Exploring CompTIA’s Infrastructure Certifications

Advertisements

Hello, and welcome to another episode of the Cyber Security For All podcast.  A podcast all about cybersecurity from Apetech.  I’m your host, Alex and today we are going to be taking a deeper look into CompTIA certifications.  CompTIA offers a lot of different certifications and if you are new to the cybersecurity space, a CompTIA certification is probably the best way to go.  If you listened to my episode last week, then you know that I took a deeper dive into the “core” certs that are offered by CompTIA. In this episode we are going to be looking at the Infrastructure certs. There are a lot of pros and cons and I want to talk about those in this episode.  I have personally never held any of the infrastructure certs, but at one point I seriously considered the Network+ cert. Let’s take a deeper look.

Before we jump into the episode, let me update you on a few things.  First off, I now officially have two episodes where I have interviewed guests. I go deep into the conversation with my guests and I really do think you’ll find something valuable in each of those episodes.  One of the interviews is with Christian Espinosa, a cyber security expert and best selling author.  My other interview is with John Lunn, a Microsoft Azure cloud expert.  I really enjoyed interviewing both of my guests and I hope you get something valuable out of those episodes.  Don’t forget to share with your friends and family!  Next, we just crossed over 1590 downloads!I have a goal of getting to 2,500 by the end of the year, but I might try to challenge myself to get there before Fall starts in September.  I have a bunch of episodes planned out, but creating the episodes has been a little more challenging.  But, I really do believe in my podcast and will be investing more time and planning on getting all my planned episodes out before the start of Fall.  I am so thankful to each and everyone of you that tunes in to listen to my podcast.  Every time someone listens to my podcast, I am motivated and encouraged to keep on going.  I really do hope you find something valuable here.  Please feel free to share my podcast with your friends and family so that they too can benefit from the Cyber Security For All podcast!  If you want to leave a message, there is a voicemail URL in the episode description that you can use to get a hold of me.  Also, apetech.me/social is where you can find me and everything else that I am working on.  I’m very active on Twitter and you can find me there @apetechda.  If you enjoy the cybersecurity content, but want more, feel free to check me out on TikTok.  I post even more content about cyber security there that you might enjoy.  If you love my cybersecurity content here on the podcast, you have to check out what I’m doing across other mediums.  Apetech.me/social is where you can get all the details!  Alright, enough updates, let’s get into the episode.

In the last episode, we explored the core certifications that CompTIA offers. These are great starter cert for those looking to start a career in IT, but in today’s episode, we are going to explore some slightly more advanced and slightly more specialized certs. If you’ve been in IT for a while, or maybe you want to increase your IT chops, these three certs that we’ll be talking about are perfect for you. I’ve been in IT for almost 11 years now and just based on the titles of these certs, I can tell that they are valuable. The certs in the infrastructure category are: Cloud+, Linux+, and Server+. Each of these topics are very much in demand within the world of IT and if you’ve been wanting to jump into any of these categories, these are the perfect certifications for you to get.

Let’s start with the first cert which is the cloud+ cert. When I was getting my Security+ cert, this specific certification didn’t exist yet. I’m excited that it does exist though because more and more companies depend on the cloud to not only run their business, but to also build their business on. Virtually every company in 2021 uses a cloud powered service in one way or another. It is almost impossible to not depend or rely on some sort of cloud to get things done. If you are in IT and you’ve been wanting to explore the world of the cloud, but didn’t know where to start, look no further. This cert is an entry level cert and will cover basics such as cloud security, cloud architecture, and cloud deployment. The exam is a little more expensive, coming in at 338 USD, but the return on investment is really good. If you’ve been thinking of taking any of the AWS, Azure, or GCP certs, this Cloud+ cert might be a great way to get your feet wet without taking on too much risk.

The next certification is the Linux+ cert. I’m really excited about this one because I really love Linux, but feel like I don’t use it enough to be really good at it. I know my way around a command line, but I could always use a little more knowledge. What is great about Linux is that it is used everywhere and the skills you learn here can provide a lot of value. I’ve used Linux a lot throughout my entire career and I don’t know where I would be had I not first been introduced to Linux in my second programming class in college. The Linux+ cert prepares you system administrative tasks such as managing servers, the cloud, or virtualization technologies. Another great thing covered by the exam is Linux security. While the operating system itself is pretty secure, you can leverage the security of Linux to secure other services or products. And finally, the last thing I want to touch here is that the cert covers scripting and automation. I want to point this out because most of my experience with Linux has been through some sort of automation script that I created. The exam is also 338 USD and while most jobs will probably not care about the certification, it is still a good thing to have. Many IT jobs rely on Linux and being an expert in that environment can give you an edge.

The last certification is the Server+ cert. I’ve never heard anything about this cert, so I am excited to learn more and share with you. I’ve worked on servers for a good portion of my IT career. I worked on Linux servers and Microsoft servers. The Server+ cert is marketed as the certification you want to get if you are managing on premise servers or if you work at a data center. In either case, I can see this cert being extremely valuable. As more and more of the world goes to the cloud, having the skills outlined in this cert will definitely help. And, in case you are wondering, the cloud is just someone else’s server. Instead of standing up your own server, you rent server resources. Some of the things covered by the cert are installing and configuring physical servers. This is a lot of fun and I’ve configured a couple servers over my career. You also have to learn/know server administration which is closely related to the Linux and Networking certs. Finally, from a cybersecurity perspective, you learn how to protect the servers by having disaster recovery plans in place and other important artifacts. The cert is also 338 USD and I feel like it’s an okay value. If I had to pick, I’d rather get the Network+ and the Linux+ certs instead. The Server+ is more specialized so unless all you want to do is manage servers, I wouldn’t recommend this cert. With Network+ and Linux+, you can leverage the skills in other areas of your career.

There you have it, your overview of the CompTia’s infrastructure certifications. There are many more exams to cover, but we are going to leave that for future episodes.  This is the second episode and just a reminder, if you haven’t listened to my previous episode, you’ll want to listen to that one as I covered the first set of certifications offered by CompTIA. Do you currently have any of these certifications?  I personally had the security+ certification but I let it expire because I didn’t have any need for it in my current line of work.  Are you planning on getting any of these certifications?  I’d love to hear from you and if there is anything I can do to help you prepare for the exams, please let me know.  If you look on Amazon, you will find books for each of the exams that will help you prepare.  If you are not sure if a certification is right for you, please feel free to reach out.  I’d be more than happy to discuss with you and determine what is best for you based on your specific needs.  

Well that’s it for this episode.  I hope you enjoyed it.  If you feel that someone you know could benefit from listening to this episode, please feel free to share it with them.  I appreciate you taking the time to listen to my podcast and thanks for the support! Thanks for being a part of this journey with me.  See you on the next one!

CompTIA Core Certifications

Hello, and welcome to another episode of the Cyber Security For All podcast.  A podcast all about cybersecurity from Apetech.  I’m your host, Alex and today we are going to be taking a deeper look into CompTIA certifications.  CompTIA offers a lot of different certifications and if you are new to the cybersecurity space, a CompTIA certification is probably the best way to go.  There are a lot of pros and cons and I want to talk about those in this episode.  I have personally held the CompTIA Security+ certification and will share my experience with you.  I’ll also be discussing my favorite question I get asked all the time, do you need a certification to get into cybersecurity?  Let’s take a deeper look.

Before we jump into the episode, let me update you on a few things.  First off, I now officially have two episodes where I have interviewed guests.  Please show your support and listen to those episodes.  I go deep into the conversation with my guests and I really do think you’ll find something valuable in each of those episodes.  Don’t forget to share with your friends and family!  Next, we just crossed over 1542 downloads! I have a goal of getting to 2,500 by the end of the year, but I might try to challenge myself to get there before Fall starts in September.  I have a bunch of episodes planned out, but creating the episodes has been a little more challenging.  But, I really do believe in my podcast and will be investing more time and planning on getting all my planned episodes out before the start of Fall.  I am so thankful to each and everyone of you that tunes in to listen to my podcast.  Every time someone listens to my podcast, I am motivated and encouraged to keep on going.  I really do hope you find something valuable here.  Please feel free to share my podcast with your friends and family so that they too can benefit from the Cyber Security For All podcast!  If you want to leave a message, there is a voicemail URL in the episode description that you can use to get a hold of me.  Also, apetech.me/social is where you can find me and everything else that I am working on.  I’m very active on Twitter and you can find me there @apetechda.  If you enjoy the cybersecurity content, but want more, feel free to check me out on TikTok.  I post even more content about cyber security there that you might enjoy.  If you love my cybersecurity content here on the podcast, you have to check out what I’m doing across other mediums.  Apetech.me/social is where you can get all the details!  Alright, enough updates, let’s get into the episode.

When I was first getting into cybersecurity, I had no idea where to start.  Every person you talk to will give you a different opinion and many recommend that you look at certifications.  I personally did a hybrid approach where I took some classes and also received some certifications.  When it comes to beginner certifications, CompTia ranks high in the popularity list.  They are not the best certifications to have in the field of cybersecurity, but from an introductory standpoint, they get the job done.  Since I first received my Security+ certification years ago, CompTia has significantly increased their offerings.  I want to look at each certification they offer, talk about it, share some of the salary expectations and talk about the value of that specific certification.  For the rest of this conversation, I’ll be on CompTia.org if you want to follow along.

Looking at their certifications, they are divided into a few different categories.  You have Core, Infrastructure, Cybersecurity, and Additional Professional.  Let’s take a closer look at each one of these categories.

The Core is going to be your fundamentals to IT and cybersecurity concepts.  This is going to be super basic stuff and if you are completely new to the world of IT or cybersecurity, this is where you want to start.  These certifications, while challenging, should still be basic enough that anyone that studies for the exam should be able to pass.  Next up are infrastructure.  These certifications are geared more towards the IT systems administrator or IT network administrator.  You’ll be working with servers and networks a lot more and you have to have a pretty good understanding of how IT and cybersecurity works.  Next up are the cybersecurity specific certifications.  These are more advanced versions of the security+ certification and really start specializing within specific niches of cybersecurity.  And finally, you have the additional professional certifications.  These certifications are different from the other ones.  These are, in my opinion, geared more toward folks within an IT organization, but not necessarily part of the technical team.  Now that we’ve discussed the different categories, let’s take a look at each exam within each category. I’ll only be focusing on the exams under core for this episode.  Make sure you come back every week to hear my analysis and thoughts on the rest of the CompTia certifications.

First certification is the ITF+ or IT Fundamentals.  This is an introductory certification for those with very basic IT skills.  The certification is marketed towards individuals that are not quite sure if they want to jump into an IT career, but maybe they are interested enough to get a certification.  This doesn’t really make sense to me because most folks will want to try to get a job or some experience in the field as opposed to obtaining a certification first.  I think the test is better suited for folks with a non technical role in IT and maybe they are wanting to switch to a more technical role.  One last thought on this exam is the fact that it’s geared toward middle and high school aged students.  I think this is a good thing because it introduced younger students into the technical field, but not sure how many students would take advantage or even know about this. The exam is only 60 minutes with 75 questions.

Up next is the A+ certification.  Unlike the ITF+, the A+ certification has been around for a while.  

I’ve always seen the A+ certification as a certification to learn how to fix computers, but there is a little more to it.  The A+ certification is similar to the ITF+ in that it is the perfect certification for those just starting out their careers in IT, but this certification is geared more towards technical folks that want to get started with IT.  This certification will prepare you and introduce you to the basic technical concepts of typical IT work.  The exam is 90 minutes with 90 questions.  

Next is the Network+ certification.  This is perfect for those that want to focus on network administration.  In this certification, you will be asked to know all about networks!  You’ll know how to configure and manage devices, how to troubleshoot network problems, and how to support the creation of virtualized networks.  Basically all the basic stuff when it comes to deploying and managing a network for just about any company.  If you are looking to go a step beyond the basics, this network+ is the perfect certification.  Like A+, the exam is 90 questions and lasts 90 minutes.

Finally, the last exam under the core umbrella is the Security+.  I’ve personally taken and passed this certification. I never used it, but it was required for me to have while I was employed at one of my previous employers.  The security+ certification has evolved since I last took it and that’s a good thing because the cybersecurity threat is evolving and changing every single day.  It is recommended that you have the network+ certification before you attempt the security+ exam, but honestly, this exam is easy enough that as long as you have a basic understanding of networks and how they work, you should have no problem with security+.  This exam is technical and you will need to know a plethora of cybersecurity facts.  If you want to jumpstart a career in cybersecurity, this is the first certification you want to be preparing for.  This will lay out the foundations for future certification which we will cover at a later point in time.  This exam is also 90 questions and you have 90 minutes to answer.  

There you have it, your overview of the CompTia’s core certifications. There are many more exams to cover, but we are going to leave that for future episodes.  I wanted to start at the beginning and cover the exams that folks just getting started with a technical career might benefit from. Do you currently have any of these certifications?  I personally had the security+ certification but I let it expire because I didn’t have any need for it in my current line of work.  Are you planning on getting any of these certifications?  I’d love to hear from you and if there is anything I can do to help you prepare for the exams, please let me know.  If you look on Amazon, you will find books for each of the exams that will help you prepare.  If you are not sure if a certification is right for you, please feel free to reach out.  I’d be more than happy to discuss with you and determine what is best for you based on your specific needs.  

Well that’s it for this episode.  I hope you enjoyed it.  If you feel that someone you know could benefit from listening to this episode, please feel free to share it with them.  I appreciate you taking the time to listen to my podcast and thanks for the support! Thanks for being a part of this journey with me.  See you on the next one!

AFA’s Cyber Patriot Program

Photo by Alena Darmel on Pexels.com

Today we are going to be taking a closer look at the AFA’s CyberPatriot program.  This program is put on by the Air Force and the Northrop Grumman Foundation.  This program is designed for middle and high school students.  The purpose of the program is to provide students with real, hands-on cybersecurity learning.  If you are currently in grade school, or if you have a child that is in grade school, this program might be something that is interesting to you.  Let’s take a deeper look.

There is a lot behind the CyberPatriot program.  There is something for every age level and I recommend you take a look at the specific area that is appropriate for you.  The first thing that is advertised is the National Youth Cyber Defense Competition.  This is a competition where students try to find and fix cybersecurity vulnerabilities in real time all while trying to keep the production system up. I think this is a great competition because it really does simulate what it is like to be a professional cybersecurity engineer.  Keeping production systems up is critical to a company’s success and teaching students how to think under pressure is great.

If you are looking for something a little more long term, CyberPatriot also offers Cyber Camps.  These camps run through the Summer months and they provide students with excellent exposure to the world of cybersecurity.  They get to learn all things cybersecurity and hacking.  I think this is an excellent way to introduce yourself or your child to the world of cybersecurity in a fun and interactive way.  There are so many different types of camps that students can participate in and I think that being able to participate in a camp that mentally stimulates you is a great way to spend your Summer.

For those of you with younger children, Elementary School Cyber Education Initiative is a great way to teach your young ones (K-6) about cybersecurity and online safety. More and more kids are getting on the internet at young ages and it is critical to their online safety that they learn how to be good stewards of the internet.  Oftentimes children do not know what dangers are out there and this free program is an excellent way to get your kids thinking about being safe online.

The program even has a Pre-K book that can be purchased to help even younger children become more aware of the internet and cybersecurity.  I’m particularly excited for this because it is just so important to start as young as possible when it comes to teaching children about STEM topics.  I’ve spent the last few years mentoring college and high school students with respect to STEM.  By the time students are this level, they pretty much know if they are interested in STEM or not.  I’ve observed that the younger a student, the more likely they can be influenced to become interested in cybersecurity.  So many of the resources available in the world today are really geared towards adult cybersecurity professionals.  We need more programs like those within the CyberPatriot to help inspire the next generation of cybersecurity professionals.  

If you are interested in learning more about the CyberPatriot competition, I recommend you go check out the competition page.  One neat resource they have on there are training materials that you can use.  One specific material I found interesting are the free images that they provide for training.  These images can be loaded onto a virtual machine and you can actually practice cybersecurity.  There really isn’t enough free resources out there and this is an excellent way of gaining exposure from an official place.  

If you actually join the program, you get access to a lot more training that is available only to registered members.  These resources are sponsored by big companies such as Cisco. 

I highly recommend you go check out their website.  I personally know someone that participated in this program and his involvement in the program helped him secure an internship with a major defense contractor.  Programs like this are perfect to help you stand out from the competition and most importantly, you will be learning skills that are going to get you great jobs!  Cybersecurity jobs pay extremely well and due to their complexity, not many people enter the field.  Starting at a very young age means that you will have many years to practice.   

There you have it, your overview on the CyberPatriot program. Have you heard of the program before?  I’ve known about it for a couple of years and knew they had a program focused for high school level students, but I was surprised to see the different resources they have for the different age groups.  Do you know of any other programs that are similar to the CyberPatriot? I personally think we need to create more programs like this for students of all ages.  As a country we are not doing enough to inspire the next generation of engineers and technical people.  If you are part of the CyberPatriot program, I’d love to hear from you.  I was disappointed to hear that the person I know couldn’t talk about this amazing program.  I think it is really unfortunate that people can’t evangelize a program like this.  We need more people to be able to talk about their experiences in technical programs so that other students that otherwise would have never heard about it, have a chance to learn about their different options.  I’m not sure if it’s a restriction by the owners of the CyberPatriot program, but I know that if I owned a program like this, I would want everyone talking about it.

Advertisements

Women’s Society of Cyberjutsu

Photo by Keira Burton on Pexels.com

https://womenscyberjutsu.org/

Today we are going to be taking a closer look at the Women’s CyberJutsu organization.  This organization is a non-profit that encourages women to take on cybersecurity roles.  They build a community of knowledge and encouragement and I think it’s a great way to get more females into the industry.  Let’s take a deeper look and see what they can offer you.

I think the Women’s Society of CyberJutsu is awesome.  I’ve been in the tech industry my entire career and there really is a need for more females in the industry.  The program is designed to encourage girls to get into STEM by offering a hands-on curriculum.  The program was started in 2012 and is run by volunteers.  Besides the hands-on training, WSCJ also offers networking opportunities, access to conferences, and leadership training.  One of the benefits that I find the most interesting is their study groups. Jumping in the field of cybersecurity can be challenging for anyone.  Having a great support group to help guide you through the different hoops you have to go through to enter the field is amazing.  These groups offer sessions where you can study for specific exams which, based on my experience, really do make a difference.  

I was trying to get someone that is a member to join the show, but due to the sensitivity of their work, they told me they couldn’t come on the show.  I’m going to see if I can find someone in the future, but for now, I thought it would still be beneficial to at least look at their website and discuss the details that are shared publicly.

If you are someone that is wanting to get into the field of cybersecurity, I would recommend you join a group like this.  Joining a technical field is pretty daunting as it is right now, but having a great support group can make a major difference.  I know that if something like this would have existed when I was trying to decide if I wanted to become an engineer, my life would have been a little easier.  I had so many questions and I didn’t have any resources to help answer them for me.  This group, and groups like this, are a great way to network and build community.  

If you are a student, or if you know a student that is interested in tech, I would recommend you take a look at Cyber Jutsu or similar programs.  Besides the networking, learning, and community benefits, you also get access to a couple of other perks such as discounts to certifications.  Certifications can help you stand out and can be valuable for people looking for a career change.  

If you are interested in supporting the program, they also take donations which are a tax deduction and you can also support via Amazonsmile which is a program designed to donate a small portion of your purchase to the organization of your choice.  

I would also recommend you check out their events page and see if there’s something that might interest you.  For me, having access to the study groups is super beneficial and makes the membership worth it.  Studying for these tests can be challenging and having a group of likeminded people, going through the same struggle can make all the difference in the world.  

Membership is 50 dollars for students and military.  If you are not a student or military, the full membership is 100 dollars.  Depending on where you are in life, this membership might be thing that you need to help you get started with your technical careers.

Personally, being a member of a group is very important for growth.  My advice to you would be that if you join a group, try not to be shy.  Joining a group like Cyber Jutsu isn’t going to be a silver bullet answer.  All your problems, doubts, and uncertainty are not going to magically go away.  To get the most out of a group like this, you need to invest your time and commit to getting the most out of it.  Reach out to the members of the group, attend the events, and be an active participant.  I know that this can sometimes be hard, but I assure you that if you step out of your comfort zone, you will be able to reap the benefits.  

There you have it, your overview on the Women’s Society of Cyberjutsu. Are you a part of any tech organization?  There are many orgs out there that each have their own specialization.  When I was in college, being a part of the Association for Computing Machinery was super important to my overall success.  I was part of the local student chapter which meant I had access to a ton of resources that I otherwise wouldn’t have had.  I built community and relationships with the other students in the organization.  I had a blast being an active member of that community and I highly encourage you to seek out a similar organization if you are thinking of joining something new.  

Well that’s it for this episode.  I hope you enjoyed it.  If you feel that someone you know could benefit from listening to this episode, please feel free to share it with them.  I appreciate you taking the time to listen to my podcast and thanks for the support! Thanks for being a part of this journey with me.  See you on the next one!

https://womenscyberjutsu.org/

Advertisements

Ransomware And Why You Need to Worry About It

Photo by David McBee on Pexels.com

Today we are going to be discussing ransomware.  Ransomware has been in the news a lot. Just this first week of June, a major meat producer was forced to shut things down due to a ransomware attack.  In May, the Colonial Pipeline that serves gas to many Eastern states was also forced to shut down due to a ransomware attack.  And finally, earlier in 2021, Scripps medical network in San Diego was also targeted by hackers and forced to pay a ransom.  To this day, members of that medical group still can’t access their online records.  Ransomware attacks are becoming more popular.  I want to talk more about it in today’s podcast episode.

What is Ransomware

Let’s start off with defining ransomware.  Ransomware, as the name suggests is when you are asked to pay money in exchange for something of yours that was taken.  Typically, this is very common in hostage situations or in kidnappings.  In the cyber world, rather than an individual being held up for ransom, an attacker will hold your data up for ransom.  A ransomware attack is pretty clever.  Rather than deploying malware to destroy your computer or network, a hacker will use a ransomware attack to make money.  They come into your computer, encrypt your hard drive, and then ask you to pay a ransom if you want your data back.  Failure to pay the ransom typically leads to your data being made publicly available on the internet.  For normal people like you and me, that might not be such a big deal, but for a corporation with millions, if not billions of dollars worth of data, it could be a HUGE deal.  

At this point, you might be asking yourself, how does a ransomware attack get carried out?  This attack usually starts off like any good social engineering attack.  The hacker or hacker group will send out an email in a phishing attack.  These emails are distributed to people that work for a company.  This is important to you because if you work for someone, or are entrusted with a company computer, then you become a high value target.  Most people only think about their personal devices, but if you have any computing resources from your employer, you should always be on the lookout for suspicious emails.  Once you receive this email, the attempt is to make it look real enough that you click on it.  When you click on it, that’s where the magic starts.  Either through an attachment, or a redirect to a malicious website, the hacker will download the script that encrypts your hard drive.  Once encrypted, you will not be able to access the data on the machine unless you have the decryption key.  The key is simple enough to get.  Pay the ransom and maybe you’ll get your stuff back.  There is no guarantee that you’ll get your data back but most people and businesses can’t risk not having their data.  Many pay the ransom which then further motivates hackers to carry out similar attacks because it is an easy way to make money.  

Do I need to worry about Ransomware?

Ransomware is growing in popularity. It’s been around for a long time, but most recently it has really caused significant financial damage to many corporations.  As a user of the internet, you should worry about ransomware.  The information you have on your computer or network might not be of high financial value, but there’s two reasons why you should get smarter about ransomware.  First, the data that’s on your computer is probably pictures and videos of your family.  While not high on the financial side, the memories captured in those digital files are priceless to some.  Losing access to your precious memories could be catastrophic.  The other reason is one I discussed already.  If you use an employer’s computer to conduct business, any email that comes into your mailbox whether personal or business, could be an entry way for ransomware attack.  The data that your employer entrusts you with could be worth millions of dollars.  If you are in this camp, you should take ransomware attacks even more seriously because you could potentially lose your job.

How can I protect myself?

Ransomware attacks sound scary, and they are.  But there are a few ways to protect yourself.  First, learn how to detect phishing emails.  That’s probably the easiest and most effective tactic that hackers use to deploy their attacks.  Next, keep a backup of all your data.  If your hard drive were ever to be encrypted, you could simply restore from a backup.  Having a backup means that the ransomware attack is pointless because you can just restore and come back without ever having to pay a ransom.  Keeping backups can be expensive, so consider it more of an insurance policy than anything else.  The last thing you can do is to monitor your network traffic.  Ransomware attacks usually take time to be carried out.  They sometimes remain dormant and don’t go into full effect until they are triggered by the hacker.  Being able to detect an intrusion to your computer or network could help you fight the war against hackers.

There you have it, ransomware 101 guide. These attacks are extremely lucrative for hackers.  They have the potential to make a lot of money and can cripple the systems that it infiltrates.  Not only that, but by hacking only a small number of machines/servers, millions can be impacted.  Everyone should be aware of ransomware attacks and they should do what they can to try and prevent an attack from happening.  Always double check your emails and never click on anything that you didn’t solicit.  The internet is a dangerous place and as long as people continue to pay the ransom, these attacks are going to continue.  Be smart and stay safe online.

Advertisements

Can Your Social Media Posts Be Used To Hack You?

Photo by Tracy Le Blanc on Pexels.com

Hello, and welcome to another episode of Cyber Security For All podcast.  A podcast all about cybersecurity from Apetech.  I’m your host, Alex and today we are going to be discussing how much personal information you can share online before the hackers come after you. It’s almost impossible to be online these days without sharing personal information.  This information can be information you either willingly disclose or it can also be information you are disclosing without you knowing it.  I’ll be discussing popular internet websites where folks typically share their personal information.  I’ll also be talking about the dangers of sharing your personal information. But, like everything in life, there is a balance.  Sharing some information isn’t going to get you hacked.  But just how much information can you get away with sharing and most importantly, are you sharing too much right now?  Let’s talk about it.

Social media has forever changed our lives.  Almost everyone I know is on some type of social media.  And yes, LinkedIn counts as a type of social media.  With all the different social media platforms that we can be on, our personal information gets shared and viewed more than ever.  And social media platforms make it super easy to share personal details about yourself.  Most of the time, we share information because only our friends and family can see this our posts.  But that’s not always the case.  Unless you manually go into your settings and configure for privacy, most of your information is public for anyone to see.  

With the introduction of stories, people post even more because their stories disappear after 24 hours.  This has created a false sense of security which has led to folks sharing even more personal information.  At this point, you may be asking yourself one of two things.  First, if you do not have social media you may think that none of this applies to you, but what about your spouse?  What about your kids?  Are any of them posting information about themselves or your family?  I know that well known youtubers tend to make it hard for people to find personal details about them online.  Information such as their phone numbers and addresses are redacted from the internet.  But, I know a lot of youtubers that also share their spouses name.  I have then been able to take their spouse’s name and find them on social media or find their personal information such as their address online.  Just because you aren’t posting things doesn’t mean someone else in your family isn’t.  The other thing you might be thinking is that I’m not a popular person and I’m only friends with people I know.  While this may be true, you never know when they might share a post you put with their friends or if you use a hashtag, you never know who is going to see your content. 

So, what’s the big deal if you post a picture of your kids at the park?  How can a hacker attack you based on something as harmless as a picture of your pet?  Everything about you can be used against you.  And this is not limited to only the internet.  Every public facing thing about you can be used to build a profile against you.  You might be surprised to hear this considering that we are almost half way through 20201, but phishing and social engineering attacks are still the #1 to hack into a company.  How does a hacker ensure success of a phishing or social engineering attack?  By exploiting the emotions of employees everywhere.  How do they know what makes us vulnerable inside?  It’s really quite simple.  All the things we post, every picture, every check-in, every tweet, it discloses something about us.  Hackers can then use this information to get inside our heads.  They can use this information as ammunition to craft a social engineering attack that is more likely to succeed because it is going to be very personal.  

With that said, I’m not saying you need to delete yourself from the internet.  Like everything I’m doing here on my podcast, I am creating this to raise awareness.  If you understand how the information you post on social media or on the internet can be used against you, I think it can help you in the long run.  You might craft your messages and photos differently.  I’ve seen many photos where they have geolocation enabled.  I’ve also seen photos that help identify where you were when that picture was taken.  Hackers can use information like this to find you and potentially befriend you in an effort to get you to trust them.  Before you think that is crazy, how many of you dog walkers have made friends with other folks walking their dog?  These are complete strangers yet you share so many personal details of your life with them because you “know” them.  Maybe it’s true, maybe it’s not.  Be careful.

We have a lot more to discuss on this topic and I’ll be saving that for a future episode.  

There you have it, your why you shouldn’t post so much personal information about yourself online 101 guide. How much information are you sharing online?  Have you ever stopped to think about what or how that information could be used by a hacker to gain access to a computer system?  What about theft?  Or identity theft?  Posting online isn’t just fuel for hackers, other bad people can use it as well to commit non technical crimes.  One last thing I want to leave you with.  It is natural to want to share your information with your friends and family.  Just make sure your permissions across your applications agree with you.  So many think that only their friends see their posts, but in reality, if the post is public, anyone can see it. 

Why You Need to Update Your Software: The Good, The Bad, and The Ugly

Photo by Anna Tarazevich on Pexels.com

Today we are going to be discussing why it’s a good idea to update your software. If you have a phone, computer, laptop, tablet, fridge, doorbell, car, or well, just about any type of device, it most likely is powered by some sort of software.  Software is like a tree. It’s a living thing that needs to be updated every once in a while.  We’ll be discussing why it’s a good idea to update your software and we’ll also talk about why sometimes it’s better to just wait.  

Since almost everything has software nowadays, I’m sure you’ve seen a message or two updating your software. I want to provide two different perspectives.  I want to discuss updating your software from a software engineering perspective and also from a cyber security perspective.  

Let me start with the software engineer side of the house.  Coming from the software world, software is buggy.  Software updates are a means to patch and hopefully resolve issues with the software you have. I’ve personally written software before and it’s not easy. It’s not easy to account for edge cases out there, so eventually, you might run into one of those cases.  Software updates are a great way to get fixes that developers eventually find and fix. However, sometimes these software updates actually break your things.  In what is commonly known as bricking, sometimes software updates can make your devices completely unusable.  This happens because not enough testing is done on the software before it gets shipped.  Depending on the type of software, the manufacturer might have different configurations and they just didn’t account for every single one.  And it is hard to account for every permutation of your software and hardware.  

From a cybersecurity perspective, it’s kind of a double edge sword as well.  When developers discover or become aware of vulnerabilities, they’ll fix them and issue a software patch.  Microsoft has a very famous patch Tuesday where every Tuesday they push out their weekly roll up of software fixes.  This is a great way to close up vulnerabilities that an attacker may take advantage of to exploit your system.  

The overall problem with software updates is that since we have so many we have to update, we end up just ignoring those updates.  This is perhaps the worst thing that can happen.  In some cases, it is good to wait.  I personally never update to the latest major version of a software package.  I always wait until the 12.0.1 version.  Unless you want to intentionally deal with the headaches behind obtaining version 12.0, I would suggest you wait.  Out of all the software being released, a major rev in the version usually indicates a major new feature or system overhaul.  This typically almost always comes with a high price to pay.  The next version, the minor rev, the .01 version, that one is usually a lot better and it’s the one I recommend.  But other than that first major release, I almost always update my software with the subsequent software revs because they will include the bug fixes and vulnerability patches we discussed earlier.  

To deal with being overwhelmed due to the number of applications you need to update, I recommend you do two things.  One, if your system allows it, enable auto-update.  The updates happen in the background and you’ll never know that the system is updating until it is complete.  This feature is great if updating software stresses you out.  The bad thing is that you will not have any control as to what software you are updating.  This is bad because most software release packages contain release notes which let you know what to expect.  If you have auto update enabled, you will not be able to read the release notes beforehand.  My second tip is to dedicate a day once a week or once a month where you update all of your devices.  These updates are usually very important.  Not updating is worse than updating.  If a device that you own, like your car, has a vulnerability that can be exploited by a hacker, something really bad can happen.  This catastrophic event could be eliminated if you just update your car’s software.    

There you have it.  Your why you should update your software guide 101. Which of these methods are you currently implementing? Are you thinking of implementing a new tactic that you might now have known about? One last thing I want to leave you with.  Updating your software is becoming increasingly more important.  I get that it can be annoying having to deal with all those software updates.  Back in the early days of the iPhone, I remember having to update 20-30 apps on my phone every other week.  I hope that you learned that updating your software is critical not only for software stability, but also to increase your cybersecurity posture.  Hackers have specialized software that will identify the software version of your devices and then know exactly which attacks can work on that device.  This is a constant game of chicken and egg between software manufacturers and hackers.  We just get to play in their game and we should do whatever we can to stay ahead of hackers whenever possible. 

Advertisements

3 Tips to Permanently Delete Files From a Hard Drive

Photo by Azamat Esenaliev on Pexels.com

Today we are going to be discussing how to wipe a hard drive to protect your data.  If you’ve ever sold a computer or bought a used computer, chances are that data was and still on that hard drive.  Truly wiping a hard drive requires specific tactics that I’ll be discussing today.  By the end of this episode, you’ll have the knowledge and guidance to really wipe your data off a hard drive.

Deleting Files:

When someone wants to delete something from their computer, they usually right-click on a file and click delete.  If they want to be extra cautious, they’ll then go to their recycling bin on their computer and empty that out.  And that’s pretty much it right.  The file is gone and cannot be retrieved anymore.  This would be great if this was what actually happened.  Let me tell you what actually happens when you do this.  Every file on your computer is nothing more than a collection of 0’s and 1’s.  Your computer knows where your files reside on your hard drive and when you want to access those files, your computer goes to the location of the file and retrieves it for you.  When you delete a file from your computer using the steps mentioned above, all you did was simply tell your computer to forget where that file lives, but the file is actually still there.  Deleting the file doesn’t actually remove the file from your hard drive.  With specialized free software, you can easily retrieve the file because this software will find the 0’s and 1’s and put the file back together.  If you really want to delete a file from your hard drive, deleting the file and emptying your recycling bin is not enough to get the job done.

DoD Wipe:

The most effective way to delete a file from your computer is to manipulate the 0’s and 1’s that are on your hard drive.  There are a couple of ways of doing this but the most common way is known as a DoD wipe.  Using specialized software, a DoD wipe is when a hard drive is overwritten three times. The first wipe changes all the bits in a hard drive to 0’s.  The second wipe will change them all to 1’s.  Finally, the third wipe will randomly change the bits to 0’s or 1’s.  After successfully wiping the drive three times, any data that was previously on the hard drive will be unretrievable.  This is because the 0’s and 1’s that used to make up your files have been manipulated so much that they cannot form the original document anymore.  Before you sell a computer or get rid of a hard drive, make sure you wipe it using this method.    

Physical Destruction:

The final method is the most drastic, but the most effective.  Physically remove the hard drive with your sensitive data and find a hammer or drill.  Take the hard drive, place it in a vise or something that can support the drive and start physically destroying the hard drive.  Physical destruction is the only way you can 100% guarantee that your data cannot be recovered should someone else get their hands on it.  It is very drastic and once you do it, there is no going back.  But, if you are looking for some peace of mind and you want to be absolutely certain that no one is going to be able to retrieve your files, this is the only way to go.   

There you have it.  Your how to wipe your data from a hard drive guide 101. Which of these methods are you currently implementing? Are you thinking of implementing a new tactic that you might now have known about? One last thing I want to leave you with.  When it comes to completely deleting your files from a hard drive to the point of no recovery, remember that it is best to simply destroy the hard drive.  This is the only way that you are going to guarantee that no one will ever be able to retrieve any data on that device.

Advertisements

5 Ways to Protect Your Children From Cybersecurity Threats

Photo by Julia M Cameron on Pexels.com

Today we are going to be discussing how to protect your children while they use the internet.  Children are using the internet more than ever and as a parent, there are a few things that you can be doing to help keep your child safe.  We’ll discuss what these things are in today’s episode.

In 2020, many students around the world went digital and went to school online.  My son has been going to school virtually since March of 2020 and he’s most likely going to be online for a while more.  If you child is anything like my son, they spend an incredible amount of time on these devices.  When the pandemic hit, many activities that children participated in got cancelled.  One year later, things are slowly starting to open back up, but my son still spends a good amount of this time on digital devices.  As a cybersecurity professional, I often find myself thinking about how I’m protecting my child from the internet.  I wanted to share five things that you should be doing to maximize your child’s safety while using the internet.  Two of them are going to require you to have difficult conversations with your kids, but I believe that if you execute on these two strategies well, your child is going to be more likely to actually listen.  The last three are more disciplined types of suggestions and I would only recommend you follow up on them if the first two options do not work.

Talk about the dangers of the internet with your kids:

The internet is a dangerous place.  No matter how hard we try as parents, our kids are eventually going to stumble upon something that they shouldn’t.  Rather than disciplining your kid when this happens, you should converse with your child and let them know that they need to be careful online.  I have personally sat with my son and explained to him that there are criminals, dangerous websites, viruses, and other bad things on the internet.  I’ve explained to him that he should only be on websites and youtube channels that we have reviewed together and deemed appropriate for him.  If he ever wants to venture into a new territory, it’s fine, but we just need to review them to make sure they are safe for him.  I’ve explained to him that he can’t trust people on the internet.  He needs to be cautious of what information he puts out there and should limit his communication to his friends and peers that he knows in the real world.  I can’t be there with my son for every interaction he does.  I have to hope that by building trust, he’ll notify me of things that he knows he shouldn’t be doing.  For example, he knows not to tell other players in roblox where he lives or any personal details about himself.  When he wants to talk with his friends, they open up a Facetime session and discuss through that medium.  I’m not too worried about him going to unsafe websites, but there have been occasions where he’s been asked to download something for a game.  Because I told him we do not download random things from the internet, he knows that he needs to ask and brings these things to my attention.  I know it’s not perfect, and trust is key for this tactic to work, but so far, it has worked wonderfully for my family and I’d recommend you try it as well.  It’s much better than disciplining kids when they make a mistake because they don’t know the dangers of the internet.

Empower your kids to make good choices:

My son is well versed in the world of cybersecurity.  He knows not to click on links he didn’t specifically request.  He knows not to download anything.  He knows he’s not supposed to provide any personal information.  He sticks to websites and games that have been approved by his parents and whenever a new opportunity pops up, we all review things together to make sure they aren’t going to harm him.  With this backbone in place, my son is able to make good decisions for himself.  If a friend tells him to play a game that isn’t approved, he doesn’t just fire up the game. My son makes sure he goes through the proper channels to make sure I’m aware of the game.  My son knows what he is and isn’t able to do online.  But what is important here is that I explain to my son why he isn’t able to do certain things.  I explain with examples he can understand and for the most part, I do not have to worry about my son making the wrong decision.  I’ve armed him with the right reasoning so that he can make the right choice when I’m not around to help him out.  I encourage you to talk to your kids and empower them to make the right choices.  

Know what they are doing online:

It is important to know what your kids are doing online.  There is an infinite number of things they can be doing or watching and it is important to stay on top of that.  Monitor YouTube channels and websites.  Know which games they are playing and the ratings for each game.  Know what sites they might be visiting that might be compromising the cybersecurity integrity of your home network.  Know what they download to their computers as this might introduce threat vectors to your home computers and/or network.

Know who they are talking to:

It is important to know who your kids are talking to online.  The internet allows you to hide your true identity.  If you remember the old movie First Kid, then you probably remember the relationship the president’s son developed with someone in a chat room.  Eventually that relationship was exploited and the bad actor tried to kidnap the president’s son.  While this is a hollywood movie, it is important to know that these things can happen.  This especially true with teens.  Be mindful of who your children are talking to.  You never know when someone might try to use your kids to pull off a social engineering attack on either them or you.  

Parental Controls:

Finally, and this one as old as the internet, set up parental controls.  They are there for a reason.  Limit websites and time that your children can be online.  While this is clearly a way of enforcing safer internet practices, it does come at the expense of trust.  Whenever someone is told they can’t do something, they always try to find a way around.  Setting up parental controls might be effective, but rest assured that they can be easily bypassed.  You might even fall victim of a social engineering attack from your child in an effort to retrieve the parental control password.  I have parental controls for my kids but strictly for websites that I know they should never under any circumstance visit.  But, everything else, I let them make their judgement.

There you have it.  Your how to keep your children safe while online guide 101. Which of these methods are you currently implementing? Are you thinking of implementing a new tactic that you might now have known about? One last thing I want to leave you with.  When it comes to cybersecurity in your home, it is important that everyone be onboard.  If the adults are trying really hard to not get hacked, but your children are introducing malware to your computers, you clearly have a vulnerability in your house.  Teach your kids about cybersecurity and how to use the internet safely.  Failure to do so could result in a cybersecurity attack.  

Can You Trust Your Operating System’s Privacy Settings?

Photo by Thomas Windisch on Pexels.com

Today we are going to be taking a deep dive into your Operating System’s privacy. Piggybacking off my episode last week, I want to explore different popular operating systems consumers own and see which one protects your privacy the most.  Maybe it is time that you change up your computer. 

Continuing with our theme of privacy, I wanted to take a deeper look at how our operating systems are protecting our privacy.  I had heard a lot of things about Windows 10 spying on their users.  For this episode, I’m going to stick to discussing just computer operating systems.  In a future episode, I’ll compare iOS with Android.  We spend a lot of time on our phones, and I think it’s worth going deeper and discussing how our phones track our every move.

The three main operating systems I’m going to be discussing today are: Windows 10, Mac OS and Ubuntu.  The first two are pretty well known, but the third one is one of the more popular Linux distributions that most people use.  Similar to my last episode, I’ll be reviewing privacy settings and policies that each operating system has.  You might be surprised with what I find.  I haven’t done the research yet, so I’m expecting my research to confirm my suspicions.  I predict that Windows 10 will be the worst operating system in terms of protecting your privacy.  I predict Ubuntu to be the one that protects your privacy the most.  Let’s see if I’m right.

Windows 10: 

Let’s start with the most popular operating system of them all.  Windows 10.  Microsoft started doing a very interesting thing with Windows 10.  If you’ve been around computers for a while, then you probably remember service packs.  It would take years to develop an operating system and every once in a while, you’d download a massive update.  These updates were far and few.  With Windows 10, Microsoft releases an update twice a year now.  Usually in the form of a Spring and Fall update.  With each update, Microsoft revises their privacy policies and opt users back into configurations that they have had changed before.  Windows 10 comes with an advertising ID.  You can turn this ID off if you do not want to receive personalized ads.  Windows 10 is also consistently sending data back to Microsoft so that they can improve your Windows experience.  If you are jumping between multiple Windows 10 computers that you own, Microsoft has something called activity history that allows you to switch computers and pick up where you left off.  A great convenience feature that comes with a significant cost to your privacy.  If you have a laptop, you can bet that Microsoft is tracking your location as well.  Windows 10 also has access to your camera and microphone.   This means that Microsoft can potentially hear and see you.  As you can see, Microsoft does a lot of tracking.  There is a privacy setting that allows you to toggle all these settings, but I’ve heard that Microsoft has the tendency of reverting these values back to their default (opt-in) values every time you update.  I personally haven’t seen this happen, but I’m going to keep an eye out for future updates. Let’s talk about Mac Os next.

Mac OS:

Apple does things a little differently here.  While Mac OS is tracking you a bit, it does so with a little more finesse.  Location tracking is enabled on your mac, but you have to allow apps to use the data.  Even within the Find My ecosystem, Apple claims that only you can see the location of your personal devices.  This means that Apple and other 3rd party entities can’t see your computer’s location.  Similar to Windows, Apple does collect some data to help improve the overall experience. And that’s about it.  Mac OS isn’t trying to make money off of you and Apple encourages you to use Safari since it will also work to protect your privacy.  Apple has their voice assistant and they do not associate your requests with your identity.  Every request is from a random identifier.  Apple can’t read your iMessages either. It’s all encrypted.  Apple’s newest computers come with an onboard machine learning chip that allows Apple to enhance the user experience without ever having to send data back up to Apple for processing.  Overall, Apple values your privacy a lot.  Let’s see how these two OS’s stack up against the free Ubuntu.

Ubuntu:

Similar to the other two, Ubuntu collects data from your computer to help improve the overall experience.  Like with the other two, you have the option to opt out of this.  Ubuntu is transparent with what they collect and nothing too personal is ever collected from you.  And that’s it.  Like Apple, Canonical, the makers of Ubuntu, really do care about your privacy.  

There you have it.  Your operating system 101 guide. Which operating system are you currently using? Are you thinking of making a switch based on the information presented?  I know that I use all three operating systems and I’m going to be reviewing my Windows 10 settings to make sure Microsoft stays away from my private data.