0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Application of the MITRE Attack Framework
By: Hugh Shepherd
June 19, 2020

The "Application of the MITRE ATT&CK Framework" course by Cybrary is an excellent training offering. The course covers how to apply the attack framework to mitigate cyber threats. During the course, the 12 core areas of the MITRE ATT&CK Framework are discussed in detail. Also, learners will get detailed explanations of the various attack vectors used by ...

The Why, What, and How of Layered Cybersecurity
By: Charles Owen-Jackson
June 17, 2020

How the different layers of cybersecurity protect business in an evolving threat landscape As industries innovate at breakneck speed to keep up with modern demands, they’re facing a serious challenge mitigating the risks along the way. Every extra user account, device, online service, and application adds another potential entry point for cyberattackers. Attack surfaces have expanded to the point they’ve ...

Focus Areas To Enhance The Security Of An Organization
By: Pankaj Kamboj
June 17, 2020

As most people have witnessed during the COVID-19 pandemic, cybercriminals are more active, easily attacking organizations who never imagined having to focus on a new security front - their employees who are forced to work from home. Indeed, their infrastructures weren't ready to handle large amounts of VPN traffic, security around video conferencing, etc. As a consequence, attackers found ways ...

Review: Session Hijacking Course
By: Muhammad Bilal
June 17, 2020

News leaks, sensitive information going public, companies facing lawsuits over data leakage, and more other unfortunate events occur every day. These events are caused by the negligence of the digital infrastructure that is used daily. The systems used can be poorly designed and, hence, can leak sensitive data and credentials to hackers in real-time. In this course of “Session Hijacking,” the ...

The Role of Negotiation in Cybersecurity Leadership
By: Tatianna Harris
June 17, 2020

Why good negotiation skills are critical for enterprise security leadership This article was written to supplement Dr. Amoroso's course Enterprise Security Leadership: Negotiation Skills for Cyber Leaders. For decades, cybersecurity was purely the domain of the IT department. Measures to protect an organization against cyberthreats were viewed almost entirely from a technical perspective. For everyone else, cybersecurity knowledge barely extended beyond ...

AZ-301 Microsoft Azure Architect Design Course Review
By: Rasheen Whidbee
June 17, 2020

Microsoft Azure is a large collection of technologies that can transform and revolutionize an entire company, within days, if not sooner. With its interwoven solutions and pay-as-you-go model, Microsoft Azure has become a sought-out destination for new and existing businesses, large and small. However, with the availability and flexibility that Microsoft offers to its Cloud subscribers, it should be noted ...

Introduction to the NIST CSF
By: S.E. Williams
June 16, 2020

Overview The National Institute of Standards and Technology (NIST) provides a robust, risk-based cybersecurity assessment tool, known as the NIST Cybersecurity Framework (NIST CSF); or, simply as “The Framework.” 1 The original intent of the NIST CSF is to provide a cybersecurity risk-based assessment tool, to protect the nation’s sixteen critical infrastructure (CI) sectors. The Framework is also ...

Why is Cisco Certification Important?
By: Matt Choi
June 15, 2020

Often, you’ll find that it’s the candidates who have IT certifications on their resume, which make it past the initial screening. Job recruiters may use this information to narrow down their lists of candidates and in deciding who they will call for an interview. Currently, the information technology industry is overflowing with open positions, and there are not enough qualified IT ...

Course Review: Certification in Risk and Information Systems Control (CRISC)
By: Andreea Alexandra Bancu
June 12, 2020

What is CRISC? Why take a CRISC course during preparation for the final exam? The Certification in Risk and Information Systems Control (CRISC) is for IT and business professionals who develop and maintain information system controls, and whose job revolves around security operations and compliance. It is developed by a team of risk management industry-leading professionals. The CRISC certification is ...

Email Forensics: What to Look For, and How to Avoid Email Phishing
By: Jose Alfredo Llerena
June 12, 2020

One of the most widely used techniques for performing a scam is phishing. This is usually done by tricking a user into providing personal information or clicking a link to a webpage, which is fraudulent. Two very common examples: 1) The one where the user supposedly won the lottery, or someone wants to donate money, so the sender asks for personal ...