Skip to main content

Posts

Showing posts from June, 2018

Multidisciplinarianism

Nice, long, big word there as a title. I'll shorten it for you: polymath. A person of wide knowledge or expertise. The desired human state. I have long been an advocate for something I call wide-spectrum literacy: competence in reading, writing, arithmetic, science, technology, politics, philosophy, economics, to say the least. I have what you could mildly call a vehement dislike of ignorance, particularly wilful ignorance: I find little to no excuse for it, especially in developed nations where access to technological marvels which act as gateways to endless learning and knowledge, most of it free, is commonplace to the point of being carried around in pockets. You can imagine, then, my sickening disgust at the state of the world, and the horror of facing an international society in which ignorance, bigotry, and mendacity don't just roam freely, but are actively pursued as if they were the highest virtues.  Now, I'm not going to lay the blame entirely at the feet of...

The Ancient and Venerable Art of Google-fu

Other titles considered for this post: How Not To Piss Off Entire Forums and Facebook Groups; Avoiding the Banhammer; Stop Being Lazy and Look it Up Yourselves. Before you can embark on a career in, well, anything even vaguely IT related (or do practically anything), you must master one crucial skill: information searching. In the days of yore, and even rumoured to still exist despite budget cuts, there were in of cult of specialists in this area, who guarded their domains jealously: the librarians. These knowledge-fanatics could divine what you were looking for from the ridiculously poor and mumbled explanation you gave them, then translated that into a secretive code which led you to a shelf in a library, and then to the book you were after. Just like magic. These days, while librarians are still a vitally important part of cataloguing knowledge, we also have another, less mystical, tool at our fingertips: the Search Engine. Unfortunately, very few people have bothered to le...

It's all about the angles

I could describe the surroundings for you perfectly, down to the way the grain went on each of the wood panels on the floor, I could talk to you at great length concerning the cobwebs knocking at my door or the baying crane flies attacking the windows, baying for the bleeding luminescence seeping from the screen. I could go so far as to describe each and every instrument playing on the track I was listening to, the perfectly clear Irish lung-pipes of Cara Dillon’s songbird vocals. But I won’t, because none of that matters, at least not in this context, or perspective. It all comes down to angles you see. Not the angles of everything around us, but our angles. The tilt of the head to listen more intently, the hunch, or straightening of the back to become comfortable. The adjustment of glasses to see an image properly, or in this instance, to see the image no-one else may have seen. It doesn’t take much to shift your physical perception of anything, but it opens up a myriad new worlds, ...

The Alphabet Soup: A Quick Guide to Post-Nominals

This week, I’ll walk you through the ever-growing list of post-nominal letters you can add to your name through qualifications and certifications. Being a student myself, I’ll start with exploring the academic route, then go through the more popular, and best recognised, vendor and standards organisations’ certifications, highlighting their worth for your CV and career development. It’s not a comprehensive list, by any stretch of the imagination, and is geared towards a more general CyberSec professional, rather than focusing on any one aspect of the industry. I’ll try and shy away from too much debate by running away very quickly to avoid the one about CEH vs. OSCP, and leave it to you instead. *Disclaimer* I am a university student, and haven’t actually done any of the following certifications, at least not to completion. I have explored each in a reasonable amount of depth to see their benefits and worth and consulted with holders of a few to gain their insider opinions. I a...

Jumping the Pond: Making the sideways move into CyberSec pt. 2

Following on from my last article, here’s some more information on changing industries for managers. Hopefully I didn’t put too many of you off switching careers in my previous article, where I explored what managerial life would look like in the InfoSec world. As a continuation, this post looks at which certifications are best to get you the necessary managerial competence in the field to start your new career. Some of these do include a certain amount of technical training in the course material, others just look at concepts instead. Should you choose one of those, I would recommend at least doing some research into the technical side of things. While exploring free, online learning resources might not cut it completely, they are better then nothing and will help give you a grounding for when you choose to complete a recognised technical qualification. Certifications This will be by no means a comprehensive list of certs, but it will be enough to get you started and point...

Jumping the Pond: Making the sideways move into CyberSec

So far, a large portion of this blog has been dedicated to helping people begin their careers within the Cyber Security sector from the beginning, i.e. straight from college or university. This week, I’d like to explore the options for those looking to make the move from other career paths, specifically with an eye to those looking at managerial positions. If you are already coming from an IT background, this post might have one or two things you might find useful, but you’ll probably have access to other resources that might be better suited to your needs. I want to note here that while this will guide you through some of the options and a few certifications that will help move into CyberSec, some technical competency is a must. A good level of understanding of the technologies and principles underlying those technologies is unavoidable in this field, as you’ll see below. My suggestion would be to look at my earlier blogs and some looking around, as I won’t go into depth about t...

Becoming Daedalus

Today, I want to look at soft skills; more precisely, one soft skill in particular, namely problem solving. Yes, that old chestnut, the one everyone seems to need to put on their CV, from janitorial staff and burger flippers to IT practitioners of all flavours. But why am I writing about it now? Because it’s not a very well understood skill, and it is only half of what a CyberSec pro needs. Confused? I’ll explain. As I’ve mentioned previously, one way for CyberSec personnel to test themselves and keep their skill sharp, while learning or while actively engaged in a position, is wargames (you can find a good list of them here ). Hack boxes, CTF’s (Capture the Flag) and so on are a great way to introduce you into thinking about the issue faced and the problems that need solving in context. It helps build your problem-solving skills by presenting you with common, and not so common, challenges, which you must overcome with your wits and technical know-how. Problem solving as we ...

Weaponised Likes

Yes, this is the inevitable blog about Cambridge Analytica, Strategic Communications Laboratories and Facebook, because this is a cyber security blog and this counts as compromised security. First things first, the old admonition: if you are getting something for free, you are the product. Maybe it’s not that old, but it definitely applies. Facebook offers a lot, and offers it, ostensibly, for free. Now you could say that advertising revenue pays for it, and to some degree you would be correct, but one thing the former Harvard female ranking website has plenty of is information: data. And data, particularly the specific kinds you feed the Zuckerbergian Machine every 30 seconds, is worth more than its weight in gold. Machine Learning and AI companies need as much as possible to teach their silicon brains, and advertising departments and companies love knowing how to manipulate you into buying things help you choose their products. Here’s where Cambridge Analytica, and their parent ...

Digital Hygiene: How to beat users with the security best practice stick and not alienate them

Fact 1 of Cyber Security Club: Users are the weakest security link. Fact 2 of Cyber Security Club: Users are always the weakest security link. Fact 3 of Cyber Security Club: Who the frell needs users anyway? (Feel free to enlarge the above and use it as a poster for your office. You know you want to.) As CyberSec professionals (or even those in training), we know tips and tricks to keep our digital identities clean and reasonably secure. We know the importance of good password practices (passphrases are very good, randomised character strings of 8 characters or more is the least you can do), of clearing caches and cookies (if you have to accept cookies in the first place), and not clicking on anything that screams in loud, epileptic-fit-inducing, flashing colours “click me”. These things are the least of our knowledge, to the point that we forget, that somehow, they are not common knowledge. 20+ years of the internet being common, and people still think that 50 toolbar...

Welcome

Roll-up! Roll-Up! Step right up, ladies, gentlemen and all manner of horrible creatures! Welcome to my domain, one and all. As you walk in, please check you haven't left your humour at the door, and that you have some idea why you are here! This is going to be a bit of an odd blog. That is because it isn't one blog, it is a weird amalgamation of several blogs: one large part Cyber Security (shared with my main CyberSec blog for CoderSource.io); one part technology review and tutorial; three shakes of writing, and a smattering of philosophy, politics (local and global), and anything else that takes my fancy. As for me? Well, I am a student, both auto-didactic and actual academic (kind-of, I'm taking a break) of many different domains, although primarily Cyber Security. While I won't feature all of my work for CoderSource (a coders recruitment agency) here, most of it will end up on these pages, as will all kinds of supplementary information and resources to keep i...