Top Cybersecurity Influencers You Should Start Following

Staying on top of this ever changing industry can be a daunting task. We have found that one of the best ways to do it is by gaining insight from top cybersecurity influencers, men and women who are constantly sharing information, trends, news, latest attacks, and best practices in their social networks or websites.  

1-Troy Hunt 

Renowned Australian author of different courses of web security. He runs the free service Have I Been Pwned (HIBP), that helps people figure out if their email address or passwords are compromised in a data breach. He is constantly speaking in security workshops around the world, and he has even testified in the US Congress on the impact of data breaches. Troy publishes weekly updates that cover various topics of what is happening in cybersecurity and related fields.  

Twitter: 190.4K @TroyHunt 

Website: https://www.troyhunt.com/ https://haveibeenpwned.com/ 

2- Kevin Mitnick 

Once the most elusive computer hacker in history, he joined the FBI’s most wanted list for hacking into more than 40 major corporations worldwide, not with malicious intent, rather than for the fun and challenge it represented. After running from the feds for three years, he is now a trusted security consultant to the Fortune 500 and different governments.  

Twitter: 260.4K  @kevinmitnick 

Website: https://www.mitnicksecurity.com/ 

3- Mikko Hypponen 

A Finnish security expert that has worked since 1991 in F-Secure, a global security and privacy company with offices in more than 30 countries around the world. Mikko has been published by The New York Times, Wired, and Scientific American. He is also a frequent lecturer in the Universities of Stanford, Oxford, and Cambridge. It is very interesting to read a man that has more than 20 years of experience tracking, disabling, and dissecting malware.  

Twitter: 211.9K  @mikko 

Website: https://mikko.com/ 

4- Katie Moussouris 

American computer security researcher and writer who is most known for her campaigns on responsible security research. She was part of the creators of a bug bounty program for the US Department of Defense called “Hack the Pentagon” and also for Microsoft. She is the founder of Luta Security, an organization that aims to transform the way governments and companies are using people, processes, and tools to improve vulnerability coordination and their overall security. In 2014, Katie was named by SC Magazine as one of the “10 Women in Information Security That Everyone Should Know”.  

Twitter: 105.3K  @k8em0 

Website: https://www.lutasecurity.com/blog 

5- Bruce Schneier 

Described by The Economist as a “Security Guru”, Bruce Schneier is a famous security technologist that has written numerous books in application security and cryptography. His newsletter has been running since 1998 and his blog since 2004, he now has over 250,000 readers around the globe. He has served on different government committees, testified before the Congress of the United States and he is the Chief Security Architecture at Inrupt, Inc.  

Twitter: 135.6K  @schneierblog 

Website: https://www.schneier.com/ 

6- Brian Krebs 

Before creating his own cybercrime blog, KrebsOnSecurity, he worked as a reporter for the Washington Post interviewing hackers for the computer security section. Since then, he is known  for his coverage of cybercriminals and their acts around the world. Several times he has fallen victim, yet this has only made him more interested in the field. 

Brian is the author of an award-winning book called “Spam Nation: The Inside Story of Organized Cybercrime – From Global Epidemic to Your Front Door”, he is also responsible for breaking the story of the Target Corporation breach in 2013 and figuring out who was the man behind the scam. 

Twitter: 314.8K @briankrebs 

Website: https://krebsonsecurity.com/

7- Eugene Kaspersky 

Russian cybersecurity expert and CEO of Kaspersky Lab, an IT company with over 4,000 employees, well known for their antivirus products. In his blog, he shares personal opinions on current cybersecurity and IT topics, news, and industry developments.  

Twitter: 183.4K 

@e_kaspersky 

Website: https://eugene.kaspersky.com/

8- Graham Cluley 

After creating the first version of Dr. Solomon’s Anti-Virus toolkit for Windows, Graham Cluley worked for Sophos and McAfee. He then decided to become an independent cybersecurity analyst. He can be frequently found as a speaker in security events around the world talking about cybercrime.  

Twitter: 103.5K  @gcluley 

Website: https://grahamcluley.com/ 

9- Shira Rubinoff 

An IT security expert, founder of two cybersecurity companies, and one of the most influential women in the field, she usually talks and writes about the connection between technology, psychology and cybersecurity.  

Twitter: 55.9K  @shirastweet 

10- Jayson Street 

Jayson Street is VP of InfoSec at SphereNY. He is best known for breaking into supposedly unbreakable sites to teach companies, governments, and end users why and how to protect their cybersecurity posture. 

Twitter: 57.6K  @jaysonstreet 

Website: http://jaysonestreet.com/ 

11- Zack Whittaker 

If you read websites such as TechCrunch and ZDNet.com, you probably have read a piece by Zack Whittaker. He is the security editor for TechCrunch covering mainly news and topics related to cybersecurity and tech.  

Twitter: 68.5K  @zackwhittaker 

Website: this.weekinsecurity.com 

12- Larry Dignan 

Larry is the Editor in Chief of ZDNet and Editorial Director of TechRepublic. He has covered the technology and financial industry since 1995, and has published articles in different news sites such as WallStreetWeek.com, [email protected] Week, The New York Times.  

Twitter: 31.4K  @ldignan 

Website: https://www.zdnet.com/meet-the-team/us/larry-dignan/

These 12 cybersecurity influencers will help you stay on top of the latest trends and news in the field. Start following them, reading their content, and of course, don’t forget to follow CyberWarrior in all of our social media channels to get familiarized with the industry and what our academy has to offer.  

 

 

4 Security Recommendations For You and Your Family

We are living in a world where technology is taking place in our everyday tasks. We have speakers, computers, TVs, printers, phones, and even vacuums interconnected to one another, always leaving a place for bad guys to grab control of our systems, and even worse, our personal information.  

If you are one of those who believe that you do not have an “interesting” life for hackers, my friend, you are wrong. They are looking to get ahold of social security numbers, credit card information, data related to your work or your child’s school, anything that can open the doors for information they can use to perpetuate a profitable action.  

It is time that we internalize that if we want to live with the technological advances of the 21st century, we need to start taking action to protect ourselves and our families from becoming another number in the hacking statistics. 

CyberWarrior’s Tips for Your Security at Home 

To make this article valuable for anyone out there, we asked our CEO, Reinier Moquete, what his top security recommendations are. Here are the four actions he suggests you start implementing at home as soon as possible: 

1- Setting Up 2 Factor Authentication 

How many passwords do you have? At least one for your Wi-Fi, your personal email, school/work email, each one of your social media accounts, banks, and others. It is pretty hard to create and remember a different password for every account. To better protect your data, it is important to add an extra layer of security.  

The best way to do so is by setting up 2-factor authentication. With it in place, instead of gaining access to your account once you add your login information, you will need to complete a second step. It can be a PIN, answers to secret questions, an OTP (one-time password sent by SMS or email), a keystroke pattern, or more sophisticated options such as your fingerprint scan or iris scan.  

The correct use of 2-factor authentication prevents anyone from accessing your accounts, even if they have one of the security parts of your login.  

There are different options out there for you. Some of them are Google Authenticator, Duo Mobile, Microsoft Authenticator, FreeOTP, LastPass Authenticator, Authy.  

2- Using a Password Manager 

We highly recommend having a unique password for every account you own. Please do not use it more than once, as it increases the chances of losing more personal information. Also, it is not smart to write down your login information, as it can get to the wrong hands. 

To ease this password handling issue, we suggest you get a password manager.  It will encrypt and store your login information for every website you use and help you log in automatically. You will only need to remember the master password.  

There are many options in the market, but at CyberWarrior, we believe that the best options are Dashlane, LastPass, and KeePass. 

3- Connecting Through a VPN 

Have you ever thought about what happens with your personal information online? Have you ever connected using public Wi-Fi? Or have you thought of who knows what your online activity is? If any of these questions made you nod, it is probably time for you to get a Virtual Private Network or VPN.  

This is an encrypted connection between the device you are using (phone, tablet, computer, others) and the internet. Meaning that no one can see what you are up to.  

There are a lot of good, free VPNs out there, but they have a limited selection of servers and only allow you to use small data to navigate the internet. That is why we suggest you invest in a trusty service such as ExpressVPN, NordVPN, Hotspot Shield, PureVPN, or IPVanish.    

4- Turning On HD Encryption 

One of the most powerful tools to protect the data in your computer is full disk encryption. It basically transforms the information stored there into an unreadable format that can only be decrypted by those allowed to access it with a secret key or password.  

To do this on your computer, you will need to get an encryption tool and a storage backup drive. Among the best tools in the market are: BitLocker, Guardium, Boxcryptor, DiskCryptor, and VeraCrypt. 

There is no 100% guarantee when it comes to security, but having in place all these four actions will help scare the hackers away from your home and family. And also, keep in mind that you should all read the basics of online security so you can prevent clicking on a phishing email, on social media cyber-crimes, or any other hacking technique.  

 

 

A Look Back at Alan Turing’s Life

As cybersecurity experts, we owe a lot of what we know today to the great mind and life of Alan Turing. This blog is a way to remember his work, innovations, and contribution to modern computing.  

Early Years 

He was an English mathematician,  logician, and the pioneer of theoretical computer science and artificial intelligence. He was born in London on the 23rd of June of 1912. Since he was a little kid at school, his intelligence was more than clear. It is reported that he did not pay much attention to classes but still could get the highest grades in tests. As a result, he had different teachers call him a “genius.” 

His experience studying mathematics at the University of Cambridge gave him a few years filled with work, social life, and sports. He even joined the peace movement against the rise of Hitler. He graduated with a first-class honor’s degree. And then headed to Princeton University to earn his Ph.D. in the same field. During this time, he made the “Turing Machine,” the first notion of a universal computing machine that could solve complex calculations.  

Once he went back to England, he was invited to join the Government Code and Cypher School (now known as the GCHQ), a top-secret British code-breaking organization. Once World War II started in 1939, Alan decided to move the organization’s wartime headquarters to Bletchley Park, where he completed one of his most notable achievements: cracking the “Enigma Code.”  

Alan Turing & The Enigma Code 

The Enigma was an enciphering machine used by the German armed forces to send secure messages during wartime. At the time, a team of Polish codebreakers cracked these codes, but once the Germans noticed this had happened, they improved their controls by changing the cipher system daily. Then Turing came along.

Alan Turing took some of the systems the Polish had developed and, with the help of the fellow code-breaker Gordon Welchman, he developed the “Bombe,” a machine that decoded messages sent from the Enigma, not only helping ease the work for code-breakers at that time but helping gain intelligence for war efforts.

His efforts also helped decrypt more complex information during the war. With the “Hut 8” team at Bletchley Park, they read German naval signs from submarines prowling in the Atlantic to hunt Allied ships that carried equipment and other vital things for the war efforts. In addition, the Hut 8 team was in charge of charting the movements of the German submarines, so the Allied forces could avoid them and successfully deliver their cargo.

His breakthroughs during World War II helped ease the path to more pacific times, and at the end of the war, his government recognized him as an Officer of the Most Excellent Order of the British Empire (OBE).

Life After World War II 

Once the war finished, Turing went back to study and work in computer science and designed the Automatic Computer Engine, which he believed would offer “unlimited scope for practical progress towards embodying intelligence in an artificial form.” He was then made Deputy Director of the Computing Laboratory at the University of Manchester and was the first to address Artificial Intelligence.

In 1952, the police investigated a burglary in his house when he admitted he had a sexual relationship with Arnold Murray. He was arrested for homosexuality, which was illegal in Britain at that time. He was later found guilty of “gross indecency” and decided to avoid prison by accepting chemical castration by taking high doses of estrogen to reduce sex drive. Two years later, he was found dead, in an apparent suicide from cyanide poisoning. His death was never examined, but something that remained true is that homosexuals could not complete security clearances, which meant that Alan Turing could not be involved in secret work during the Cold War. His conviction was overturned in 2013.  

 

 

Important Considerations from the 2021 Verizon Data Breach Report

Are you familiar with the Verizon Data Breach Investigations Report (DBIR)? If not, this is an annual analysis of the security incidents that occurred over the course of a year. It centers most of the work on data breaches. It was first published in 2008. Since then, they have increased the number of organizations’ data (public and private) they collect to provide a more robust report on breaches, threat actors, types of organizations targeted, and more.  

This year, the Data Breach Report was built out of 5,258 breaches from 88 countries around the world. The largest number they have ever reported, and it turned into a 119-page publication. Going through its pages, we found many interesting and important pieces of information that we think will help you, our readers, better understand what happened during the first year of the pandemic in the cybersecurity industry. 

We don’t expect you to read through all the pages. But, if you want to do it, please take your time so you can fully digest their findings. You can access the report using this link. In this blog post, we share a summary of what we consider major trends that can impact your actions and plans to prevent cybersecurity incidents in your organizations.  

Key Findings From the Verizon Data Breach Report 2021 

Just as the DBIR states, this “publication is not in the business of prediction… you don’t need a crystal ball, a neural network, or next-gen AI to tell you what the norm is,” but it can be beneficial when creating or updating your response strategy. For example, by understanding how a normal data breach happens, you can improve against it and the exceptions.  

1- Organized crime continues to dominate, year after year, the number one position when it comes to attackers. In fact, 80% of data breaches are attributed to them. However, we find it important to say that the study did find a decrease in internal actors being the cause of data breaches.  

2- The vast majority of data breach attacks are due to financial reasons. Espionage and other motivations are only responsible for less than 10% of the attacks. 

3- Even with the pandemic going on, the top action varieties in breaches remained the same from the past report. Phishing is still number one, but with the pandemic, we saw an increase from 25% to 36% of breaches attributed to it.  

4- Ransomware attacks are on the rise. The report concludes that it is the third cause of data breaches, and it doubled its frequency from last year. 

5- Human factor continues to be one of the biggest cybersecurity threats. 85% of data breaches involve a human element, and to make things even scarier for organizations, the report claims that employees are still making mistakes that cause security incidents and breaches.  

6- External cloud assets are more likely to be compromised by an attack than on-premises assets. 

7- Attackers are using older vulnerabilities to exploit and gain access to systems and networks. Making it clear that organizations need to improve their patching performance.  “To patch smarter, not harder, by using vulnerability prioritization not necessarily to improve security, but to improve organization’s productivity.” To put it in other words, you are taking steps further from downtime for every patch you apply.   

8- Hackers are looking to steal credentials, in fact, it is the most sought-after data type, and it is the fastest to get compromised.  

9- Privilege misuse and system intrusion are the types of breaches that take longer to be discovered by an organization.  

10- The average cost of a business email compromise attack is $19,296. At the same time, the median loss in a ransomware attack was $11,150. 

Industry-Specific Data 

This year the Data Breach Report included the analysis of 12 industries, demonstrating that each one of them suffered attacks and threats in different ways. This will vary according to their infrastructure, the data they collect, and their interactions with groups of interest (customers, employees, vendors, and others). Some of them are:

1- Financial and insurance organizations frequently face credential and ransomware attacks from external actors. 

2- Healthcare is still vulnerable to human factors as misdelivery is the most common error causing security problems. On a more positive note, since 2019, the industry has seen a shift from branches caused by internal actors to external actors that are looking to compromise both personal (66%) and medical (55%) data. 

3- Public administration has been the perfect target for social engineering attacks, as hackers have managed to craft credible phishing emails to gain access to credentials (80%) and personal information (18%). 

4- The retail industry faces financially motivated attacks of criminals trying to get credit cards and personal information. The most common social tactics in this sector are pretexting and phishing.

As we said before, these numbers give us a better understanding of what has been the most common behavior for cybercriminals and data breaches over the last year. It can help us prepare and plan our security measures, but we cannot consider them to predict the future of our organization. A word of advice would be to put in place security training for everyone in your staff, patch and solve past vulnerabilities, and establish an identity and access management to better control who has access to technology.  

 

6 Cybersecurity Movies You Should Watch

If you think cybersecurity movies are about a guy sitting in front of a computer fighting hackers, then you have it all wrong. A good cybersecurity movie is one that gives you an entertaining moment filled with crime, mystery, adventure, and action. They are all about secret documents getting into the wrong hands, discovering and fighting conspiracy theories, the work of secret agencies, and more. Interested already?

If you are, we compiled a list of 6 cybersecurity movies you should watch. Once you finish reading these snippets you will be begging for the weekend to arrive and just sit in front of your TV with a bunch of popcorn all day long. 

1- Snowden (2016) 

Oliver Stone directed this biopic of the former National Security Agency contractor who slowly got disillusioned with the slippery tactics of his superiors and decided to start leaking classified information. Snowden, played by Joseph Gordon-Levitt, claims that citizens must be informed that the government has access and surveils their emails, social media accounts, computer cameras, and more. Is he the greatest traitor or patriot in American history? 

Genre: Biography, Crime, Drama 

Stars: Joseph Gordon-Levitt, Shailene Woodley, Melissa Leo 

Runtime: 2h 14min

2- The Great Hack (2019) 

A documentary that goes deep into the Cambridge Analytica scandal through the narratives of different people affected by it. Karim Amer and Jehane Noujaim rolled out an extraordinary film that will make you think twice before sharing any personal data online. 

Genre: Documentary, Biography 

Stars: Brittany Kaiser, David Carroll, Paul-Oliver Dehaye 

Runtime: 1h 54min

 

 

3- Who Am I (2014) 

Baran bo Obdar directs this German thriller where we see how a young computer expert, who feels lost, starts a race to become a professional hacker. At some point he gets an invitation from a group of online disruptors to join CLAY (Clown Laughing At You), an organization with the goal of humiliating large corporations.  

Genre: Crime, Drama, Mystery 

Stars: Tom Schilling, Elyas M’Barek, Wotan Wilke Mohring 

Runtime: 1h 42min 

Trailer:

4- The Imitation Game (2014)  

With 8 Oscars nominations, this historical drama by Morten Tyldum, guides us through the story of the legendary cryptanalyst Alan Turing, and his race to crack the German Enigma code and help the Allies during World War II. 

Genre: Biography, Drama, Thriller 

Stars: Benedict Cumberbatch, Keira Knightley, Matthew Goode 

Runtime: 1h 54min

5- The Girl With The Dragon Tattoo (2009) 

In this film, we will be immersed in a story of a young female hacker who helps a journalist track down a woman that has been missing for forty years. They quickly find out that they need to protect themselves once they start unveiling dark family secrets.

Genre: Crime, Drama, Mystery 

Stars: Daniel Craig, Rooney Mara, Christopher Plummer 

Runtime: 2h 38min

 


6- Swordfish (2001)
 

In this film by Dominic Sena, we are driven through the story of a spy named Gabriel who plots to steal over nine billion dollars that are held behind super-encryption. He hires a convicted hacker to help him in this race to get the money and fight against international terrorism.  

Genre: Action, Crime, Thriller 

Stars: John Travolta, Hugh Jackman, Halle Berry 

Runtime: 1h 39min

 

 

There are a lot of great cybersecurity movies out there. Which one would you add to this list? Care to share in our social accounts! 

 

4 Reasons Why a Cybersecurity Bootcamp is a Good Investment

Anyone out there considering investing in a cybersecurity bootcamp is probably leveraging the pros and cons of this decision. Is it worth the time and money? What is the return of the investment? How fast will I see it? These are just some examples of the questions you may be asking yourself and others who have followed a similar path.

The same thing happens when it comes to cybersecurity training. The first thing we want to do is congratulate you for considering a fast-growing, hot industry that currently has hundreds of thousands of job openings and that also has professionals with a high level of satisfaction with their careers. But, this does not make cybersecurity an exception, meaning that anyone considering getting trained for this field will probably navigate through questions such as: what is the right education path to follow? Should I consider a degree? Or is a bootcamp enough to get me started and land a job? How fast can I see the return of investment in training? How many certifications should I earn to get started?

We want to help you find the right answers. Of course, some of them may vary depending on your professional and educational background. Still, in general terms, we consider that the best place to start your cybersecurity training is a bootcamp, and we are not just saying this because we offer one in our academy. We want to deep-dive into the main reasons why we consider it a smart investment when contemplating a career change or your next step for your professional development. 

Is A Cybersecurity Bootcamp A Good Investment? 

Short answer: yes. But, let’s dig deeper into the most important reasons that will help you understand why: 

1- A Bootcamp Will Require a Lower Investment 

On average, a cybersecurity bootcamp in the United States can cost between $12,000 to $24,000, numbers that can be considered a bit too high. But when you see the average salary ($70,500) you can start earning once you graduate, it will not be as frightening as it sounds. On the other hand, remember these are programs that can last from 12 to 36 weeks, meaning that in less than 6 months, you will be ready to start working on an entry-level position.   

2- Bootcamp Focus In Hands-On Experience  

We have said in the past. Cybersecurity is not a field you can learn by sticking to books and theory. You need to test your knowledge by facing real-life problems. That is why a good cybersecurity bootcamp offers a curriculum designed with experiential learning to give you real examples of how the content discussed in classes is relevant during an attack.  

3- They Offer In-Demand Skills Development 

Anyone can study cybersecurity, but people with certain skills have had an easier road to success. A good program will help you develop foundational technical abilities (such as understanding the architecture, administration, and management of different operating systems, knowledge of common programming and scripting languages), practical skills, and soft skills (research and writing instincts, a teacher’s disposition, collaboration, consultative thinking, and a passion for learning).  

4- Recruiters Highly value Bootcamps 

Just as we, and students, are aware of the many benefits a cybersecurity bootcamp offers, so are hiring managers and recruiters. They understand that this type of training not only guides through the theoretical knowledge, but it goes above and beyond: it puts into practice everything that has been discussed during the classes, it centers most of its time in hands-on experience, it helps students develop soft or human skills that will help them perform better in their jobs, and skilled instructors guide them. 

With all of this in mind, we leave you with a question: is a cybersecurity bootcamp a good investment?  

 

Tips To Help You Survive a Cybersecurity Bootcamp

If you are reading this, it is because you are considering getting enrolled in a cybersecurity bootcamp. Once you have taken the first step and completed the admission (if it has one), you are most likely to get tangled with questions about your decision: Is it worth my time and money? Is cybersecurity as hard as it looks? Am I going to be able to complete it? At CyberWarrior, we believe that you will succeed with the right mindset, the right attitude, and a clear set of goals.

But, to make this experience easier for you, we came up with a list of tips. Consider we have been in this business for a while now, and we want this exhausting and complex path to be as enriching and useful as it can be. 

Four Tips for Bootcamp First-Timers 

Tip #1: Do Not Be Afraid To Ask Questions 

The first thing to keep in mind is that there is no need to stop yourself from asking questions to your instructors, even if that means reaching out when completing an assignment or during a class. You are there to learn, just as any other classmate. If you have problems completing some work, try to guide your instructor through the different approaches you attempted, so he/she can better guide you at what went wrong.  

Tip #2: Do Not Feel Discouraged 

Just as it would happen in any other place, there will probably be someone with a different background or some cybersecurity experience. Do not let that discourage you from your goal: getting into the cybersecurity industry. And always keep in mind that anyone, it does not matter their background, can be successful in this field. With the right education, training, and skills, you will be able to reach high-level positions, a rewarding career, and the satisfaction of helping your organization, and even your country, be safe from security threats. 

This bootcamp is just the first step into an amazing career. Comparing yourself to your classmates is not going to take you anywhere. Instead, try a more positive approach and learn from their experience, advice, and tricks.  

Tip #3: It Is More Than OK To Take Breaks 

You are in this for the long run, so that you will face some exciting and frustrating moments. So take some time, even schedule it in your agenda, take a break, eat, meditate, exercise, be with your family, and even take a nap. A well-rested mind is more effective than an exhausted one.  

Tip #4: Enjoy The Ride 

This is a lifetime experience. You will spend hours with your classmates and instructors, it will open the doors to a better job and a better life, so do not focus only on the hard things, but try to make it as fulfilling and enjoyable as possible. Take time to get to know each other, build your network, and prepare yourself for new beginnings.  

One last piece of advice is to never, ever pull the break. This is going to be a very demanding moment in your life. Still, the satisfaction of completing a cybersecurity bootcamp, and the many doors it will open, are going to make it worthwhile.  

 

Remote Work: Is Cybersecurity A Smart Choice?

Remote Work: Is Cybersecurity A Smart Choice?

As we start moving towards a post-pandemic scenario, organizations need to understand that their employees are now expecting to have the same flexibility to work remotely. A recent study published by Cisco reports that before COVID hit the world, only 19 percent of the workforce preferred to work from home, a number that grew up to 37 percent once the pandemic began. 

Remote working has many benefits, such as no need to commute from one place to the other, saving in your weekly gas spending, having a better work-life balance, and even an increase in productivity. But, as always, there is a catch. Being all day at home can make you fall victim to distractions that are hard to avoid (your kids running around the whole place, errands that seem to be urgent enough to take you away from your computer, cooking, and so on). In other words, you need to master certain skills that will help you succeed in this new way of work:

  1. Communicate proactively with your manager and teammates.  
  2. Provide updates and ask for clarifications in every step of the way.  
  3. Let your organization know your work schedule, and try to stick to it. 
  4. Do not stay in your pajamas or sweatpants all day.
  5. Plan your days and weeks, set out your goals, expectations, to-do lists, and schedule. Do not forget to add some breaks. Even if you work from home, you need to rest your mind from time to time.  
  6. Have an office space; the couch is not one. You need to have the right desk and chair, the correct light, and even try to make it comfortable, appealing, and inspiring.  
  7. Avoid taking care of personal errands while you are on the clock.  


We are living the process of adapting to a new reality: remote work. Every industry and every role is now going through this process. Cybersecurity is not the exception.

In fact, one of the many benefits of working in this field is that there are plenty of roles that do not require being in an office to get your job done while still earning a very attractive salary and enjoying other perks. 

Types of Cybersecurity Remote Jobs  

If you are considering starting a career in cybersecurity, and you are part of that big chunk of workers who would like to keep enjoying the benefits of remote life, here is a list of options you have in our field. 

1- Cybersecurity Analyst 

While working in this job, you will be responsible for protecting your organization’s network and systems from any cyber-attack and implementing threat protection measures and security controls. To achieve this, you will be spending hours creating plans, monitoring networks, and computers, implementing security strategies to protect your systems from potential breaches and attacks.  

2- Penetration Tester 

As a Penetration Tester, you will be in charge of helping organizations identify and resolve security vulnerabilities that represent a threat to their computer networks. To achieve this goal, you will need to simulate different cyber-attacks and breaches to discover existing weaknesses and address the best way to solve them.   

3- Security Consultant 

Your role here is pretty straightforward: protection of data. In other words, you are responsible for creating strategies to protect systems, networks, data, and information systems from any possible cyber threat. Among your routine tasks, you will need to perform threat analysis, system checks, security tests, update security criteria, and evaluate cyber risks and faults in existing security strategies.  

4- Cybersecurity Architect 

This is more of a senior-level role, where you would be responsible for the process, from planning to implementing and maintaining an organization’s security infrastructure. In other words, you will need to think like a hacker to anticipate risks, as a business executive to communicate effectively with your executive board, and have the technical skills to build effective security infrastructures. 

In other words, cybersecurity is a field that has a lot to offer for those who want to stick to remote work. There are thousands of openings in the United States, but you need to master different technical and human skills to really stand out. It is all about your mindset.  

 

 

20 Cybersecurity Terms You Should Learn

20 Cybersecurity Terms You Should Learn

The road to cybersecurity is a path that takes you from a zero IT background to becoming someone who understands the theory behind cyber-attacks and security protocols, to knowing how to put in action the industry’s best practices, and to learning a whole new vocabulary filled with new words, acronyms, and even phrases with particular meanings. As part of our effort to help you go through this road more smoothly, we have crafted a glossary with 20 cybersecurity terms you should definitely learn if you want to become a success in front of the eyes of recruiters, teammates, and even your future boss.

20 Cybersecurity Terms for Entry-Level Professionals

  1. Anti-Phishing: refers to the efforts of blocking phishing attacks. Phishing is a type of cyber-crime where the attacker poses as known or trusted entities while contacting (email, phone, text) an individual to get ahold of sensitive information.  
  2. Bot/Botnet: a botnet is a network of computers infected by malware under the control of a single attacking party. Bot refers to each machine under the control of the attacker or bot-herder. 
  3. Breach: refers to an incident that results in unauthorized access to sensitive information and data in computers, networks, and/or devices. 
  4. DoS/DDoS: a Denial-of-Service is a security incident in which a server is flooded with malicious traffic and data resulting in an unavailable website. A Distributed Denial-of-Service (DDoS) is not other than a DoS attack using multiple computers or machines to flood the targeted resource.  
  5. Encryption: the process of encoding data or converting it into secret codes only accessible to authorized parties that can decipher it and access the original information. 
  6. Ethical Hacking: legally breaking into computers, networks, and/or devices to test their security protocols and discover vulnerabilities.  
  7. Firewall: a network security system that filters and blocks outsiders from accessing private data on your devices. It creates a barrier between trusted and untrusted networks.  
  8. IP Spoofing: an attack in which a hacker modifies the source address of a packet header to hide the sender’s identity and/or launch a DDoS attack.  
  9. Malware: also known as malicious software, designed to damage or enable unauthorized access to a computer system.  
  10. Phishing: a type of cyber-crime where the attacker poses as known or trusted entities while contacting (email, phone, text) an individual to get ahold of sensitive information.  
  11. Ransomware: a form of malware that encrypts a victim’s files in exchange for a ransom. Usually, the victim receives instructions of what and how to pay to gain their access back.  
  12. Rootkit: considered one of the most dangerous attacks in cybersecurity. It is a type of malware designed to stay undetected in a computer or software designed to enable access and control.  
  13. Single Sign-On (SSO): refers to an authentication scheme in which a user has a single ID and password for several software systems.   
  14. Spoofing: a type of cyber-attack in which a scammer disguises himself to gain access to data, computers, or software.  
  15. Spyware: a category of malware designed to secretly gather information about a person or organization and share it with a third party.  
  16. SSL Decryption: is the ability to inspect encrypted traffic and confirm that no malicious content is delivered.  
  17. Virtual Private Network (VPN): encrypted connection over the Internet from a device to a network that ensures that sensitive data is safely transmitted.  
  18. Virus: a malicious piece of computer code designed to alter the way a computer operates.  
  19. Vulnerability Scanning: an automated inspection that looks for and reports potential weaknesses in computers, networks, and communications equipment.  
  20. Worm: type of malware that can self-replicate from computer to computer or networks.  

Understanding these basic cybersecurity terms is key for anyone who wants to get started in the cybersecurity working field. Not only are they are asked in any job interview, but they will help you understand other content.  

 

Four Tips to Help You Prepare for the Certified Ethical Hacker (CEH) Exam

Four Tips to Help You Prepare for the Certified Ethical Hacker (CEH) Exam

Over the past year, we have seen a cybercrime increase. The COVID pandemic that hit the world with a health and economic crisis has evidence of the need for more trained people to combat hackers. As remote work becomes the new normal, cybercriminals have taken advantage of the lack of security measures to perform their stunts, costing organizations millions of dollars to recover their systems, data, and even their reputation.

The best way to fight a hacker is to learn to think like one. Ethical hackers not only learn how to understand their motivations, the way they work, and how they choose their target, but they also earn their same skills and training.

To work as a white-hat hacker, you will need to clear the Certified Ethical Hacker (CEH) exam.

About the Certified Ethical Hacker (CEH) Exam 

The test consists of 125 questions, and you need to score above 70% to pass it. To take this test, you either enroll for the Certified Ethical Hacker (CEH) training, or you will have to pay some extra money and prove that you have at least 2 years of background experience in information security.

All the questions in the exam are multiple choice. But the tricky part here is that the number of right answers you need to get correctly will vary depending on the difficulty of the questions in the version you are taking. In other words, if you get a test made up of more difficult questions, you will need to have fewer correct answers to pass than if you had gotten an easier one.

Tips to Pass It On Your First Attempt 

1- Get Familiar with The Content of the Certification 

One of the first things you should do is understand the domains covered in the exam to get a better idea of the areas you need to focus on, what it entails, and prepare for it. 

The Certified Ethical Hacker (CEH)’s official course outline consists of 20 modules that will cover subjects such as introduction to ethical hacking, scanning networks, vulnerability analysis, system hacking, sniffing, social engineering, denial-of-service, hacking web servers, hacking wireless networks, and others. 

The test itself is built in 7 different sections, and each will cover a different area of ethical hacking. A tentative breakdown is: 

  • Section I: Background (5 questions) 
  • Section II: Analysis/Assessment (16 questions) 
  • Section III: Security (31 questions) 
  • Section IV: Tools, Systems, and Programs (40 questions)
  • Section V: Procedures and Methodology (25 questions) 
  • Section VI: Regulation and Policy (5 questions) 
  • Section VII: Ethics (3 questions) 

2- Study Using The CEH Exam Blueprint 

You can study using the Certified Ethical Hacker (CEH) Exam Blueprint. This page will provide a handbook, blueprint eligibility criteria, exam FAQs, exam details, and course outline. All the information you will need to fully understand what the test looks like, what it evaluates, and prepare for it is on that page.  

3- Create a Study Plan 

Once you have the BluePrint and you have gone through the course outline, you should create a study plan that prioritizes the sections that will require more attention, schedule time to review knowledge gaps you might have, refreshes content you already know, and set practice time. 

4- Take Practice Exams 

Practice makes perfect. Once you have gone through all the course modules and you start feeling confident enough, it is time to test your knowledge! Take practice tests (more than 2) until you score above the passing score. Don’t be fooled by people posting online the answer to the questions of the test. EC Council has been updating the test constantly to fight this