brandonkrieger

In today’s DailyCyber Podcast I discuss how to mentally and emotionally deal with a compromise. Most of the time you will hear about the technical information but it’s rare you will hear about the mental and emotional aspect. 
 

To learn more watch the video or listen to the podcast www.DailyCyber.ca and comment below 

In today’s DailyCyber Podcast I discuss the top Cyber Security solution providers and the Cyber Security solutions that you should be aware of:  

Top Cyber Security Solution Providers 

1. Beyond Trust
2. Black Berry - Cylance
3. Carbon Black
4. Check Point 
5. Cisco 
6. Crowdstrike
7. CyberArk 
8. Dark Trace
9. Force Point 
10. Fortinet
11. KnowBe4 
12. IBM
13. Palo Alto
14. ProofPoint 
15. RSA Networks
16. Symantec
17. Splunk 
18. Sophos
19. Transmit Security
20. TrendMicro
21. Vectra 

Top Cyber Security solutions 

Categories: 
Software

Hardware 

Services/Consulting 

Different Solutions: 

-Data Loss Prevention

-Identity and Access Management - IAM

-Priviedge Access Management - PAM

-Risk and compliance management 

-Encryption

-Unified Threat Management (UTM)

-Firewall 

-Antivirus/Antimalware Solutions 

-Intrusion Detection Systems (IDS)

-Intrusion Prevention Systems (IPS)

-Network Detection System (NDS)

-Network Prevention System (NPS)

-Disaster Recover 

-Email Security 

-End Point Security 

-Network Detection Security 

-Security Information and Event Management (SIEM) 

-Advance Threat Protection (ATP)

-Cloud Access Security Broker 

-Secure Web Gateway 

-Internet of Things Security (IoT)

-Network Access Control (NAC) 


 

To learn more watch the video or listen to the podcast www.DailyCyber.ca and comment below 

In today’s DailyCyber Podcast I discuss how Disney Plus got hacked and what we can do to protect ourselves going forward. I also start the discussion into the fundamentals principals of Cyber Security. 

News: 

Disney Plus Accounts Are Already Being Hacked and Sold online
 

On November 12th, 2019 the day Disney Plus went live user accounts where hacked. 

"Hijacked Disney+ accounts are being sold online just hours after Disney's new streaming service launched, reports have claimed.

Many of these stolen accounts are being offered for free on hacking forums or are available for sale with prices ranging from $3 to $11, despite the fact that a legitimate Disney+ subscription only costs $7."
 

“ Disney+ credentials

The hackers behind these account takeovers were able to mobilize quickly to steal Disney+ account credentials and make them available for sale online. This suggests that they either gained access to these accounts by either using leaked credentials from past data breaches or by using info-stealing malware.

Hacking forums now have thousands of Disney+ accounts available for sale but ZDNet also discovered that some forums were giving away these credentials for free so that the hacker community could use and share them with others.
 

https://www.techradar.com/news/hacked-disney-accounts-are-already-available-for-sale-online

Fundamental Principals of Cyber Security 

1. Personal Security 
2. Risk Management 
3. Business Continuity 
4. Laws, Regulations and Compliance 
5. Investigation and Ethics 

C.I.A - "Confidentiality, Integrity and Availability”
 

Confidentiality - is the concept of the measures used to ensure the protection of the secrecy of data, objects, or resources. The goal of confidentiality protection is to prevent or minimize unauthorized access to people, places or things.

Integrity - is the concept of protecting the reliability and integrity. Integrity protection prevents unauthorized alternation. 

Availability - Which means authorized subjects are granted timely and uninterrupted access. 

To learn more watch the video or listen to the podcast www.DailyCyber.ca and comment below 

In today’s DailyCyber Podcast which you can listen to on the go. I discuss different positions in Cyber Security to help you as you are researching for your career. I also share what questions I would recommend you should ask yourself.

To learn more watch the video or listen to the podcast and comment below

50 Cybersecurity Titles That Every Job Seeker Should Know About

From: Cybercrime Magazine

Editor: Steve Morgan

https://cybersecurityventures.com/50-cybersecurity-titles-that-every-job-seeker-should-know-about/

1.  Application Security Administrator – Keep software / apps safe and secure.

2. Artificial Intelligence Security Specialist – Use AI to combat cybercrime

3. Automotive Security Engineer – Protect cars from cyber intrusions.

4. Blockchain Developer / Engineer – Code the future of secure transactions.

5. Blue Team Member – Design defensive measures / harden operating systems.

6. Bug Bounty Hunter – Freelance hackers find defects and exploits in code.

7. Cybersecurity Scrum Master – Watch over and protect all data.

8. Chief Information Security Officer (CISO) – Head honcho of cybersecurity.

9. Chief Security Officer (CSO) – Head up all physical/info/cyber security.

10. Cloud Security Architect – Secure apps and data in the cloud.

SANS

https://www.sans.org/security-trends/2019/08/29/20-coolest-cyber-security-jobs

20 Coolest Cyber Security Jobs:

1.  Application Security Administrator

– Keep software / apps safe and secure.2. Artificial Intelligence Security Specialist – Use AI to combat cybercrime.3. Automotive Security Engineer – Protect cars from cyber intrusions.4. Blockchain Developer / Engineer – Code the future of secure transactions.5. Blue Team Member – Design defensive measures / harden operating systems.6. Bug Bounty Hunter – Freelance hackers find defects and exploits in code.7. Cybersecurity Scrum Master – Watch over and protect all data.8. Chief Information Security Officer (CISO) – Head honcho of cybersecurity.9. Chief Security Officer (CSO) – Head up all physical/info/cyber security.10. Cloud Security Architect – Secure apps and data in the cloud.

2. Threat Hunter

Featured top of the list for good reason, Threat Hunters are one of the most valuable jobs to the IT industry, with skills shown to improve the speed of threat detection and response more than two-fold, in comparison to teams without this dedicated resource. Enjoy job security by offering a 64% improvement in the detection of advanced threats, and a 63% reduction in investigation time according to the 2018 Threat Hunting Report.

Related SANS courses and GIAC Certification: FOR578 (GCTI Certification), FOR572 (GNFA Certification), FOR508 (GCFA Certification), FOR526, FOR610 (GREM Certification) and SEC487

3. Penetration Tester

"Penetration testing is the active circumvention of security features in networks, systems, and applications. This is where the penetration tester emulates threats by attempting to access alternative functionality. A penetration tester will also assess data or functionality in a manner not anticipated by the group designing that system. A good penetration tester will need to be highly technical and will also require a level of skill that enables meaningful communication of risk to management. Pen testing is a critical capability that most organisations will require, and it can also be quite fun, if not sometimes tedious. I love what I do, both as a tester and as an instructor for SANS."

Adrien De Beaupre SANS SEC642 Instructor

Related SANS courses: SEC487, SEC401 (GSEC Certification), SEC560 (GPEN Certification) and SEC660 (GXPN Certification)

4. Forensic Computer Analyst

Analyst findings might be used as evidence in a criminal investigation, to resolve a business or legal dispute, to uncover specific targets or to detect suspicious activity.

Related SANS courses: All FOR classes plus SEC504, (GCIH Certification), SEC401 (GSEC Certification) and SEC487

5. Incident Responder

When you're passionate about fighting cyber-crime, being an incident responder will bring a great deal of job satisfaction. Learn to discover the issue, mitigate the damages and investigate the situation from all angles.

Related SANS courses: All FOR classes plus SEC504 (GCIH Certification), SEC501 (GCED Certification) and SEC487

6. Security Architect

Design, build and supervise the implementation of network and computer security. As a Network Security Architect, you will test for vulnerabilities and install firewalls, along with various security policies and procedures.

Related SANS courses: SEC450, SEC503 (GCIA Certification), SEC511 (GMON Certification), SEC530, (GDSA Certification), FOR572 (GNFA Certification), SEC501 (GCED Certification) and MGT516

7. Malware Analyst

For those that like to fight the breach head on, a Malware Analyst will ensure the fast and effective response and containment to a cyber-attack.

Related SANS courses: FOR610 (GREM Certification)

8. CISO/ISO or Director of Security

As a chief information security officer, you will be the balance between the IT department and the boardroom, with an equal understanding of both business and information security. Together with the ability to influence and negotiate, you will also have a thorough knowledge of global markets, policy, and legislation. With the ability to think creatively, the CISO will be a natural problem solver and will find ways to jump into the mind of a cyber criminal, discovering new threats and their solutions.

Related SANS courses: SEC401 (GSEC Certification), MGT414 (GISP Certification), MGT512 (GSLC Certification), MGT514 (GSTRT Certification) and MGT525 (GCPM Certification)

9. Security Software Developer

As a senior developer, this creative position requires the ability to design secure software using protected programming techniques, that are free from vulnerabilities which could be abused by hackers. You will have the ability to incorporate security analysis, defences and countermeasures in order to ensure strong and reliable software.

Related SANS courses: MGT525 (GCPM Certification), DEV522 (GWEB Certification), DEV541, DEV544, and SEC540 (GIAC Certification coming soon)

10. Media Exploitation Analyst/Law Enforcement Computer Crime Investigator

If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked or damaged, then this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.

Related SANS courses: FOR500 (GCFE Certification), FOR585 (GASF Certification), FOR518 and FOR498

11. Software Validation Engineer

As a software validation engineer, you will assess software in order to verify issues and log defects. You will be responsible for developing summary reports for tests performed and will review data with all team members. In summary, to fill this role you will be a qualified engineer responsible for managing, inspecting, testing and modifying the equipment and procedures used to manufacture various products.

Related SANS courses: MGT525 (GCPM Certification) and SEC540 (GIAC Certification coming soon)

12. Security Operations Centre Analyst

SOC Analysts work alongside security engineers and SOC managers, to provide situational awareness through detecting, containing, and resolving IT threats. Working closely with incident response teams, a SOC analyst will address security issues - when detected, quickly and effectively.

Related SANS courses: SEC501 (GCED Certification), SEC540 (GIAC Certification coming soon), SEC450, SEC511 (GMON Certification) and SEC555 (GCDA Certification)

13. Vulnerability Researcher/Exploit Developer

As one of the fastest growing careers in the tech industry, this vital role is responsible for research and analysis of new exploits and will hold experience in penetration testing and writing exploit code.

Related SANS courses: SEC460, SEC401 (GSEC Certification), SEC560 (GPEN Certification) and SEC660 (GXPN Certification)

14. Security Audit and Risk Management Specialist

As the role responsible for identifying and assessing a company's potential risks to safety, reputation and financial prosperity, the security audit and risk management specialist will have strong problem solving and analytical skills together with an ability to negotiate and be diplomatic while working under pressure.

Related SANS courses: SEC401 (GSEC Certification), MGT516, MGT525 (GCPM Certification), DEV522 (GWEB Certification) and SEC540 (GIAC Certification coming soon)

15. Cyber Security Analyst/Engineer

As one of the highest-paid jobs in the field, the skills required to gain footing in this role are advanced. You must be highly competent in threat detection, threat analysis, and protection, broken authentication, cross-site scripting and cross-site request forgery. This is a vital role in preserving the security and integrity of an organisation's data.

Related SANS courses: SEC401 (GSEC Certification), SEC501 (GCED Certification), MGT516, MGT525 (GCPM Certification), SEC540 (GIAC Certification coming soon), SEC450, SEC511 (GMON Certification), SEC503 (GCIA Certification), SEC530 (GDSA Certification) and SEC555 (GCDA Certification)

16. Mobile Security Manager

Taking care of an organisation's mobile device safety, as a Mobile Security Manager you are responsible for monitoring and securing all of a companies' Smartphones, laptops, smartwatches, and other connected devices. Managing the collective tools, technologies, and processes that enable the securing of a mobile device or mobile computing environment, you will be part of a broader information security management policy that focusses mainly on mobile IT assets.

Related SANS courses: FOR585 (GASF Certification), plus SEC575 (GMOB Certification) and MGT514 (GSTRT Certification)

17. Application Penetration Tester

One of the most exciting roles within the cyber security industry, you will be responsible for the penetration testing (or ethical hacking), of applications; a significantly vulnerable point. The objective is to find security weaknesses before a cyber criminal does.

Related SANS courses: DEV522 (GWEB Certification)

18. Disaster Recovery/Business Continuity Analyst/Manager

Level up your skills and earn your place as a disaster recovery manager, where you will be responsible for managing the design, implementation, and communication of organisations continuance and disaster recovery plans. Your processes will ensure the safeguarding of business data, technology, information systems, and databases.

Related SANS courses: SEC501 (GCED Certification), MGT414 (GISP Certification), MGT514 (GSTRT Certification) and MGT516

19: Technical Director and Deputy CISO

Would you like to train and develop future leaders in the cyber security department? You will be responsible for deciding on the costs needed to develop senior roles, on executing the security strategy consistently throughout the department and identifying and managing the skills and weaknesses of associates.

Related SANS courses: SEC501 (GCED Certification), MGT414 (GISP Certification), MGT512 (GSLC Certification), MGT514 (GSTRT Certification) and MGT525 (GCPM Certification)

20: Intrusion Analyst

"I've come to realise that network monitoring, intrusion detection, and packet analysis represent some of the very best data sources within our enterprise. These can be used to very rapidly confirm whether or not an incident has occurred, and allow an experienced analyst to determine, often in seconds or minutes, what the extent of a compromise might be. In a very real sense, I have found this to be the most important course that SANS has to offer. Not only will it cause you to think about your network in a very different way as a defender, but it is incredibly relevant for penetration testers who are looking to "fly under the radar." The concepts that you will learn in this course apply to every single role in an information security organisation!"

David Hoelzer — SANS SEC503 Instructor

Related SANS courses: SEC503 (GCIA Certification) and SEC401 (GSEC Certification)

21: IoT/Critical Infrastructure Security Director

A crucial role within today's world where cyber attacks to our critical infrastructure are increasing in risk. In an age where almost every devise or piece of machinery can be connected to the internet, they too are at risk of being hacked. The Internet of Things (IoT) has evolved so quickly that managing its security has become a minefield. When we look broadly into the matter, Critical Infrastructure is at risk to foul play. Power grids, chemical plants, and transportation systems are being attacked by hackers. In a report by Business Insider, ?A new front in cybersecurity', investigations found that companies operating critical infrastructure reported 295 cyber attacks in 2015. While technology is consistently evolving, so too will attacks to this industry.

The role of security director to IoT and Critical Infrastructure is invaluable - some might say indispensable.

Related SANS courses: All SANS ICS Courses and Certifications, plus MGT512 (GSLC Certification), MGT514 (GSTRT Certification) and MGT525 (GCPM Certification)

https://www.sans.org/security-trends/2019/08/29/20-coolest-cyber-security-jobs