How Do I get into the Security field ?

I’ve heard this question many times.

Let me tell you now that the Security field has many different realms and there is a ton to learn anyone who says they know everything about security is a flat out liar.

Think of it a number of applications and systems out there can you honestly think one person can know all of the systems inside and out?.

Sure you can configure a firewall or a UTM but can you point out a line of code in a web app that is causing a CSRF vulnerability?.

That is why I love this field there is always something to learn there is always a bug to find .

 

Network Security Image

To begin your journey  I would suggest a computer science/Programming background of some kind this helps you understand the logic of how a computer and network work.

Check out my friends at Engadget for an awesome post on how to get the basics of computer science  without busting the bank and best of all online

https://www.engadget.com/2016/09/14/master-computer-science/

Then move into learning systems I strongly suggest learning Linux as most of the security testing apps are built in and for Linux.

There are tons of ways to learn Linux both for free and Paid for check out this Link  from Stack social on a course for Linux system administration course

https://stacksocial.com/sales/complete-linux-crash-course-includes-topics-on-red-hat-unix-kali-python-and-opensuse

After you got the basics of system administration I would also learn the windows operating systems.

Check out my friends at Cybrary  https://www.cybrary.it/

Cybary has a massive collection of Free CyberSecurity training course I have personally take some of their courses and let me say I am impressed.

Check out my previous review of their course they have everything from basic security principles and networking to advanced forensics and hacking .

I am not a fan of their Linux training but everything out they have my check mark and thumbs up.

But the most crucial and important thing you can take all of the course and read all the books you want but there is a critical thing that’s sits with you.

This field changes like the wind you need to be interested you need to commit to learning and you need to enjoy it like everything else in life if you hate what you’re doing then find something that makes you happy.

I will post some other books and articles I have read in the learning resources section of my blog.

Let me know if you need any help or have any questions!

 

 

 

Ransomware Outbreak !

By now I am sure you have heard the news,

WannaCRY Ransomware

Yesterday there was a huge Ransomware outbreak that struck across Europe the Wannacry Ransomware  made its rounds the targets were hospitals in the UK the Russian Police and many others

Even Microsoft started making patches for older systems like XP !!! when I read that  I was surprised 

But the sad part of this is that the Malware exploits a vulnerability that was patched back in March!  this reminds me of the Blaster worm  MS had a patch for months before it started making its rounds back then.

The same things are still happening network operations and security operations take too long to react to the rapidly changing internet threats.

There are also other things at play this same exploit was revealed in the NSA Dumps thanks to the Shadow Brokers.

as of late the shadow Brokers have gone dark citing that they have not received enough funding via bitcoins and the risk is too high to continue.

We really need to step up the game in the security community via awareness and patching more quickly or these outbreaks will continue to happen.

If you have a windows network I suggest you patch your systems with the MS17-010 check out the bulletin from Microsoft.

 

 

Toronto Tech Security Conference – Thoughts

Well, another year another conference and this one was just as good as last years top vendors in many different security realms.

Application security, Data security, writeupCloud, Mobile you name it they were there.

data connectors logo

Top vendors in many different security realms.Application security, Data security, writeupCloud, Mobile you name it they were there.

One of my Favourite products is the Sophos interceptorX product I am in the middle of doing a write-up on this product aims to stop Ransomware in its tracks it’s amazing.

Dosarrest was there  https://www.dosarrest.com/ showing off their awesome DDoS protection services the talk on the new techniques was informative the main topic on what to ask your DDoS protection vendor.

Velocloud’s SDN is something to look at they have a rock solid product and the feature set just sweet.

there were many other products and vendors I am planning some posts of some of my top choices.

The talks from all of the vendors were very informative touching on the trends in security and security operations.

I will post my reviews on the different products that caught my eye

if you are interested in coming out to the event next year check out data connectors @ http://www.dataconnectors.com/

 

I will be at the Toronto Tech Security Conference

Tomorrow I will be at the Data connectors Toronto Tech Security Conference

I cant wait to see all the vendors and all the upcoming and new products

I will also be in all of the seminars I am particularly excited for the presentation from Sophos

See my updates on Facebook and other social media accounts !

If you are attending drop me a note I would love to meet some of my readers in the GTA area

See you there !