When the student is ready the teacher appears. When the student is truly ready the teacher disappears. — Lao Tzu What’s Lao trying to convey? You are a student. You are also a teacher. Learning new skills and acquiring appropriate cybersecurity domain knowledge is not limited to cracking an interview…

Core CISSP Exam Concept — Risk is everywhere. Being single is a risk of loneliness and depression. Being in a live-in relationship is a risk of an uncertain future. Being married is a risk of missing bachelorhood. You can never eliminate the risk. You can reduce it to the accepted level. Australia is the most…

Either read ten books by skimming and skipping or read one book from the first to the last page. I read every word of the (ISC)2 Sybex Official CISSP study guide from the first to the last page. I read it three times. However, the experience wasn’t the same. 1st…

The 3rd principle of Zero Trust Security is verifying explicitly. It’s not about providing one-off access anymore based on just passwords. Multi-factor authentication has become the norm, but few understand its true meaning. The multi-love factor authentication may look like the one below. Using passwords with PIN does not provide multi-factor authentication as they belong to the same category, which is “something you know”.

Imagine you have a golden apple behind the secure door, and somebody breaks in. Is it an incident or a security breach? An intruder either steals the golden apple, replaces it with copper, or destroys the artefact. All of these events or kinds of attacks result in a security incident. In other words, a security incident is when a company’s confidentiality, integrity and availability are compromised.

Optimistic sees a vulnerability between a security patch, and pessimistic sees a security patch between a vulnerability. Which one are you? Well, you need to have both. I don’t like to see things as binary. Our world and decisions are driven by “yes” or “no”. Sometimes, you need to hop between them. The two perspectives are opposite, but they complement each other. They are different and still two sides of one coin.

It’s inspiring and disturbing when bad guys are more enthusiastic, persistent and passionate than security professionals. A malware operation called “Raccoon Stealer” was shut down in March 2022 when a lead developer was killed during Russia’s invasion of Ukraine. However, the Raccoon has awakened from a deep sleep. …

Companies first migrate to virtual machines to save money, then pay a ransom for attacks on virtual machines. The latest ransomware, “Black Basta”, is one of the fastest ones adding fuel to the burning virtual machine attacks. It encrypts ESXi VM running on enterprise Linux servers and threatens to leak sensitive data if demands are unmet. Black Basta has already exploited over 50 organizations in the United States, United Kingdom, Australia, New Zealand and Canada in the last two months.

A successful login to your Gmail account gives you more access than email. You can watch videos on YouTube, write documents on Google Docs or pin your favourite places on Google maps. This unique access is called SSO (Single sign-on) SSO is an authentication mechanism that authenticates the user once…