Technology – Build A Security Ninja

BSides Augusta

Posted on October 2, 2022October 2, 2022 by Steph

Or fun with Soldering…

This weekend got the chance to go to my first BSides in Augusta. Smaller conference, but just as good as any big one.

The talks I sat in on were excellent, especially one about the infosec community and culture. It was basically about how people perpetuate a toxic culture feeding into this ‘hero’ mentality. Part of the issue is instead of seeing the attackers as the villain people see the users as villains and beneath them because they make “stupid” mistakes. It goes along with this book I’m reading: ‘The Smartest Person in the Room” which is about all the ego in tech.

I also got to try my hand at soldering for the second time and did pretty well. Like my little badge response to tapping and lights up like it’s supposed to. Now I’m going to go practice picking locks or soldering something else….lol.

Flashback Friday, Informational, InfoSec History

Case Study: Maroochy Shire

Posted on May 29, 2022July 25, 2022 by Steph

Problem

In 2001, a former contractor who still had access to the system, compromised the industrial control system (ICS). This compromised causes the sewage to flood the town and watershed.

This would become the first widely recognized attack on and industrial system.

“Marine life died, the creek water turned black and the stench was unbearable for residents,” said Janelle Bryant of the Australian Environmental Protection Agency in The Register“

–Cohen, Gary, 2021

Solution

Focus on possible Insider Threats
Offboarding procedures
Emphasize separation of duties
Airgap operational technology from information technology.

Informational, Labs, What I've Used

Splunk Core Certified User – Study Guide

Posted on May 24, 2022May 24, 2022 by Steph

I would advise anyone who wants to learn to use Splunk to actually use Splunk. They offer a really thorough fundamentals class for free and you fan set up a Splunk environment fairly easy.

There’s also hands-on by completing the ‘Boss of the SOC’ challenges.

Furthermore I recommend:

Splunk Certified Study Guide by Deep Mehta published by Apress

I highly recommend the above book to supplement study and test prep.

Informational, Learning Woes, What I've Used

Broke the Microsoft Curse

Posted on May 14, 2022May 14, 2022 by Steph

Or Passing AZ-900

Last Friday I sat for an passed Microsoft’s Azure Fundamentals (AZ-900) certification test. During my hiatus I had sat for an failed Microsoft’s Security Analyst (SC-200) test.

To be honest I really wasn’t prepared for SC-200. I breezed through the Microsoft Learn coursework and didn’t really study the material. Although I had hands-on with their security tools I’d never used Kusto Query Language. I kinda wanted a feel for how Microsoft tests were comparatively speaking.

Failing SC-200 wasn’t a big hit because I was aware of my shortcomings.

Still to me, Microsoft Cert Tests are trickier and have section blocks that limited the ability to go back and change answers, which I wasn’t prepared for the first time taking one of their exams, but was ready for taking the Fundamental exam.

This is exam is basically theoretical and based on understanding Azure on a high level and the using the cloud as a whole.

I would recommend using the following to test prep:

Microsoft Learn for AZ-900 (free Microsoft course)
Jim Cheshire book (pictured below)
I microsoft also has ‘Virtual Training Days’ which can help.

Jim Cheshire – “Microsoft Azure Fundamentals Exam Ref AZ-900”

Now to get more hands on with Azure!!

Uncategorized

CYSA+ – Backtracking to CS0-001

Posted on August 17, 2020August 17, 2020 by Steph

Since I failed the beta of CYSA+ CSO-002 by such a narrow margin (10pts), I’m going to take CSO-001 before it is retired.

My plan is to review my test report and then study the areas I faltered in. I make a packet of flashcards and focus my brief study to these areas.

I just feel like I’ll regret not attempting to complete the current test with how close I came to passing the beta.

Profiles

Profile in Cyber

Posted on February 20, 2020February 15, 2020 by Steph

“I think it’s very important to get more women into computing. My slogan is: Computing is too important to be left to men.” –
Karen Spärck Jones

Melba Roy Mouton

Was one of NASA’s “human computers” in the early space program. A graduate of Howard University from Virginia, Mouton headed a group of these “human computers” that tracked satellites. Furthermore, Mouton, was also a computer programmer at NASA. Her programs “predicted aircraft locations and trajectories.” (Women & Tech Project, 2014).

More on NaSA’s “Human Computers”:

1929 – June 25, 1990

References:

Famous Women in History: Melba Roy Mouton. (2017). Entity. Retrieved from https://www.entitymag.com/famous-women-in-history-melba-roy-mouton/
WOMEN AND TECHNOLOGY IN THE 1950S. (2014) Women & Tech Project. Retrieved from https://womenandtechnologyproject.com/tag/1950s/