues botnet / Cryptolocker. You’ll get a good understanding of some defensive measures to thwart financial cyber crimes, along with a great history lesson. The second section deals with cyber-espionage: DigiNotar (a certificate authority), China’s PLA Unit 61398, and the breach to the US Office of Personnel Management (OPM). The defensive measures one might take to counteract these crimes has some overlap, but is interestingly more difficult to prevent. The third section highlights cyber acts of public humiliation: Spamhaus’ DDoS, Sony’s Breach (one of many), and the adulterous Ashley Madison website. These crimes are perhaps the most difficult to thwart and as the motivations and information required are different. The final section is something of a review. It focuses on potential solutions to issues, the underlying economic costs, and the legislative agenda tied to these issues. 3. Cybersecurity and Cyberwar by P.W. Singer & Allan Friedman The book delves into the history and current state of cyber warfare, providing a detailed look at the players, the technology, and the politics involved, from state-sponsored hackers to cybercrime syndicates, the authors take readers on a journey through the dark corners of the internet. It also offers practical advice on how to protect yourself and your organization from cyber-attacks. From understanding the basics of computer security to implementing advanced security measures, it’s packed with actionable tips and tricks to help you stay safe online. Defense in Depth There are four types of controls (OK – there’s actually more) that, when combined, help create a defense in depth strategy. For instance, locking your front door, installing a camera and flood light, owning a big dog, and having a silent alarm is a defense in depth strategy to keep your home safe. - The floodlight and camera are deterrents, which reduce the likelihood of being attacked. - The lock on the front door is preventative, intended to make an attack unsuccessful. - The big dog can reduce the effect of a break in, a corrective control. - The silent alarm, a detective control, can signal the cops to come investigate. Learn more here: https://www.linkedin.com/pulse/3-types-security-controls-expert-explains-purple-sec/ So what? Cybersecurity has multiple domains where we implement multiple control types. Each of these can be a sub-specialty within security. Email Security According to Deloitte, 91% of all cyber attacks begin with a phishing email. Therefore, email security is a top priority. 91% of all cyber attacks begin with a phishing email to an unexpected victim | Deloitte Malaysia | Risk Advisory | Press releases As a security analyst, you’ll have two jobs: 1. Review user submitted emails to see if they are malicious, spam, or legitimate 2. Create email security policies to prevent malicious emails. Endpoint Protection As a Security Analyst, you’ll likely be responding to many AV or EDR alerts. For instance, your AV may be configured to block, quarantine, ignore, or delete files and processes. Depending on the situation, you’ll need to figure out if the file or process is malicious and how did it get to the endpoint in the first place. Did the user click a link? Did they download something they shouldn't have? Did they plug in a USB they found on the street? A company’s worst nightmare is ransomware. This is a primary tool to prevent that. Security Awareness Training Backstory before we discuss this one. Stuxnet was a computer worm that was discovered in 2010 and is believed to have been developed jointly by the United States and Israel. It was designed to target industrial control systems and specifically the centrifuges used by Iran in their nuclear program. The worm was able to infiltrate these systems by exploiting zero-day vulnerabilities and spread to other systems through removable drives and network connections. What that means is, no security controls that we as analysts could configure would have prevented this malware. The question remains, how did this malware get into their system in the first place? After all, Iran’s nuclear program was air-gapped (not connected to the internet). So how did malware get on a system if there was no network connected to it? User error. USB drives were dropped into the Iranian parking lot surrounding the nuclear facility. Users would have had to pick one up, take it inside, pass security check points, and plug it into their work computers. Now, you may think to yourself, “what idiot is dumb enough to do that?” My answer would be: it takes a very special type of tinfoil paranoia and extreme distrust to be immune to trickery. But it still begs the question, how could this have been prevented? (Hint: it’s in the section title). DNS Filtering People like to click things. Things they shouldn’t. This is why phishing emails are so successful. People are click happy. So how do we protect against happy-clickers? DNS Filtering. SIEM/SOAR The tool of all tools. The SIEM gathers logs from everywhere and generates alerts for analysts to investigate. You can extend the functionality with SOAR but automating investigations. Identity Access Management With users now working remotely and using their own devices, how do we ensure that only legitimate users gain access to the correct resources? Volunteering Need experience to get a job? Need a job to get experience? Need experience to get a…well shit. How do we hack the cycle? You can find volunteering opportunities at your local non-profits (food bank, community centers, libraries) or you can ask to work on security projects at your current company (for those of you who are currently entry-level IT, this is the best way to get experience). If you need IT experience, check out ITDRC where you can volunteer in person or remotely. https://www.itdrc.org/ Additional Resources Certifications Security Certification Roadmap https://pauljerimy.com/security-certification-roadmap/ CompTIA A+ https://www.comptia.org/certifications/a CompTIA Network+ https://www.comptia.org/certifications/network CompTIA Security+ https://www.comptia.org/certifications/security BTL1 https://www.securityblue.team/why-btl1/ eJPT https://security.ine.com/certifications/ejpt-certification/ PNPT https://certifications.tcm-sec.com/pnpt/ Google IT Support https://www.coursera.org/professional-certificates/google-it-support Google Cybersecurity https://www.coursera.org/google-certificates/cybersecurity-certificate? CompTIA Training Professor Messer https://www.youtube.com/@professormesser Mike Meyers https://www.udemy.com/courses/search/?q=mike+meyers&src=sac&kw=mike+meyers Jason Dion https://www.udemy.com/courses/search/?src=ukw&q=jason+dion Books Cybersecurity and Cyberwar https://www.amazon.com/dp/1515950247/ Dark Territory https://www.amazon.com/dp/B010MHABUY/ You’ll See This Message When It Is Too Late https://www.amazon.com/dp/0262038854/ Atomic Habits https://www.amazon.com/dp/B07RFSSYBH/ Speak to Win https://www.amazon.com/dp/B001LV3UTK/ The Compound Effect https://www.amazon.com/dp/0306924633/ Meaningful Small Talk https://www.amazon.com/dp/B07WTWBVK8/ Podcasts Darknet Diaries https://darknetdiaries.com/ SimplyCyber https://www.youtube.com/@SimplyCyber Other Podcasts https://www.sans.org/blog/cybersecurity-podcast-roundup/ Reddit Mentorship Monday https://www.reddit.com/r/cybersecurity/ Freemium Training TryHackMe https://tryhackme.com HackTheBox – Labs https://app.hackthebox.com/ HackTheBox – Academy https://academy.hackthebox.com/ Blue Team Labs Online https://blueteamlabs.online/ Over The Wire https://overthewire.org/wargames/ Projects So you want to be a SOC analyst https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro TCM Security https://academy.tcm-sec.com/courses/ TCM Malware Analysis https://academy.tcm-sec.com/courses/enrolled/1547503 Online Degrees https://www.wgu.edu/online-it-degrees/bachelors-programs.html Bootcamps Antisyphon https://www.antisyphontraining.com/course-catalog/ Josh Madakor https://joshmadakor.tech/cyber/ YouTubers John Hammond https://www.youtube.com/@_JohnHammond The Cyber Mentor https://www.youtube.com/@TCMSecurityAcademy David Bombal https://www.youtube.com/@davidbombal Kyle Marvin (shameless plug) https://www.youtube.com/@kyle.marvin Volunteering ITDRC https://www.itdrc.org/volunteer CTFs HackTheBox – CTFs https://ctf.hackthebox.com/ PicoCTF https://www.picoctf.org/ CTF Time https://ctftime.org/event/list/upcoming Conferences DEF CON https://defcon.org/ Black Hat https://www.blackhat.com/us-24/ Wild West Hackin’ Fest https://wildwesthackinfest.com/ I created this post and YouTube channel because I see the same questions in Mentorship Monday every week. I hope to update this resource and keep it as a go-to guide for new folks looking to break into the industry. Please ask questions, recommend content to add/remove, and help make this post awesome. I appreciate y'all! submitted by /u/_r00d [link] [comments]

Talking to peers, we're comparing how much we spend on cybersec products, but they all scale by endpoint or user, so the total doesn't really help companies of different size. Is anyone calculating per employee per year/month cost to get an idea of what one employee costs a company? I'm a little over halfway through inventorying our products/services and we're over $18/mo per user already. Calculating firewall, email filter, EDR, security awareness training/testing, SIEM, password manager, endpoint patching, etc Not including our actual MS tenant and licenses for user products, only dedicated cybersec purchases. submitted by /u/ranhalt [link] [comments]

It seems that everyone is fighting over marketing terms at this point and losing the direction of what us actual customers need - SIEM, next-gen SIEM, XDR, MDR, EDR. Just saw an article from my past MDR provider helping to understand the lines between EDR, NDR, TDR, XDR, and MDR - lining up with all of the individual packages that they offer. What are we doing here. Even the gartner leaders in these categories - their websites make it impossible to figure out what they actually do. Gone are the days of sticking to what you're good at I guess. submitted by /u/ByteKnight78 [link] [comments]

What are the pros and cons? Is it just cost based on number of devices? Is it any good with network device logs? I was also considering using Security Onion for non-desktop/server devices if CS is cost prohibitive or not ideal. submitted by /u/VengefulPete [link] [comments]

submitted by /u/theowni [link] [comments]

Been seeing this for over a year. There are recommendations on how to combat it within the links in the article. Anyone else seeing it? have any tips on how you combat it? submitted by /u/igiveupmakinganame [link] [comments]

https://www.bleepingcomputer.com/news/security/labhost-phishing-service-with-40-000-domains-disrupted-37-arrested/ submitted by /u/N07-2-L33T [link] [comments]

submitted by /u/permis0 [link] [comments]

Hello everyone! Looking for some valuable advice on where to move cybersecurity wise. I've heard IT audit to be a trap but the pay difference is definitely something that I've been considering. Would love to hear ya'lls opinion! Big4 IT Audit Offer: 82K MSSP SOC Offer: 45K + Remote + 4 day week + 36 hour shift submitted by /u/Valuable_Grade1077 [link] [comments]

Hi, I'm looking to leave law enforcement in the UK and get into cyber security, specifically I believe GRC /Disaster Recovery - Business Continuity. Completed my CC exam via ISC2 and am considering CISSP or the CGRC. The CGRC seems more aligned to where I'm trying to develop towards. Has anyone completed it and found recruiters/employers valuing it higher than the core CISSP knowledge? I'm not over technical and have been advised that the CISSP may be a bit of a step, but it does seem the most recognised and valued. Any thoughts? Thanks! submitted by /u/macel205 [link] [comments]

The recent cyberattack on UnitedHealth Group shows the increasing ransomware danger. It emphasises the financial and operational effects of ransomware, leading to a congressional hearing. Cybercriminals are using advanced tactics like AI, making cybersecurity more difficult. Small businesses need more resources. Important measures for resilience involve planning for incident response, integrating AI, and enhancing cloud security. Having real-time threat visibility is essential for a strong defence. (Source) submitted by /u/divyanshu011 [link] [comments]

submitted by /u/scarey102 [link] [comments]

Hi, I'm working for a company who has recently moved to the cloud and have used Qualys and Rapid7 in the datacenter, but that doesn't seem to fit as well and the pricing is all over the place if you want CSPM as well as VMDR. I was wondering if anyone has recently moved to Wiz, Sysdig, Lacework or another solution and super-happy? We're trying to cover off the traditional vulnerability management in cloud servers, containers, CSPM and runtime security. Thanks in advance, Dave submitted by /u/CancelDue9062 [link] [comments]

Beside College, how can I develop myself in cybersecurity (in blue team - red team field) and how to choose between them I'm Jr. IT student Notice that I know the certs of it - like comptia - but want to know how to get into one of fields of teams submitted by /u/Cyberhead72 [link] [comments]

submitted by /u/FriendlyBanana8411 [link] [comments]

I periodically look for various information about new training courses or educational material. I've been in cybersecurity for many years, but I'm still curious about what's on the market now. I worked as a SOC Engineer-Analyst, then moved to SecOps and this training material had a high impact on me and my career: networkdefense.io: Investigation theory Practical threat hunting Also, Network Security Monitoring book by Chris Sanders Active Countermeasures: Practical Network Threat Hunting Antisyphon: SOC core skills Offensive Countermeasures book by John Strand submitted by /u/athanielx [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]