This blog came about from
a class I took (CIS 608 – Information Security Management) at Bellevue which
had a requirement that students maintain a blog throughout the 12-week course. For
purposes of the class, students were required to write at least on blog each
week and the topic would be anything the student fancied; so long as it had
some relevance in the Information Security realm. While the blog was to be
maintained during the course, the professor’s recommended students to keep
posting blogs beyond the 12 weeks as the goal behind the blog was more than to simply
get a passing grade for the class. If you were to do a Google search for blog (inurl:blog) you get 551 million results
and if you narrow your search to information security blogs (inurl:blog inurl:information security),
the results decrease to about 44k; this shows the prevalence of blogs on the
net. Unfortunately, I did not drink the kool-aid as prescribed by the
professors and have not posted much since my last class. Just like many of my
classmates (I believe) sometimes life
takes a hold of many things and the work-school-life balance evades us.
Blogs are a way for
people to express their views and share their thoughts with the world and in
most cases, indulge in debates through comments. I for one have found blogs to
be a tremendous source of information especially when writing papers for class
and researching work related tasks and projects.
 |
| Figure 1: courtesy of reddit.com (stack overflow) |
Figure 1 (courtesy of reddit.com) shows how much
information posted on the Internet helps out a lot of students, and the work
force too. Many a times, I have been stuck working on an assignment or a
project and through simple online searches, I find the information I need. The purpose
of this blog is to mainly share thoughts I may have on a topic and in essence,
help out anyone out there who may be scratching their head because of the issue;
no need to re-invent the wheel, we are all in this together.
Just recently I was faced
with the ‘tough’ decision of renewing my anti-virus subscription. As trivial as
that sounds and without getting into too much debate on which one is better
than which (it’s a preference thing in my
opinion), I found multiple blogs providing some insightful views. It is my
goal and hope that the topics I post on this blog will provide some guidance to
someone out there especially when it comes to information security. The materials
will (and should) be backed up by references from industry experts whose opinion
will provide that extra nudge when conveying a thought.
So, who am I anyway?
I consider myself to be
your regular chip off the old block lad who is just passionate about
information security and is always on the lookout for the next ‘fancy’ attack
vector. I actually never started out wanting to venture into the information security
domain (maybe because I didn’t know about it). I was more inclined into
networking and more IT leaning, but after being introduced to security, I was
sold. Yes, it sounded like it would be straight out of the War Games script and
my blood started racing thinking about it, only to be met with logs …they never
told me I would be looking at log-lines. Sigh!
My first information
security job was with an MSSP and as an analyst, we would review logs and
events and report those anomalies to clients. While the job sounds boring and
mundane, I did learn a lot from doing it. I believe every security professional
needs to have some log analysis know-how; we all need to put in log analysis
time before we move on to the ‘sexier’ red team Vs. blue team exercises as depicted
in Mr. Robot (if you haven’t watched it... please do).
I consider myself to
still be a rookie in this industry and appreciate the vast opportunities and
career paths that it affords us. In addition to a bachelor’s degree, I have 2 certifications
both from CompTIA (Sec+ and CASP). I am all for certifications but also against
it when it is simply done to advance career-wise, without the recipient fully
grasping the concepts; everyone wants to have knowledgeable colleagues after
all. I am currently pursuing my Masters in Cyber-security and after that, I will
tackle another Certification or 2 based on the role(s) I will have for work by
then.
I truly hope my blog will
make an impact in your security life and at the very least help you get an idea
on how to tackle that assignment that is due in an hour.
