The month of April is always a busy one for me. Two grown kids at home(oh, they are work too!! :)) , schedules all over the place, travelling, business work – all start running riot in April… 🙂 And in the midst I really wanted to do the #BlogchatterA2Z challenge as I had enjoyed doing it so much last year … so, how did I manage? Here goes the report card and my reflections on the whole journey:
My idea was to write posts in Information security(in tune with my blog’s primary objective) and proverbs.. and I did manage to complete them very well… Actually, I had a lot of Information security thoughts in my head, which got shape and a final form once I started writing… Given a deadline to finish one post per day motivated me to stay on track and write about all about what I wanted to do!! 🙂
My Information thoughts just flowed and flowed!! 🙂
What was the hard part?
Being both a technical and a personal blogger, I always wonder what is the hard part of blogging? Sometimes, it is just getting started…other times, it is just the content and yet, at other times, the flow just doesn’t seem right…but most times for me, it is just the ‘title’ of the blog topic which is the challenging part… once a suitable and interesting topic arises, everything falls into place miraculously!! 🙂
Here are my InfoSec posts which I managed to write making it both understandable and techy at the same time…
All of the posts were something that I enjoyed writing, but I particularly enjoyed researching and writing about Project Zero, YouTube Security. OWASP top 10 vulnearabilities the most!! I hope my writing shed light on some topics that you were vague about and motivated you to stay on top of Cybersecurity as well!
Until next year from A2Z…. Ciao!! 🙂
As I was racking my brain for a post for the tricky alphabet ‘X’ , my eyes suddenly fell on this saying – “Xmas is enjoyable, only if it comes once a year” and I knew “this” was the one that I was going to write on!! 🙂
I am sure it is not every difficult to understand this proverb as well…
We can appreciate and enjoy a vacation only if it comes once in a while…that my friends is what this proverb “Xmas is enjoyable, only if it comes once a year” illustrates…. I am sure you can agree with me as well…
This post is for alphabet ‘X’ for #BlogchatterA2Z challenge. The previous post can be found here.
A little girl always fiddled with her mother’s smartphone and tried to crack the passcode or the pattern on it. She knew exactly what her mother would use as passcode or pattern as she knew her mother inside out!! 🙂 She will try and most of the times, she can crack the passcode within three tries!! How? she will use the concept of social engineering. She was always glued to her mother’s cybersecurity’s posts(whether she understood them fully or not) – and she was constantly wondering if this can be “hacked” or if “biometrics” can indeed work!! 🙂 Do you think this little girl will be a budding “white hat” hacker in the future and “another woman to reckon with in the cybersecurity domain”? Only time will tell and this mother is eager to know that… 🙂
Now moving on from that little story to the real women who are rocking the InfoSec domain today… 🙂
Women have stepped into all professions today. There were always women in engineering, medicine, marketing, art, management, research and more. But ‘Women in Cybersecurity’ has become a movement towards empowering women and trusting their inherent capabilities to beat the newer threats arising everyday.
Statistics about ‘Women in Cybersecurity’:
Who are some of the women leading the cybersecurity domain?
This is a list of some of the top women in the field in no particular order:
Why should women enter the cybersecurity domain?
Apart from the cliched reason, that there is a huge gender gap and the profession needs more women to join the field, from a personal perspective, it is truly amazing to be in the field! 🙂 When most people are just enjoying on the Internet, we can see the things underneath the Internet with a “magical lens” and we take it as a moral responsibility to catch the threats early.
Women also bring a totally new perspective to the field, thus motivating everyone in the board room to include them more!
Information security is not just programming, hunting for bugs, building firewalls – it encompasses all this and even more! And with the field constantly churning out new hacker avatars – there is never a dull moment!
So, what are you waiting for, ladies? 🙂 Hop onto the InfoSec domain today…:) (and I will keep an eye on that little girl for you!! ;))
This post is for alphabet ‘W’ of the #Blogchatter challenge. The previous post can be found here.
Today’s proverb is a very simple one that most of us will surely like but difficult to follow in reality…’Patience is a virtue’!!
He was very hardworking. He would get up at the same time every morning(weekday, weekend – it didn’t matter) He could sit with his daughter and teach her softly and gently. If she couldn’t understand something – he could spend more time with her till she understood the whole thing. He will diligently teach his half-interested son how to ride a bike(no scoldings there) Both his kids could not understand that there could be a “strict” father in life… they thought all fathers were like “their” father..calm and composed!! 🙂
Have you tried driving in India and particularly Bangalore? Well, he could do that too and without losing his temper!! There are always cars, bikes, autos, buses flying from haphazard directions on Bangalore roads – but he could somehow manage to drive through it all unfazed(let us not worry about the time it takes to commute, though!! 🙂 :))
He could be as cool as a cucumber and he might give a tough competition to Dhoni under most circumstances…… 🙂 well, if you are wondering who is this person who is blessed with a such a patient personality – try guessing, it is not so hard!! 🙂
‘Patience is indeed a virtue’…written for alphabet ‘V’ for the #BlogchatterA2Z challenge. The previous post can be found here.
After a series of technical posts, here is a proverb that I had heard of before, but understood its significance only a few years back.
What happens when you don’t walk for a prolonged period of time? What happens when you stop moving your finger for a prolonged period of time? What happens when you stop learning something new over a period of time? What happens when you stop teaching for prolonged period of time? The answer to all these questions is just a simple one – ‘You just lose the skill to do it”!! Whether body or mind, once you stop doing something(for whatever reason) – it is very hard to re-train the body and mind to try doing it again!
Both the body and mind becomes rusty once we stop doing it. So, unless you are advised by doctors not to do something – it is good to keep going on!
Sheetal had undergone a nasty foot surgery that did not allow her to walk for almost a month. At the end of the month, when she tried to walk, she could not walk normally for obvious reasons. But even beyond a 3-4 months, when the doctors had given her the “medically fit” certificate, she was in no mood to walk a lot as the “not moving” rust had settled on her! When she finally mustered the courage to walk, she could not do the normal walks and was mentally exhausted. Finally, her father pointed out that since she had not used her walking ability, she was finding it hard to get back to complete normalcy! She had to use every ounce of her physical and mental strength along with a deep religious penance to get her walking back!
Don’t let this happen to you…continue doing what you are doing, if you love it!
This post is for alphabet ‘U’ of the #Blogchatter challenge. The previous post can be found here.
Recall the ‘Authentication‘ post for alphabet ‘A’? Now we deal with two-factor authentication which is an extension to that post. Authentication in the information security realm is the process of identifying yourself to the system. The most popular way of authentication is the classic ‘username-password’ combination. This is one aspect of Information security that touches us all the time. From email logins, social media logins, we may have to enter and re-enter our passwords everyday. We thereby implement the concept of authentication all the time in our lives! Now let us see what is ‘two factor authentication’ and see what role it plays…
Do you think the common username and password is totally safe? Is your account totally hack-proof with just a password? Nope – think again… the common username-password combination might be easily cracked by a determined hacker.
Two factor authentication is an additional layer of security for your account. In addition to the username and password combination, one way of establishing two factor authentication is to enter a code that is sent to the user’s phone via a SMS or a voice call. Some other ways of performing two factor authentication are tokens, RFID cards and smartphone apps.
Example of two-factor authentication:
Facebook two factor authentication:
Example of Google two factor authentication or Google two step authentication can be found here
Now if the hacker intends to hack you account, he has to pass through two layers of security. He has to crack the username/password combination first and then figure the code that is sent to the phone. Two factor authentication might not be the magic bullet to prevent attacks on any account,but since it involves more work, it might stop the hacker from getting into your account. This is the concept of ‘two factor authentication’.
Another trivia related to passwords: Did you know the most common passwords all across the world was “123456”, “123456789”, “qwerty”, “password” and “1111111”? If you have any of these passwords for any of your accounts please do change them as you run a high risk of getting hacked! 🙂
This post is for alphabet ‘T’ for #BlogchatterA2Z. The previous post can be found here.
‘SOC’ is the acronym for ‘Security Operations Center’. The 2018 Verizon DBIR (Data breach investigations report) states that there were 53,308 security incidents and there were 2,216 data breaches in the year 2018. It also states that the 68% of the breaches took months or longer to discover! Isn’t it amazing – there is a breach in your organization and you don’t have any idea about it till your customers let you know about it or a third party lets you know about it! That is probably the sad truth in the industry!!
Keeping that in mind, the SOC is a team that has been informed whose sole purpose is to monitor and analyze the security of an organization. As with other things in security, a SOC team must be formed only after the formal assent from senior management. For any security program to be successful, the senior management in an organization must always be in tune with the goals of the Information security team.
Since security is mostly a reactive approach for most organizations, the SOC team is trained to detect security incidents within an organization and pass the control onto the ‘incident response team’ if an incident occurs.
The SOC team consists of security engineers, SOC managers and security analysts along with other security professionals. The SOC team will hopefully reduce the time needed to respond to a cyber attack – since a team is always there to detect attacks as early as possible.
The SOC team must be up 24 hrs a day, 7 days a week, 365 days a year! There might never be a dull moment in the SOC team. The day may start out calm and before long alarm bells might be ringing detecting a security incident. The SOC infrastructure involves the defensive security mechanisms of firewalls, IDS/IPS, breach detection solutions and more.
Responsibilities of a SOC:
A professional in the SOC team is expected to be able to perform these tasks:
What are the skills to be a member of the SOC team?
You may need to have:
These are some skills that are suggested to become a member of the SOC. There are other ways if you have the passion for joining a very happening team in the InfoSec domain!!
This post is for alphabet ‘S’ for #Blogchatter challenge. The previous post can be found here.
“Red team – Blue team” is a popular parlance in the Information security domain. It actually imitates military tactics, ” red teams” and “blue teams” who work in offensive and defensive positions. Protecting the infrastructure of an organization and ensuring the complete security of an organization is the ultimate goal of every security program.
Every organization wants their
a. precious data to be safe
b. data not to fall into wrong hands
c. not to have any of their client’s passwords stolen
d. not to have any of their private conversations being snooped on and more…
How do we achieve this in the Information security domain? By forming two teams – the ‘Red Team’ and the ‘Blue Team’.
The ‘Red Team’ is:
The Blue Team is:
Who is more important? (Red Team or Blue Team?)
Both the teams are equally important as both of them work for the betterment of an organization. While one team erects defenses and makes sure everything is secure, the other team attacks it and shows the vulnerability of defenses. The best way to work of course, is for the “Red team” to think like the “Blue team” and attack the defenses and for the “Blue team” to think like the “Red team” and create good defenses!
This way, the organization can try to be as secure as possible!
There is also a ‘purple’ team but that will be for another post… 🙂
This post is for alphabet ‘R’ for the #Blogchatter challenge. The previous post can be found here.
Lakshmi thought her father was the greatest man. She adored him to bits. The father-daughter bond was created as soon as she was born. From the time she was young, she was struck by his aura. He was the wittiest and greatest father, she thought.
Did you know that it is hard for an adult to come to a child’s level and interact with them? Well, he could do just that… just by magic, he could become a small child and entertain her for hours.
He taught her how to bicycle and how did all the work of running behind her when she was learning to balance on the wheels. That was a lot of work… running behind a school kid on a bicycle who is forever ready to topple and fall – but he did it all the same! He stood by her in all her difficult times. He would attend all the PTMs at school with sincerity. If her grades ever slipped, he never reprimanded her for not getting good grades. Instead, he always taught her how to approach the same problem in a different way and solve it.
School admissions, college admissions, college projects – he would be there to see her through it all!
He always taught her life’s most important lessons. As she grew up, he taught her how to dress up well, be smart, study smart, and to be a totally “out-of-the-box” thinker. He always wanted her to be “smart” and “independent”!!
He was a terrific orator. He could keep her and all her friends spellbound with his talks and witty anecdotes.
Are you nodding your head and thinking the same thing(or similar things) about your father too? 🙂
No wonder there is a saying “No one can love a girl as much as her father”!! Fathers are great – whether they are fathers of daughters or sons -aren’t they? 🙂
What is your father story? How was this quote about fathers?
This post is for alphabet ‘F’ of #BlogchatterA2Z. The previous post can be found here.
This is one of the interesting and common questions that I have encountered on Quora – “How do we implement security in everyday life?(without any technical background)”
1.We do not have to share our location all the time. Agreed, it is fun to share every once in a while, but sharing regularly, definitely might put you on a malicious person’s radar. So, it is good not to share location on social media. It is also good to turn off ‘location’ on your phone except when using ride-sharing services or food ordering services(or similar to those options)
LOCATION SHARING SHOULD BE TURNED OFF UNLESS NEEDED!!
2. It is also wise not to share personal pics on social media too frequently. If we have to share, it is imperative to set the option to ‘private’.
SHARING OF PERSONAL PICS SHOULD BE SET TO ‘PRIVATE’ OR LOWEST LEVEL
3. It is good to put a profile picture that does not reveal too much of your personal life. India runs on Whatsapp groups – but did you know, Whatsapp profile pics can be downloaded to your phone? In that regard, it is always wise to set Whatsapp profile pic visibility to ‘My contacts’ only.
SET NEUTRAL PROFILE PICS OR PROFILE PICS THAT DO NOT REVEAL YOUR WHOLE LIFE!
4. It is good to not accept stranger requests on social media. It might be good for business purposes but if you are going to be divulging any personal information avoid it all costs. Cyber-stalking is very easy to do – just following you around on different social media channels can help anybody to create a whole persona of you!!
DON’T ACCEPT STRANGER REQUESTS ON SOCIAL MEDIA
Other common security information:
5. Please do not share any of your passwords or PINs of your bank accounts or financial accounts to anybody on the phone.
6. Set a screen lock for your smartphone( for both Android or iPhones)
7. Do not click on unknown links in emails(anything that says “You are a millionaire” or “You have won the lottery” is definitely fake and is definitely a trap to part with your personal information)
7. For all types of devices and social media – go to the ‘Security’ configuration and configure it appropriately
8. Do not share credit card information if SSL is not enabled(SSL is the green padlock on the top left side of screen)
These are all the things that I can think of for now… have I missed anything? ‘Everyday security’ is omnipresent, isn’t it? 🙂
This post is for alphabet ‘E’ for #BlogchatterA2Z. The previous post can be found here.