It turns out after actively trying to avoid it form months/years, I have decided to create a personal blog again. I haven’t had one of these for a long long time, but I plan to irregularly post about cybersecurity, technology and other things I think may interest people.
If you have an RSS aggregator, you can select the feed at the right to subscribe to.
At the end of October, I handed over $11 USD to “Premium” search engine Kagi, partially as an experiment, and partially with a hope for a better search experience.
Why on earth would anyone pay for searching online? take your pick of Google, Bing or DuckDuckGo, right? I’ve been on the Internet since it’s very early days, and searching the web has changed a lot in that time, perhaps even more so in the last 3 years, and not for the better. I needed something to change.
Continue reading
If you had asked me 3 months ago if I could see myself with an industry-recognised certification I may have chuckled and shook my head – far too expensive to obtain. This morning however I became a certified CISSP.
The ISC2™ CISSP® is the most globally recognised certification for cybersecurity, with it’s practitioners recognised for their deep technical and managerial knowledge and experience to design, engineer and manage an organisations security program.
In terms of passing requirements, I had to receive a computer adaptive test from Pearson-VUE which had a minimum of 100 questions, and ranging up to 150 questions if needed. I also needed to demonstrate at least 5 years experience in two of the education domains for the CISSP®.
So how did this all happen?
Continue reading
Today was the day of the 2024 TasICT-AISA Cyber Conference – the “big” day of the year for the Tasmanian information/cyber security industry.
This year had a fantastic lineup of presenters and expo hall vendors, though for some reason CrowdStrike had to pull out 🙂
The keynote kicked things off with Dr Deanna Caputo, chief scientist for MITRE who gave a fascinating presentation on how IT teams need to start preparing for insider threats, giving examples of how insider threats may occur and certainly is making me think differently about many of the spam emails I see each day.
I got to attend a a few other sessions throughout the day, including panels on emerging threats, mitigating endpoint attack chains and a panel on insider threats.
Equally important was the ability to speak to vendors and organisations manning to stalls in the expo hall, with over 30 different organisations represented. I was particularly excited to speak with AISA, ACS and the TasGov Digital workforce staff to express how impressed I have been with the modernising of workspace skills by using the SFIA Framework.
Finally it was great to reconnect with some familiar faces and take some time to sit down and see what everyone is up to. Networking is just as an important part of this conference as the presentations as it’s that one time a yea the local cybersecurity industry can get together.
Anyway, it was a fantastic event and I am already looking forward to next years. I’m hoping I might even be able to get to the Melbourne conference in a couple of months too, but that requires finding funds!
I am an enjoyer of technology and like many I find myself using my phone or tablet usually for a significant amount of each day.
My Every Day Carry (EDC) is the tech “toolkit” that I usually have with me whenever I am taking more than my phone somewhere, and having been inspired by a recent social media post, I thought I would share mine!
Continue readingEveryone wants your data online these days. Be it an email address for newsletters, a survey for some product/charity/social thing, or even your local shop so they can send you your receipt via SMS, you are asked to provide data about yourself on a daily basis. Unfortunately in giving out this data, there is always a risk that this data may end up in a data breach and suddenly you are the target of spam email, phishing email and other malicious and fraudulent activity.
I’ve been on the Internet since the world wide web became more generally available in Australia in the mid 1990s and interact in public forums online so please don’t think in writing this post I am suggesting I am anonymous online. However in recent years (and thanks to data breaches), these are some of the things I am doing to better protect my data online.
Continue readingTowards the end of October and ongoing ever since I have been responding to a sustained spear phishing campaign. Recipients have been particularly susceptible to this campaign as it has involved the use of business email compromises (BEC) which means the phishing messages have been coming from an email address a person has already had trusted communications with.
Microsoft Threat Intelligence have a great write up on the attack here: https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign. This greatly reduces the size of this post 😉
Continue reading
Working as a cyber security analyst, you can never have enough information. There’s always new threats, vulnerabilities and security research. There is also a lot of people writing in a lot of websites and social networks and keeping up can be problematic.
As your list of website sources grow, it becomes less and less practical to check each site on a daily/weekly basis to see if there is a new post. That’s where Really Simple Syndication (RSS) Feeds come in, a standardised format that allows you to subscribe to websites and automatically receive new posts.
Continue reading