Tag: Cybersecurity
Today I want to start off by sharing a few things that I have been researching for a while. I have had a lot of curiosity about incident response, I want to understand how it works, what is expected from an IR team, and much more. For the last few days, I have also been asking my new friend ChatGPT about it so that I can get some of the answers and things that go on during an Incident Response engagement.
I consider it should be a good idea to start with a quick overview or list of Attack Vectors before we dive right into what goes into the Detection and Analysis phase. Companies should be able to prepare and have plans around common attack vectors, and what to do in those cases, we went over that in our previous post, but this time as a refresher, here is a non-exhaustive list of common attack vectors:
I want to take the opportunity to break down what goes into the preparation for incident response and what things could like from the perspective of an infosec professional. Going back to NIST, there are a few things that are considered: Part of a well-defined IR Plan includes things like creating an IR Policy and plan, and what tools will be used for performing incident handling and reporting. A determined team structure, who are the players?, lead Engineers? who is in charge of collecting forensic data? what happens during the eradication and recovery phases, and who is in charge? Should these functions be assigned to a team or an individual? - A well-described line of communication between teams and technical and executive teams (Yeah - Executives need to be involved)
Lack of quality information in Cyber Security and incident response is real, you have too many sources for too many things, and most of the information at reach is not centralized. A couple of years back when I was working on learning more and more ins and outs on the InfoSec community I found VERIS, which I think is a nice initiative. Here is a quick breakdown of what it is
To better understand what are the domains that are part of CyberSecurity is better to identify them individually and make sure we all know what to expect to learn more and more about it. Currently the Cybersecurity tracks, like Cisco’s, make emphasis on you preparing you to be a Security Analyst Level I - Remember that all the Associate certifications are the ones validates that you can be the first knowledgeable level of contact in the enterprise. In this case Cisco Cybersecurity Operations CCNA is not different.
I have recently started a class on CyberSecurity offered by Cisco, and have been hooked into the material and the things that this class offers. If you know me, you will know that I have always been a hybrid engineer, I have done few things from Network, Security, Data Center and Collaboration. With the last one being what I specialize on and what I’d like to call the profession that pays my bills :)
Thinking on few things that can help people out there to begin or advance in a career in IT Security or Cybersecurity. I had to get some information about this from a Job description of what companies are looking for in candidates, just because, yeah Andres had to find out, and help the now growing audience of CyberSecEngineer Disclaimer I may not be the right person for specific career advise on Cyber Security, however, I will/should/could be able to provide a high-level overview of how things work from a career point of view, if you are interested in such thing, make sure you ask me using the comments section, and I will do my best to reply ** I hope the comments section work :)
I looove free and fun stuff to do when I’m training, and I also like to pay for training when is good. With that in mind, this post will be a collection of the training that I have found or will find in the future, so that it can be listed on this site. Remember, if you know of any training that you think is sooooo cool that needs to be mentioned or announced, please feel free to reach out in the comments post, I will happily add that information.
