VALUABLE RESOURCES AND STRATEGIES REVEALED BY THE TOP INFOSEC CONSULTING ENTREPRENEURSHIP EXPERTS IN THE WORLD Ted Demopoulos, author of the popular go to book Infosec Rockstar, has put together a FREE online event (http://bit.ly/InfoSecConsultCon) that brings together the best Infosec consulting and entrepreneurship experts in the industry to teach you… Continue reading
Ever want to visit a website but don’t trust it enough to use your personal/work computer? What you need is a temporary system that is totally isolated from anything sensitive. Why not use a cloud-based virtual machine, such as offered by Amazon Web Services Elastic Compute Cloud? Here is how… Continue reading
Amazon Web Services has made it easy to implement encryption-at-rest for S3 buckets, but older S3 buckets may have predated this feature enhancement. If you have a large number of buckets, this could be a tedious thing to check via the console. Here is a simple one-liner to check all… Continue reading
Last week (9/7/2017), Equifax announced that on July 29 they discovered that an exploited web application vulnerability was being used to access a trove of consumer information for the previous 2 ½ months, until discovery. Various news outlets, such as the New York Post are starting to report that the… Continue reading
Sharing this slide because it illustrates the business value of integrating application security testing at the front of the Systems Development Life Cycle. (Slide courtesy of Veracode, Inc.)
From a compliance perspective, organizations need to have a hardening standard derived from an authoritative source with solid engineering-based reasons of why we depart from any of the recommendations. Most organizations use the Center for Internet Security (CIS) Hardening Benchmarks because that choice is easy to defend. The CIS benchmarks… Continue reading
The following excerpt is a thread from a discussion on Linkedin in the Information Security Community group. Question: How can a young professional convince startups that InfoSec is needed? And then get them to hire him? I am currently studying InfoSec Management and I am looking to get a job… Continue reading
When working on Linux it is often very helpful to review the commands that you have entered. For example, you may want to paste some of the commands into a script or may want to recreate the steps to solve the problem you were working on. Here is how I… Continue reading
No, not exactly. The SHA-1 hashing algorithm still does what it is supposed to do. SHA-1 creates an unpredictable 20 byte “fingerprint” of the data input into the function, in this case a web server certificate. It is the unpredictability of the output that makes cryptographic hash functions so useful. … Continue reading
The US Federal Government requires that its agencies protect sensitive, but unclassified information using cryptographic modules that have been validated to Federal Information Processing (FIPS) Standard 140-2 “Security Requirements for Cryptographic Modules.” This standard replaced its predecessor, FIPS 140-1. In this context, the term “validated” means tested by accredited testing… Continue reading
Always enjoy teaching in EMEA, can't wait to return in person after COVID.
Are you following our SANS Faculty? They share some amazing resources, tips & tricks!
@KennethGHartman worked for a variety of #Cloud Service Providers in architecture, engineering, compliance, and security product management roles.
#followfriday
Is your security team learning to work with DevOps and Cloud as code? Take the 2021 Survey | Rethinking the Sec in DevSecOps: Security as Code Survey.
@jimrbird and I will be publishing the results this summer. Let's find out if security is learning to code! https://twitter.com/SANSCloudSec/status/1364236230280544257
The #DevSecOps Survey is now open! Take a few minutes to take our survey by @jimrbird & @emjohn20 and enter to win a $250 Amazon gift card! https://sans.org/u/1bgF
I, for one will truly miss Fry's Electronics stores. One of the very convenient things about living in Silicon Valley. You had to see one to believe how cool they were.
BREAKING Scoop: Fry’s Electronics is closing business nationwide effective tonight. Source: Wilsonville, OR store employee. http://Frys.com website will go down at 12am #Frys #FrysElectronics
Eerything that can be used as a C&C Cannel will be: https://arstechnica.com/information-technology/2021/02/crooks-use-the-bitcoin-blockchain-to-protect-their-botnets-from-takedown/
