• Cybersecurity Career and Certification Advice
    I see many posts on social media asking for advice on how to get started in cybersecurity, what certifications to get, etc., so I figured I would write an article with my perspective on those topics. Cybersecurity as a career You do not need any formal education, nor any specific certification, to be successful in cybersecurity. Both will help you get noticed by recruiters and passed the so-called HR firewall. Both are artificial barriers to entry controlled by people entirely out […]
  • Password Management
    I am a very sharing kind of guy and firmly believe that sharing is caring. I am happy to share absolutely anything and everything, with literally only two exceptions. I am not big on sharing my toothbrush, and I absolutely do not share my passwords under any circumstances. There are two kinds of password sharing that I am totally against. The first is sharing a password between sites. I make sure every site I have an account on has a totally […]
  • Let’s go phishing
    This article was written with companies in mind; most of this applies to individuals as well. Most security incidents happen due to phishing, and I have a sure-fire way to avoid becoming a phishing victim. Just do not click on links in email or open attachments. Yes, I do realize that this advice is about as useful as telling someone to stop smoking or not eat donuts. It is a lot easier said than done. Also, any suggestion that starts with […]
  • Vulnerability Management
    This post is going to be more applicable to companies than individuals as it is going over how to manage vulnerabilities across all your computer systems. At a super high-level, the concept of vulnerability management is pretty simple. It is all about managing your vulnerabilities. When you dive deeper, then questions start to surface. Questions such as: What exactly is a vulnerability? How do I know what my vulnerabilities are? Can I management something I do not know about? Some think […]
  • Risk and threat management
    In this blog post, I want to talk about risk management and the concept of threat modeling. Let’s start with some basic math, then dive into definitions and some examples. Definition of Risk Risk is the multiplication of vulnerability and threat. As with all multiplications, to lower the product (risk in this case), you need to reduce the factors (vulnerability and threat in this case). There is no such thing as zero risk because no one is free from vulnerabilities or […]

RSS Feed