Penetration Testing vs Vulnerability Scanning

Getting a job in infosec is not that hard. What is hard is knowing what you want to do with your career. I recently expressed interest in a particular job. It had to do with running a SOC, which I've never done but find fascinating. During the conversation, I was...

read more

What is a proxy and why should you use one

Everyone should explore the internet through a proxy, from individuals at home to employees at an enterprise. A proxy, like in the English language, acts as an intermediary between a user (you) and the big bad web (your host). If you are visiting a website like ESPN,...

read more

Infosec Assessment Centre Strategy and Preparation

In the last 3 years I’ve attended over 6 assessment centres. Sometimes as an applicant and others as an assessor. I’ve done these at consulting firms, large IT firms, and financial services firms. All of these have been for graduates in infosec or cyber security....

read more

Avoid this beginner mistake

I was having lunch recently with a group of new security folk at the office. I was lamenting my inability to create revolutionary products. Wouldn’t it be awesome, I said, if only I had invented, developed, marketed, and sold Oracle, cloud, any sort of crypto, or...

read more

Hard Work and the Cyber Security Career

I find the idea of hard and smart work fascinating. In the last few years I've met hundreds of infosec professionals at various levels of their career. In the network space, there are a lot of grey tops. When I find mentors or discuss careers, I sometimes make the...

read more

Security Study: Risk Calculations

Risk is an integral part of security management. Whenever a business makes decisions, those are caveated through risk. When you are studying for security exams, you will be required to understand some of the key risk calculations that are used when defining risk. This...

read more

Security Study: Risk mitigation strategies

Whether you are taking your CISM, CISM, Security+ or an MSc, you will be questioned about risk mitigation strategies. Risk is a one billion dollar elephant in every room. It seems like every action, programme, project, or idea must be measured against risk. What is...

read more

The #1 Skill I’ve Needed to Succeed in Infosec

This will be a short post. I have been outside all day building an allotment. It's been a lot of fun. I worked my butt off. I lifted, and dug, and planted. And then I sat down and had a coffee and looked at my work. And the outcome for all my hard work? The allotment...

read more

Security Study: Common network protocols

The Security+ requires you to understand a handful of network protocols. These are not concepts you "learn", unfortunately. Rather, these are things you memorize, at least while you are studying for the test. Most of these you should know. Some of these you kind of...

read more

Security Study: Network design elements and components

The CompTIA exam requires students to understand common network design elements. These involve things like subnetting, DMZ, VLAN, and remote access. In this post, I will work through the CompTIA document and explain some of section 1.3. Layered Security / Defense in...

read more

Security Study: Secure network administration principles

The Security+ asks you to use secure network administration principles given a particular scenario. For the sake of the test, you should memorise the main idea, the device it applies to, and the function of the principle. As a security professional, you need to commit...

read more

Security Study: Network security devices

The Security+ exam comprises of 6 parts, or exam topics. The first topic is network security. Network security tests 5 key knowledge areas. In this post, I will discuss the first network security topic, network security devices. There are twelve devices you need to...

read more

Infosec Job vs Infosec Career

Jobs are things that let you trade time for money. They are important, especially as you are figuring out what you want to do with your life. In you get a job in infosec, you will be able to do some cool tech "stuff" in exchange for money. That money is usually in the...

read more

Understanding Infosec as part of the business

There is quite a bit of business-related cynicism in the infosec community. My colleagues and friends in the industry often make the assumption that businesses are these money-grubbing, "must kill that profit" machines that don’t really care about employees,...

read more

CV for Cyber Security Jobs

Your CV is more than an introduction to your past, it demonstrates your understanding of your targets' needs. Open with the objective, or personal statement.  This must be catered to the company you're are applying to, and it needs to reflect what you want, what they...

read more

Getting to the Door: Fundamental Knowledge

You should have an information source on security-related topics that is fluid and growing. You should also be putting your thinking cap on day-in and day-out. If you don’t understand how bits flutter about the world, how to identify and do stuff with those bits, and...

read more

Building Your Infosec Information Tunnel

Rewarding experiences are earned through hard work and focus. That hard work and focus are the keys to success in most things. You are here because you want to get into infosec I can push you in the right direction. This infosec series is focused on helping you get to...

read more