You been certify!

--Originally published at Don't Trust Humans, Trust Computers

cybersecurity20logos2

Cyber security is a huge field, with a lot of people “pretending” to be hackers. In today’s world, anybody that has a computer and can crack something thinks he/she is a hacker and can break anything; when in reality we know that isn’t true. But not all the hackers out there are “fake”, there are hundreds of people that are really good in security topics and have a vast knowledge about it. To all those people that are good and want more, there exists security certificates that can help them, make the next jump and get an excellent job.

Computing security is one of the best paid jobs in the computer science area, and if you are interest in security maybe getting one of this certificates may help you get further. There are many certificates that you can get, here I will show you some of the most recognize certificates there exists.

 

GIAC Security Essentials (GSEC)

The GIAC Security Essential certification focus on the skills a person has towards IT systems with respect of some security tasks. The knowledge the candidates have of security topics need to go beyond simple terminology and concepts. There aren’t any prerequisites to take the exam. The exam consist of 180 questions, and you need to answer correctly at least 73% of the test.

Certified Information Systems Security Professional (CISSP)

This certificate is for candidate that have more experience in the cyber security field. The candidates will need to prove their technical and managerial skills, as well as, their experience designing and implementing security programs. Some of the prerequisites this certificate  have are: a minimum of 5 years of work experience in 2 of the 8 domains of the CISSP Common Body of Knowledge. The exam has a total of 250 questions and to

Continue reading "You been certify!"

Do you have this hat in white?

--Originally published at Don't Trust Humans, Trust Computers

hacker

Hackers!!!

Those vicious guys that are trying to break in into your computer and get all your personal information and sale it in the black market…well that’s what most of the people think when they hear the word “hacker”. But what if I tell you that the hacker isn’t the bad guy, and instead it is the hero that came to save the day. You may thing that I am talking nonsense; that ALL hacker are bad because that’s what you saw on tv or movies. But in reality not all hackers are bad (even tough there are bad hackers) and these hackers provide an HUGE amount of help to a company’s system. To those hackers that help companies check if there are threats in their systems or computers, we call them ethical hackers and to the action of doing this we call it ethical hacking.

Ethical hacking is a very important action that every company should go trough. It is important because thanks to that, companies can check the vulnerabilities that their systems have, and with that they can make changes to them. This concept of ethical hacking comes from the idea of “thinking like a thief”, to be one step ahead of those who will try to harm any system or computer. To those hacker that we consider bad, we call them black hat and to those we consider good we call them white hat.

0146695

This white hackers do various test to check the vulnerability of the system, and this kind of tests are called penetration testing or intrusion testing. A penetration testing gives an scenario of how secure the system is and it shows things like:

Don’t go breaking my rules

--Originally published at Don't Trust Humans, Trust Computers

Imagine a world without rules, with no one telling you what to do, how to do it, why you should it and so on. You could make your own rules, like “no rules allow” or some other nonsense like that. Even though this idea seems pretty cool, it isn’t at all. A world without rules would be pure chaos and madness, with everyone doing what they want no matter what. So we can say that rules are very important no matter what people may think. Rules are the ones that makes us keep control (sometimes) of our nonsense actions. We can find rules everywhere nowadays; in the parks, schools, buses, malls, states, countries, households, internet and sooo many other places. Today I am going to focus on a very specific type of sets of rules which are security policies.

featured1Security policies are a set of rules and procedures a company implements to ensure the functionality of the various systems a company may have. All this rules and behaviors are written in a extended document that a company makes according to their needs. This document is always being modify because of the various need technologies that emerge and also because of situations that the company may have faced. Every security policies are different among companies, they can share some of them, but at the end, there are going to be different policies for different companies. Even though they have different policies, they share some common goals, like: creating a baseline to what a determine person related to the company can do, or to define some mechanism of security.

giphy-2

When writing a policy is very important to take some factors in mind, like:

  • the objectives of writing a policy.
  • the scope.
  • who enforces the policy.
  • the consequences of not following the policy.

Continue reading "Don’t go breaking my rules"

Can we work in pairs of three?

--Originally published at Don't Trust Humans, Trust Computers

Many good things in life come in thirds, for example: movies, triplets, videogames sagas, three cakes, or even the three episodes per season of Sherlock. But when it comes to cyber security topics there is also good thirds, like the CIA (not to get confuse with certain agency in the USA). I am talking about Confidentiality, Integrity and Availability. These are some of the most important subjects to take in consideration when you are involve in cyber security. But you maybe asking, what are this concepts? well, basically we use this three concepts as a model that will help us identify if we have a secure system or not.

securitymodel

First, let’s start with confidentiality. This concept is about keeping information hidden from unauthorized people. It is a very important concept because is about keeping our information “safe and sound”.  We don’t want any other person but us to see the information we have in a system. There are many ways this concept can be apply. One way we can apply this concept as users, is by having a strong password. Creating a complicated password that is only know by the user is respecting the confidentiality concept. And in the other side, encryption is also a common method in the systems to respect the confidentiality aspect.

The second aspect is integrity. Integrity consist of maintaining the data consistent and accurate and avoiding data corruption. In here the goal is that the data doesn’t suffer unwanted changes; that the information that is in the system remains the same without any user making any changes, unless he/she does them, or even sometimes other system but the user is aware that the data will be change. To make sure integrity is fulfill, there are some methods to accomplish this. One of them is by

Continue reading "Can we work in pairs of three?"

The “Y’s” in CyberSecurity

--Originally published at Don't Trust Humans, Trust Computers

Our generation, the so call “millennials”, we were born in a time when computer science was in a constant change. New technology was being made, new algorithms were being researched and so on. Basically, as we have been growing up, technology has also been “growing” up with us and it is still growing, just like us, but with the only difference that we have a dead line and technology doesn’t. As humans when we first use any technological device, like a computer, ipad, smartphone, etc., we are amaze by the amount of actions that device can do.

giphy

Whenever new gadgets or apps are release, we trust that those devices or apps will maintain secure the information that we provide; but in reality…is not. In this modern era, we can’t say that something is 100%, because somehow someone could crack that thing that we thought it was secure and have all the information that we had, and there are plenty of ways that people can do that… but that another story. Even though this seems as a terrible scenario, it isn’t as bad as we thing. If we know some basic concepts about cyber security, we could make our self more protected against cyber attacks and if they want to get how information, they won’t get it as easy as they might think.

giphy (1)

Cyber security is a very important topic that everybody should know about. If we go into a career, kind of way, of why study cyber security, well there are plenty of reasons. Some of them might be because there is plenty of opportunities in that area, like jobs or development as a professional. Besides those reasons, there is one that I think is very important and that is to know how to protect yourself and others. Most

Continue reading "The “Y’s” in CyberSecurity"

[First]

--Originally published at Don't Trust Humans, Trust Computers

Hello, and welcome to my blog. In this blog, I will talk about cyber security (mainly) and other random topics of my interest, like movies, food, and maybe some politics (who knows). The main reason of making this blog, is that in the course of “Seguridad Informatica, that I am currently taking, my teacher wanted us to share our thoughts about various topics concerning cyber security. This is the first time that I make a blog and post constantly on it. I hope you enjoy it, as much that I will.

Peace out

A.C.