Month: July 2023
-
Microsoft Security Copilot Overview for Cybersecurity Professionals
Microsoft Security Copilot is an AI assistant to help in the development of your security workflows. It is designed with SOC analysts in mind particularly with detecting and responding to potential security incidents. Does it replace people? No, don’t panic, AI is nowhere near replacing security professionals as AI itself is nowhere near the level…
-
So, DevSecOps Threat Modelling Tools, Which One To Use?
Threat modelling is a thought process to identify potential security risks. Ideally this is done as early as possible within the software development lifecycle and at the design stage. Threat modelling meetings should be engaging and not long winding, with a clear end and with no recurring meetings unless there is a significant change in…
-
How to make a difference working in Cybersecurity
Individual actions with a sprinkle of collective team effort. Stay educated. Keep as up to date as possible about the world of cybersecurity the people, motivations, direction, including emerging tech, data breaches and how others are working. Avoid those that avoid education and choose not to study. Promote positive cyber awareness. This can be as…
-
Split Tunnel VPN & Full Tunnel VPN why is it relevant to Cybersecurity
A VPN is a VPN, so everything is secure? Not quite. Both split tunnel and full tunnel are the different ways network traffic is routed from you and the VPN server and beyond. Split tunnel is like having multiple pipes traffic can flow, some of your traffic will go direct to the VPN server while…
-
Secure Coding Training Guidance
How to develop secure coding techniques? Secure code training is the most sensible route for developers to learn security skills. Assess training needs first, what are the developers asking for, what does the organisation need. Are there any clear gaps developers are struggle with. Determine the subject areas that are the most relevant to your…
-
How to become a Security Engineer
There is no direct route into security engineering, a combination of education and experience will help, however developing an aptitude towards hands on work, and being a creator is definitely a huge advantage. Get a degree, this is a good start, the earlier you get a degree the easier it will be secure a position.…
-
Ethics of developing Penetration Testing Software with AI features
Writing penetration testing software containing artificial intelligence AI features raises several ethical concerns that should be considered. Always get consent and written permission from those subject to the testing which is typical with any penetration testing activity. Explicit permission is needed, as it may result in unauthorized access or compromise of data and solutions. It…
-
Application Security: Top 3 Tasks for an AppSec Team to Prioritise
An application security team job role is the security of software applications throughout their lifecycle. The challenge is the complexity of building software and priority of software to be released quickly without hindering productivity. Where to start? These three areas should be the first areas to focus on and mature as time passes by. Start…
-
Security benefits of using Multi Factor Authentication (MFA)
Multi-factor Authentication (MFA) provides an additional layer of defense by requiring users to provide additional evidence to verify their identity. Benefits of MFA are invaluable. MFA adds an additional layer of protection beyond username and password (something you know). It helps prevent unauthorised access if a password is compromised or stolen. Attackers would need additional…
-
Quick Guide to Security Certifications, which one to get and what not to do
Obtaining a security certification is a valuable way to demonstrate your expertise, knowledge and ability to show you are a self-starter in the field of cyber security. Identify your career goals and the specific area of cyber security you want to specialize in, this will help narrow down the available certifications. Research how to complete,…