Here’s some info you may not know about Python from the Python.org website. Let’s take a look at a description of Python, how it’s used and why it was created: Description of Python: “Python is an interpreted, interactive, object-oriented programming language. It incorporates modules, exceptions, dynamic typing, very high level dynamic data types, and classes. Python combines remarkable power with very clear syntax. It has interfaces to many system calls and libraries, ... Continue Reading >>

Recently, one of the founders of Cybrary received the following message: “Ralph, I just learned that you are [one of the] founder[s] of Cybrary and I want to thank you so much for bringing so much value. I have 0 dollars and I am struggling financially, so I am not able to pay for courses. The fact that the courses your website offers are free gave me the opportunity to start building my security skills from the ground up. People like are the ones that make the real difference in the worl ... Continue Reading >>

Today, October 4, 2017, an updated version of the CompTIA Security+ exam was released primarily to partners, courseware developers, and instructors . The new code for this exam is SY0-501. That being said, CompTIA indicates that they will start their public marketing effort and release the exam to the public on October 25th, 2017. At this point, detailed information on the exam content is not available, but we will provide Cybrarians with what we know thus far and will update that information a ... Continue Reading >>

So, to be upfront, I’m not a pentester. But, I wanted to share this info and these videos about the STORM Mobile Pen-Testing Kit, as I find the tool intriguing.   First, I found the following info on the EC Council website: “The Storm Mobile Security Toolkit is mobile training on a versatile, portable Raspberry Pi-based, touchscreen, tailor-made system. It is a customized, customizable*, fully-loaded pen test platform! The Storm comes equipped with a customized distro of Kali L ... Continue Reading >>

As you’ve probably heard, October is National Cyber Security Awareness Month, an annual campaign meant to raise awareness about the importance of cyber security. October is also National Breast Cancer Awareness Month. Understanding the importance of supporting women in the industry (who are largely underrepresented), Cybrary is honoring the community with a change to the logo for this month (pictured above). You will notice that in addition to the traditional mask logo looking more like a can ... Continue Reading >>

  It’s October at last and time to celebrate- not the release of pumpkin spice lattes or the fact that Halloween is around the corner, but National Cyber Security Awareness Month! This annual campaign is meant to raise awareness about the importance of cyber security (as if the numerous breaches in recent months weren’t enough). National Cyber Security Awareness Month (NCSAM) is “designed to engage and educate public and private sector partners through events and initiatives to raise ... Continue Reading >>

Truth: we all want to achieve our goals quickly and effectively! If you’re working, striving to earn your cybersecurity certs and want to have a life, you might need a little support in accomplishing your certification goals with greater speed. Here’s some good news: the Cybrary platform and community not only supports your cybersecurity training needs, they can also help you earn your certs faster. During the last few months, there have been a bunch of posts on OP3N and the blog th ... Continue Reading >>

What is the Cyber Kill Chain? Originally developed by Lockheed Martin and based of the military’s ‘kill-chain,’ the Cyber Kill Chain framework is a model for identification and prevention of cyber-attacks. It maps what steps adversaries must take in order to achieve their objective. This framework is meant to provide insight into an attack and provide analysts with a greater understanding of that adversary’s tactics, techniques, and procedures in order to decrease chances said adversary ... Continue Reading >>

Every infosec professional who has ever argued against the CEH exam may change their minds after this recent announcement from EC Council. The certifying body will be launching a new, fully-proctored ‘Licensed Penetration Tester (LPT)’ Certification at this year’s Hacker Halted. The new LPT certification exam will be delivered as a live test that can be taken anytime, anywhere. With the new, hands-on testing format, EC Council is seeking to address the cyber security skills gap head on in ... Continue Reading >>

Tight on cash? Same here. So, today, I set out to find all the low-cost and no-cost items on Cybrary. After a few searches, I found several posts that highlight free tools, free classes and low-cost study tools. Now, my reading/study lists are set for the next few weeks, months…years 🙂 First, here’s a list of all the free beginner, intermediate and advanced courses and micro courses: Free Beginner Courses Free Intermediate Courses Free Advanced Courses Free Micro Courses   ... Continue Reading >>

What is a bug bounty? A bug bounty program is an initiative offered by many companies and websites that rewards individuals for discovering and reporting bugs, specifically exploits and vulnerabilities. Also called a vulnerability rewards program (VRP), this type of exchange provides recognition and compensation to those who discover the bugs, while allowing the organization to resolve the issues before the general public is aware of these issues, therefore preventing widespread abuse. The conc ... Continue Reading >>

What is Raspberry Pi? Raspberry Pi is a small computer that costs between $5 and $35, but can function as a desktop computer or be used for additional functions, such as building smart devices. Originally, the Pi was intended for usage in schools as a method of increasing interest in computers among children and as a tool to teach them basic coding. The Raspberry Pi Foundation was founded in 2008 by a group of technicians Eben Upton, Rob Mulins, Jack Lang, Alan Mycroft, Pete Lomas, and David Br ... Continue Reading >>

Encryption is everywhere (well, almost everywhere) around sensitive data in motion and, sometimes, sensitive data at rest. Without it, e-commerce transactions, government secrets and electronic medical records – and many other types of data – could not safely exist. Data is a precious resource in the electronic economy and, like every precious resource, it needs perpetual protection. As a member of the Cybrary community, you likely already knew this. Yet, as you continue to build yo ... Continue Reading >>

By now you’ve most likely heard that the Equifax breach has hit 44% of the population in America, not to mention the consumers effected in the UK and Canada. In a statement released by Equifax Inc. (NYSE: EFX), which provides little detail other than to note that the impact of the breach reaches approximately 143 million U.S. consumers, indicates that a compromise “exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the ... Continue Reading >>

Recently, a Cybrary user named “Ryan W.” posted some positive comments about Cybrary on one of our social media sites. I reached out to him and asked if he would share his “Cybrary Story.” Here’s what he wrote (and, no, we didn’t pay him to say all these nice things!). I’m proud to say that I’ve been a member of Cybrary since way back in 2015. I found the site in college when I was searching for free IT courses to build and improve my skills. Cybrary was ... Continue Reading >>

According to Security Magazine, Hackers attack every 39 seconds, with 1 in 3 Americans attacked this past year alone. Additionally, 62% of companies have experienced phishing social engineering attacks, making it one of the top three cyberthreat concerns for 2016. What is social engineering? Social engineering is a method that depends on human interaction and often involves deceiving people into breaking normal security procedures. It refers to psychological manipulation that is typically very ... Continue Reading >>

We’ve been asked many times before whether or not an IT certification is needed to get a job, essentially, what is the value of a certification? Data indicates that certification holders in the IT and security field have greater job opportunities with the potential for higher salaries. Certifications and formal education when combined only enhance this fact. This is not to say that certifications are the only determinant of a person’s skills, but at this time, they are used as a mea ... Continue Reading >>

In the not so distant past, opening doors with a wave of our hand seemed like something you’d see only in a Harry Potter film. Now, with biohacking, this ability has become possible. We are modifying human bodies to meet our technological needs. By embedding a microchip under your finger, you can open doors, unlock your computer, and even make purchases. Visionaries are thinking beyond these simple tasks to a future where keys and credit cards are obsolete. What is biohacking? Biohacking has ... Continue Reading >>

According to Forbes, ITIL was ranked as one of the most valuable IT certifications for 2017, with holders earning an average yearly salary of $103,408. For many, there is a certain sense of mystery that surrounds this certification despite it being the most widely used framework for IT management, implemented by thousands of organizations worldwide including NASA, Microsoft, and HSBC. What is ITIL? Information Technology Infrastructure Library (ITIL) is a set of best practices for aligning IT se ... Continue Reading >>

It is no surprise that as our global reach extends and information is shared across the world, security risks are increasing with the expansion of the attack surface. For this reason, security professionals can no longer take a siloed approach to security. The problem stems from reactions to one threat while the rest of the organization is ignored, leaving those areas vulnerable. What is holistic security? Holistic security is an approach based on systems thinking that considers “how any secur ... Continue Reading >>

Linux has grown into an industry-leading software and service delivery platform that is used for everything from super computers and Web servers to virtualized systems and your Android phone, meaning you will find many IT careers in the current market require these skills. The CompTIA LX0-104 Linux+ certification exam delves specifically into “applications, scripting, and security. This exam covers the different files that the shell uses and how to customize the shell. It also touches on user ... Continue Reading >>

According to Heimdal Security, “Hacktivism accounts for half of the cyberattacks launched in the world.” What is hacktivism? Hacktivism is a politically or socially motivated form of hacking. Deeply rooted in hacker culture and ethics, it is often related to free speech, human rights, or freedom of information. Although hacktivism may seem positive, it represents a subversive use of computers to promote a cause where intent is the driving factor. In some cases, hacktivism can do much damage ... Continue Reading >>

According to CompTIA, the Linux+ certification offers a framework for acquiring working knowledge of Linux for IT professionals working as junior-level system administrators, as well as those working in Web and software development. Successful candidates will have the following skills: Work at the Linux command line Perform easy maintenance tasks including assisting users, adding users to a larger system, executing backup & restore and shutdown & reboot Install and configure a workstat ... Continue Reading >>

Privacy is a topic that the security community can never give too much attention. To. For those with an online presence, it is especially important to consider who has access to your information. One common method for doing so through an encryption method called Pretty Good Privacy (PGP). What is Pretty Good Privacy (PGP)? Developed by Phil Zimmermann in 1991, Pretty Good Privacy is an encryption program that allows cryptographic privacy and authentication for data communication. It is used for ... Continue Reading >>

What is fuzzing? A black box software testing technique, fuzzing is a more refined version of trial and error, used to discover coding errors and security vulnerabilities in software. It involves imputing large amounts of random data, known as ‘fuzz,’ into the target program until one of those permutations reveals a vulnerability. If a vulnerability is found, a software tool called a fuzzer can be used to identify potential causes. Although an older process, fuzzing is used by hackers and d ... Continue Reading >>

CompTIA A+ 220-902 is the second of two exams required to obtain your CompTIA A+ certification. This exam covers installing and configuring operating systems including Windows, iOS, Android, Apple OS X and Linux. It also addresses security, the fundamentals of cloud computing and operational procedures. It tests for the fundamentals of computer technology, networking and security, as well as the communication skills and professionalism now required of all entry-level IT professionals. Each prac ... Continue Reading >>

Since web applications offer data access to customers, employees, and other key groups, they have become a weak link for many organizations. If a hacker gains access, they often have direct access to confidential data, meaning that web application security testing should be a high priority to businesses today. Complete testing of a web-based system before going live can help address issues before the system is revealed to the public. An essential element of testing web application security is u ... Continue Reading >>

Transcender has been providing CompTIA certification training products for over a decade. Their award-winning suite of test prep solutions includes quality CompTIA certification practice exams and handy flashcards for some of the most popular CompTIA certification exams on the market. Their CompTIA training works through realistic exam simulations and powerful study aids, and their training products allow you to learn from the convenience of your own computer—at a pace that’s right for ... Continue Reading >>

Each practice test on our site was designed to prepare you for the version of the certification exam described. So for the Project+ exam, their practice test questions map to the PK0-003 exam, currently offered by CompTIA. According to Transcender, “CompTIA Project+ covers the business and technical project management skills needed to successfully manage business projects. It emphasizes getting buy-in from stakeholders, proper scheduling and budget control. Individuals with 12 months practica ... Continue Reading >>

According to statistics from SecurityIntelligence, “For small and midsized organizations (SMBs), 60% of employees use the exact same password for everything they access. Meanwhile, 63% of confirmed data breaches leverage a weak, default or stolen password.” Passphrases vs. Passwords A password is a string of characters used to verify the identity of a user during the authentication process. They can vary in length and can contain letters, numbers and special characters. On the other hand ... Continue Reading >>

  A few weeks ago, I was talking with a Cybrarian who had an upcoming interview for a SOC Analyst position and wanted some advice on how to best prepare. Aside from the general ‘interview success’ tips I knew offhand, I couldn’t provide much advice tailored to that role. So, I decided to do some research (as I always do) and put my findings into a blog, serving as a resource for anyone pursuing a SOC Analyst career. As a refresher for those unfamiliar, a SOC Analyst works in the Secu ... Continue Reading >>

We’ve been asked whether or not courses alone are enough to pass certification exams. While the videos in our courses provide valuable insight into the material covered on the exam, the questions included in the Transcender material (which are the same products as those offered on the Transcender site, just sold at a discounted price on Cybrary) are mapped directly to the exam, mimicking the types of questions you will encounter as a test taker. You may feel as though you have a firm grasp on ... Continue Reading >>

According to CSO, “Global ransomware damage costs are predicted to exceed $5 billion in 2017. That’s up from $325 million in 2015, a 15X increase in two years, and expected to worsen. Ransomware attacks on healthcare organizations, the No. 1 cyber-attacked industry, will quadruple by 2020.” What is malware? Malware is an umbrella term used to refer to a variety of forms of intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, an ... Continue Reading >>

Capture the flags are just one form of valuable cyber security training that inspire productive competition and serve as an educational exercise for participants. In a security CTF, the contestants may be tasked with securing a machine, conducting or reacting to attacks, similar to those found in the real-world. The first CTF was developed and hosted in 1996 at popular cyber security conference DEF CON. Popular CTF topics tested on at DEF CON have included: reverse engineering, protocol analysis ... Continue Reading >>

I’ve noticed a debate waging across Internet forums regarding the Oracle 1Z0-850: Certified Associate Exam (OCAJP 6) and the Oracle 1Z0-851 Certified Professional Exam (OCPJP 6). Some of the questions raised include ‘What is the different between these two certifications?’ ‘Which is best for me?’ and ‘What is the value of a Java-related certification?’ Of course, everyone has their opinions, but I’ll try to share some of the insight I’ve gained to make your decision regarding ... Continue Reading >>

A buzzword in the cyber security world is ‘SOC Analyst.’ While some are familiar with this role and desire to one day hold this title, many are not sure what a SOC analyst does, or what ‘SOC’ even stands for. I’d like to shed some light on this exciting position, and encourage you to consider this career as you dive into studying security. For starters, ‘SOC’ stands for Security Operations Center. Analysts in Security Operations work alongside security engineers and SOC managers. ... Continue Reading >>

While Cybrary focuses primarily on cyber security education, we recognize that cyber extends into every aspect of technology, including the growing area of software engineering. Many Cybrarians are especially interested in this area of study, which is not surprising, considering the Bureau of Labor Statistics predicts “employment of software developers alone is expected to grow 22% between 2012 and 2022.” So what exactly does a software engineer do and how does one get started down that car ... Continue Reading >>

Gone are the days when being ‘tech-savvy’ was just a ‘nice to have’ trait. Nowadays, as we all know, being familiar with the basic functions of a computer and certain software is essential for everyone from school-aged children to grandma. As I’ve been interacting with users on the site, it seems there is a certain hesitation for those to admit they need to work on the fundamentals, but trust me when I say there is no shame is creating a solid IT foundation. For some, working with Mic ... Continue Reading >>

Children are taught from an early age about the many things in the world that can harm them. Even in a toddler’s narrow world, there are plenty of potential hazards lurking around almost every corner. With growing autonomy, children are then warned about an expanded set of dangers. These range from the dangers of talking to strangers, the need to look both ways before crossing the street, and the inevitable ruin that awaits them if they should succumb to the wiles of peer pressure. And that’ ... Continue Reading >>

Cyber feminism, used to describe the philosophies of a contemporary feminist community whose interests are cyberspace, the Internet and technology, is most likely not a term you’ve heard too often, but it’s gaining traction thanks to women in cyber like Magda Lilia CHELLY (@responsiblecyber). Magda, who describes herself as the Managing Director of Responsible Cyber Pte. by day, and a cyber feminist hacker by night, is the course creator of Cybrary’s newest user- generated course, Advanced ... Continue Reading >>

#wikileaks (but wait, there’s more). At this point, the leaks have become a flood. And speculation is drowning us. This week, Symantec Security researchers have confirmed that the alleged CIA hacking tools exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries, and seem to reflect those of a North American hacking group. Longhorn, as the cyber espionage group is called, uses backdoor trojans and zero-day attacks to target governm ... Continue Reading >>

Last weekend in Dallas the evening calm was shattered by the wail of 156 tornado warning sirens sounding at once. Attempts to turn off individual sirens failed and after 95 minutes of the din, officials mercifully shut down the entire system in a final, desperate act of frustration. A search for a direction in which to point the finger of blame started even while the noise was in progress. We’ll revisit this incident and its actual cause at the conclusion, but it called to mind a category of t ... Continue Reading >>

You won’t pass or fail. You’ll just get some direction. In previous blogs, I offered tips on how to earn specific Micro Certifications, and how to determine which Micro Certifications were best for your career goals. And while making career decisions is a serious matter, I thought of a fun way I could go about offering more help. I’m sad to admit that my inspiration to create this quiz came from Buzzfeed, but after learning I would be in House Stark (Game of Thrones reference) by selecting ... Continue Reading >>

Last week we discussed the Dark Web. Its scope, its architecture, and what lurks (slithers) within its depths. On the flip side, the Dark Web also presents a useful source to mine for cyber threat intelligence. When bricks and mortar criminal types knock off a jewelry store or art gallery they usually attempt to unload their loot on underground markets to avoid detection. These underground markets also provide willing buyers for ill-gotten wares. It’s no different with cyber criminals. Who doe ... Continue Reading >>

If you are an avid reader of 0P3N, chances are you’ve seen a post or two from avid contributor Priyank Gada (@groupflexi). Priyank, who has experience as a forensics expert and penetration tester, frequently makes YouTube videos to share his knowledge. One area he’s extremely knowledgeable in is Kali Linux, which inspired his new Micro Course, now available on Cybrary here. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali conta ... Continue Reading >>

#wikileaks (they just keep coming). You know that feeling you get when your favorite artist continues dropping singles but doesn’t release an album? The same can be felt for Wikileaks, but instead of anticipation, their releases cause anxiety. The latest series of documents from the Vault7 project was released on March 31st.  These documents detail what the CIA referred to as the “Marble Framework.” This framework could obscure text strings within CIA malware so forensic expe ... Continue Reading >>

Cyber Threat Intelligence is a complex topic consisting of a lot of moving parts. It requires a high degree of technical knowledge combined with a healthy dose of paranoia. Staying ahead of the bad guys or simply keeping up with them is a 24/7 job. Threat intel is gathered from a multitude of sources and one place that’s being monitored a lot more now for threat data is the so-called Dark Web. Given this fact, a cottage industry has sprung up in recent years to monitor the Dark Web for signat ... Continue Reading >>

I think it’s safe for me to assume that anyone who’s the least bit familiar with cyber security has heard of Black Hat and White Hat hackers, and even those in between, the Gray Hats. I’d like to expand your cyber lexicon further and introduce you to the newest category: Silver Hats. A “Silver Hat” is a pending trademark that identifies those individuals over the age of 60 that are learning (and sharing) information about cyber security. Cyber security is generation agnostic. T ... Continue Reading >>

IT Acronyms have a tendency to pop up like mushrooms on a suburban lawn after a 3-day rain storm. Even seasoned pros occasionally find themselves stumped by one or two that have slipped past their radar. After learning quite a while back that BYOD didn’t stand for “Bring Your Own Date,” I felt relatively confident that I knew most all of the acronyms associated with mobile computing and mobile security. It was only during the past week that I was disabused of this false sense of confidence ... Continue Reading >>

In the past, I’ve written with a mixture of excitement and hesitation on the topic of Artificial Intelligence (AI). AI is defined as: the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages. My post ‘A Buzzword to Rattle your Brain’ explored with wonderment the concept of deep learning. Then my later post, ‘My Love/Hate Relationship with ... Continue Reading >>

#privacyrules Ladies and gentlemen, start your VPNs. As of March 28th, the House of Representatives and the Senate agreed to repeal the FCC’s recent privacy rules. And while those rules still need President Trump’s likely signature, many are rushing to Google ‘Private network how-tos,’ with VPN subscriptions in the US surging by 239% since Tuesday.  Admittedly, privacy is a sensitive topic and one many are worried about, but before we all reach mass panic, let’s ... Continue Reading >>

The United States Senate voted last week to reverse broadband privacy rules put in place last October requiring ISPs to get consent from consumers before selling or sharing their Web browsing data and other private info with third parties. The vote was split decidedly along party lines with the deciding edge going to the Republican-controlled Senate. A similar result transpired yesterday in the U.S. House of Representatives, again with the edge going to the Republican majority. All that remains ... Continue Reading >>

Register for the April 18th event. Any search of the term ‘Cyber Security Skills Gap’ will return a laundry list of frightening facts about how far behind the industry is in terms of finding and hiring the needed professionals. Those with the desired skills will be able to command high salaries, among other benefits. But for managers seeking the dime a dozen talent, it’s a near impossible task, and often, vacant positions remain vacant, leaving organizations vulnerable to data breaches. O ... Continue Reading >>

The number of robocalls blasted out to American phones during each month in 2016 is estimated to have been 2.4 billion. That number would be high just for a single year, but when it occurs on a monthly basis, then things become insane. And this isn’t a recent development. The practice of robocalling has been around for a while, mainly on landlines, but has now spread to cellular networks. You would think that the government would have stepped in long ago to put a halt to this form of abuse, bu ... Continue Reading >>

#wikileaks (again). Dark Matter may sound like a new sci-fi movie, but it’s actually the latest of the WikiLeaks Vault 7 classified documents shared with the public.These new documents, which build off of this month’s previous leak, describe specifically how the CIA monitors Apple devices.  Developed by a special division of the CIA called Embedded Development Branch (EDB), the agency uncovers attack vectors specific to Apple MacOS and iOS devices, some of which have been used sin ... Continue Reading >>

 Last year (2016) turned out to be a banner year for phishing. According to APWG (Anti-Phishing Working Group), the total number of phishing attacks in 2016 was 1,220,523, a 65% increase over 2015. In the fourth quarter of 2016, APWG saw an average of 92,564 phishing attacks per month, an increase of 5,753% over 12 years. If that doesn’t make your eyes pop out of your skull, then there’s probably little that shocks you. Losses from phishing exploits were estimated to be as high as $5 bi ... Continue Reading >>

As the Cybrary site continues to change, and trust me when I say there are many changes coming (good ones!), the Micro Certification catalog will only continue to expand. In my recent post, I mentioned more certifications geared toward specific vulnerabilities would be coming soon, but in addition to that, we are drawing-in expertise from industry leader’s to contribute courses and certifications as well. You’ve probably already seen Thycotic’s Privileged Password Security certification. N ... Continue Reading >>

The other day, I was reading a ‘Dear Abby’ type blog that focused on ageism in hiring, and I thought that topic specifically geared toward the tech industry would be interesting to explore. Recently, I’ve written a lot about how you can earn skill specific micro certifications and display those skills in a meaningful way on a resume, in an online portfolio, and in-person. As with any ‘advice’ geared post, one always runs the risk of getting hit with the ‘easier said than done’ argu ... Continue Reading >>

This post is a follow-on to the series I began a few weeks back on mobile app development in general and Android coding in particular. It’s also the concluding post in the series. The previous post on getting started with Android development walked you through the steps of installing Android Studio and creating a demo project from sample code. It also pointed you to some online resources for learning Android development and Java and then basically wished you luck. I’d be remiss to leave you ... Continue Reading >>

  #indictments In the ongoing saga over Yahoo’s security breaches, one of which affected over 500 million users, a grand jury has indicted four defendants on charges of computer hacking, economic espionage and other criminal offenses in connection with a conspiracy.  But that’s not even the most intriguing part. Of the four, Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin, Alexsey Alexseyevich Belan, and Karim Akehmet Tokbergenov (try saying those names 5 times f ... Continue Reading >>

It seems that a week doesn’t go by where there isn’t news of a major data breach or intelligence dump. Yesterday gave us something slightly different, but still a variation on the same theme. On Wednesday March 15, 2017 the Justice Department indicted four defendants – all with ties to Russia – for an array of computer and hacking crimes. The fact that two of the defendants are Russian FSB officers makes for an even more intriguing story, but that’s not the angle I’ll pursue in this ... Continue Reading >>

In the blog, I’ve talked a lot about resume tips and emphasizing skills to help you get hired. I realize in doing so that some skills are more visual and creative than others, with everyone from coders to technical writers needing an ideal place to showcase their work. Resumes are necessary of course, and just the first part of the job search, but an online portfolio could be what sets you apart from other candidates. Sure LinkedIn is great too, and I encourage you to include links and samples ... Continue Reading >>

This post is a follow up on a previous bleak one that examined harassment of women in the IT field. And while sexual harassment is a contributing factor to talented women choosing to leave the field and even possibly deterring others from entering it in the first place; it’s not the predominant reason for the dearth of women in IT and STEM fields in general. For that, we must have a look at multiple factors – some of which have an impact during the very first years of a woman’s life. Yes f ... Continue Reading >>

We’ve been asked by many members how other Cybrarians are using micro certifications to learn new skills and further their careers. It’s a fair question certainly, with this concept being so new. Certifications are imperative to a cyber security career, as they have become the standard to prove one’s knowledge on a set of skills.  But micro certifications seem to leave some of you with the sense of hesitation, which is fair. New is often scary. So, I decided to reach out to one of Cybrary ... Continue Reading >>

Gone are the days when frequent travelers for business and/or pleasure were in for a tedious, drawn out process of phone calls and prolonged research to book plane tickets, hotel rooms, and rental cars. Today’s travelers no longer need to make an appointment with a travel agency or rely on a tour operator to see the world. Rather, our devices, from our laptops to our tablets and smartphones give us the ability to make plans to see their world right at our fingertips. Travel has become a “do ... Continue Reading >>

#wikileaks True or false? That’s the question being asked by millions of Americans after Wikileaks released a series of 8,761 documents titled ‘Vault 7,’ which detail the CIA’s cyber spying techniques and capabilities. Big news. Some people are questioning the validity, others are questioning their personal privacy.  The documents, which are being called ‘Zero Year’ by Wikileaks, are apparently the first of many they plan to release. This is especially signi ... Continue Reading >>

Table of Contents: 1. What’s in the vault? 2. Hacking the endpoint is where it’s at. 3. Who done it? 4. Ethical issues.   This past Tuesday (March 7, 2017), the internet’s online library of cool stuff, WikiLeaks, published the first of what it promises to be many more materials related to the CIA’s cyberspying arsenal (or should that be “cyber spying?”).  The site has dubbed this treasure trove of purloined materials “Vault 7.” The outward dismay and deep concer ... Continue Reading >>

Hopefully the answer to the question, “How do I get _________ certified?” is becoming clearer with each post I write. You may or may not have realized that the certification catalog is continuing to grow, with some of the newest certifications, SQL Injection and Cross-site Scripting, falling into the category of vulnerability specific certifications. (If you haven’t noticed, I recommend checking it out here). Knowledge of these attacks is important for both organizations and individuals ... Continue Reading >>

When dealing with a health problem, gone are the days when we had to make many phone calls, ask a lot of questions and then wait for a doctor or other medical professional to follow up with us. Today, when it comes to managing our health, the Internet is our number #1 source of information. Consider this: in a 2004 survey of eight million senior citizens, only 66% said they used the Internet to research health issues. By 2009, that number increased to 24 million. Today, we use the Internet to re ... Continue Reading >>

Several high-profile sexual harassment cases in recent years serve as a reminder how far the tech industry has yet to advance with regard to the fair treatment of women in the workplace. Truth be told, it’s a pervasive problem in our culture that extends well beyond the IT field, however, the problem is particularly acute in IT due to the prominent lack of gender diversity in the field. It would be troubling enough if the problem were limited to discrimination in terms of unequal pay, lack of ... Continue Reading >>

For many students, the approaching of spring means one thing: A rush to attend every career fair and hiring event possible to land that job or internship post-graduation. For professionals, the attendance of career fairs may come on more of an ‘as needed’ basis. Still, it is important to remember the following tips to make your best first impression and land your ideal job. These events typically serve as the first glimpse of companies, giving you a chance to interact with companies and lea ... Continue Reading >>

Not so long ago, when you wanted to pursue any kind of educational experience, you had to enroll in a course, pay your tuition and then commit to a specific time and place for a certain amount of time (e.g., a quarter, semester or academic year) to complete the experience. However, in today’s modern and technology-centered times, there are new and innovative ways to pursue an educational experience as many educational institutions are starting to embrace the concepts of Flexible Learning and ... Continue Reading >>

#outage The annoyance when your Internet won’t load is quite possibly the most irritating feeling of the 21st century. So when the Amazon S3 outage occurred on Tuesday, February 28th for almost 5 hours, both consumers and businesses alike were in quite a mood. S3, or Simple Storage Service, provides hosting for entire websites, app backends, and images. During the outage, those sites and apps were experiencing widespread issues, leading to service that was either partially or fully broke ... Continue Reading >>

Last Tuesday (2/28/2017) Amazon’s AWS S3 web service was intermittently unavailable. S3 (Simple Storage Service) is one of the many web services hosted on the Amazon Web Services platform, AWS. It’s also the most used service hosting everything from the image files used by websites both small and humongous, to database files powering some pretty large e-commerce operations to entire websites and critical data backups for organizations across the globe. In total, it’s estimated that Amazon ... Continue Reading >>

I’ve been on a mission to answer the question, “How do I get _________ certified?” In recent posts, I’ve dove into how to earn the TCP/IP certification and how to best utilize your hard earned certifications on your resume. With new micro certifications being released weekly, it’s important to show users truly how limitless their options are when it comes to learning new skills on a variety of topics. My hope is to make micro certifications more accessible to ensure that as they inc ... Continue Reading >>

It’s now time to roll up our sleeves and get our hands dirty with a little mobile app development. This next post in the series on Mobile App Development will focus on putting things in place for developing Android mobile apps. The last time I had my hands on Android code was over two years ago – a lifetime in technology years. Back then my PC was running Windows 7 and my Android IDE was Eclipse. In the interim, I upgraded to Win10, had it crash hard and was forced to reformat and reinstall ... Continue Reading >>

Coding theory and cryptography are two well-known areas of information security as both are necessary for today’s technology oriented; online-based world. However, many wonder what is the difference between coding theory and cryptography? Essentially, coding theory is associated with error correcting codes. When learning about coding theory, remember these three associated terms: Data Compression: the concept of data compression is about the most efficient way of encoding information so it ta ... Continue Reading >>

#SHA-1 Maybe you’ve heard of it, and maybe you haven’t. But Google just impressed the world again by producing the first successful SHA-1 collision attack ever. And that means it’s officially time for services to migrate to safer cryptographic hashes.  Let’s back up. SHA-1, Secure Hash Algorithm 1, is a very popular cryptographic hashing function designed in 1995 by the NSA as a part of the Digital Signature Algorithm. Similar to other hashes, SHA-1 converts any input ... Continue Reading >>

Before launching into the remainder of the series on mobile app development, I thought it would be instructive to take a look at what Microsoft has been quietly up to with Windows 10 Mobile. The battle for dominance of the smartphone arena ended long ago with Apple and Google leaving with the cup. Microsoft gave it a shot, but in the end was left with a paltry share of less than 1% of the mobile OS market. But like the intrepid, albeit hapless driver in the Cake song “The Distance,” Microsof ... Continue Reading >>

Linux Academy and Cybrary survey 6,000 IT professionals on experiences with micro certification. Results offer insight into learning preferences, certification in the workforce, training costs, and trends. To read the full press release, click here. Continue Reading >>

It seems the title of the previous post in this series threw a few people. I suppose it serves me right for flirting with a click baity title. The point I was attempting to make was that though mobile app development has a lot of allure as a road to fame and riches, the reality is much starker for most aspiring app developers and entrepreneurs. Nevertheless, it’s still a rewarding career path with challenging work and attractive salaries, so if you’re ready, let’s take a deeper dive into ... Continue Reading >>

In my recent post, ‘How to get TCP/IP Certified’ I offered some guidance on how you go about obtaining a certification on Cybrary. I first discussed the three general steps and then turned my focus to the TCP/IP Micro Certification specifically. It made logical sense to then consider what to do with your certification once you’ve earned them. Of course, you should add it to LinkedIn and include them on your resume. That got me thinking, though. Is there a best practice for showcasing certi ... Continue Reading >>

#DNS Someone was really craving fish. That’s the only logical explanation for why an unnamed university’s vending machines and other IoT devices were making seafood-related DNS requests every 15 minutes. This case, which comes from Verizon’s recently released Data Breach Digest is just one of 16 cautionary tales making headlines. It began when the university’s help desk ignored student complaints of slow network connectivity which escalated by the time a senior IT securi ... Continue Reading >>

The allure of becoming rich and famous from publishing a viral mobile app can be pretty strong. A lot of people see mobile app development as the fast track to living the life of a Silicon Valley entrepreneur. Not to crush anyone’s dreams, but a healthy and sobering dose of reality should be the first order of business prior to rushing headlong into mobile app development. Getting the lay of the land is always a wise approach when embarking on a new venture. In that regard, I hope I can provid ... Continue Reading >>

Many of you are probably aware that RSA is currently taking place. Having fomo like me? Twitter is a lifesaver if you are. Still, it’s hard to stay updated on all the juicy things being discussed there. Some of the major topics I’ve come across are: artificial intelligence (of course) and threat intelligence. A conference known for being ‘where the world talks security,’ it also comes with it the release of many reports detailing the current state of security and the internet as a whole. ... Continue Reading >>

Many Cybrarians have been asking the question, “How do I get _________ certified?” There are many resources across the internet that discuss how you can earn various certifications.  I wanted to get specific in a series of blog posts on how you can earn certifications in some of Cybrary’s most popular topics by providing a more helpful, compiled list in the same place you earn those very certifications. Choose your certification based on your current skill level- beginner, intermediate ... Continue Reading >>

What would you say about a job where the primary attributes were only accepting workaholics, where your successes received little notice but your slip ups most likely would cost you your job or worse, get worldwide media attention and you could never let your guard down? Sounds like the job description for an NHL goalie. Actually, it’s the job description for a Chief Information Security Officer (CISO).  And where an NHL goalie is forgiven a boatload of “slip ups” in the way of goals all ... Continue Reading >>

According to a 2015 report from Burning Glass; there were almost 7 million job openings that required coding skills, and programming jobs are growing 12% quicker than average. But, the most important fact we can take away from this report is: fully 50% of programming jobs are not in IT. Hospitals, banks, and manufacturers all have positions that require coding skills. Going forward, programming skills (or your lack of any) will seriously impact your lifetime earning potential. You Should Learn ... Continue Reading >>

#hacked “Hello, Freedom Hosting II, you’ve been hacked.” That’s the message visitors to any of the 10,000 affected websites that were a part of a Dark Web hack received recently. So, it seems Anonymous isn’t afraid to pwn their peers. Talk about a very, very tangled web. The Dark Web is hosted using the Tor network, which is designed to hide the identities of its users. Freedom Hosting II is the server that hosted the Tor pages, and those pages aren’t indexe ... Continue Reading >>

Picking up the thread from a previous post on structured software design and CASE, it’s worth examining some of the major development methodologies and their evolution. Where SA/SD and CASE deal with the process of designing and creating software products, methodologies are concerned with the process of getting them built. They exist within the realm of project management and as such, are concerned with managing a host of entities, not the least of which is people. The human element of a typic ... Continue Reading >>

You turn on the evening news and a breaking report flashes, “Major Data Breach of Huge Corporation, details at 11” and you immediately begin to question, “could this happen to my organization?” In the wrong hands, privileged accounts represent the biggest threat to enterprises and unfortunately are a reality for many companies who are not exercising the right precautions. According to the Black Hat 2016 Hacker Survey Report from Thycotic, 77% of Black Hat survey hackers believe no passwo ... Continue Reading >>

      *Data as of 2/7/17 Data is a beautiful thing. In many ways, it’s almost artistic because it can help us paint a picture of abstract concepts. You may have questions about Cybrary Micro Certifications, ‘who’s taking them and what do they certify?’ We hope this info graph can provide some Incytes into those questions, and help you see how valuable certifications can be. Key Takeaways: Looking at the data, there are 2 main things to focus on. The firs ... Continue Reading >>

The two constants of the universe are death and taxes, however, advancements in life extension and anti-aging research threaten to up end the former. Taxes are eternal and in some cases, literally. Estates and heirs are often hounded by the IRS for the tax obligations of the deceased. In the event that death is eventually knocked from its pedestal, an up and comer is vying to take its place: tax refund fraud. Tax refund fraud has grown from 51,000 cases since it initially surfaced in 2009 to 3 m ... Continue Reading >>

Virtual reality has come a long way from the first primitive 3D viewers.  This technology is now poised to change the way we learn, communicate, travel, and receive medical care. Here are 5 big ways virtual reality is enriching our lives. Education  The world is your classroom when you use virtual reality; why look at 2-dimensional images and video when you can be immersed in the sights and sounds of ancient Rome?  Driver’s education classes will viscerally convey the dangers of distracte ... Continue Reading >>

Android is the Google platform billions of people use on their smartphones.  The origins of Android began in 2006, around the same time that Apple denied it was creating the now ever-popular iPhone. Compact laptops were the hot new item and the tablets of the day looked like a laptop sans keyboard. The smartphones back then were Blackberries and Window’s mobile devices. Compared with today’s sleek, fit in pocket smartphones, these early models were clunky and awkward. Back then, former Appl ... Continue Reading >>

Estimated reading time: 3 minutes Making in impact in one person’s life isn’t difficult, but what about impacting the world? What does it take to have a monumental effect on people? Some may say that kinds words, a new thought/idea, research, greater insight, or even more drastic measures like a revolution are the only ways that we can make a change. Making a difference in the world, no matter the measures that are taken, whether good or bad, all start with a thought, an idea to mak ... Continue Reading >>

#cyberpolicy You’ve heard of the 12 days of Christmas, now post- holiday we’re looking at 60 days of cyber. An Executive Order draft reveals the White House will be calling for swift review of “national security systems” within 60 days of the order being signed. During this time, President Trump says he will “ask for an assessment based on current threats and vulnerabilities and will call for recommendations on how to incentivize the private sector to adopt effective cyber ... Continue Reading >>

Age does have some benefits, though they are sometimes hard to appreciate among the aches and pains and general tendency for complaining about…well, getting older. In some respects, I was fortunate to begin my career in technology in 1980 just when things were getting interesting for that field. It would be more than a decade later before the ‘WWW’ and internet came online, but the foundation was being laid back then for both the hardware and software that would power the next gene ... Continue Reading >>

First things first, if you haven’t yet seen the video from Dr. Phil where the teenage utters the phrase ‘Cash me ousside, howbow dah’ that’s storming the internet, please look it up. Otherwise this blog title makes no sense. And you deserve a good laugh. Okay, now back to business. Recently the 2017 Identity Fraud Study by Javelin Strategy & Research was released. What the report finds, may make your stomach, and your wallet churn. According to the report, the number ... Continue Reading >>

This is the fifth and final post in the series on “How to be an Educated Consumer of Online Information.” I can hear you cheering now. I realize that this series may have seemed like I’ve veered off on a tangent. After all, what does any of this have to do with IT and cybersecurity? As I pointed out in the previous post on social media, malware can take other forms besides what we’re accustomed. Misinformation and disinformation are on the rise and the net effect on society is just as de ... Continue Reading >>

Scams! Some hackers are good at them. Hackers who create phishing schemes often create documents that are realistic and convincing enough to look legitimate; causing even some of the most technologically savvy users to fall for them. That is a “good” scam. Netflix was recently the target of such a scam. Unsuspecting users were sent a link via e-mail which appeared to be from Netflix but when they clicked on the link, they were sent to a fake site and asked for personal information s ... Continue Reading >>

Evolution of human work silhouettes | designed by Vexels Estimated reading time: 3 minutes This week’s history lesson is about communication methods. Let’s start with something that practically everyone uses, the telephone. Invented and patented in 1876 by Alexander Graham Bell, the telephone has since become a part of our daily lives. I’m almost certain that Mr. Bell never imagined that his invention would revolutionize human communication like it has, but without it our liv ... Continue Reading >>

Awhile back, I said that passing a micro certification exam is ‘so easy a caveman could do it.’ And in a sense that still holds true. However, I know many of us have test anxiety, and for some, obtaining a certification is a matter of job security. That’s a lot of pressure. I’d like to think test taking gets easier the older you get, after all, it’s something you’ve done throughout the course of your educational career, probably more times than you can count. It seems instead, the lo ... Continue Reading >>

#filesharing Recently, Dropbox earned itself a new nickname, ‘Dropbug,’ also synonymous with ‘restore files.’ The crowd-favorite file sharing company implemented a bug fix which had corrupted the metadata of their files. This resulted in the files being “quarantined” rather than deleted.  So while you may have thought your folder containing embarrassing love letters to an ex was gone, not the case. Several Dropbox users have said folders they deleted as far back a ... Continue Reading >>

This next to last post in the series begun a few weeks ago on “How to be an Educated Consumer of Online Information” covers the vast topic of social media. It’s so vast in fact, that apart from a general overview of this particular communications channel, I’ll only be able to discuss Facebook and Twitter in any detail and it will be just skimming the surface at that. However, social media and what it offers and how it’s used has evolved substantially in just the past few years. Throw i ... Continue Reading >>

The other day, I took to Cybrary’s search feature in hopes of finding information on an inventor of the RSA public-key cryptosystem, and when nothing turned up, not only was I utterly disappointed, but it made me wonder why we do not dedicate more of our interest to influential individuals within the field of cyber security. It also made me wonder why there are so many ‘household’ names in the general tech industry, but so few it seems, in cyber security specifically. The person I’m refe ... Continue Reading >>

The Seinfeld comedy series is famously referred to as “a show about nothing.” Though many of its episodes revolved around mundane incidents from the main characters’ lives, there usually was a profound message that resonated with many viewers simply because many of the events are so recognizable. On some level, most people could find something to relate to in the show whether it was “shrinkage,” “man hands,” or “serenity now,” there was usually something for everyone. A memorab ... Continue Reading >>

  Have you ever stopped to think about historic events or “history” as a whole? It can be overwhelming to realize that so much happens every day. If you think harder, there are 24 hours in a day [duh] (that’s 1440 minutes if you want to get specific), and 365 days in a year (that’s 525,600 minutes per year). So what are we doing now? Is it worthy of adding to “history”?  Let’s take a look at some notable events that occurred on January 21st, startin ... Continue Reading >>

  #threats Today, January 20, 2016 the 45th President of the United States, Donald Trump, will be sworn into office. While many opinions surround the recent election and overall political landscape, none have been more threatening than those from the collective group Anonymous.  Prior to the election, Anonymous vowed to take Trump down, declaring ‘total war,’ and although it appears these are idle threats thus far, they have continued to intensify as Inauguration Day drew clos ... Continue Reading >>

Hey hey everyone we’ve published another podcast this month. On this episode we talk about Microsoft’s new privacy dashboard, and a lot of ransom happening in the cyber world. You can listen to our podcast on CyDefe.com, watch our raw video at https://www.twitch.tv/cydefe. Story Links http://www.securityweek.com/microsoft-launches-privacy-dashboard http://thehackernews.com/2017/01/mongodb-database-security.html?m=1 https://bugcrowd.com/netgear http://thevalleystar.com/valleys-pays ... Continue Reading >>

When we talk about cybersecurity, for the most part, we are talking about the protection of systems and information from threat vectors such as: cyber espionage, cyber warfare, cyber terrorism, cyber negligence (looking at you Sony). In their most troublesome form, these threats take aim or point at military, secret, political, or infrastructure assets of a country and its people. It is the most vital part of any government or particular organization’s security strategy. In other words, it pro ... Continue Reading >>

A lot of effort goes towards securing networks and the resources they host, but when it comes to the seven layers of the ISO OSI stack, it’s the application layer where a lot of the trouble begins and ends. Gartner places 90% of the blame for security vulnerabilities on the tippy-top layer (7). This highly-vulnerable top layer provides the low hanging fruit that criminals and other bad actors love to target. The onus is now on developers and everyone responsible for building, testing, and rele ... Continue Reading >>

327 new threats every minute. More than 5 every second. That’s the state of the world’s threat landscape according to Avecto. As you can probably guess, the challenge for organizations and their dedicated cyber security teams lies within the sheer volume of threats and being able to keep up with those threats. According to the Ponemon Cost of Malware Containment report, “16,937 alerts are created per week on average, but just 705 are investigated.” That means 16,232 are forgotten about. ... Continue Reading >>

Back in the old days (pre-internet), writing research papers for school was an arduous task. The process began with badgering my poor mother into dropping me off at the public library and then returning several hours later to retrieve me. My badgering was often at a fevered pitch since I’d usually wait until the day before the paper was due to raise the matter. Looking back, it’s no small wonder that my mother made the effort to retrieve me from the library after dropping me off. Things only ... Continue Reading >>

You heard right! We finally have an app for iOS. Yes, the long awaited and severely overdue iOS app is now more than a dream. And, for those of you who use Android, we didn’t forget about you. We created an all-new app for android to match 1 for 1 the iOS app. Don’t worry though if you have the old app. It will continue to be available on the Google Play Store for the time being. You can download the Cybrary Android and iOS mobile apps (and please do download them!), but KEEP IN MIN ... Continue Reading >>

  #hacked (again). Someone’s flexing their cyber muscles. It appears as though the recent attack on a Ukrainian transmission facility points to a person or group using the country as a trial for refining attacks on critical infrastructure that could be used across the world. Because practice makes perfect, right? The first attack against one of the nation’s distribution facilities was conducted in December 2015 and affected 230,000 people. This recent outage struck almost one y ... Continue Reading >>

A topic we hammer on often and hard here at Cybrary.it is the critical shortage of Cybersecurity professionals and the growing demand for them. Guess what? Things haven’t changed and the shortage and corresponding demand only continue to increase at a rapid clip during 2017 and beyond. We could probably make the same post week after week with a few tweaks and it would still be highly relevant. However, things are a little different heading into 2017, not the least due to some rather high-profi ... Continue Reading >>

“Never trust, always verify” is shifting from the adage of crazy girlfriends everywhere to the motto of cyber security experts across the globe. The Zero Trust Model of cyber security is one that focuses on the belief that both internal and external networks cannot be trusted.  A term originally coined by Forrester Research, “Zero Trust,” is a data-centric network design. It puts micro-perimeters around specific data or assets so that more-granular rules can be enforced. “With ... Continue Reading >>

Awhile back I had made a prediction in the blog ‘Palm Reading: How Hackers Steal Data from the Palm of your Hand Via Mobile Applications’ that mobile applications will become hacker’s target of choice in 2017. I decided based on some further research that it is not just mobile applications that are at risk, but mobile devices in their entirety that are in danger. Mobile devices are the target because of their many nuances. Hackers can gain access to app data, and can also manipulate the mi ... Continue Reading >>

The writing has been on the wall for a while now for brick and mortar retailers. Growing pressure from online shopping sites has been taking big chunks out of their revenue year-over-year. Stalwarts of the department store industry have either gone out of business or drastically cut back on the number of stores they operate. Macy’s recently announced that they will be closing 100 stores and laying off 10,000 employees. Their holiday revenue was down 2.1% during November and December 2016. An a ... Continue Reading >>

Every day holds significance to someone, but today is special to us because of Microsoft. Founded in 1975, Microsoft is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.” – Microsoft News With a great mission that Microsoft has surely lived up to, they – with the help of ext ... Continue Reading >>

  #digitalcurrency While playing the Stock Market may not be for you, you may want to reconsider when it comes to digital currency. The worth of Bicoin is on the rise, with it’s value surpassing $1,000 for the first time since November 2013. “Who wants to be a mystery Millionaire?” except instead of Regis Philbin asking, it’s users of Bitcoin. Bitcoin is a universal, internet currency that can work on any computer or mobile phone and does not require a credit card, ... Continue Reading >>

Hey hey everyone it’s been some time since our last post on here and since then we’ve had a few new episodes come out. Check out the links below to listen to our latest content. We streamed our last podcast recording live at https://www.twitch.tv/cydefe and we will continue to stream all of our podcasts live. If you want to find out the time and date of our next recording follow us on twitter @cydefe for updates. Episode 24 The with JP Bourget On this episode we discuss a USB kill ... Continue Reading >>

(Google Logo by Google Inc. (google.com) [Public domain], via Wikimedia Commons.) –This is the second in a series of posts on the topic of how to be an educated consumer of online information. Most online information searches begin with Google, so it only makes sense to kick off the in-depth portion of this series with a bit about the “Big-G” and how to get the most from it. Google certainly isn’t the only search engine on the block, but with a 64.5% market share, it might as well be ... Continue Reading >>

Recently, I was reading a blog post about all the hot Christmas gifts for 2016 and their inherent vulnerabilities. Of course, there were the usual suspects like computers and mobile devices, but more IoT devices crept onto the list, including smart holiday lights that can be turned on and off via an app. Also included in the list, fitness trackers. And then it struck me how little attention I would think we give to these devices from a security standpoint. On Christmas Day 2015, Fitbit’s a ... Continue Reading >>

As we enter a brand new year filled with both hope and more than a fair degree of trepidation, it might be worth taking a moment to review how to be wise consumers of online information. This seems particularly urgent in the “post-facts” world that we find ourselves in after a US presidential election that was shockingly devoid of facts. It also gave rise to Fake News, something that’s actually been around for a while, but rose to the fore as a strategy (weapon) during the past election cy ... Continue Reading >>

How many times have you opened the Amazon app to buy a book and ended up with a slew of products you never intended to purchase in the first place? If you just nodded in agreement, then you, like me, have a love/hate relationship with the ‘magic’ that is Amazon.  Let’s face it, their site seems to know what we need or want before we even know ourselves. It’s a awesome source to find reviews, comparison shop and the user interface is just great. Then, there’s the wide list of features ... Continue Reading >>

  #criticalvulnerabilities If there was a book of critical vulnerabilities across the Internet, it’d be longer than the Bible. The latest discovered in PHPMailer by Polish researcher David Golunski, is one that affects multiple popular, open-source web applications. Probably one of the biggest vulnerabilities to be recognized in recent news, PHPMailer, an open-source PHP mailer used by over 9 million people worldwide to send emails. Aka, we’d let them sit at the cool kids tabl ... Continue Reading >>

In general, encryption is a good thing and the stronger the better. Protecting data both at rest and while in transit is a recommended security best practice of which you should be aware. But when you discover that all the files on your computer have been encrypted with 2048-bit AES encryption and you had nothing to do with it, then it’s another matter entirely. If God forbid, you should ever have this happen to you, then there’s a good chance you’ve been a victim of ransomware. In this po ... Continue Reading >>

In light of recent recognition of the Technical Project Management Skill Certification test’s popularity, I decided it may be wise to provide a closer look at how someone in a role such as this functions, and if making a transition into a similar position is right for you. Likewise, a recent post of mine listed project management as a top skill for 2017 as cited from various job portals like LinkedIn and Dice, so highlighting your traits to reflect this desirable skillset will be beneficial as ... Continue Reading >>

I’d like to propose an idea. I want the title of ‘Cybrarian’ to become synonymous with the term ‘learn-a-holic.’ What’s a learnaholic? As the name implies, it’s someone addicted to learning. But not just learning in a general sense, rather someone who is so utterly excited by the idea of gaining new wisdom and imparting it on others or using that wisdom to expand their mind beyond an expected capacity that they will take advantage of any tool available to them. Cybrary is an exampl ... Continue Reading >>

Remembering passwords has become a necessary annoyance in the Digital Age. We resort to using birth dates, pets’ and children’s names, and easily-remembered numeric sequences like ‘1234’ or ‘666’ (if you have a Satanic bent). The more creative among us will combine the aforementioned strategies into passwords that would take even the most determined hacker eons to crack such as ‘s&sie1015k*m.’ Okay, I joke, but you get the point. We’re only human, and frankly, who is discip ... Continue Reading >>

Being it’s the Thursday before Christmas I thought a somewhat less technical post was in order to get us in the Holiday spirit. It would also be a good opportunity to clear up an issue that’s been nagging me for a long time: what is the proper spelling of cybersecurity? I’ve seen it spelled as a single word (my preference), as two words, and occasionally even hyphenated, which hurts my eyes. It’s an editorial issue for those that obsess over such things, mainly writing geeks, but it has ... Continue Reading >>

  #methbot Slow clap for fraud-prevention firm White Ops who discovered the biggest digital ad fraud ever, lovingly dubbed ‘Methbot.’  This may sound like a bad dream, or just another episode of Breaking Bad, but Methbot, a ‘robo-browser that spoofs all the necessary interactions needed to initiate, carry out and complete ad transactions,’ has been making hackers 3-5 million PER DAY since its inception. These alleged Russian hackers, part of the cyber criminal gang ... Continue Reading >>

As the clock ticks down to midnight on December 31st and signals the end of 2016, a year that’s been the center of a slew of ‘worst year ever’ memes and remarks across the internet, it is also a reminder of the predications and resolutions being made around the world. So before you raise a toast, consider what 2017 could bring in the realm of cyber security.  I’m sure you’ve skimmed through the mass amounts of articles, ‘Top Cyber Security Predications for 2017,’ like I have. The ... Continue Reading >>

Were you the kind of kid that loved to take stuff apart to see how it worked? As an adult, are you constantly coming up with suggestions for how things could be better-designed and built? Do you have a pit bull-like tenacity for making sure that problems are acknowledged and resolved? If this sounds like you, then you may be ideally suited for a career in Software Testing. It’s a broad field and is part of the broader field of Quality Assurance. And you know what’s even better? It’s possib ... Continue Reading >>

Being that I’m new to cyber security, I can’t help but gape at the number of ‘hacks’ I hear about on an almost daily basis. The other day I read an article on a KFC rewards program in the UK whose members were hacked. There were a lot of corny puns and I thought to myself “not even the chicken is safe.” The truth is, it’s no joking matter. And just because only username and passwords were what was compromised in this case, our tendency to reuse both for other accounts is what makes ... Continue Reading >>

  #cybercriminals Small victory dance from around the world- an international operation uncovered teens connected to DDoS cyber attacks.  Who says Generation Z is lazy?! Of the 101 watch-listed and 34 arrested suspects, the majority were under the age of 20. The teens are a part of the illegal ‘DDoS for Hire’ facilities where they paid for cyber attacks of their choosing, consisting of the use of tools such as: stresser and booter services. What does this operation mean for th ... Continue Reading >>

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are currently hot topics in the cyber security space and for good reason. Threats and exploits aren’t slowing down and the pressure is ramping up on organizations to do a better job in securing their IT infrastructure. This is a good thing. Too many organizations have been asleep at the switch for too long when it comes to IT security. IDSs and IPSs aren’t magic bullets, but they’re additional bricks that can be used ... Continue Reading >>

  http://traffic.libsyn.com/brakeingsecurity/2016-049-amanda_berlin_the_art_of_the_sale_decision_making_trees.mp3 “Always Be Closing” is the mantra that Alec Baldwin’s character “Blake” intones in the movie “#GlenGarry #Glen #Ross”. Ironically, the film about 4 men selling was a failure in the theaters. A lot of times as #blue #teamers, we find ourselves in the sights of a #sales person, or often enough, we are inviting them into our conference roo ... Continue Reading >>

Once upon a time, I worked as a recruiter for a telecommunications company. And I believe that while your interview skills are incredibly important, one’s resume is truly the ‘key to the kingdom’ of sorts. After all, if you can’t get through the door at a company, then your interview skills are essentially useless. Trust me when I say having looked at countless resumes, there are a lot of pain points which prevented me from picking up the phone and giving that person the initial chance. ... Continue Reading >>

There are some things in life that were simply meant for each other: peanut butter and jelly, snow and Christmas, and Friday night and pizza. In the case of pizza, it goes well with pretty much anything, especially cold beer. When it comes to the art of pentesting, the first ingredient is a target loaded with vulnerabilities. Check. It then helps to have an OS that is custom-made for pentesting and loaded to the gills with tools and utilities. Check, again! That OS is Linux. Linux was a godsend ... Continue Reading >>

I have a confession to make. I always want people to think I’m smart and trendy. People who are both smart and trendy, typically know what’s going on in the news, their industry, what’s new with pop culture, anddddd they’re well read. But the truth is, I just don’t have the time to dig through every news outlet there is, or scroll through all the funny cat videos on Facebook, to make myself seem more informed than I really am. Not to mention the fact that I’m sometimes lazy. And, as ... Continue Reading >>

What is NIST? The National Institutes of Standards in Technology (NIST) dates back to 1901. The United States Congress originally founded NIST as means to combat and issue with competition in the US during that time. Back in the day, the infrastructure in the USA was very poor and lacked the strength of countries such as Germany and the United Kingdom (UK). Today, NIST plays in role in setting the standard for numerous technological products and services from the smart electric power grid to c ... Continue Reading >>

  #deeplearning Fortune 500 Companies have a new secret weapon against cyber crime: IBM’s Watson for Cyber Security.  This overachieving supercomputer uses machine learning and language processing to sift through vast amounts of data, both structured and unstructured. As Watson distinguishes patterns, it is able to apply context to those patterns, helping professionals identify if activity is harmful. The best part? Watson’s technology spans across industries and among those c ... Continue Reading >>

The most enduring principle of detective work is Locard’s exchange principle. Developed by the father of Forensic science, Dr. Edmond Locard (1877-1966), it states that a perpetrator of a crime will both take something from the scene of the crime as well as leave something behind. Whether a fingerprint, a cigarette butt, a bloody glove, or the murder weapon itself as in the literal “smoking gun,” most criminals slip up and get sloppy in the commission of their crimes. Fast forward over one ... Continue Reading >>

Do you remember the Geico marketing campaign from a few years ago featuring cavemen with the slogan, “So easy a caveman could do it”? The driving message of this snarky humored campaign was that getting insurance is so, so easy, why wouldn’t you do it? My message is the same. And while I’m not calling you a caveman, I am saying that taking Cybrary’s skill certification tests is simpler than you may think, so why not at least try?  I like to believe that I am an expert at a lot of thin ... Continue Reading >>

Not long after the Internet and World Wide Web were unleashed on the public, plans were already underway to increase the potential pool of IP addresses available for allocation. The version of the IP protocol standard most in use today, IPv4, was released way back in 1981 and deployed in 1982. This version is a 32-bit protocol with 2^32 possible addresses. That’s over four billion possible IP addresses. Back in the early 1980s, that seemed like more than we’d ever need, but by 1998 the Inter ... Continue Reading >>

I’ve got a buzzword for you. ‘Deep learning.’ Perhaps you’ve heard of it, or maybe not. But if you’ve been following the IoT trend like I have, you’ll hear its praise there. Deep learning is a branch of machine learning, and the one you can thank for improved voice search on smartphones and better image recognition across the internet. The concept is based on a set of algorithms that attempt to model high level abstractions in data by using a deep graph with multiple processing layer ... Continue Reading >>

When we hear about cybercrime and hacking exploits we tend to immediately assign blame to the usual suspects: the Russians or the Chinese. Next in line are hackers from other Eastern European countries formerly part of the Soviet Union such as Romania and other satellites. Increasingly, cyber “bad guys” from Russia are hogging most of the press attention. Cyberattacks on computer systems at the DNC and the trove of confidential US government information delivered to WikiLeaks have bo ... Continue Reading >>

Today, I’m a psychic. And my prediction for the upcoming year is this: Mobile applications will become hacker’s target of choice. According to Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices, “The average organization tests fewer than half of the mobile applications it builds, and 33 percent of the surveyed companies never test their apps.” Not only is the lack of testing an issue, but th ... Continue Reading >>

The age-old battle of supremacy between PC and Mac users dates back to the introduction of the first Mac back in 1984. I jumped on the Apple bandwagon back then with a purchase of the original Mac 128k machine. I loved it and the MS DOS machines I was using at work couldn’t hold a candle to my smiling Mac at home. But peer pressure from colleagues at work and the sky-high cost of outfitting my Mac with peripherals and software drove me back into the PC camp where I’ve remained ever since. Ov ... Continue Reading >>

Being that it’s Black Friday, I thought it only fitting to revisit the infamous Target Security Breach of holiday shopping seasons past. For Cybrarians, there’s a lot to take from the case, particularly in the area of pentesting and fundamental network security best practices. And finally, there are the painful lessons of the high cost of being lax and basically clueless when it comes to protecting your organization’s most valuable assets: money and the public trust. The breach occurred be ... Continue Reading >>

Even though the average person might not be aware of it, software is everywhere in our daily lives. Everything from online transactions, buying a smartphone, to driving a car involves software. As consumers, we assume and take for granted that the software used to take care of things in our daily lives will not only work as we need it to, but that it is safe. But this is the reality? Disturbingly enough, software programmers are often asked to perform illegal and unethical tasks that can have s ... Continue Reading >>

Dust off your comic books, Superman is back. Imagine this: In the latest issue, Superman sets up a secure perimeter around Metropolis. Or at least, he thinks it’s secure. While he’s leading his other life as Clark Kent, Lex Luther takes advantage of his accidental neglect to breach the boundaries Superman has set up, destroying the lives of millions in Metropolis and planting a heaping amount of Kryptonite for Superman to return to. The moral of the story? Just because a company has set-up d ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-046-Black_Nurse_buenoware_IoT_pwnage.mp3   This week, Mr. Boettcher found himself with an interesting conundrum concerning what happened when he converted a Windows DOCX file to a PDF using a popular #PDF converter software. We discuss what happened, how Software Restriction Policy in Windows kept him safe from a potential malware infection, and about the logging that occurred. After that, we discuss some recent vulnerabilities, like the Black ... Continue Reading >>

There are currently 2 billion smartphone users in the world. These users have amassed over 268 million downloads. It should then come as little surprise that cybercriminals have turned their attention to attacking mobile devices and the users to which they’re attached. Mobile devices infected with malware currently stands at 1.12% as reported by IBM Trusteer. This malware infection rate has drawn equal to PC infection rates. These figures clearly indicate that there must be money to be made pr ... Continue Reading >>

My Kindle is my best friend. There I said it. And if you’re like me then chances are you want to soak up every ounce of knowledge you can when it comes to the topics you love. Books are a great source for that, and expanding your interests to the furthest corners of the industry will only help you become a more well-rounded learner. Whether you’re an expert in cyber security or just getting started, hearing the story behind why your skills are needed is just as valuable as learning those ski ... Continue Reading >>

The following statistics are very sobering and disturbing: More the 80% of US-based companies have been hacked This number includes major companies such as Target, Sony, and Home Depot These incidents caused consumer’s sensitive personal and financial information to be exposed, making millions vulnerable to things such as identity theft and tax fraud (to name only two of many possibilities) Cyber crimes continue to rise and cost an estimated $445 billion worldwide With increasing techn ... Continue Reading >>

A certified ethical hacker is a computer programmer hired by a business to attempt to break into a computer system with the purpose of discovering vulnerabilities and other things a malicious hacker could potentially exploit, resulting in significant damage. Ethical hackers use the same methods and programs as their harmful counterparts but instead of using them to cause problems, ethical hackers take copious notes and document everything. This information is then used to evaluate the security o ... Continue Reading >>

According to US News and World Report, software developers enjoy a median salary of $95,510 annually. In addition to this higher than average salary, the unemployment rate is very low (about 2.5%) and people in this field enjoy a nice work-life balance. It is a constantly changing, ever evolving field. Given all the positive aspects surrounding this field, it is no surprise that people are interested in what it takes to obtain a position in this ever-growing and lucrative field of cyber security ... Continue Reading >>

You probably opened this blog because you thought I’d be making a lot of drug references. Sorry, but I’m fresh out of Adderall. I do want to talk to you about addiction, and not as a disappointed parent. If I’m lucky, by now you’ll have read my blog on CPE. Hopefully, it has you fired up about the endless possibilities of learning for free and having the certifications to back your knowledge. But, if you’re like me, and fairly new to the cyber security industry, or the IT industry in g ... Continue Reading >>

With today’s modern and sophisticated technology such as slim and fast laptops, smartphones, tablets and programs such as Skype and FaceTime, today’s employees are no longer married to the five day, 40 hours a week of being in the office, working at a desk. Rather, they can have the flexibility of working from home, sometimes even as a full time set up because these days if your company is based in LA but you live in New York City? No problem! Simply telecommute. According to Nemertes Resea ... Continue Reading >>

A DOE contractor feeling the pressures of rising debt attempted to sell stolen uranium parts to agents of a foreign government. A government researcher who experienced a hostile work environment accessed a secured facility and intentionally left 4,000 biological samples to thaw resulting in a $500,000 loss to the project and setting it back months. And then there was the case of the IT contractor working for the NSA who absconded with a trove of classified data exposing the inner workings of the ... Continue Reading >>

Let me start by asking you a question. What is your education worth to you? If your immediate thought was, well, not too much, then let me ask you another question. Would you be willing to spend about 40 minutes to learn a whole heck of a lot and get the certification to back what you just learned? Maybe you’d rather spend that time watching 2 episodes of The Office instead. Or maybe, your education means a heck of a lot, but you don’t see the added value of the certification itself. That’ ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-041-Ben_johnson.mp3     Ben Johnson from Carbon Black has been around the industry for a good while, and has seen a lot of ugly things in our industry. Ben had written a recent blog post (https://www.carbonblack.com/2016/08/12/benvlog-3-negative-forces-driving-security/) detailing the issues that seem to plague many companies and many people in the infosec community. We talked about these issues in depth, and how companies and even the em ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-045-aamir_lakhani-the_dark_web-creating_reputation.mp3   Mr. Boettcher and I met Mr. Aamir #Lakhani at DerbyCon this year, and immediately intrigued with his work on the Dark Web. He has assisted with law enforcement investigations, a known member of the dark web, to the point where people with #malware or bots will seek him out in an effort to ‘legitimize’ their work, similar to how being reported on by #blogger/#journalist Brian ... Continue Reading >>

Each holiday shopping season has a must-have gift item. Holidays past had their Cabbage Patch Kids, Mighty Morphin Power Rangers, and Legos as perennial favorites. Holiday 2016 is shaping up to have several contenders, but no clear favorite has yet emerged. At least Pokemon characters are in the mix coming off the summer craze the Pokemon Go app created. But what is emerging as an unexpected – and unwelcome participant in this holiday season, not too unlike the Grinch – are counterfeit mobil ... Continue Reading >>

The US Presidential Election, which took place on November 8th, 2016 was unprecedented and will likely go down in history as the biggest political upset of all time. Former Secretary of State and First Lady Hilary Rodham Clinton ran against billionaire New York businessman Donald Trump. Polls and news outlets all over the country and world all predicted a victory for Clinton but around 3am Eastern Daylight Savings time on November 9th, 2016, Donald Trump was declared the winner. After a controve ... Continue Reading >>

Exploding lithium ion (Li-ion) batteries in hoverboards made in China last holiday season and more recently, exploding batteries in Samsung’s Galaxy Note 7 phones has raised awareness – and paranoia – over this battery technology. It’s a technology that’s been commercially available for 25 years, so why the rash of explosions all of a sudden? That’s what we’ll investigate in today’s post along with what the future holds for rechargeable battery technology. First, I should point o ... Continue Reading >>

Managing the sheer number of alerts that get raised by incident response systems on a monthly basis has reached the point of overwhelm in many organizations. For the most part, it’s reached the point where InfoSec professionals have been forced to dial back the sensitivity of detection systems or simply ignore a large percentage of alerts according to a recent survey cited by DarkReading.com. Attempting to manually review log files and threat intelligence quickly succumbs to the “Mongolian H ... Continue Reading >>

I thought it might be both interesting and challenging to examine the recent revelation about the newly discovered emails on Anthony Weiner’s laptop. Emails that the FBI feels may be pertinent to the Hillary Clinton Email case. It should be an Interesting topic for Cybrarians taking any of the courses here on Cybrary.it dealing with computer forensics, not to mention challenging in terms of keeping politics out of the discussion. I’ll attempt to do my best to deliver on both scores. FBI Dire ... Continue Reading >>

LinkedIn.com recently reported a spike in job applications for October 2016. At the same time, they revealed their Top Skills of 2016, an annual list of skills employers need most. If that weren’t enough, LinkedIn.com broke things down on a global scale and included top skills across 14 countries. I suppose if you’re so inclined, you could consider a relocation to find the ideal fit for your skill set and lifestyle preference. Thanks, but I was only interested in top skills in the U.S. It is ... Continue Reading >>

Introduction Learning is a tricky thing. Research suggests 3 primary learning styles: auditory, visual, and tactile. Each person is different in the way they learn, and each technique offers various suggestions and strategies to optimize the learning experience. The Cybrary Team spent the past few weeks researching these learning styles and found something truly fascinating, all 3 styles recommend the use of Flashcards. Sifting through research paper after research paper it became abundantly cl ... Continue Reading >>

Friday morning October 21, 2016 didn’t get off to a good start for me. Shortly before 9 am EDT I was attempting to make an online purchase using PayPal as my payment processor of choice. When I clicked the “Submit” link (the button graphic wasn’t displaying), my browser spun its wheels for a few seconds and then tossed up the dreaded 404 “server not found” error page. My first thought was that PayPal was undergoing a DDoS attack. It made sense considering all the shenanigans that hav ... Continue Reading >>

Elon Musk, CEO of Tesla Motors, recently announced that all the electric cars coming off Tesla’s assembly line will now be equipped to be full-on autonomous. It appears that the quest for truly self-driving cars – ones where you don’t have to sit in the driver’s seat anxiously hovering over the wheel in case human intervention is required – is upon us. This next generation of autonomous vehicles from Tesla will be outfitted with an impressive array of gear. Eight surround cameras will ... Continue Reading >>

When it comes to IT certifications most would agree that the “Big-3” essentials are CompTIA A+, CompTIA Network+, and CompTIA Security+. From there, a few specialized certs along the lines of Cisco CCNA, Linux and Microsoft certifications as well as a few other vendor and technology-specific certifications, are a good bet for adding the next layer to your certs portfolio. A solid collection of technology certifications in combination with hands-on experience is a good recipe for making you m ... Continue Reading >>

We’ve all heard the scare stories about how hackers will one day successfully launch a power grid attack in the US. You may have even tried to imagine it by comparing it to something you can recall from recent history such as the infamous Northeast Blackout of 2003. A cascading series of calamitous events caused a large swath of the northeastern United States and portions of southeastern Ontario to lose electrical power. It created an evening commuter nightmare in New York City and forced many ... Continue Reading >>

  To get you prepared for our newest addition, the “Incident Response and Advanced Forensics” course, we’ve put together this little list of Incident Response topics just for you! Let’s dig in, shall we? Intro to Incident Response Intro to Forensics IR and Business Continuity Overview Security Incident Response Types of Incident Response Major Issues Facing IR IR Procedures Top 0P3N Topics in Incident Response OWASP Top 10 Guidance for Incident Response Access all of ... Continue Reading >>

Groups with ominous-sounding names such as Lizard Squad, Team Poison, and the Armada Collective are making a virtual killing from cybercrime. But the attack surfaces they target aren’t what you may have come to expect. Rather than going after financial and banking platforms where more challenging safeguards and harsher penalties are in place, these enterprising cybercriminals are exploiting relatively virgin territory where defenses and even criminal prosecution are almost non-existent.  To m ... Continue Reading >>

Cast your vote for the 2017 Cybersecurity Excellence Awards, here! The need to increase awareness around the importance of cybersecurity is being championed by an increasing number of organizations and among them is the Department of Homeland Security (DHS).They have even designated the month of October as National Cyber Security Awareness Month. In a similar vein, the annual Cybersecurity Excellence Awards has been established to recognize products, companies, and individuals that demonstrate e ... Continue Reading >>

The ITT Technical Institute (ITT Tech for short) announced on September 6, 2016 that it was immediately ceasing operations and closing all of its campuses. Less than two weeks later, on September 16, 2016, ITT Tech filed for bankruptcy protection and so ended the run of the oldest for-profit educational companies in the United States. The ITT Tech closing left 8,000 people suddenly without a job, but perhaps more troubling; it deferred, or in many cases, crushed the dreams of tens of thousands o ... Continue Reading >>

What if I were to tell you that during the stone age of computing (1940s) women dominated the programming profession? You might have a difficult time believing me if you were to look around and observe the gender imbalance of women in tech today, but during WWII, it was women that “manned” the frontlines in the computer programming arms race. The first electronic computer was named ENIAC. It was a project begun during WWII and it literally filled an entire room. The mission was to build a � ... Continue Reading >>

The National Cybersecurity Awareness Month 2016 is entering its 13th year this October. Founded in 2004, it is co-sponsored by the United States Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) to put the focus on the threats that exist online and the vigilance we all must assume to protect ourselves when navigating the perilous terrain of a connected world. These threats are even more acute with ever-increasing data breaches and cyber-attacks that seem to o ... Continue Reading >>

We’d like to invite you to OWASP’s 13th Annual AppSecUSA Conference taking place in Washington, DC, October 11-14. The event is comprised of two days of training sessions followed by a two-day conference where software security leaders, researchers and technologists discuss cutting-edge ideas, initiatives and technological advancements to secure web applications. This is also an opportunity for C-level executives focused on improving the security posture of their organization to discuss key ... Continue Reading >>

In a day and age where everything is online, it makes sense to use email; but why is it “a dying media”? Before I answer this question, have you ever wondered why people don’t use email? Well, one reason is all the junk or “spam” as people call it. No, not the food popular in American culture, but the kind literally NO ONE wants to take a bite of.     The second, not as obvious reason, is that it can be a bit inconvenient to use. I mean, with everything on phones and other mo ... Continue Reading >>

On this episode we discuss password leaks from Last.FM and Opera browser. You can check it out on our website www.cydefe.com or on youtube We are also doing a Qwertycards giveaway which can be found here http://www.cydefe.com/giveaway/ Continue Reading >>

On this episode Micheal and i talk about CVE-2016-5696 better known as the off path attack. You can listen to our podcast on our website cydefe.com or via our youtube channel below. If you enjoy our podcast please subscribe to our channel and follow us on twitter. Show Notes: in /etc/sysctl.conf set the following value net.ipv4.tcp_challenge_ack_limit = 999999999 Then load the configuration with # sysctl -p Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

On this weeks episode we are joined by Ben0xA who works for https://www.trustedsec.com you can follow him on twitter @Ben0xA. This week we discuss Macs and iPhones have a Stagefright-style bug, Android banking malware blocks victims’ outgoing calls to customer service, Hidden ‘backdoor’ in Dell security software gives hackers full access, and Companies failing to plan for many cyber dangers. This podcast and more can be found at CyDefe.com Remember to follow us on twitter @CyDefe ... Continue Reading >>

Hey hey everyone, It’s been a little while since we’ve last posted but we figured we should pop on here and give everyone an update on our podcast. Since we’ve last posted we’ve had a few awesome episodes come out. Minicast: 1 http://www.cydefe.com/podcast/2016/5/20/minicast-episode-1 On this episode we discuss the linked in breach and its impact on users. We advise everyone to change any passwords they may have used over multiple accounts and discuss the top worst passw ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-028-Cheryl_Biswas_Tiaracon_ICSSCADA_headaches.mp3   Long time listeners will remember Ms. Cheryl #Biswas as one of the triumvirate we had on to discuss #mainframes and mainframe #security. (http://traffic.libsyn.com/brakeingsecurity/2016-008-mainframe_secruity.mp3) I was interested in the goings on at BlackHat/DefCon/BsidesLV, and heard about #TiaraCon (@tiarac0n on Twitter). I went to find someone involved to understand what it was all about, ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-029-Jarrod_Frates-What_to_do_before_a_pentest_starts.mp3 Jarrod Frates (@jarrodfrates on Twitter) has been doing pentests as a red-team member for a long time. His recent position at #InGuardians sees him engaging many companies who have realized that a typical ‘pentest #puppymill’ or pentest from certain companies just isn’t good enough. Jarrod has also gone on more than a few engagements where he has found the client in question ... Continue Reading >>

Cybrary has been working hard to release our newest platform for individuals, allowing them to learn and develop their cyber security skills on Cybrary together. Drum-roll, please…Introducing Cybrary Teams! With Cybrary eclipsing the 500,000 Registered Users mark, we sought to find a way to bring people closer together to learn, share, and grow beyond what’s currently available on Cybrary. We believe Cybrary Teams will be able to meet the needs of learning cohorts, IT/Security Teams, ... Continue Reading >>

By Andrey Makhanov A lot of people think Juliar is a combination of Julia and R programming languages. However, that’s simply not true. I originally created the *Juliar * programming language for a girl I used to love. She is a very talented artist and really wanted to find a way to express herself. She bought many books, and she wanted to learn how to create things on a computer. However, it proved difficult for her to understand the books, let alone the languages. I shared her pain. Whe ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

CyberPop gets your brain going! Today’s Question: What’s a Proxy Server? Answer: A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion. Most proxies are web proxies, facilitating access to content on the World Wide ... Continue Reading >>

According to a 2016 survey by PwC: 65% of businesses surveyed are “embracing a more collaborative approach to cybersecurity, one in which intelligence on threats and response techniques is shared with external partners. Internally, organizations are rethinking the roles of key executives and the Board of Directors to help create more resilient and proactive security capabilities.” – The Global State of Information Security® Survey 2016 Continue Reading >>

InfoArmor has identified a group of bad actors performing targeted cyberattacks on healthcare institutions and their IT infrastructure, including connected medical devices such as Magnetic Resonance Imaging systems (MRI), X-ray machines and mobile computing healthcare workstations. This group of bad actors has performed at least four successful attacks against US-based organizations of varying size, compromising a significant number of medical records. The threat actors claim to have stolen mil ... Continue Reading >>

Here’s a complete list of DNS Training Videos on Cybrary (in alphabetical order by first letter). Explore additional classes and modules here… Configuring DNS Zone Transfers Length: 12:12 Configuring DNS Zones Length: 21:27 DNS Enumeration Lab Length: 03:58 DNS Overview and Zone Transfers Length: 18:44 DNS Records (part 2) Length: 08:51 DNS Servers (part 1) – Specific functions of the DNS Server Length: 09:12 Enterprise Computing (part 6.2) DNS Security Length: 09:52 Installing an ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

“Thanks to Apple’s tight control over its app store and operating system, threats to iPhones and iPads have been infrequent and limited in scale. This changed in 2015. In 2015, [Symantec] identified nine new iOS threat families,compared to four in total previously. Bootlegged developer software, known as XcodeGhost, infected as many as 4,000 apps. TheYiSpecter malware bypassed the app store altogether by using the enterprise app provisioning framework. Researchers found Youmi embedde ... Continue Reading >>

CyberPop is a quick way to learn definitions and facts about cyber security.   Today’s Question: What’s SIEM Answer: The combined process of incident detection and incident response (pronounced “sim”). Includes features such as alerts, analytics, dashboards and forensic analysis.   Learn more terms in Cybrary’s Glossary. Continue Reading >>

  http://traffic.libsyn.com/brakeingsecurity/2016-027-DFIR_policy_controls.mp3 Mr. Boettcher is back!  We talked about his experiences with the #DFIR conference, and we get into a discussion about the gap between when incident response is and when you’re using #digital #forensics. Mr. Boettcher and I discuss what is needed to happen before #incident #response is required. We also discuss the Eleanor malware very briefly and I talk about finding Platypus, which is a way for you to cre ... Continue Reading >>

Recently, Cybrary released the “My Notes” feature, which members use to their personal record notes while take free cyber security training class. Since its inception, many users have leveraged this tool to capture critical information, thoughts and ideas. Researchers found that if important information was contained in notes, it had a 34 percent chance of being remembered. Information not found in notes had only a five percent chance of being remembered” (Howe, 1970, in Longman an ... Continue Reading >>

“Symantec discovered more than 430 million new unique pieces of malware in 2015, up 36 percent from the year before. Perhaps what is most remarkable is that these numbers no longer surprise us. As real life and online become indistinguishable from each other, cybercrime has become a part of our daily lives. Attacks against businesses and nations hit the headlines with such regularity that we’ve become numb to the sheer volume and acceleration of cyber threats.” – Internet Se ... Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security. Today’s Question: What’s Remediation Answer: What an organization does to limit or stop an attack once it’s detected, as part of incident response. Includes things like blocking IP addresses, removing infected files or devices, and restoring affected systems to a known good state. Continue Reading >>

Advanced Activities in Python Length: 39:47 Basic Python Commands and Functions Length: 29:47 Ctypes in Python Length: 31:32 Data Structures in Python Length: 31:36 Exceptions and Classes in Python Length: 28:05 Exploit Development (part 5) Python Length: 08:28 How to Install Python Length: 11:03 Info Gather (part 3) – Testing Your Python Scripts Length: 15:31 Introduction to Python Length: 21:15 Networking in Python Length: 27:49 Packet Analyzer – Writing a Packet Sniffer in Python Length: ... Continue Reading >>

By Kathleen Smith For the last several years, cyber security leaders and business owners have been lamenting the worldwide hiring crisis for cyber security professionals[1]. From building new educational programs, to discussing the relaxation of immigration regulations, every corner of the cyber security community has looked for an answer to this crisis. At the same time, we as a veteran-owned firm want to ensure that veterans find great career opportunities which led us to ask one simple questi ... Continue Reading >>

What are Cyber Security Standards?   “Cyber security standards are various forms of security standards which enable entities and organizations to practice security techniques to help minimize the number of cyber security attacks. In essence, the cyber security standards are fundamental guides which provide a general outline as well as more specific techniques for implementing various platforms for cyber security. For more specific standards, cyber security certifications issued by an ... Continue Reading >>

Today, most companies are deeply concerned about how to prevent ransomware. News stories abound and Infosec professionals are scrambling to keep themselves and their users out of the fire. Below, you’ll find a compilation of content to understand this important topic – from a 360 perspective. But, first a quick definition. According to Wikipedia: “Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restri ... Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security.   Today’s Question: What’s Penetration Testing or Pentesting?   Answer: “Penetration Testing or Pentesting refers to techniques for actively testing an organization’s computer or network security, usually by identifying potential vulnerabilities and weak spots and trying to exploit those and/or break in.”   Browse courses and topics here. Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-025-Windows_Registry-RunKey_artifacts-finding_where_malware_hides.mp3 The Windows Registry has come a long way from it’s humble beginnings in #Windows 3.11 (Windows for Workgroups).  This week, we discuss the structure of the Windows Registry, as well as some of the inner workings of the registry itself. Did you know that it is contained in specific files, located in %%Windows%%\system32, that are in a binary format? This makes them unreadab ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-025-Windows_Registry-RunKey_artifacts-finding_where_malware_hides.mp3   We are pleased to introduce Ms. Kim Green (Twitter: @kim1green). She is the CEO of KAZO Security, as well as the CISO / CPO of Zephyr Health, a #SaaS based #Healthcare data #analytics company.  She brings over 20 years of experience in healthcare and leadership to help small and medium business companies get help from a #CISO to assist in an advisory role. Ms. Green also ... Continue Reading >>

Got burgeoning hacking skills? Growing cyber security talents? A compelling mission to join or continue working in the cyber security industry? A cyber security degree is something to seriously consider: Cybercrime continues to grow into more of a global threat – just read the news. Small, medium and large companies desperately need competent individuals to fight crime that come in the forms of security breaches and online attacks. Cybersecurity professionals report an average salary of $116 ... Continue Reading >>

We love feedback from our Userbase. We have thousands of Users taking Cybrary classes on a daily basis and wanted to ensure that a Cybrary Certificate of Completion is a valuable measure of achievement. It should be something you’re proud to show your friends, family and employers. Upon 100% completion of a course on Cybrary, Users will continue to be able to use their Cybytes to purchase a Certificate of Completion. Many Users have also requested the ability to download their certificate ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

Operation “Get Rich or Die Trying” — Beginning in 2005 and for a more than a three year period, American hacker Albert Gonzalez, along with accomplices in Russia and the Ukraine, pulled off what has been called the largest cyber crime of all time, stealing more than 170 million credit card and ATM numbers. Total losses were estimated at more than $300 million. – BlackStratus Continue Reading >>

CyberPop is a quick way to learn definitions, terms and facts about cyber security.   Today’s Question: What does ‘Kill Chain’ mean? Kill Chain is a “military-inspired term encompassing the various stages of a cyber attack—reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action. Applies mainly to malware attacks, and was popularized by Lockheed Martin.”   Never. Stop. Learning. >> Browse courses and top ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

According to the pentest-standard.org website, “The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network. The methods described in this phase are meant to help the tester identify and document sensitive data, identify configuration settings, communicati ... Continue Reading >>

Angler Manages to Infect more than One Million Workstations a Year “There is a common misconception that a user explicitly needs to download a malicious file in order to get his PC infected. Exploit kits use a technique called drive-by-downloads. With this technique, malicious software can be ran just by opening a website in your browser. Angler is by far the most effective exploit kit that makes use of drive-by-downloads. It manages to give millions of users a headache after visiting an ... Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security.   Today’s Question: What are Exploit Kits? According to Wikipedia, “an exploit kit is a software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities to upload and execute malicious code on the client. One of the earlier kits was MPack, in 2006. Exploit kits are often desig ... Continue Reading >>

  Information Security Governance and Risk Management professionals maintain and enforce policies to ensure the preservation of information security and build plans to account for applicable risks. Watch these videos to learn more!   Information Security Governance & Risk Management (part 1) Length: 06:03 Information Security Governance & Risk Management (part 2.1) Length: 10:59 Information Security Governance & Risk Management (part 2.2) Length: 13:12 Information Security ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

We’re very excited to launch My Notes on Cybrary. My Notes was developed after spending a good deal of time speaking with Users and learning what we could provide to help improve the experience on the site. Researchers found that if important information was contained in notes, it had a 34 percent chance of being remembered. Information not found in notes had only a five percent chance of being remembered”(Howe, 1970, in Longman and Atkinson, 1999). New Note Icon Available on Lesson Pag ... Continue Reading >>

” A staggering 98% of tested web applications were vulnerable to attack. Web apps are everywhere now, and it’s essential that updates and patches are installed so known vulnerabilities are addressed.” – 2015 Trustwave Global Security Report Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security.   Today’s Question: What was Heartbleed? A widespread vulnerability discovered in April 2014 that put user passwords (and other sensitive information) on popular websites at risk of being stolen. The bug, in OpenSSL encryption software, allowed hackers to repeatedly access a Web server’s memory. Continue Reading >>

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers. (from Wikipedia) Exploit Development (part 10) Creating Shell Code in Kali Linux Length: 16:33 Kali Linux (part 1) Length: 00:58 Kali Linux (part 2) Kali Linux Commands Length: 14:06 Kali Linux (part 3) – Directories, myfile and Nano Length: 13:19 Kali Linux (par ... Continue Reading >>

Earl Carter (@kungchiu) spends all day researching exploit kits and using that information to protect customers from various malware payloads that spread ransomware.  This week we sit down with him to understand the #Angler EK. He starts us off with a history or where it came from and how it gained so much popularity, evolving from earlier EKs, like #BlackHole, or WebAttacker. We even discuss how it’s gone from drive-by downloads, to running only in memory, to being used in malvertising ... Continue Reading >>

Today, we’re introducing the new course catalog on Cybrary. To date, Users have had limited flexibility when it comes to sorting through our course catalog. Taking into account some great User feedback, we’ve included the ability to filter classes by difficulty, vendor, and added Learning Paths. Learning Paths are designed to provide Users with recommended course paths for careers they may be interested in. By checking the designated Learning Path, the User can see exactly how to get ... Continue Reading >>

“The majority of data breach victims surveyed, 81 percent, report they had neither a system nor a managed security service in place to ensure they could self-detect data breaches, relying instead on notification from an external party. This was the case despite the fact that self-detected breaches take just 14.5 days to contain from their intrusion date, whereas breaches detected by an external party take an average of 154 days to contain.” – 2015 Trustwave Global Security Report Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security.   Today’s Question: What’s “Dwell Time?”   Answer: “Duration, usually in days, that a vulnerability or infection remains undetected within a network or environment. (Some also define it as the time between detection and remediation, or even total time from infection to remediation.)”   Browse courses and topics here. Continue Reading >>

  Ben Johnson (@chicagoben on Twitter) has spent a good deal of time working on protecting client’s endpoints. From his work at the NSA, to being the co-founder of Carbon Black (@carbonblack_inc). Ben is co-founder and chief security strategist for Carbon Black. In that role, he uses his experience as a cofounder and chief technology officer for Carbon Black, which merged with Bit9 in February 2014, to drive the company’s message to customers, partners, the news media and industry ... Continue Reading >>

Here’s a “done for you” list of Cybrary’s Malware Training Videos. Enjoy!   Incident responders (or Malware Analysts) perform appropriate malware analysis in order to fix the current infections and prevent future ones. Malware Analysis Introduction (Part 1) Length: 23:33 Malware Analysis Introduction (Part 2) Length: 09:48 Malware Analysis Introduction (Part 3) Length: 08:07 Malware Analysis Lab Setup (Part 1) Length: 01:47 Malware Analysis Lab Setup (Part 2) Length ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

Despite almost daily reports revealing the contrary, 44% of organizations still believe they can keep attackers off their network entirely. – CyberArk’s 2015 Global Advanced Threat Landscape Survey Continue Reading >>

CyberPop tests your knowledge and builds your strength as an Infosec pro. Today’s Question: Define Code Injection Answer: An attack or pentest that introduces malicious code into a software application, which executes the code when the application is opened. Examples include SQL injection, which can compromise or modify information in a database and cross-site scripting, which can allow attackers or pentesters to hijack user accounts or display fraudulent content. Thanks for reading! Continue Reading >>

Let’s begin…   TCP .IP Internet Protocol Length: 15:48   TCP/IP Configurations (part 1) Length: 07:30   TCP/IP Configurations (part 2) Length: 11:33   TCP/IP Configurations (part 3) Length: 13:14   TCP/IP Configurations (part 4) Length: 08:03   TCP/IP Configurations (part 5) Length: 07:04   TCP/IP Configurations (part 6) Length: 10:51   TCP/IP Configurations (part 7) Length: 10:51   TCP/IP Configurations (part 8) Length: 10:50   TCP/ ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-018-software_restriction_policy-applocker.mp3 Windows has all the tools you need to secure an OS, but we rarely use them.  One example of this is ‘Software restriction policies’ or the use of Windows Applocker. It assists IT organizations by allowing you to block certain files from being saved anywhere, what file types can be executed in a directory, and can even whether or not you should allow software to install. We also discuss the ... Continue Reading >>

Here’s a concise list of offensive Hacker Training Videos on Cybrary (in alphabetical order by first letter). Enjoy!   Google Hacking Length: 3:24 Google Hacking Lab Length: 25:40 Hacking Web Servers (Whiteboard) Length: 19:36 Info Gather (part 1) – An Activity in Post Exploitation Hacking Length: 31:15 Introduction to Hacking Web Servers Length: 01:39 Introduction to Mobile Hacking Length: 01:12 Introduction to Post Exploitation Hacking Length: 09:26 Introduction to System ... Continue Reading >>

CyberPop from Cybrary aims adds to your knowledge as an Infosec pro.   Today’s Question: Name the 7 Stages of an APT Attack   According to Wired.com, the 7 stages are: 1. Reconnaissance 2. Intrusion into the network 3. Establishing a backdoor 4. Obtaining user credentials 5. Installing multiple utilities 6. Privilege escalation 7. Maintaining persistence Read more… Continue Reading >>

What is S3SS10N Wednesday? Click here to find out more, or watch the Session below to experience it.   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Kelly Handerhan Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way. You can view her extended (2 minute ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to join in, ask questions, and share their experiences from offensive and defensive perspectives. Just sign into Blab using your Twitter or Facebook account to start learning! In ... Continue Reading >>

According to a recent survey, some 42% of survey respondents said security education and awareness for new employees played a role in deterring a potential [cyber] criminal. — “US cybercrime: Rising risks, reduced readiness; Key findings from the 2014 US State of Cybercrime Survey,” PwC Continue Reading >>

What is S3SS10N Wednesday? Click here to find out more, or watch the Session below to experience it.   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Andrew McNicol Andrew (@primalsec) is a Python junkie who is currently the lead for a web application penetration testing team and mentor for the SANS institute. Previously, he worked on an incident response team focusing on malware analysis and network forensics. He is alw ... Continue Reading >>

#content-block-background-1230 { background-image: url(); background-position: center top; background-repeat: no-repeat; background-color: #fff; background-attachment: scroll; background-size: auto; } #content-block-body-1230 { padding: 0px 0px 0px 0px; color: #333; } .content-block-body { margin-left: auto; margin-right: auto; position: relative; } #wrapper-1 { overflow-x: hidde ... Continue Reading >>

Take a moment to consider your company’s cybersecurity efforts. Do you picture your IT and security teams devising proactive technical solutions and dealing with threats? If so, that’s a typical and valid response.   Yet, there’s another key piece that most companies don’t consider: business process. The ins and outs of how your company works affects cybersecurity more than you know.   Ken Chodnicki, COO at Deep Run Security, a consulting firm in Baltimore, Maryland speaks pass ... Continue Reading >>

What is Mobile Hacking? With the alarming rate of advances in technology and affordability, a New Wave of Hackers has reached the shores of the infosec world. And the preferred choice of platform for these next generation hackers? The Mobile Phone. The Mobile Platform is ideal since modern phones are easily concealable and heavily spec’ed, allowing resource-intensive applications to run. With the commonness of Free WiFi, people are quick to accept a False sense of security and make it a pa ... Continue Reading >>

What is S3SS10N Wednesday? Click here to find out more, or watch the Session below to experience it.   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Kelly Handerhan Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way. You can view her extended (2 minute ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to join in, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session will be uploaded to Cybrary&# ... Continue Reading >>

What is S3SS10N Wednesday? Click here to find out more, or watch the Session below to experience it.   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Kelly Handerhan Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way. You can view her extended (2 minute ... Continue Reading >>

On this weeks episode we discuss checking for malware in your firmware with Google’s VirusTotal, Getting pwned by hearthstone hacking tools, Fake Flash Update Serves OS X Scareware, and the FBI trying to scrub its employees data off of the web. Check out the podcast at http://www.cydefe.com/podcast/2016/4/12/episode-22-the-one-after-the-long-break Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and SME’s. They are designed to provide you with a quick dose of cyber security learning. We publish a new episode every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Joshua Marpet Josh’s background is varied across man ... Continue Reading >>

I just wanted to take a minute to thank Joe Taylor @jbtaylor051 for making a substantial donation today. Joe purchased a huge amount of Cybytes, and the team here at Cybrary would like to say thank you! Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to join in, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session will be uploaded to Cybrary ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and SME’s. They are designed to provide you with a quick dose of cyber security learning. We publish a new episode every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructors – Kyle Hanslovan (left) & Chris Bisnett (right) Kyle ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-013-michael_gough-the_5_Ps.mp3 Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-013-michael_gough-the_5_Ps.mp3 iTunes: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 (look for the episode starting with “2016-013”) We discuss a model that Michael Gough used while he was at HP. The Information Security and Service Management (ISSM) Reference model can be used to help companies align their I ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-012-Ben_Caudill-Application_Logic_Flaws.mp3 Ever bought “-1” of an item on a retail site? Or was able to bypass key areas of an application and get it bypass authentication, or you were able to bypass a paywall on a site? This is only one example of a class of vulnerabilities called “logic flaws”. Application logic flaws are often insidious and not easy to find. they require often a bit of work to bypass, and are often misse ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and SME’s. They are designed to provide you with a quick dose of cyber security learning. We publish a new episode every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio – Max Alexander Currently a Federal Law Enforcement O ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to join in, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session will be uploaded to Cybrary ... Continue Reading >>

In 1903, “Magician and inventor Nevil Maskelyne disrupted John Ambrose Fleming’s public demonstration of Guglielmo Marconi’s purportedly secure wireless telegraphy technology, sending insulting Morse code messages through the auditorium’s projector,” according to the Wikipedia entry “Timeline of computer security hacker history.” (I believe this may be the first recorded cyber attack.) After considering this attack, I wondered what John Ambrose Fleming did next. Di ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and Subject Matter Experts’s. They are designed to provide you with a quick dose of cyber security learning. New episodes from various instructors and experts in the industry, are published every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login ... Continue Reading >>

Cybersecurity News Site Review: TechNewsWorld – Cybersecurity Section Relevance to the Readership: Potentially high. A Google search on “cybersecurity news sites,” returned this site as the second listing on the SERP. This site may likely have a devoted readership, who are comfortable with the format, content and other features. Main Feature(s): Unique articles with balanced points of view, written by freelance writers. Readers may also subscribe, at no charge, to newsletters and news aler ... Continue Reading >>

You must be a Cybrary member to view this S3SS10N Wednesday Video .. Login or Join for Free Now Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and SME’s. They are designed to provide you with a quick dose of cyber security learning. We publish a new episode every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor – Joshua Marpet Bio: Josh’s background is varied ac ... Continue Reading >>

Hector Monsegur has had a colorful history. A reformed black hat who went by the name ‘Sabu’ when he was involved in the hacker collectives “Lulzsec” and “Anonymous”, he turned state’s evidence for the FBI, working to stop further hacking attempts by the same people he was previously working with. This week, we got to sit down with Hector, to find out what he’s been doing in the last few years. Obviously, a regular job in the security realm for a l ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-009-brian_engle_rcisc_information_sharing.mp3 We’ve reached peak “Br[i|y]an” this week when we invited our friend Brian Engle on to discuss what his organization does. Brian is the Executive Director of the Retail Cyber Intelligence Sharing Center – R-CISC. “Created by retailers in response to the increased number and sophistication of attacks against the industry, the R-CISC provides another tool in retailers’ arsen ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are our weekly 15 minute (or less) lessons put together by Instructors and Cybrary Staff to offer you valuable information relevant to your life. Every Wednesday morning (Eastern time) a new session will be available for you to view, read, and discuss with others. Make sure to come back weekly and see what’s new!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor – George ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-010-DNS_Reconnaissance.mp3   DNS… we take it for granted… it’s just there. And we only know it’s broken when your boss can’t get to Facebook. This week, we discuss the Domain Naming System (DNS). We start with a bit of history, talking about the origins of DNS, some of the RFCs involved in it’s creation, how it’s hierarchical structure functions to allow resolution to occur, and even why your /etc/host ... Continue Reading >>

Diving a little deeper Previously, I’ve written about the value of cyber security degrees and wanted to dive a little deeper into this topic. Lately, I have had a series of conversations on this topic. The opinion I’ve formed on the subject seems to represent a large consensus. Many jobs in cyber security require people to have a certification. Or, at least, a cert will help back up a skill set. They’re helpful in getting many of the jobs are out there. Penetration testing, m ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are our weekly 15 minute lessons put together by Instructors and Cybrary Staff to offer you valuable information relevant to your life. Every Wednesday morning (Eastern time) a new session will be available for you to view, read, and discuss with others. Make sure to come back weekly and see what’s new!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio – Dean Pompilio ... Continue Reading >>

Hey hey everyone after a very long break due to work, education, and family circumstances we are finally back. On this weeks episode we are joined by Ben Miller and Jayson Street. We discuss three stories from 2015 and talk about our predicitons for 2016. Dont worry we have another episode right around the corner. You can listen to the newest episode at http://www.cydefe.com/podcast/ or you can listen to us on itunes. Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-008-mainframe_secruity.mp3 This week’s super-sized episode is brought to us thanks to previous guest Cheryl Biswas. You might remember her from our “Shadow IT” (http:/brakeingsecurity.com/2015-048-the-rise-of-the-shadow-it) podcast a few months ago. She reached out to us to see if we were interested in doing a podcast on mainframe security with her and a couple of gentlemen that were not unknown to us. Of course we jumped at the ... Continue Reading >>

You must be a Cybrary member to view this S3SS10N. Don’t worry, membership is completely free! Join Now Login Continue Reading >>

We first heard about FingerprinTLS from our friend Lee Brotherston at DerbyCon last September. Very intrigued by how he was able to fingerprint client applications being used, we finally were able to get him on to discuss this. We do a bit of history about #TLS, and the versions from 1.0 to 1.2 Lee gives us some examples on how FingerprintTLS might be used by red teamers or pentest agents to see what applications a client has on their system, or if you’re a blue team that has specific appl ... Continue Reading >>

This week starts with an apology to Michael Gough about comments I (Bryan) mangled on the “Anti-Virus… What is it good for?” podcast. Then we get into the meat of our topic… a person’s “Moxie” vs. a mechanism Moxie: noun “force of character, determination, or nerve.”   Automation is a great thing. It allows us to do a lot more work with less personnel, run mundane tasks without having to think about them, and even allow us to do security ... Continue Reading >>

You must be a Cybrary member to view this S3SS10NS. Membership is free! Register Now Login Whiteboard Notes (Click the picture below to open in a new tab)   The Supreme Court Decisions of Riley v. California and U.S. v. Wurie (seizure of cell phones and search of cell phone data incident to arrest). These cases limit the ability of law enforcement to view cell phone data after a subject is arrested. Therefore there are 4 key take-a-ways for law enforcement. 1. The ability to search an arr ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are our weekly 15 minute lessons put together by Instructors and Cybrary Staff to offer you valuable information relevant to your life. Every Wednesday morning (Eastern time) a new session will be available for you to view, read, and discuss with others. Make sure to come back weekly and see what’s new!   Instructor Bio – Kelly Handerhan Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary a ... Continue Reading >>

Patrick Heim, Chief of Security and Trust at Dropbox Brakeing Down #Security had the pleasure of having Patrick Heim join us to discuss a number of topics.   What stops many traditional #companies from moving into #cloud based operations? What hurdles do they face, and what are some pitfalls that can hamper a successful #migration? We touched briefly on #BYOD and the use of personal devices in a business environment, as well as #Dropbox’s deployment of optional #2FA and using #U2F key ... Continue Reading >>

The team at Cybrary has officially named February: #SecureCodingMonth Given that secure coding principles are often so overlooked in most CS programs and coding classes, we feel the obligation to fill the coding security void. There are many courses on Cybrary which coders / programmers can benefit from already, such as the Advanced Penetration Testing and the CompTIA CASP. However, we have yet to launch classes that are specifically designed, from start to finish, to address the methodical step ... Continue Reading >>

BrakeSec Podcast welcomes Bill Gardner this week! #Author, #InfoSec Convention Speaker, and fellow podcaster… We break a bit from our usual rigid methods, and have a good ol’ jam session with Bill this week. We talk about #vulnerability #management, #google #dorking, #career management, the troubles of putting together a #podcast and more!   Bill’s Twitter: https://www.twitter.com/oncee Bill’s books he’s authored or co-authored: http://www.amazon.com/Bill-Gard ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-003-AntiVirus_what_is_it_good_for.mp3 #Anti-virus products… they have been around for as long as many of us have been alive. The first anti-virus program, “The Reaper” was designed to get rid of the first virus ‘The Creeper’ by Ray Tomlinson in 1971. This week, we discuss the efficacy of anti-virus. Is it still needed? What should blue teamers be looking for to make their #anti-virus work for them.  And what options d ... Continue Reading >>

When you think of a centaur, thoughts of a mythical creature that can perform threat analysis doesn’t exactly come to mind, does it? Enter Recorded Future’s artificial intelligence system – poised to provide both intelligence and strength to uncover hidden threat actors upon our systems. In this way, Recorded Future’s  use of AI techniques in the security realm is similar to that of a centaur — its the brains and brawn that make their threat predictive and analysi ... Continue Reading >>

  As every security professional knows, for every ‘Happy New Year!’ shout, hoot and holler, there’s a heck of a lot additional commotion going on surrounding another issue—a new year of new security threats. And while it’s no secret that 2016 will bring along a hoard of headline-grabbing security incidents, it’s important to know what the experts think will be the most biggest security trends of the new year. Lucky for you and I, the threat intelligence ... Continue Reading >>

This week, we find ourselves understanding the #Cryptonite that can weaken devs and software creators when dealing with #cryptographic #algorithms and #passwords. Lack of proper crypto controls and hardcoded passwords can quickly turn your app into crap. Remember the last time you heard about a hardcoded #SSH private key, or have you been at work when a developer left the #API keys in his #github #repo? We go through some gotchas from the excellent book “24 Deadly Sins of #Software #Securi ... Continue Reading >>

#Jay #Schulman is a consultant with 15+ years of experience in helping organizations implementing #BSIMM and other compliance frameworks.  For our first #podcast of 2016, we invited him on to further discuss BSIMMv6 and how he has found is the best way to implement it into a company’s #security #program.   Jay Schulman’s #website: https://www.jayschulman.com/ Jay’s Podcast “Building a Life and Career in Security” (iTunes): https://itunes.apple.com/us/podcast ... Continue Reading >>

The good folks over at Android Authority featured our Android App, which of course was previously banned in the Google Play Store. Again, thanks to all of you who caused an uproar, which ultimately got the app reinstated by Google Play. Here is the article on Android Authority. Continue Reading >>

ATTENTION: Web Developers in the Washington DC / Baltimore, MD area!! Here is a chance to come work for us!! We are seeking a talented WordPress developer to join our team, and work with us to continue to build our rapidly growing community and learning website. The person we hire must be able to work at our Greenbelt, MD office, and we cannot offer relocation. Our company values are as follows, and if you believe that any of our values may be a problem for you, its best that you do not apply, b ... Continue Reading >>

Dave Kennedy does a lot for the infosec community. As owner/operator of 2 companies (Binary Defense Systems and Trusted Security), he also is an organizer of #DerbyCon as well as creator and active contributor to the Social Engineering ToolKit (#SET).  You can also find him discussing the latest hacking attempts and breaches on Fox News and other mainstream media outlets. But this time, we interview Dave Kennedy because he has been elected to the ISC2 board. He will be serving a 3 year term wit ... Continue Reading >>

I got a hold of Mr. Wim Remes, because he was elected to the ISC board in November 2015.  Recent changes to the CISSP included changing the long-standing 10 domains down to 8 domains, plus a major revamp to all of them. I wanted to know what Mr. Remes’ plans were for the coming term, how the board works, and how organizations like ISC2 drive change in the industry. I also asked Wim how he is trying to ensure that CISSP and the other certs are going to remain current and competitive. This ... Continue Reading >>

Recently, we surveyed 435 senior-level cyber security professionals on topics surrounding the cyber security job market, and discussed the directions the market may be heading. As we’ve discussed many times, cyber security’s skills gap is massive, incomparable to anything in the world’s recent labor market. We packaged the results of the survey into the infographic below. We present data on expected growth rates, upcoming cyber security job demands, duration of job openings, th ... Continue Reading >>

We’ve realized that it might have been confusing for some people on where to start a class since all of the “good stuff” was buried under hundreds of page scrolls. Well now we’ve re-arranged the main course pages. The information you wanted is now on top (go figure)! Faster access to the course lessons without all the scrolling. But don’t worry – all of the information from before is still there, just in a different spot. So let us know what you think of the ... Continue Reading >>

#MITRE has a matrix that classifies the various ways that your network can be . It shows all the post-exploitation categories from ‘Persistence’ to ‘Privilege Escalation’. It’s a nice way to organize all the information. This week, Mr. Boettcher and I go over “#Persistence” and “#Command and #Control” sections of the Matrix. Every person who attacks you has a specific method that they use to get and keep access to your systems, it’s as ... Continue Reading >>

That’s the question many think is an automatic ‘yes’.  Whether your httpd is running on port 82, or maybe your fancy #wordpress #module needs some cover because the code quality is just a little lower than where it should be, and you need to cover up some cruft. But maybe there are some times where things just need to be secure… This week, Mr. Boettcher and I discuss reasons for obscuring for the sake of #security, when it’s a good idea, and when you shouldn’ ... Continue Reading >>

Globally, cyber security shortages are expected to reach upward of 1.5 million by the year 2020. As the Cybrary community reaches the 300,000 registered users mark; we found this a great opportunity to thank everyone that has contributed and continued to make this a great cyber security learning environment for people from around the world. We are proud to make our content available and represent users from nearly every country and truly believe we will have the ability to help curb the looming ... Continue Reading >>

This post is an update to my previous post about Cybrary’s Android app being banned from the Google Play store: https://www.cybrary.it/2015/11/google-play-against-cybersecurity-education-and-for-censorship-you-decide/ Thank you Cybrarians, for your support in getting the Cybrary app put back into the Google Play store! Also, thank you Google Play Support Team for hearing our appeal! As you know, last Wednesday (11/25), the Google Play Support Team notified us that our app was being removed fro ... Continue Reading >>

On this week’s episode we discuss Microsoft’s operations center to fight cyber threats, Dell added Cylance, a bug in Gmail app for Android allows anyone to send spoofed emails, and Siri’s lockscreen bypass. This weeks episode also has a codeword that can be entered over at our giveaway page at http://www.cydefe.com/giveaway Continue Reading >>

What we are about to present are facts regarding why the Google Play Support team decided to remove our app from their app marketplace, and how this position by Google Play reflects a negative stance against the free flow of cyber security education, and an enactment of censorship of what should be available knowledge to the cyber security community. If you believe knowledge should be free and open, then feel free to make your voice heard in a professional manner.   See the conversation on Twit ... Continue Reading >>

Cybersecurity – Choosing a Career As computer systems store more and more confidential personal, financial, medical, and top secret data, protecting that data is becoming more and more important to governments and businesses, worldwide. Enterprises must respond to the increasing number of complex threats and attacks by hiring cybersecurity professionals with deep technical experience in a variety of new and rapidly-evolving technologies.   Cybersecurity is one of the fastest growing car ... Continue Reading >>

Hello Fellow Cybrarians, As you know, our promise to you at Cybrary is that we will continue to provide new, cutting edge cyber security classes for free, forever. We will never ask you to pay for our classes. We are working hard to continue to build more classes, and we are working on making the learning experience within our classes, even greater. Currently, the team is working on adding quizzes, practice tests and other features. We will also soon be launching two new classes; Intro to Malwa ... Continue Reading >>

Cybersecurity certifications are very often required for employment in cybersecurity jobs. Certifications benefit employers by identifying prospective employees with specific skill sets, and certifications help prospective employees stand out when applying for a job in the desirable and competitive cybersecurity job market. Industry certifications are vendor-neutral (vendor certifications are for a vendor’s specific products) and provide industry-recognized evidence of having a specific skill ... Continue Reading >>

Struggling to get that promotion or land that cybersecurity job? Have all the right skills/certifications/years of experience but things just don’t seem to work out? You’ve read about the demand for cyber professionals, seems like a no brainer that the company should be need you. The articles say there are over 200,000 unfilled jobs in the US and several times that, worldwide. Companies are complaining that there aren’t enough professionals with the skillsets to fill their open positions ... Continue Reading >>

Cyber security is a booming field with many positions available, but Millennials seem to be largely ignorant of these opportunities. In order to stay on top of the demand for cyber security specialists, both current professionals and educational institutions have to start making an effort to open the doors of the industry to young people. The Growing Need for Cyber Security It only takes a quick look at recent news to know that security breaches are running rampant. Whether it’s someo ... Continue Reading >>

Cybersecurity, as much as it seems to be just the current buzzword of the month , is very much part of our present and future lives. Our reliance on technology continues to grow; and now, with the commencement of the Internet of Things, that technology is growing even more connected and interdependent. Week after week, a new breach hits the airwaves, reminding us that even, what seem to be, the largest and most protected companies share in the same risk we all face. While those threats, and our ... Continue Reading >>

Cyber security jobs offer lucrative financial rewards for protecting the nation’s computer networks and data from attack or unauthorized use. These top five highest paying positions command six-figure salaries: 1. Chief Information Security Officer (CISO) Complex challenges to a CISO include the development and delivery of an Information Technology (IT) risk management strategy that is aligned with business security. The primary responsibility is the general supervision of an organization’s ... Continue Reading >>

In honor of November 5th, we will be issuing double Cybytes on all Cybyte based activity (not on purchases, these ones you have to earn). Cybytes activities can be found here: https://www.cybrary.it/cybytes/ So, any time on 11/5/2015, login and accumulate Cybytes, just like you would on any other day, we will reward you with double Cybytes, its that simple. Why Are We Doing This? As many of you know, the team here at Cybrary believes just as many of you do, that knowledge should be free. Learn ... Continue Reading >>

With the proliferation of hack attacks and cybersecurity breaches, there is a growing need for cybersecurity experts and, therefore, there are an increasing number of opportunities in cybersecurity for those entering the work place or wanting to change careers to take advantage of the opportunities in this growing field. One of the first decisions someone entering this field needs to make is whether to work in the public sector or the private sector. Public sector jobs generally are with governm ... Continue Reading >>

Following last month’s $1billion contract awarded to Raytheon from the Homeland Security Department, the Pentagon is now taking bids from defense contractors to help protect against the digital future. Big industry names such as Raytheon Co., Lockheed Martin Corp., and General Dynamics Corp. are expected to be at the forefront, competing for a contract valued at up to $460 million. While many of these large companies have felt the effects of budget cuts elsewhere, with the government’s dedic ... Continue Reading >>

Finding a job that will sponsor you for a US Security Clearance is pretty tough to do. Many jobs out there in the US Cyber Security jobs market require that you already have a clearance. People know all to well, that in the USA, a Security Clearance is a ticket to a lifelong successful career in Cyber Security, but getting one is always the hard part, unless you are fresh out of the military, and you already have one. When a new jobs pops-up, that is offering to sponsor you for a security cleara ... Continue Reading >>

A “Cyber Talent Pipeline” refers to an organization’s creation of an going, readily available, talent pool to fill various cyber security jobs, as they become available. The effects of a poorly maintained pipeline is hitting the cyber security industry in full force. The supply is simply not available to meet the demand. With present reporting of over 200,000 unfilled jobs, and future shortage reports upward of 1 million by 2020, we are now faced with a need to create solutions that c ... Continue Reading >>

Episode 19 of our podcast is up at CyDefe.com/podcast. On this weeks episode we are joined by Shannon Morse. We discuss hacking chip and pin cards, malware that replaces your browser, a FitBit danger, and the rise of OS X malware. Have a listen and enjoy. Continue Reading >>

Did you know that the demand for skilled cyber security professionals is growing four times faster the overall IT job market, and 12 times faster than the total labor market? Currently there are more than a million open job postings for cyber security positions around the world. Cybrary is curious to know what business and other organizations are thinking when it comes to the cyber security job market. Here’s how you can help:  Take our brief survey Enter to win an iPad (optional) R ... Continue Reading >>

WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely. Why are we talking about it? Its use in the enterprise and by admins is rarely used, but use in moving laterally by bad actors is growing. It’s highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system. Mr. Boettcher and I sit down and discu ... Continue Reading >>

Hello Cybrarians, I hope you all had a great weekend! Many of you know that Two weeks ago, we launched our Android Application, which is available here https://play.google.com/store/apps/details?id=com.cybrary.app I would like to ask for your help in getting the word out about our App. If you would be willing to submit our App to App Featuring Websites like Product Hunt (www.producthunt.com) and Hacker News (news.ycombinator.com) we we would be very grateful! In fact, since interacting and enga ... Continue Reading >>

We’ve toiled and wracked our brains trying to figure out what to call our members, but nothing ever seemed good enough.   Trying to explain who our global community is in just a name is trickier than it seems. Now you get the chance to voice your opinion. What do you want to be called? Let us know which of the following you like the best, or provide your own suggestion. Cybrarians Cybrary Nation Cybrary Empire Continue Reading >>

Getting hired has never been an easy process. Between revamping your resume and spending hours on LinkedIn searching for ‘networking opportunities’, looking for a new job can be both time-consuming and frustrating. Enter Cybrary’s new job platform, created in part to help alleviate some of the stress invariably involved in the job hunting process. Currently, there are over one million unfilled jobs in the cyber security industry. The problem? Matching the right talent to the n ... Continue Reading >>

Washington D.C., Virginia, and Maryland are being called the hub for cyber security jobs. Driven by an exorbitant federal budget and an influx of venture capital, demand for cyber security professionals is not only high, but, as basic economics tells us, due to the shortage of those qualified professionals, salaries for these positions are pushing ever higher. The venture capital that has made its way into the Cyber Corridor (as the DC, VA, MD area has been known to be called) is helping to driv ... Continue Reading >>

Get even more convenient access to Cybrary through our Android mobile app so you can learn how to hack, crack and exploit nearly anything. Our developer @akhaliq92 has worked diligently over the past several months to make your mobile experience better with features that include easy video downloading, video streaming, and offline viewing. You can also visit the forums, look for jobs, and rate our content – Oh yeah, and it’s FREE just like Cybrary. So, why the Cybrary App? This mobile app wa ... Continue Reading >>

Typically, October equals Halloween. The month of October is also national cyber security awareness month. Sure it’s all about the haunted houses, frightening decorations, and scary costumes. Do you know what else is scary? Viruses and malware. These two often occur when an abundance of internet searches occur. What group of people spend a significant amount of time on laptops, tablets, phones? I’d say college students. I attend James Madison University, a student body of over 20,000. Think ... Continue Reading >>

When we wanted to have Martin Fisher on, it was to discuss ‘Security Mandate vs. Security Influence’. We wanted to discuss why companies treat compliance as more important, and if it’s only because business requires it to be done. And if infosec is a red-headed stepchild because they often don’t have the guidance of a compliance framework. But it ended up going in another direction, with Martin discussing infosec leadership, and how we as agents of infosec should be ̵ ... Continue Reading >>

Hey hey everyone. We at CyDefe have released another awesome episode of our cyber security podcast. On this week’s episode we discuss fake blue screen of death, ad blocking, a critcal WinRAR vulnerability, and a shortage of cyber professionals. You can check out the episode on iTunes or check it out on our website. Have a listen and enjoy. Continue Reading >>

Sure, maybe you’d like to think you possess the manpower to monitor your computer networks 24/7, but we all know that’s simply impossible.  Thus, threats come as they may, and you might be sleeping when one attempts to overthrow your data system. So what can you do to prevent this from happening? Enter the Honeypot—a security mechanism that detects and deflects threats from harming your data, so you don’t have to. Setting up a honeypot is easy, and can be done in a few ... Continue Reading >>

Cybrary would like to announce a really cool Java programming competition by our friends at NextHacker. Check it out:  Java Programmers Competition IPPC: SHOW ME YOUR SPEED!  We are already convinced that there are many gifted programmers and ingenious hackers. Now we want to know who the fastest and most flexible are. After all, we are in the century of speed: TIME = $ Next Hacker IPPC: International Programming Player Competition, February 26 & 27, 2016 in Berlin, Germany, the 2016 IPPC ... Continue Reading >>

Employers Want YOU!   If you are searching for a job or looking to change to a career in IT or Cyber Security, our developer has created something special for you. Cybrary’s job platform was created for employers, recruiters – and yes – YOU! To help build the Cyber Security community and balance the “ecosystem” that is the world of IT, our platform is aimed at helping members find jobs near them that match their skills and experience.   This is why completing your Cybrary profi ... Continue Reading >>

Given we’re a cyber security education company, we like to preach (maybe too much at times) about how darn important security awareness training for employees really is. So, we thought we’d share the hideously ugly lesson that internet authority company, ICANN, learned about security awareness not too long ago.   Reliving the ICANN Phishing Hack: Phishing is the act of using electronic communication to pretend to be a trustworthy individual in order to obtain secure informat ... Continue Reading >>

You know those times where you took an exam without studying, and still did well? We hate to break it to you, but those times don’t exist in the Infosec world.  Sure, you may have one or two baby Einsteins who can sit through a five-day bootcamp and retain all of the information without blinking, but for the rest of us, actual studying is part of the process will have to occur. When it comes to reviewing for an exam, the problem many of us face isn’t how to do it, it’s where ... Continue Reading >>

Perhaps it is somewhat shocking that hundreds of thousands of people are learning hacking, for free on Cybrary. However, there are several very good reasons for this free cyber security learning revolution. A fundamental change in the way cyber security is taught and learned, is upon us. Together, the Cybrary team, and each of our Members, are making this change happen, and it is well overdue. The ability to learn cyber security should be a right, not a privilege. Up until now, that privilege wa ... Continue Reading >>

There is a cyber defense podcast that launched a couple of months ago called CyDefe, and they have been doing some really cool things. Their focus, and tagline, is “Making cyber defense simple”. I had the pleasure of joining this podcast for an episode, primarily focused on end user security, the other day. That episode will launch Thursday, 8/20/15. In their short time podcasting, they have already had some really cool guests, including last week’s guest Jayson Street. What I ... Continue Reading >>

Regarding, end-user security, the term PII is commonly referenced. PII, or Personally Identifiable Information, consists of data that can allow an individual to trace and/or contact another person. This type of information may indicate an individual’s name, address, the type of car a person owns, credit card numbers, the names of family members, email addresses, telephone numbers, the locations of schools that an individual has attended and a person’s driver’s license number. ... Continue Reading >>

Security Awareness Training has migrated from a “nice to have” security function within an organization, to now, a “must have.” In fact, more quickly than ever, companies of all sizes and industries are integrating security awareness training into their required learning for all employees. It’s now a matter of simply being irresponsible if your organization doesn’t have a course. One of the more common features in a security awareness training course is the pr ... Continue Reading >>

Great news! Our End User Security Awareness training course, is now available from Cybrary. No matter how well trained the cyber security staff is within your organization, the greatest vulnerability remains just that, a huge vulnerability, if it remains unmitigated. It is widely known that the primary cause of data breaches within organizations comes from their end users. Cybrary now helps your organization address this major concern with our continually updated, cutting edge, easy to follow, ... Continue Reading >>

Are you familiar with the process of a virtual machine’s OS separating from its parent’s hypervisor, which is known as VMEscape? Are you familiar with the key vulnerabilities that exist within the VMEscape process? Here is how you mitigate security risks in VMEscape: Keep virtual machine software patched. Install only the resource-sharing features that are required. Keep software installations to a minimum as each program carries vulnerabilities. If you’re less than familia ... Continue Reading >>

Below is an email we received from Cybrary Member @aer9480. He wrote to tell us about the success he had in passing the exam after taking our Security+ Course. If you have a similar success story, we’d love to share it. Send an email telling us about it: support@cybrary.it Here’s @aer9480’s email: Hey everyone. My name is Alan Raff. I am a Computing Security student at the Rochester Institute of Technology in Rochester, NY. I ... Continue Reading >>

We get it. We truly do. We’re JUST as excited about our new classes as you. We understand the anticipation, the anxiousness and the frustration. You joined Cybrary just for Malware Analysis. You refresh the Metasploit course page daily.  We get it, because we created Cybrary for you.  So when you ask us about the release date of a specific class and we can’t give you a definitive answer, it’s not because we don’t care about you. It’s because there’s a lot th ... Continue Reading >>

Many companies, throughout the years, have failed because they failed to innovate and change. Many great market leaders, like Kodak, even held in their hands the future of their industry, and still refused to embrace it. Change is always difficult for someone of something in a position where status quo is providing awesome returns. It takes courage to innovate, and that’s why it is so difficult. The CompTIA Security+ certification is a fantastic example of a cyber-security certification that ... Continue Reading >>

The Certified Information Systems Security Professional (CISSP) certification is a strong credential to have for professionals who have a mix of both technical and managerial experience as well as competence in designing, engineering and the overall management of security programs. Their knowledge helps protect company’s important and confidential information from the growing threat of cyber attacks. This certification is perfect for security professionals in the following positions: Security ... Continue Reading >>

Wireless networks are fast and convenient and allow for many devices to be connected on a network and communicate with each other. However, this technology presents a new set of issues that weren’t present in the wired world. Mainly, threats to security including but certainly not limited to: Information reaching unintended recipients Unauthorized users exploiting the open access of such systems; destroying or stealing data Network shutdowns to attacks Authorized users losing network access d ... Continue Reading >>

Individuals now own multiple electronic devices – from Smartphones, to tablets, to laptops and more. They often bring these items into the workplace, or use them to work from a remote location. Increased threats to a company’s important and confidential information are more prevalent than ever. Protection of this information is crucial – as information can travel across the world in mere seconds. Cryptography provides protection and plays an integral part in against fraud in electr ... Continue Reading >>

In a physical crime scene, say a home has been burned down as a result of an arsonist or maybe a home has been burglarized, the role of first responders on the scene is very important. These skilled individuals must be able to avoid contaminating the crime scene or destroying evidence, all the while securing the crime scene and documenting every detail, down to the most minute. First responders take note of the victims, the lighting, talk to witnesses and potential suspects and try to gather any ... Continue Reading >>

Calling all Spanish, French and German Speakers Cybrary’s mission is to provide free cyber security and IT training to people across the globe. However, as an English-only website, we have been limited in our ability to reach people who do not speak English as a first language. Because we are committed to making our revolution global, we are expanding our course content to include translated subtitles to make free learning truly accessible to all.  Spanish, French or German speakers a ... Continue Reading >>

When taking classes to prepare for exams, there are important factors to consider. With Cybrary’s courses, much – if not all – of the class material is based on watching videos. While this may be great for some people, for others it is not enough to fully grasp the discussed concepts. Below are some tips on how to prepare yourself for learning in an online environment, and how to effectively study the information to help pass your exams. Keep in mind that there is no “right” or “wron ... Continue Reading >>

The CIA triad is becoming the standard model for conceptualizing challenges to information security in the 21st century. CIA stands for confidentiality, integrity and availability, which are said to be the three most important elements of reliable security. Every IT worker should have a thorough understanding of the triad and its intricacies, but every staff member who works around sensitive data should at least be made aware of the concept, which is why the concept is a foundation to our Securi ... Continue Reading >>

When most people think of a hacker, they think of a dishonest individual who uses techniques to bypass a system’s defenses and steal confidential and sensitive information. Security breaches, data as well as identify theft are all incidents which can occur as a result of a hacker breaking into a system. However, in this modern workplace where information can be distributed and leaked in seconds, there exists the ethical hacker. Sounds like an oxymoron to you? Well, it isn’t! In fact, the eth ... Continue Reading >>

Computer related crime is very prevalent in this day of global communication, people bringing their personal electronic items to work as well as many companies having people who do not work in house but instead opt to work remotely. For this reason, the field of digital investigation is an emerging field and up to date knowledge of the latest practices and technology in the field is paramount for the following professionals: Anyone who may encounter a crime scene that might involve digital evid ... Continue Reading >>

The following is a re-post of the excellent PowerPoint presentation created by Cybrary SME @ethicalmjpen regarding Vulnerability Assessment and Penetration Testing and how the two differ, and overlap. We wanted to share this on the blog because the content in explaining the two topics, is very concise and offers great insight. To download the actual slides, Go Here. Vulnerability Assessment & Penetration Testing, An Analysis and Comparison – by @EthicalMJPen Vulnerability Assessment I ... Continue Reading >>

Many of the Members that join Cybrary, join because they are looking to begin a career in cyber security. This is obviously a great idea given that the amount of unfilled jobs in cyber security, globally, is estimated to be over 1 million. The question is though, where should one begin when they have no tech, IT, or cyber security experience at all? We address a variety of scenarios for people looking for training on the learning paths page on our site. Most commonly, it is best to begin ones c ... Continue Reading >>

Public key cryptography has been around for a long time. Whitfield Diffie and Martin Hellman invented it in 1976. It sometimes goes by the name Diffie-Hellman encryption as well as symmetric encryption as it uses to keys instead of one (this is called symmetric encryption). Cryptography uses two kinds of encryptions: A public key which is known to everyone and a private key, which is just known by the recipient of a message. An example of cryptography in motion: imagine you want to send a secur ... Continue Reading >>

Electronic discovery, also known as e-discovery refers to a process of how information is obtained, located and secured to be used as evidence in a civil or criminal legal case. E-discovery can be carried out in the following ways: Offline On a particular computer As part of a network In addition to the above, there is also a type of e-discovery known as government sanctioned hacking, which a court might order for the purpose of obtaining important evidence. E-discovery makes finding informati ... Continue Reading >>

The CompTIA Advanced Security Practitioner (CASP) certification is a credential that designates professionals IT industry with advanced-level security skills and knowledge. The CASP certification is approved by the United States Department of Defense (DoD) to meet IA technical and management certification requirements and is a credential favored by multinational corporations such as Dell and HP. It is vendor neutral and is a globally recognized name. The CompTIA Advanced Security Practitioner (C ... Continue Reading >>

Over the past few years, the news has been full of stories detailing how large corporations put the security information of tens of thousands of their clients at risk. More times than not, these risks came as the result of low-level employees doing things to compromise the cyber security of large multi-million-dollar corporations. In an effort to combat security breaches, more and more companies are paying to provide their employees security awareness training. However, there is some debate as t ... Continue Reading >>

Threat intelligence company Recorded Future has just released a daily email service that will deliver up-to-date information on the latest threat indicators for IT and cyber security professionals. The service, called the Cyber Daily, is a free newsletter that will include the top five results in each category for trending technical indicators that Recorded Future has analyzed over the last 24 hours. Categories include Information Security Headlines, Top Targeted Industries, Top Hackers, Top Ex ... Continue Reading >>

The end user security awareness industry has taken off substantially in the last several years. As more and more organizations are breached and embarrassed publicly due to end user negligence or malevolence, the mass adoption of “we need to do something about this” has spread rampantly. What we previously believed to be a problem reserved for major corporations, we now realize is a problem that faces organizations of every size and type. Great examples include the Damariscotta Countr ... Continue Reading >>

Cybrary’s initiative is to make cyber security learning free and open for everyone, everywhere. This basically means, we want to provide the opportunity to learn to those who either want to begin a career in the field, or for those who want to advance within their current IT or cyber security job. In order to reach this goal, we need to continually be in front of the upcoming trends, continually recognize the next hot topic and continually innovate with our course offerings. Research, deve ... Continue Reading >>

In the ethical hacker class on our website, the course begins by recapping the five phases of penetration testing. Essentially, the five phases of pen testing is a module that summarizes what the rest of the ethical hacker class is going to look like. The five phases refer to each primary step in the process of operating a penetration test, and the concept is critical for a new entrant into the field. Here is a brief overview of the five phases of penetration testing: Phase 1 | Reconnaissance Re ... Continue Reading >>

Show off Your Achievements Use Cybrary often? Completed several courses? Show off what you’ve worked so hard for! Now that you have earned the cred make sure to share your achievement! Our L337 Emblem is available below along with a code snippet to help you better display it on your site or signature. <A HREF="http://cybrary.it/" target="_blank"><IMG SRC="https://www.cybrary.it/wp-content/uploads/2015/04/transparent-leet-mask.png" WIDTH="xxx" HEIGH ... Continue Reading >>

We often get asked by our Members, if we plan on offering coding classes. The short answer is no, and typically, what we do, is refer people to sites like Codecademy and Code Fellows. Those companies specialize in coding / programming training, and have capabilities to do that type of training much better than we do. Our focus is on core Cyber Security training. However, the fact that our Members consistently ask us about that type of training is because a fundamental knowledge of coding is abso ... Continue Reading >>

  In order to get into a secured system, you’ll have to first break in—and a lot of times, the first step in doing so requires cracking a password. Contrary to popular belief, password cracking doesn’t actually require a lot of heavy-lifting. Instead of spending hours at a computer screen trying your hand at thousands of random combinations, the computer does the work for you. So while the process is less labor-intensive than those pictures of hackers staring intently at ... Continue Reading >>

Want to Know How and Where All Major Data Breaches Begin? With all of the publicity major corporate data breaches receive, we often get caught up in the outcomes. What happened, how many people were impacted and in what ways, who was responsible, etc. In the 2014 Sony Pictures hack, personal data about employees and corporate IP was released to the public. In the Target hack, hackers made money selling the magstripe data of the victim’s credit cards on the black market.   Media has tradi ... Continue Reading >>

The Smartphone Pentest Framework (SPF) in Kali Linux is an increasingly useful tool, initially developed by Georgia Weidman. The 5 part tutorial for how to use the SPF is part of the Advanced Penetration Testing class, which of course is free, just like all of our classes. For Cybrary Members who have a solid foundation in penetration testing, I would highly recommend you take that course, overall, it is an invaluable experience since it deeply covers a wide variety of advanced pen testing conce ... Continue Reading >>

This post will begin by assuming you have a baseline skill set in information technology. Generally, in order to begin your career in Cyber Security, you would need some fundamental skills. Often, in the IT training industry, baseline skills include topics covered in the CompTIA A+ class and the Network+ class. If you don’t have that type of skill set, begin there, then move in to Cyber Security learning. The Linux+ certification class will definitely provide you with useful knowledge that you ... Continue Reading >>

The first month and a half here at Cybrary have been really fun. So far, we are hearing from our Members that they appreciate what we are doing. I have spoken on this blog before about why we believe so firmly, that the opportunity to learn should be free and open to anyone, anywhere, for free, forever. We have found that many of our Members only have access to the site via a mobile device.  Watching the videos takes up a great deal of their monthly data limits on their devices plan. We want to ... Continue Reading >>

What is Red Team & Blue Team? At its core, there are two main players in any cybersecurity or penetration testing event. While the terminologies for the two sides vary (Hackers vs. Defenders, ‘Bad Guys’ vs ‘Good Guys’, etc.) one of the most commonly used titles is Red Team and Blue Team. To put it simply the “Red Team” is the group trying to find a way in and the “Blue Team” is the group trying to keep them out and responding if they get in.This cybersecurity landscape can b ... Continue Reading >>

Hopefully, with the support of our Members, Cybrary can be successful. Why? Because the education system both domestically here in the USA, and internationally, is flawed, badly. Education is far too limited. If one is not born into a family that highly values education, or a situation where they are not given the access that some others have, then one can be left behind very quickly. Here in the United States, students are herded through a standardized educational flow until they complete high ... Continue Reading >>

“Education is the most powerful weapon which you can use to change the world.” -Nelson Mandela For too long IT & Cyber Security education has been reserved for those who have the money to pay highly inflated prices. In the growing technological world, the need for that knowledge is at an all-time high. As you know by now, we believe firmly that IT and Cyber Security training, should be free! Cybrary has only been active for a month, and we have already heard from our Members about how fr ... Continue Reading >>

My Fellow Cybrary Members, We sincerely want to thank you for joining the revolution to liberate IT and cyber security training, for everyone, everywhere. The support you are providing will change the very landscape of the industry forever. I am posting this blog to both thank you, as well as give you some updates and tips about the site. Earning Points To begin, we need your help spreading the word about this revolution to everybody, and you may do so through the member point tool. If you sh ... Continue Reading >>

Hello Cybrary Members, First, we are appreciative that you have decided to join our community. We cannot survive without members, and we are working very hard to make your learning experience here as excellent as possible. The training on Cybrary is designed by our education team as well as the Subject Matter Experts who teach here. Our classes are designed to prepare you for the certification exam, as well as build your skill set in that topic. Cybrary was started because we believe, strongly, ... Continue Reading >>