If you’re paying attention to the War in Ukraine you’ve probably heard people talk about the ensuing cyber dimension of the conflict. This is just the latest skirmish–though some say it’ s the beginning of the new Era of Cyberwarfare–of cyberwarfare.
Stuxnet, wasn’t the first cyber operation nor was it the first virus, but it’s notable because it was one of the first that destroy hardware and an operation linked specifically to the U.S.
Stuxnet was a virus developed to target Iran’s nuclear capabilities. Basically, it targeted automated controls in industrial control systems causing the hardware to break. It did this by exploiting zero-days in Microsoft and Siemens software. The bad part is that Stuxnet worked to well and ended up spreading globally.
Hand with black nail polish holding a magnifying glass – Pexel
Stumbled on this job during a recent job search. This had never been on my radar as a possible field of interest, but after interviewing and learning about the position I was intrigued.
A vulnerability researcher basically investigate, identify, and study vulnerabilities and exploits in software and/or systems. Sometimes this can be independently, but often it is part of an enterprise or in conjunction with continuous monitoring services.
Again, had a post planned and instead news caused a different post.
Even before the Supreme Court officially struck down the Roe v. Wade decision and sent reproductive health issues back to the states there were stirrings questioning how incoming changes might effect health apps and data collection.
Living in today’s world people might not worry about how much of their information is readily collected or available. Perhaps, they’ve resigned themselves to the fact that they can’t stop their data being collected. There has been very little headway made in crafting some type of national privacy law, so it makes one feel like this is just inevitable, online privacy is your own concern.
For months before today reading through Twitter brought calls for women to remove period tracking apps and be more cognizant of how their data might be collected and in the future possibly subpoenaed as proof of some ‘reproductive crime’..
“Democrat lawmakers along with privacy advocates are now growing worried prosecutors in these anti-abortion states will use subpoenas to demand tech companies help them identify which users have visited an abortion provider.” -Michael Kan, PCMag.
I would definitely consider myself a privacy advocate. I think the majority of infosec people are concerned about privacy to some degree. It’s concerning that it really took something so dramatic to bring this conversation about data collection back to the foreground.
It can be proposed that perhaps we all just became too complacent in many ways…
In 2001, a former contractor who still had access to the system, compromised the industrial control system (ICS). This compromised causes the sewage to flood the town and watershed.
This would become the first widely recognized attack on and industrial system.
It’s been a while. I kept trying to say that I would be back blogging, but there were so many compounding things.
Covid-19: I wanted to be one of those people who was super productive during Covid not realizing how changes might effect mood. I’m an introvert by nature and it felt like ‘no big deal’….til it was. I ossicilated between being feeling like nothing was changing and I was stuck to making a lot of headway last year. I made all this progress, but felt isolated…it’s not a good headspace to write from.
Changing Jobs: When I first went on radio silence I had just left a position, my first real infosec position and there was a period of like 3 weeks where I technically had a job, but wasn’t working. I did not know how panicky not having a steady income would be (even with savings), but it was….when you’re money is funny you are not in a place to blog.
Contracting is for the Birds: This came later, there was a period where I transitioned from subcontracting to contracting and thay was stressful. There was poor communication and a back and forth on whether I needed to find a new job, so basically I was back to panicking and stressing about what comes next. It worked out, but it also made me realize I didn’t want to stay a contractor for much longer.
2021: I turned a corner in 2021, if anything this was a great year because all I accomplished. I racked up certs, worked and felt in my niche. I mean by the end of 2021 I felt like I had really made a little establishment in my new career. On my team my name was synonymous with great work and I knew it, but I also was burning myself out trying to prove that I belong (burnout is real. Imposter syndrome is real. And I will discuss in a later post). I was moving so much I couldn’t even think about slowing down to commit to blogging.
Now: Here we are.
I’ve got an awesome mentor
Have been motivated to think about branding (which is exciting)
I think about where I want to fit into and give back to the infosec community as a whole
I got to do a CTF that made me more secure and what type of infosec path I want to be on (more on this later)
All in all I’m ready to commit to this again, but with caveats. This will only be a weekly blog, the calendar I wanted was too much to busy and hectic. This is manageable and it’s good to set boundaries (even with yourself).
In the coming weeks I will also be changing the look of this blog. Thanks to anyone who still reading this and sorry that I left you in the lurch.
Build A Security Ninja 