cybersecurity

The original post: /r/cybersecurity by /u/Intelligent_Bite_394 on 2024-10-07 06:31:12.

Hello Everyone!

If you're pursuing a career in Cybersecurity or looking to validate your skills, certifications are a game-changer.

Edureka has just released a video that breaks down the Top 5 Cybersecurity Certifications to help you stay ahead in the field!

What’s inside:

CEH (Certified Ethical Hacker)

Security+

CISSP (Certified Information Systems Security Professional)

OSCP (Offensive Security Certified Professional)

GPEN (GIAC Penetration Tester)

Check out the video and let me know which certification you think is the most valuable! Drop your feedback or suggestions in the comments – I’d love to hear from you!

Watch the full video here: https://youtu.be/2iF_S9-OVMI

#Cybersecurity #CybersecurityCertifications #Certifications #CEH #SecurityPlus #CISSP #OSCP #GPEN #EthicalHacking #PenetrationTesting #CareerInCybersecurity #edureka

The original post: /r/cybersecurity by /u/jwizq on 2024-10-07 06:30:26.

The original post: /r/cybersecurity by /u/Environmental_Age_11 on 2024-10-07 05:00:32.

The requirements say I have to be doing cs, comp engineering, elec engineering, cybersecurity(tech track), data science or math. I’m an IT major minoring in critical intelligence studies, am I just screwed since it doesn’t list IT?

The original post: /r/cybersecurity by /u/Medical-Lawyer7691 on 2024-10-06 23:18:31.

I've a chance to join a L1 SOC role( got this wit my 2 yrs NOC exp) or I can join a MNC's cyber security graduate program which is a 2 year program with rotation within different teams with training(currently Iam a cyber security master's student). So which could be a better option guys, any kind of POV's would be appreciated.

Thanks in advance ☺️

The original post: /r/cybersecurity by /u/ZakBht2021 on 2024-10-06 22:21:04.

Guys i am new to the field and I want to learn the basics. I know almost nothing about cybersecurity but i have a good foundation in IT as i got my ccna recently and i have been programming in the past (not advanced tho) Is the Google Cybersecurity Professional Certificate worth it? If not what are the best alternatives (preferably on coursera) And i appreciate any tips for a fellow beginner. Thank you 🙏🏻

The original post: /r/cybersecurity by /u/Drunkenirishmen on 2024-10-06 19:27:51.

Hello r/cybersecurity community,

I am currently working on my master’s degree research dissertation, and I need your help! My research focuses on “Improving Cybersecurity for Industrial Control Systems”. As part of my study, I am conducting a survey to gather insights from professionals and enthusiasts in the field.

The survey will take approximately 5-10 minutes to complete. All responses are anonymous and will be used solely for academic purposes.

https://www.surveymonkey.com/r/XJPXZJL

Thank you in advance for your time and valuable insights.

If you have any questions or need further information, feel free to DM me!

The original post: /r/cybersecurity by /u/Disastrous_Chip_702 on 2024-10-06 19:04:21.

Hello, I have been reading and trying to understand the best way to get into do well in this industry. This subreddit is very informative and I appreciate having access for o this place! I am unable to go to college so I’m going the experience and cert route. My question is are there any type of accredited apprenticeship programs? I ask this bed I learn the best with hands on and working through my certification is good but there is only so much I can learn on a computer and just talking test. Any feedback is welcome!

The original post: /r/cybersecurity by /u/TechnicalFlatworm264 on 2024-10-06 17:50:26.

The original post: /r/cybersecurity by /u/Odd-Combination7498 on 2024-10-07 01:03:06.

The original post: /r/cybersecurity by /u/AutoModerator on 2024-10-07 00:00:12.

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away!

Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future.

The original post: /r/cybersecurity by /u/DependentVegetable on 2024-10-06 23:01:51.

Rolling out some IoT devices and am looking for suggestions for BIOS / firmware analysis. Would like to make sure there was no obvious tampering by low level criminals to gain persistence along the way. Dont have any experience in the space and looking for companies who specialize in this we could send the device or firmware to who could then look for anything sketch. Using something like efiextractor is an interesting rabbit hole, but other than scanning all the individual binaries for anything really obvious is beyond my skillset.

Its a couple of hundred devices for a one time project and would like to get a baseline analysis of the batch. I am not looking for a long term service at this point.

The original post: /r/cybersecurity by /u/DesperateForever6607 on 2024-10-06 22:38:40.

Hey everyone, We're about to kick off the SOCaaS service project with an MSSP for 24/7 monitor of security operations including IR, Forensic etc.

What key steps should we take first initially to ensure a smooth and successful start?

Looking for advice from those who have been through this process. Thanks!

The original post: /r/cybersecurity by /u/ImagineAUser on 2024-10-06 21:14:53.

I spend 80 minutes on the bus daily and I would like to spend that time productively

The original post: /r/cybersecurity by /u/spencer5centreddit on 2024-10-06 20:15:56.

The original post: /r/cybersecurity by /u/BoldlySilent on 2024-10-06 19:23:19.

This could really be two posts so be kind if I should have done that instead, but I have two separate but semi-related questions.

1. In recent years data classification advances in machine learning have been deployed to threat surveillance in network systems to great effect. These implementations, AFAIK, mostly use abundant computing, memory, power, and cooling resources whether they be local or cloud based. What I want to ask the crowd is what opportunities "tiny ML", or machine learning on resource constrained hardware, have for more localized threat detection. I sort of already see the value in something like an industrial control system, or a car, where you dont necessarily want to be streaming data to a cloud based service for analysis, but are there other non-obvious applications that are going to become important? How mature is this use of the technology?
2. Second question is sort of related, but I have been trying to learn more about space-domain cyber risks and have actually had a hard time finding technical details on specific threat vectors to satellites. I could just be bad at searching, but so far all I have been able to find are some of the starlink ground-station examples like where that guy performed a fault injection on the ground terminal. What else is there? An example question is that most satellites have used MIL-STD-1553 data bus for a long time. What kinds of external threat vectors exist to that platform? Can someone for instance send up a signal at the same receiving frequency as the normal communications system and just upload a virus? What protections exist and are there any public examples of lessons learned with the technical details of the incidents?

The connection here being a future where small scale ML implementations are used for threat detection on satellites which are like the definition of resource constrained operating environments

Would love to hear some professional perspectives on this and of course appreciate the time

Edit: Wanted to make clear that I have seen a lot of media and content around space cyber threats, but have had a hard time with actual specific technical details about what that could mean or has meant in the past

The original post: /r/cybersecurity by /u/nick313 on 2024-10-06 19:07:41.

The original post: /r/cybersecurity by /u/theicf on 2024-10-06 17:38:30.

Hi Thinking about attending blackhat london 2024 this December for the first time.

About the different passes,

So that option one - is well over budget

Whats the difference between OPTION 2 (619£)— ON-DEMAND – RECORDED, 30-Day On-Demand Access Available beginning December 18. Includes access to all recorded Briefings, Sponsored Sessions, Arsenal and Business Hall content, accessible for 30 days.

And

BUSINESS PASS (FREE)

BUSINESS HALL HOURS Wednesday, December 11, 10:00 AM - 6:00 PM (Reception 4:30 - 6:00 PM) Thursday, December 12, 10:00 AM - 4:00 PM

I get it that the free pass is only for the last two days but does it include actual sessions? All vendors or also technical? Or only actual access to the lounge area?

Will the free pass be a good option for it being the first time i attend ?

Thanks

The original post: /r/cybersecurity by /u/E_Howard_Blunt on 2024-10-06 16:54:58.

I find myself writing a lot best practices documents in addition to policy docs. The best practices docs give tech details on what encryption standards/strengths to follow, or what IT Security processes to follow for building out a new servers.

Is this common with a lot of you?

The original post: /r/cybersecurity by /u/BamBam-BamBam on 2024-10-06 15:22:52.

The original post: /r/cybersecurity by /u/Koala-gem on 2024-10-06 14:22:27.

Not sure if this is the right place to post my question.any guidance would be much appreciated.

How would you define a process/best practices/dos & don'ts for a development team that needs to share credentials and other sensitivedata for both non-production and production environments as part of their work (integrations, development, testing, etc.)? Currently, the team is not using a password manager due to budget constraints. What alternative methods can be employed to ensure that the data being shared protected?

P.S: sharing is now happening through channels like Slack, email, and sometimes video calls and it's not allowed to use any free tools now.

The original post: /r/cybersecurity by /u/Hairy_Apartment8821 on 2024-10-06 12:12:45.

Hello all,

I was working on an investigation of a PC that appeared to be compromised, and several findings pointed it out as possibly involved in nation-state-level APT activity.

One of the suspicious files that I uploaded to VirusTotal had a comment linking it to an APT campaign reportedly targeting India, allegedly linked to actors from Pakistan. The comment pointed out an article by Seqrite Labs-link here-discussing continuous cyberattacks against the Indian government conducted by Pakistani APT groups. That would seem to point to a confirmation of the hypothesis that this file belongs to a greater scheme of some sort.

Article link : https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/

Utilizing VirusTotal's FinFisher relationship graph showed me that another file from the same compromised PC shared its hash with a file already flagged as Gamma Group's FinFisher spyware. That led me deeper into an investigation, finding potential connections to command-and-control servers involved in FinFisher, raising very valid red flags regarding the nature of this compromise.

These findings lead me to conclude that FinFisher was used in-illegally-unsanctioned surveillance conducted in my region(East asia).

I would also appreciate any insight or advice from the community, particularly in respect to involvement by FinFisher in APT campaigns or deployment to conduct unauthorized surveillance. Any insights into further investigation or recommendations on deeper analysis will be greatly appreciated.

Thanks in advance for your inputs!

The original post: /r/cybersecurity by /u/OpenSecurityTraining on 2024-10-06 11:42:04.

The original post: /r/cybersecurity by /u/haithamaljabbari on 2024-10-06 08:20:43.

Which is the better big crowd program to work with?

The original post: /r/cybersecurity by /u/PumpkinSpriteLatte on 2024-10-06 06:56:35.

Other than the Play store, which mirroring service do you trust to have unmodified apks?

Received a notice from a vendor today they plan to add ads to their mobile app unless a subscription is purchased. Of course when we spent thousands on priority hardware years ago this wasn't even a consideration.

Id like to store a local copy of their current release in case the ads become truly problematic in the future.

Their application is largely static and I am not worried about missing it on future features.

The original post: /r/cybersecurity by /u/Serious-Summer9378 on 2024-10-06 05:49:09.

I just want to tell you thank you to each and every one of you. I love the r/cybersecurity space and thank you to guys for helping to provide news, insightful questions and events, and everyday of protecting data and just to let you know i appreciate all you guys do in the world today. You are enough and keep doing what you do. Always remember put yourself first, and you're mental health matters. It's okay to not be an Einstein in cybersecurity just always remember you are smart and enough.