- Harnessing AI in Cybersecurity – Annex SlidesThese additional slides were created as part of one of our classes to complement the class slides I’ll cover the story below a little bit in class. The Rise and Rapid Fall of Microsoft’s Tay In the early months of 2016, the digital corridors of Twitter were abuzz with conversations spanning every conceivable topic. Sensing… Read more: Harnessing AI in Cybersecurity – Annex Slides
- SIEM Logic Unveiled: How SOC Analysts Detect and Respond to Security IncidentsMany imagine Security Operations Center (SOC) analysts as modern-day ‘Neo’ from ‘The Matrix,’ deciphering cascades of streaming data on glowing screens. However, the reality is quite different. SOC analysts dedicate their days to a meticulous task—sorting through alerts, triaging them, and launching investigations into potential security threats. These alerts arrive from a myriad of security… Read more: SIEM Logic Unveiled: How SOC Analysts Detect and Respond to Security Incidents
- Mastering Incident Response: A TLDR Guide to Playbooks and Runbooks with NIST FrameworkWelcome to another exciting blog post, students and aspiring cybersecurity professionals! Today, we have a topic that sits at the core of cybersecurity operations—Incident Response. It’s not just about detecting incidents but efficiently managing them to minimize damage and future risks. Whether you’re part of a small IT team or a large Security Operations Center… Read more: Mastering Incident Response: A TLDR Guide to Playbooks and Runbooks with NIST Framework
- Vulnerability Categories and Risk FactorsThe topic of software and network vulnerabilities is incredibly vast. Vulnerabilities can range from minor issues that pose little to no risk to the business, to significant risks that can bring an organization to its knees. Understanding the categories of vulnerabilities can help you prioritize them effectively. Here’s an in-depth look at various categories and… Read more: Vulnerability Categories and Risk Factors
- Cybersecurity Exercise: Understanding and Applying the MITRE ATT&CK FrameworkObjective: The aim of this exercise is to familiarize students with the MITRE ATT&CK framework by analyzing various cybersecurity scenarios. By dissecting real-world-like attack narratives, you’ll learn how to identify Tactics, Techniques, and Procedures (TTPs) commonly used by attackers, particularly Advanced Persistent Threats (APTs). Duration: This is a 30-minute exercise broken down into four scenarios,… Read more: Cybersecurity Exercise: Understanding and Applying the MITRE ATT&CK Framework
- Exploring Log Fields in Various SystemsThis post is a continuation of my ongoing post on Log Analysis. See the Initial post hereAnticipating the essential log fields for different systems can be a strategic advantage, offering a blueprint for effective investigations. By understanding the potential log data a system could produce, one gains a roadmap to navigate through the information landscape.… Read more: Exploring Log Fields in Various Systems
- The Anatomy of LogsDeciphering Logs: The Keystone Skill for Security Analysts In a conversation I had with a fellow network security expert in the spring of 2023, an observation struck me profoundly. He emphasized that among new job applicants and even experienced Gen X professionals, a deficiency in troubleshooting skills prevails. As an engineer, was trying to locate… Read more: The Anatomy of Logs
- HONEYTOKENS, using deception tactics to improve continuous security monitoring efforts – Enterprise Information SecurityIntroduction Over the years, as information security teams, we have always been on the defense, forever waiting for the next security event before we can act. Although part of our strategy is to anticipate the adversary, we have not truly started to learn from the trends of the adversary to be prepared for the next… Read more: HONEYTOKENS, using deception tactics to improve continuous security monitoring efforts – Enterprise Information Security