Getting your first job in information security (infosec, or cybersecurity) can be tough. It's (still) a relatively new industry, job roles and descriptions aren't always consistent, and it can be tough to figure out where to get started, what skills you need, and how you can acquire them. Even more…
First, what's the difference between data privacy and data security? Data security is about protecting your data from unauthorized access (basically ensuring that hackers can't access your data), while data privacy is about giving you more granular control over how (and by whom) your data is accessed, used, or shared.…
Certifications aren't strictly necessary in order to get hired as a cybersecurity analyst (with the notable exception of many government jobs), but they can help you demonstrate to an HR recruiter or hiring manager that you have a specific skillset via a third party's assessment of your skills. The process…
Brief Background on Ukraine's Relationship with Russia Russia and Ukraine both originated with the medieval sate of Kyivan Rus (near modern-day Kyiv, 10th century AD). Unfortunately, Kyivan Rus was destroyed (the city razed and citizens murdered en masse) in the 13th century by Mongols from the Urals, lead by Batu…
SSL and TLS are frequently attacked, and understanding past attacks can inform defenders' knowledge to secure current systems and to predict the direction of future attacks. As such, here's a summary of some of the most famous attacks targeting these protocols: Browser Exploit Against SSL/TLS (BEAST): BEAST (disclosed in…
Normally finding clearly fake profiles for a business is a huge red flag - the area of sketchy 5 star reviews and effusive praise for sushi restaurants in Kansas. However, creating fake profiles designed to draw in cybercriminals (particularly BEC actors) can be an effective strategy for corporate security teams.…
What is Stuxnet? Stuxnet was one of the first examples of cyber warfare. It was a cyber weapon, attributed to collaboration between US and Israeli forces, aimed at disrupting the Iranian nuclear program. Estimates of the damage done range from a delay in Iran's nuclear program of between 1 -…
If you want to protect systems, you need to understand who you’re defending them from. Many of the hackers you’ll face will fall into several different groups. These different groups often use very different tactics, techniques, and procedures (TTPs) for attacking systems. Identifying which actors or groups of…
