Author Archive Jayanthi

ByJayanthi

‘Sharenting’

Reading Time: 3 minutes

‘Sharenting’ – “What is that?” might be the thought for many of us…it was the same thought for me too and soon I was researching more and more into the topic…here are a few of my findings and thoughts…

Social media personalities:

As discussed in another post, all of us have different social media personalities when we are online. While some of us feel comfortable sharing only our achievements online, many of us share a whole lot of other personal things  and there are yet others who totally shun social media! All of us have different takes and views on sharing information online. While there is no perfect right or wrong here and each person is entitled to share what they want,just knowing the risks empowers us.

The “star” subject:

These days there are videos for every type of content….

“You need to bake a cake?”  “Just go to YouTube” might be a popular retort…

“You want to paint?” “Just head to YouTube too”…

“You want to learn Java?” “Head to YouTube – there are plenty of live coding examples that make coding much more easier to learn…..”

While the subject in the above example is “cake”,”paint brush” and “code”, there are numerous videos where the subject is “children”. Children growing, talking about everyday activities with children, children,children and more children…most of the times the author talks about their own children in great detail. Not only videos, there are blog posts and other means of sharing which feature one’s own children.

Some times, some children’s digital identities are fixed from the time they are in their mother’s wombs!! The more we share information about them, the more views, likes, shares and subscribers we get…We think we are helping other people out there in the same boat(and we might be helping somebody I am sure) -but I am not sure if that is always the case…in the corner of my mind there comes a faint thought if we are exploiting the children in any way because they cannot say anything…

This is “sharenting” which is talking excessively about them and recording every minute detail in full public view….

I admit I am also guilty of a few posts about my grown children as well! πŸ™‚ But all my posts are reviewed by the star of the post – as all of them are old enough to make that decision. Some times, they are amused and sometimes they are not so amused but I hit “publish” only after the final assent…

I think most of us do not have that luxury as most of our child subjects are too young. We assume that we do not have to take their permission and yes, if they are too young – we cannot and we do not have to….

But apart from the privacy thought,the multi-million dollar sharenting question is what will the child think of all this sharing and “sharenting” when they grow up?

As you might be knowing, children grow up fast and it will be just be another 4-5 years before they assert their online identity.

Will they say “Stop, mom and dad, why did you have to record me so much?”or will they share your happiness in all the recording and sharing? Only time will tell…

Conclusion:

So, where are you on the “sharenting” spectrum? Do you share a little about  your kids or do you share a lot about them? What do you think they will think of this in the future?

What is my final take on “sharenting”? Take “sharenting” with care and balance – let us not embarass our future social media citizens!! πŸ™‚

All thanks to Cybermum_India and Cybermum_AU for this thought that transformed into a complete blog post! πŸ™‚

ByJayanthi

Offensive and defensive security

Reading Time: 2 minutes

Did you know that the words ‘offensive’ and ‘defensive’ can be used in the InfoSec domain as well? If you follow my writings on Information security – you might realize that the InfoSec domain itself feels different for one set of posts and different for another set of posts…The two distinct classifications are ‘offensive security’ and ‘defensive security’.

While which part of security interests you, depends on you and you alone, security might never be an independent task and it might be a combination of both that you might be facing at work everyday. Having said that, let us move onto to see what is meant by ‘defensive’ and ‘offensive’ security.

Defensive security:

Conventional security is mostly termed as ‘ defensive security’. ‘Defensive security’ deals with security mechanisms that defend the business/home environment like firewalls, VPNs, anti-virus definitions and more. Just like with other applications of the word ‘defensive’ – ‘defensive security’ is more of a reactive approach. We install anti-virus software to keep out viruses, firewalls to block intrusion attempts, work with business continuity and disaster recovery experts, draw security plans to protect the organization but we do not tear the system down to find the vulnerabilities in it.  This is ‘defensive security’.

Offensive security:

‘Offensive security’ on the other hand is the exact opposite of ‘defensive security’. It is like performing a root canal treatment on the business and personal systems to unearth the various vulnerabilities in systems to seal them effectively! Ethical hacking, pen testing,vulnerability assessments,  digital forensics, advanced attacks all come under the umbrella of ‘offensive security’.  Offensive security involves attacking and pen testing live systems. Offensive security mechanisms are much more intensive than defensive security tactics.

ISPO — home page wordle

There are numerous offensive security certifications but the ‘OSCP'(Offensive security certified professional) and the very popular CEH(Certified Ethical hacker from EC-Council) stand out. If you think hacking is your thing, become a white hat hacker and earn these precious certifications. These certifications however are not for the faint of heart. They involve more technical expertise and more hands-on experience. For example, the OSCP certification exam is conducted for a full 24 hours!(yes, you read that right!) 

OSCP certification:

  1. Candidates taking the grueling OSCP certification must first take the ‘Pen testing with Kali Linux’ online course before attempting the examination
  2. The cost of course and the exam is 800$ which involves 30 days lab access
  3. “The OSCP examination consists of a virtual network containing targets of varying configurations and operating systems”
  4. The candidate is expected to research the network, find vulnerabilities and execute attacks.
  5. Successful OSCP holders can conduct remote and client side attacks, deploy tunneling attacks to bypass firewalls and more! 

More information about OSCP certification can be found here

Which type of security are you more aligned to? Defensive or Offensive? Does it fascinate you? 

 

ByJayanthi

Careers in Information security

Reading Time: 3 minutes

The ‘Information security’ domain is growing by leaps and bounds today. While it was in a negligible state of growth even 5 years back, it has grown exponentially over the years. Schools have started introducing small bits of Information security concepts into the curriculum. Colleges in India and abroad have started introducing Information security specializations at the undergraduate and graduate level. So, what are the different career choices that are available for students who graduate with a degree in Information security and for professionals who move along their Infosec careers?

This is a list of career options that are available for professionals who are in the InfoSec field with the description of the various career choices:

  1. Security analyst

       Experience – Atleast 5 years of relevant experience

      Certifications – CISSP, CCSP, CEH, OSCP and other certifications are always preferred.

       Job description – 

     The security analyst is expected to:

  • Monitor & optimize security monitoring and assessment solutions/tools to efficiently identify the most concerning security gaps.
  • Capture, prioritize and efficiently escalate to appropriate internal teams any security incidents identified from security tools or from correlation with other sources.

2. Network Security Engineer

Experience – 6 or more years of relevant functional experience in network architect role or equivalent

Job description –

  • Designing, Implementation and integration of networking equipment routers, switches, firewalls, proxies and security appliances
  • Troubleshoot, resolve and find out root cause of network and security issues.
  • Prepare network documentation such as network diagram, network design with rationale of design, implementation plan and power point slides on proposals for new features to address network issues.

3. Information security analyst – Pen tester

         Experience – 3-5 years experience as pen tester or Information security specialist with pen testing acumen.

        Certifications such as CISSP, CEH will always be preferred.

        Job description – The Information Security Analyst will be responsible for performing penetration tests on IT Solutions created in house as well as commercial off the shelf. The analyst will be responsible for creating external security testing requirements, coordination of tests performed by contracted 3rd parties and evaluation of the reports. 

4. IT auditor

      Desired skills – A degree in Computer Science with  6+ years of experience in IT and Operations auditing, risk management, IT Compliance, Information Security, IT program or project management,

      Certifications – CISSP, CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager ) are some of the preferred certifications to secure a job as an IT auditor.

      Job description – The role of an IT auditor involves developing, implementing, testing and evaluating audit review procedures. He/She will be responsible for conducting IT and IT-related audit projects using the established IT auditing standard in their organization. The audit process can extend to networks, software, programs, communication systems, security systems and any other services that rely on the company’s technological infrastructure.

5. NOC engineer

   Desired skills and experience – 3+ years’ experience with MS SQL, VMware, and IIS including related technologies and standards such as DHCP, DNS, DFS, LDAP, IPSEC, CIFS, SMB, etc.

      Job description –

  • Periodically check application and system health to support NOC Technicians.
  • Day to day administration of a 1000+ Windows/Linux servers, including related applications.
  • Manage and support local site VMWare multi-cluster environment.

6.  SIEM – Security Information Event Management-Consultant

        Mandatory skills – SIEM

       Desired skills – Application Security Code Review – SAC-L1, Big Data-L1

       Desired work experience – 5-8 years

      Job description – The job requires the candidate to have in-depth knowledge in any one technological or industry practice / functional area and overview of 2-3 other areas. The candidate should be able to handle solution definition/ fitment for a small sized project with a medium complexity. The candidate should also be able to build a custom Function Module with medium complexity program logic.

7. Network Security Administrator

    Desired skills – Experience in network configuration and administration including VLANs, ACLs, switches, routers, ISPs and firewalls (i.e. Cisco, HP, Palo Alto, SonicWALL) would be good along with other skills with Linux OS, Azure, switches, routers, firewalls

Job description –

  • Design, implement and manage a foolproof network security policy
  • Implement and configure security software and tools such as anti-virus, firewall, intrusion detection and more
  • Identify known and unknown network vulnerabilities and ways to counteract them

 CISO(Chief Information Security Officer) and CIO(Chief Information Officer) are the professionals who have reached the pinnacle of the IT security profession!

These are some of the career choices that are available in the area of Information security. Almost all jobs will need a degree in Computer Science or related area along with certifications such as the CISSP or CEH or other appropriate certifications.

References:

  1. indeed.co.in
  2. Linkedin.com
  3. naukri.com

 

ByJayanthi

Reflections – A2Z19

Reading Time: 2 minutes

The month of April is always a busy one for me. Two grown kids at home(oh, they are work too!! :)) , schedules all over the place, travelling, business work – all start running riot in April… πŸ™‚ And in the midst I really wanted to do the #BlogchatterA2Z challenge as I had enjoyed doing it so much last year … so, how did I manage? Here goes the report card and my reflections on the whole journey:

Report card:

My idea was to write posts in Information security(in tune with my blog’s primary objective) and proverbs.. and I did manage to complete them very well… Actually, I had a lot of Information security thoughts in my head, which got shape and a final form once I started writing… Given a deadline to finish one post per day motivated me to stay on track and write about all about what I wanted to do!! πŸ™‚ 

My Information thoughts just flowed and flowed!! πŸ™‚

What was the hard part?

Being both a technical and a personal blogger, I always wonder what is the hard part of blogging? Sometimes, it is just getting started…other times, it is just the content and yet, at other times, the flow just doesn’t seem right…but most times for me, it is just the ‘title’ of the blog topic which is the challenging part… once a suitable and interesting topic arises, everything falls into place miraculously!! πŸ™‚

Here are my InfoSec posts which I managed to write making it both understandable and techy at the same time…

Authentication

Cyber-bullying!

Digital forensics

‘Everyday’ security

GIAC certifications

Identity chaos

Identity management

OWASP Top 10 vulnerabilities

Is ‘Privacy’ a myth?

Red Team – Blue Team

SOC

Two factor authentication

Women in Cybersecurity

YouTube security

Project Zero

All of the posts were something that I enjoyed writing, but I particularly enjoyed researching and writing about Project Zero, YouTube Security. OWASP top 10 vulnearabilities the most!! I hope my writing shed light on some topics that you were vague about and motivated you to stay on top of Cybersecurity as well!

Until next year from A2Z…. Ciao!!  πŸ™‚

 

 

 

 

 

ByJayanthi

Project Zero

Reading Time: 2 minutes

Security has become an important component of every business. Many(if not all) organizations are choosing a proactive approach to security rather than a reactive one. It is better to deal with bugs and flaws in any software, before the malicious elements manipulate the same flaws for personal and monetary gains. 

Project Zero:

It is with this same thought that Google created ‘Project Zero’ in 2014. ‘Project Zero’ was also termed as the ‘Cybersecurity dream team’!! The primary aim of this project is to find flaws and vulnerabilities not only in Google products but in other products, operating systems and software. The goal is to detect “zero day vulnerabilities” which are mostly exploited by criminals, state sponsored hackers and intelligence agencies and make the Internet a safe place for all. 

Once a bug was discovered by the ‘Project Zero’ team, it was intimated to the manufacturer directly. Only when a patch was released, was the bug disclosed to the public. However, if a patch was not released by the manufacturer within 90 days, then again it was released to the public. 

Zero-day vulnerabilities are those bugs or loopholes that are known to a hacker but not to the vendor of the product. How do you feel when you have created a product, but do not know the bugs or drawbacks in it but somebody else knows it and is misusing it? This is exactly what was happening with a number of products – hackers were making use of vulnerabilities and exploiting it to the maximum but the vendors were clueless about what was happening. 

The team:

The team included New Zealander Ben Hawkes, Tavis Ormandy, an English researcher , American hacker prodigy George Hotz, Switzerland-based Brit Ian Beer. All of the professionals were extremely good at bug hunting(finding flaws in software) and hacking. 

Is ‘Project Zero’ still hiring?

The good news is ‘yes’! πŸ™‚ Google is still hiring for its ‘Project Zero’ team. Good coding skills and the ability to do vulnerability research and exploit development are crucial skills that are needed. In addition, if you have publicly reported vulnerabilities, you have a brighter chance of getting in! For more details on joining ‘Project Zero’ visit this link.

Latest findings by ‘Project Zero’:

As early as October of last year, a security hole was plugged in for Facebook owned ‘Whatsapp’ which was discovered by Project Zero. 

In March of this year, Google disclosed a flaw in the MacOS kernel. 

Let’s hope Google’s ‘Project Zero’ helps in the betterment of the netizen’s Internet experience without offending anyone… πŸ™‚

Written for the letter ‘Z’ for #BlogchatterA2Z challenge. The previous post can be found here.

It has been a pleasure writing about Information security and proverbs this entire month! I hope you enjoyed reading them as much I did writing them! See you next year!! πŸ™‚

 

ByJayanthi

YouTube security

Reading Time: 2 minutes

There must not be a soul in this planet who has not watched YouTube videos in this age! From small babies to older adults we all watch them. There are cooking videos, educational videos, entertainment videos, cartoons and name a topic and you can find a video on the same. The business has grown so much that there are many who have made a fine career by making YouTube videos and are known as ‘YouTubers'(not an easy one though, atleast initially) 

With so much riding on YouTube are there any security problems? Of course, for any social media that is used billions of people there is bound to be a few(or more!)security hiccups here and there. The problem is identifying it first and then closing it. 

Comments:

If you have watched a lot of videos that have children in them, you might have noticed that many of them(though not all) have their comments section disabled currently. Why did this happen? In February this year, video creator, Matt Watson found a “pedophilia wormhole ring” which was being facilitated by the comments in the YouTube videos.  I know, I feel disgusted too… πŸ™ How did this happen? Pedophiles were meeting through the comments section on YouTube videos which feature children. They exchange their contact information, pass lewd comments and do other disgusting things! For more information visit this link.

What is being done after this discovery?

It is safe to say, that YouTube has disabled the comments section of many videos featuring children. It has also removed thousands of “inappropriate” comments and terminated hundreds of viewer accounts. Though many YouTuber creators might be offended that this might be eating into their advertising and marketing, I think this is a good move to keep children safe online. 

What else can be done by us?

The only thing that we can all do is to ensure that children get a YouTube account only when they are advised to do so – at age 13! After that, it is important for the parents and children to learn and know the risks associated with “broadcasting oneself” and then take the plunge.

I know many parents and children cannot wait to get an email account or YouTube account even at 8 or 9 years of age, but considering that the Internet is not such a safe place after all, isn’t it wise to just a few more years? After YouTube isn’t going anywhere and neither is the Internet. Maybe we will have something more exciting than YouTube too in the few years that they wait too… πŸ™‚

Here’s to keeping children safe online!

 

ByJayanthi

Xmas is enjoyable, only if it comes once a year!

Reading Time: 2 minutes

As I was racking my brain for a post for the tricky alphabet ‘X’ , my eyes suddenly fell on this saying – “Xmas is enjoyable, only if it comes once a year” and I knew “this” was the one that I was going to write on!! πŸ™‚ 

I am sure it is not every difficult to understand this proverb as well…

  1. Summer vacations are on in most parts of India. We have children playing all the time. They are playing and playing from morning to night! What happens when a student is always having vacations and having fun the whole day? What if they are constantly playing, swimming, bicycling and in today’s age – sitting with the mobiles too!! πŸ™ Don’t we as parents get vexed with this non-stop entertainment? The children also get exhausted with too much fun that they get into other troublesome activities as well…
  2. The same  can be held true for adults as well. People who are working continuously for 5-6 days a week or all 7 days a week in today’s scenario, crave a vacation.  But after maybe a week’s of trying to stay away from work related activities – we get tired of vacations and would like to “get back to getting some work done”…
  3. I can say this from a personal experience too – after going on a vacation and trying to de-stress just a few weeks back, I was definitely looking forward to getting back to writing… πŸ™‚ the vacation is more enjoyable only when it comes once in a while…

We can appreciate and enjoy a vacation only if it comes once in a while…that my friends is what this proverb “Xmas is enjoyable, only if it comes once a year” illustrates…. I am sure you can agree with me as well…

This post is for alphabet ‘X’ for #BlogchatterA2Z challenge. The previous post can be found here.

ByJayanthi

Women in Cybersecurity

Reading Time: 3 minutes

A little girl always fiddled with her mother’s smartphone and tried to crack the passcode or the pattern on it. She knew exactly what her mother would use as passcode or pattern as she knew her mother inside out!! πŸ™‚ She will try and most of the times, she can crack the passcode within three tries!! How? she will use the concept of social engineering. She was always glued to her mother’s cybersecurity’s posts(whether she understood them fully or not)  – and she was constantly wondering if this can be “hacked” or if “biometrics” can indeed work!! πŸ™‚ Do you think this little girl will be a budding “white hat” hacker in the future and “another woman to reckon with in the cybersecurity domain”? Only time will tell and this mother is eager to know that… πŸ™‚

Now moving on from that little story to the real women who are rocking the InfoSec domain today… πŸ™‚

Introduction:

Women have stepped into all professions today. There were always women in engineering, medicine, marketing, art, management, research and more. But ‘Women in Cybersecurity’ has become a movement towards empowering women and trusting their inherent capabilities to beat the newer threats arising everyday.

Statistics about ‘Women in Cybersecurity’:

  1. The total number of cybersecurity openings is expected to be close to 3.5 million by the year 2021. However, the total number of women in the cybersecurity domain today stands at only 24% of the total workforce.
  2. However, more and more women are entering the cybersecurity workforce. 
  3. Pay disparity between women InfoSec professionals and their male counterparts is present as in the other professions(my guess, this is due to “family” breaks that most women end up taking)
  4. Men and women do identical cybersecurity duties in the industry(as an example, “threat detection/remediation”, “data security”, “network security architecture”)
  5. Women are getting a higher education in cybersecurity along with most sought after certifications(CISSP, CISM, CISA etc) too!

Who are some of the women leading the cybersecurity domain?

This is a list of some of the top women in the field in no particular order:

  1. Ann Barron-DiCamillo  – is the Vice President Cyber Threat Intelligence and Incident Response at American Express.
  2. Niloofar Howe – is the Chief Strategy Officer at RSA
  3. Eleanor Dallaway – is the Editor of Infosecurity Magazine

Why should women enter the cybersecurity domain?

Apart from the cliched reason, that there is a huge gender gap and the profession needs more women to join the field, from a personal perspective, it is truly amazing to be in the field! πŸ™‚ When most people are just enjoying on the Internet, we can see the things underneath the Internet with a “magical lens” and we take it as a moral responsibility to catch the threats early.

Women also bring a totally new perspective to the field, thus motivating everyone in the board room to include them more!

Information security is not just programming, hunting for bugs, building firewalls – it encompasses all this and even more! And with the field constantly churning out new hacker avatars – there is never a dull moment!

So, what are you waiting for, ladies? πŸ™‚ Hop onto the InfoSec domain today…:) (and I will keep an eye on that little girl for you!! ;))

This post is for alphabet ‘W’ of the #Blogchatter challenge. The previous post can be found here.

 

 

 

ByJayanthi

Patience is a virtue!

Reading Time: 1 minute

Today’s proverb is a very simple one that most of us will surely like but difficult to follow in reality…’Patience is a virtue’!!

He was very hardworking. He would get up at the same time every morning(weekday, weekend – it didn’t matter) He could sit with his daughter and teach her softly and gently. If she couldn’t understand something – he could spend more time with her till she understood the whole thing. He will diligently teach his half-interested son how to ride a bike(no scoldings there) Both his kids could not understand that there could be a “strict” father in life… they thought all fathers were like “their” father..calm and composed!! πŸ™‚

Have you tried driving in India and particularly Bangalore? Well, he could do that too and without losing his temper!! There are always cars, bikes, autos, buses flying from haphazard directions on Bangalore roads – but he could somehow manage to drive through it all unfazed(let us not worry about the time it takes to commute, though!! πŸ™‚ :)) 

He could be as cool as a cucumber and he might give a tough competition to Dhoni under most circumstances…… πŸ™‚  well, if you are wondering who is this person who is blessed with a such a patient personality – try guessing, it is not so hard!! πŸ™‚

‘Patience is indeed a virtue’…written for alphabet ‘V’ for the #BlogchatterA2Z challenge. The previous post can be found here.

ByJayanthi

Use it or lose it!

Reading Time: 2 minutes

After a series of technical posts, here is a proverb that I had heard of before, but understood its significance only a few years back.

What happens when you don’t walk for a prolonged period of time? What happens when you stop moving your finger for a prolonged period of time? What happens when you stop learning something new over a period of time? What happens when you stop teaching for prolonged period of time? The answer to all these questions is just a simple one – ‘You just lose the skill to do it”!! Whether body or mind, once you stop doing something(for whatever reason) – it is very hard to re-train the body and mind to try doing it again!

Both the body and mind becomes rusty once we stop doing it. So, unless you are advised by doctors not to do something – it is good to keep going on!

Sheetal had undergone a nasty foot surgery that did not allow her to walk for almost a month. At the end of the month, when she tried to walk, she could not walk normally for obvious reasons. But even beyond a 3-4 months, when the doctors had given her the “medically fit” certificate, she was in no mood to walk a lot as the “not moving” rust had settled on her! When she finally mustered the courage to walk, she could not do the normal walks and was mentally exhausted. Finally, her father pointed out that since she had not used her walking ability, she was finding it hard to get back to complete normalcy! She had to use every ounce of her physical and mental strength along with a deep religious penance to get her walking back!

Don’t let this happen to you…continue doing what you are doing, if you love it!

Cheers!

This post is for alphabet ‘U’ of the #Blogchatter challenge. The previous post can be found here.