‘Certifications’? Ask this to any computer professional – and their eyes will surely glow… 🙂 ‘certifications’ are available in every computer field – as an example, we have the Oracle Java certifications(OCJP, OCJWCD), PMP certifications, data center certification(CCNA, CCNP), computer hardware certifications(A+, Server+), cloud certifications(AWS, CCNA) and the Information security certifications like CISSP, CCSP, CEH(which I am most interested in… 🙂 ) and more…- in fact, you can hardly meet a software professional in the computer field who is not certified!!
Having said this, many colleges also offer degrees in the Computer field such as Bachelors degree in Computer Science and Engineering(for India), Masters degree in Computer Science and Engineering and many other degrees directly or indirectly related to the Computer field. All these degrees require 4 years(Masters programs will take lesser number of years) of hard work and good grades to pass with a good GPA or marks.
So, which is more respected – degrees or certifications in the computer industry?
As you step into the employment phase of life, initially, educational qualifications will definitely pave the way for a good and plum job in the desired industry and domain. But after a period of time, as technology rolls and changes all in its path – though our core values from the degree are strong and firm, we need additional skills to move up the career ladder. This is where certifications step in.
Every certification tests you on different skills apart from your work experience. In fact, mid and high level positions in an organization might demand certifications to validate you and make sure that you are still in sync with the industry. You will have to spend at least 3-4 months studying for these certification exams and the exams will not be easy by any means. After you are certified, most of these certifications might have to be renewed every few years. In fact, I have high respect for professionals who put a series of certifications behind their name!! 🙂
I am sure any organization will be happy with a candidate who has an amazing degree plus all the relevant certifications but I think certifications definitely steal the thunder from a higher degree in the mid and high level employment space!! 🙂
This is the fifth post for #MyFriendAlexa by @Blogchatter. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.
Cars can be hacked, phones can be hacked, all smart devices can be hacked – so why not ATM machines? Scary isn’t it? This news from the ‘Economic times’ stole my glance and I had to blog about it right away!
Hacking and the procedure to do it required a bit of expertise in the days gone by, but that is no longer the case in today’s world. Data breaches cost millions of dollars in losses and ATM hacks are also estimated to cost around $3.5 million dollars in losses between late 2017 and early 2018 in the US (Source: https://www.cnbc.com/2019/08/01/atm-hack-attacks-caught-on-video.html)
In today’s world, we do not need thorough hacking and certified professionals to hack ATM machines to steal your credit/debit card information. It can be done by simple tools such as ATM malware cards and ATM hacking tutorials which are easily available in the “dark web” for as low as 100$. And how much time does it take to do it? Just 15 minutes!!
Sounds easy for a hacker, isn’t it?
It is…in fact… in a physical attack, if a device is implanted behind the ATM machine, the machine will give out cash without proper authentication to unauthorized individuals!! (yikes!!)
Since most ATM machines use the same software, attacking one machine will ensure that similar machines can be attacked in a similar manner. Most ATM hacks are performed on machines that run the Windows XP operating system.
How to protect yourself:
After the shocking news of how common and easy it is do ATM hacking, the next question comes about how to protect yourself from it:
ATM hacking and other attacks are always on the rise. It is imperative for us as customers to keep ahead of the curve and adopt safety practices!!
This is the third post for #MyFriendAlexa. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.
“Artificial intelligence” or “AI” is a word that has been generously splashed all over and is omnipresent in our lives today and yet most of us are hardly aware of it. From Siri to Alexa to spam filters to smart searches, AI is powering our lives and simplifying it wherever we go.
What is AI and how does AI work?
In simple terms, AI is a part of Computer Science that tries to simulate human intelligence in machines. Machine learning is a sub-topic of AI and is used along with AI or independently.
Considering ‘gmail’ as an example, have you ever wondered how regular unwanted email gets pushed into the “Spam” folders? One way “spam” can be detected is by making use of AI. By carefully studying hundreds and thousands of messages, the machine learns that the messages with certain “keywords” fall into “Spam”. In our example here, the machine is trained to be “artificially intelligent” to detect “spam”.
This type of learning is close to our learning process as well. The more we read, understand and comprehend – the more decisions we can take.
We can also see AI and ML(machine learning) powering the job sector with bots speaking to job seekers and helping them get an appropriate job.
“Cyber security” is a branch of study which is used to secure personal and business assets through various means and possibilities (like firewalls, VPNs, anti-virus definitions and more) It also involves studying different types of attacks and preventing them in addition to in-depth topics like phishing, ransomware, pen testing, vulnerability assessment and more.
This is a minimal list of cyber security duties –
The cyber security analyst is expected to read a lot of network data in traffic packets and understand the patterns and anomalies in them. This will enable them to detect threats early and sound the alarm for organizations to prevent breaches. Cyber security engineers also work to detect viruses by comparing new files against a signature list of virus definitions.
So, what happens when “cyber security” makes use of AI?
There are many ways where AI helps cyber security:
These are some ways that cyber security engineers can make use of AI. But it has be remembered that AI can be used by hackers and other miscreants for their own benefit too. It is up to cyber security professionals to keep ahead of the game and thwart them with appropriate techniques.
This is my first post for #MyFriendAlexa. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.
It seems the online world is embroiled in some sort of controversy or the other giving me plenty to write about!! 😉 Jokes aside – have you downloaded and used the currently viral ‘Face app’? If you have or have not yet done so, read on…
What is ‘Face app’?
‘Face app’ – the AI , face editor is a freely downloadable app for both Android and iOS platforms and is owned by a Russian company Wireless Labs. It is available both on Google Play and Apple App store. I downloaded it and it was really fun to try the different looks(with a smile, without a smile, with makeup, without makeup) and the younger version and older version of oneself are phenomenal too…For a moment, I threw all my security caution to the wind and dissolved into it and enjoyed it!! 🙂 But, not for long…
The ‘Face app’ asks for your permission to access the pictures from your ‘Gallery’ and no sooner, do you give it the permission – it takes your ‘face’ from a picture and performs a lot of magic to it. It definitely keeps you enthralled and even has options to use your pictures from social media platforms such as ‘Facebook’.
What is all the noise about ‘Face app’ now?
On the face of it, ‘Face app’ seems to be another app for everyone to have a bit of fun online, but there is more to what meets the eye. Your pictures are all uploaded to the cloud which itself is unnerving from a privacy standpoint. Along with this, there is another problem that has been reported widely which is in the ‘Terms and conditions’ of the viral app. The ‘Terms and conditions’ state this:
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you..”
While you own your “face” content, you are giving the app exclusive rights for your “face” content to be stored perpetually and be used for other derivative works and display it anywhere!! (yikes) I cannot imagine my face being stored on some strange servers in some part of the world and being used for strange purposes!!
This is the part of the ‘Faceapp’ that is deeply troubling for all users of the Internet community today.
What is being done then?
The net result of heavy outburst on social media unfortunately or fortunately, the downloads for ‘Faceapp’ have supposedly increased by 500% in the last six days(Source: https://www.forbes.com/sites/johnkoetsier/2019/07/18/controversy-good-for-business-faceapp-downloads-jumped-561/#759ad9c3577c)
My take on the whole Faceapp drama:
While privacy issues constantly rake the online world, this is probably one of the few times that even non-serious security individuals have woken up to security and privacy thoughts. While our entire online data(conversations, payments, locations, group pictures, events, gatherings) is always moving silently behind the computer screen, a picture of a “face” moving around has really shaken everybody up( A picture is definitely worth a thousand words 🙂 !! ) More people are questioning the privacy behind the fun which is definitely a good thing.
We will see how the ‘Faceapp’ drama unfolds further but for now it is good to see ‘Faceapp’ has definitely woken up the sleeping privacy giant in all of us!!
I am sure most of us have heard of the term “hyperchrondriac”. A “hyperchrondriac” is a person who is excessively worried about their health and imagines any minor ailment as a major health concern. Combine this feeling with today’s Internet usage and we have a “cyberchrondriac”!
A “cyberchrondriac” is a person who is guilty of combing the Internet for any or more information about their health concerns. They read various things on the Internet about the minor symptoms that they may have and imagine that they have a terrible disease. With more and more medical terms and information freely available on the Internet, we all become “cyberchrondriacs” at one time or the other. Their medical ailments may be unfounded or real – but they definitely add to the misery of doctors who are trying to diagnose the real problem. Best option for all “cyberchrondriacs” is to seek medical advice right away and not do a lot of medical research on the Internet…
The Internet is our oyster now. We can do anything and everything with its might.We can crack, cook, code, learn and more with the Internet… then why not “hack”? Those looking to hack into websites can learn a great deal by a single minded effort to learn malicious things online. This is where “script kiddies” step in…
‘Script kiddies’ is the name given to newbie hackers. These newbie hackers are not professional hackers and have not perfected the art of ‘hacking’. ‘Script kiddies’ are those who have learnt to hack by reading various articles and publications and watching several online videos on hacking. They also steal other people’s code as they lack enough programming knowledge to wield an attack. In spite of the fact that they are “professional hackers” in the making, their attacks still do affect the majority of users in an equally harmful way. ‘Script kiddies’ do all this and more for the excitement of it and to get joyous bragging rights.
This post saw a definition of a few terms on the Information security front…Stay tuned for more technical updates..
‘Sharenting’ – “What is that?” might be the thought for many of us…it was the same thought for me too and soon I was researching more and more into the topic…here are a few of my findings and thoughts…
Social media personalities:
As discussed in another post, all of us have different social media personalities when we are online. While some of us feel comfortable sharing only our achievements online, many of us share a whole lot of other personal things and there are yet others who totally shun social media! All of us have different takes and views on sharing information online. While there is no perfect right or wrong here and each person is entitled to share what they want,just knowing the risks empowers us.
The “star” subject:
These days there are videos for every type of content….
“You need to bake a cake?” “Just go to YouTube” might be a popular retort…
“You want to paint?” “Just head to YouTube too”…
“You want to learn Java?” “Head to YouTube – there are plenty of live coding examples that make coding much more easier to learn…..”
While the subject in the above example is “cake”,”paint brush” and “code”, there are numerous videos where the subject is “children”. Children growing, talking about everyday activities with children, children,children and more children…most of the times the author talks about their own children in great detail. Not only videos, there are blog posts and other means of sharing which feature one’s own children.
Some times, some children’s digital identities are fixed from the time they are in their mother’s wombs!!
The more information we share about them – the more views, likes, shares and subscribers we get. We think we are helping other people out there in the same boat(and we might be helping somebody I am sure) -but I am not sure if that is always the case…in the corner of my mind there comes a faint thought if we are exploiting the children in any way because they cannot say anything…
This is “sharenting” which is talking excessively about them and recording every minute detail in full public view….
I admit I am also guilty of a few posts about my grown children as well! 🙂 But all my posts are reviewed by the star of the post – as all of them are old enough to make that decision. Some times, they are amused and sometimes they are not so amused but I hit “publish” only after the final assent by them!
I think most of us do not have that luxury as most of our child subjects are too young. We assume that we do not have to take their permission and yes, if they are too young – we cannot and we do not have to….
But apart from the privacy thought,the multi-million dollar sharenting question is what will the child think of all this sharing and “sharenting” when they grow up?
As you might be knowing, children grow up fast and it will be just be another 4-5 years before they assert their online identity.
Will they say “Stop, mom and dad, why did you have to record me so much?”or will they share your happiness in all the recording and sharing? Only time will tell…
So, where are you on the “sharenting” spectrum? Do you share a little about your kids or do you share a lot about them? What do you think they will think of this in the future?
What is my final take on “sharenting”? Take “sharenting” with care and balance – let us not embarass our future social media citizens!! 🙂
All thanks to Cybermum_India and Cybermum_AU for this thought that transformed into a complete blog post! 🙂
Did you know that the words ‘offensive’ and ‘defensive’ can be used in the InfoSec domain as well? If you follow my writings on Information security – you might realize that the InfoSec domain itself feels different for one set of posts and different for another set of posts…The two distinct classifications are ‘offensive security’ and ‘defensive security’.
While which part of security interests you, depends on you and you alone, security might never be an independent task and it might be a combination of both that you might be facing at work everyday. Having said that, let us move onto to see what is meant by ‘defensive’ and ‘offensive’ security.
Conventional security is mostly termed as ‘ defensive security’. ‘Defensive security’ deals with security mechanisms that defend the business/home environment like firewalls, VPNs, anti-virus definitions and more. Just like with other applications of the word ‘defensive’ – ‘defensive security’ is more of a reactive approach. We install anti-virus software to keep out viruses, firewalls to block intrusion attempts, work with business continuity and disaster recovery experts, draw security plans to protect the organization but we do not tear the system down to find the vulnerabilities in it. This is ‘defensive security’.
‘Offensive security’ on the other hand is the exact opposite of ‘defensive security’. It is like performing a root canal treatment on the business and personal systems to unearth the various vulnerabilities in systems to seal them effectively! Ethical hacking, pen testing,vulnerability assessments, digital forensics, advanced attacks all come under the umbrella of ‘offensive security’. Offensive security involves attacking and pen testing live systems. Offensive security mechanisms are much more intensive than defensive security tactics.
There are numerous offensive security certifications but the ‘OSCP'(Offensive security certified professional) and the very popular CEH(Certified Ethical hacker from EC-Council) stand out. If you think hacking is your thing, become a white hat hacker and earn these precious certifications. These certifications however are not for the faint of heart. They involve more technical expertise and more hands-on experience. For example, the OSCP certification exam is conducted for a full 24 hours!(yes, you read that right!)
More information about OSCP certification can be found here
Which type of security are you more aligned to? Defensive or Offensive? Does it fascinate you?
The ‘Information security’ domain is growing by leaps and bounds today. While it was in a negligible state of growth even 5 years back, it has grown exponentially over the years. Schools have started introducing small bits of Information security concepts into the curriculum. Colleges in India and abroad have started introducing Information security specializations at the undergraduate and graduate level. So, what are the different career choices that are available for students who graduate with a degree in Information security and for professionals who move along their Infosec careers?
This is a list of career options that are available for professionals who are in the InfoSec field with the description of the various career choices:
Experience – Atleast 5 years of relevant experience
Certifications – CISSP, CCSP, CEH, OSCP and other certifications are always preferred.
Job description –
The security analyst is expected to:
2. Network Security Engineer
Experience – 6 or more years of relevant functional experience in network architect role or equivalent
Job description –
3. Information security analyst – Pen tester
Experience – 3-5 years experience as pen tester or Information security specialist with pen testing acumen.
Certifications such as CISSP, CEH will always be preferred.
Job description – The Information Security Analyst will be responsible for performing penetration tests on IT Solutions created in house as well as commercial off the shelf. The analyst will be responsible for creating external security testing requirements, coordination of tests performed by contracted 3rd parties and evaluation of the reports.
4. IT auditor
Desired skills – A degree in Computer Science with 6+ years of experience in IT and Operations auditing, risk management, IT Compliance, Information Security, IT program or project management,
Certifications – CISSP, CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager ) are some of the preferred certifications to secure a job as an IT auditor.
Job description – The role of an IT auditor involves developing, implementing, testing and evaluating audit review procedures. He/She will be responsible for conducting IT and IT-related audit projects using the established IT auditing standard in their organization. The audit process can extend to networks, software, programs, communication systems, security systems and any other services that rely on the company’s technological infrastructure.
5. NOC engineer
Desired skills and experience – 3+ years’ experience with MS SQL, VMware, and IIS including related technologies and standards such as DHCP, DNS, DFS, LDAP, IPSEC, CIFS, SMB, etc.
Job description –
6. SIEM – Security Information Event Management-Consultant
Mandatory skills – SIEM
Desired skills – Application Security Code Review – SAC-L1, Big Data-L1
Desired work experience – 5-8 years
Job description – The job requires the candidate to have in-depth knowledge in any one technological or industry practice / functional area and overview of 2-3 other areas. The candidate should be able to handle solution definition/ fitment for a small sized project with a medium complexity. The candidate should also be able to build a custom Function Module with medium complexity program logic.
7. Network Security Administrator
Desired skills – Experience in network configuration and administration including VLANs, ACLs, switches, routers, ISPs and firewalls (i.e. Cisco, HP, Palo Alto, SonicWALL) would be good along with other skills with Linux OS, Azure, switches, routers, firewalls
Job description –
CISO(Chief Information Security Officer) and CIO(Chief Information Officer) are the professionals who have reached the pinnacle of the IT security profession!
These are some of the career choices that are available in the area of Information security. Almost all jobs will need a degree in Computer Science or related area along with certifications such as the CISSP or CEH or other appropriate certifications.