Tag: privacy

Posted on

So you think you’ve been hacked

As an individual, where do you turn if you think you’ve been breached and your antivirus software tells you nothing?

Your Internet Service providers? Your bank?
Your email provider?
The techie friend of a friend who can find a job in the industry?
Your insurance company?
Your IT department at work?

…or your friendly neighbourhood CISSP®Certified Information Systems Security Professional.

Generally, though, it’s down to you and Google to figure it out.

Take your life offline if you get hacked.

In the meantime, you stumble around telling friends you’ve been hacked or that your tech is crap.

Naturally, social media is a massive help to find out if someone else has the same problem.  In my experience, the emotional pressure is one of the biggest issues.  Feelings of WTF and “why are they doing this to me” cloud your judgement and objectivity.

Don’t be a victim, be a warrior. Hellblade: Senua’s Sacrifice
Posted on

Brutal CIA problems

Trying to get the right balance of Data Confidently, Integrity and Availability is really tough and ever changing.

Any taxi app will need your GPS data to locate you but does that app need to know your ever move ALL the time?

That taxi app now knows when you wake up, go to bed and how often you go to the bottom of your garden. You give this data away for free.  Apps like Uber give the end-user an all or nothing solution knowing very well that users cannot be bother to turn off location services or throw on a VPN when they don’t need a taxi.

Data CIA status is like catching butterflies, it can be done but it’s bloody difficult and requires resilience, tactics and skill.

Your taxi watches you globally
Posted on

Mr. Do! Walking away from the Internet, Intranet, Extranet, Deep Web and DarkWeb

One of my heart’s desires is to walk away from internet connected technologies.

Every day after school in the 80’s

Sounds like career suicide for an Information Security Professional and a little hard to see how I could ever untangle my encrypted connections. My thoughts go back to my first glimpse into tech, as a kid, into Mr. Do! , one day after leaving Bakers Arms, Leyton, East London and heading to E10 7LS.

Arcade folk who didn’t even know my name would eventually call me Mr. Do! because I was always hitting high scores. I had worked out the routines and backdoors.

Who knew my backdoor talents would bury itself so deep into my Digital DNA.

Anyhow the irony of posting something like this on a blog is evident so don’t go there, Sherlock.

I’ve had a touch of the off-line life and I know I can thrive there, especially using a different part of my brain but for now, I’m on it 15-18 hours a day Work, Family, Love and Play.

Posted on

How you got Hacked…..and why

In the past,  I’ve spent hours on the phone trying to show someone how to configure an email client.

Small business put up little fight hackers and snoopers.

Normally intelligent individuals suddenly become dummies when faced with anything “technical”.

Individuals are routinely breached because they are either

Too busy to care about basic hygiene (tech bits)

Have no password management skills

Have no trusted technical support partner

Do not monitor their set-up

…or most importantly, not bothered.

These same individuals take extreme cause with their daily online banking.

Posted on

InfoSec skills – Computer Emergency Response Team (CERT)

As a Small Business or individual, If you were going to hire a Private IT Security Professional here’s what you should be looking for.

Trust me I’m a Professional – Until Dawn™

Loving this 2016 IT Security Job Description

Experience as part of an incident response team (either in-house or as a consultant).

An ability to provide technical analysis and direction for investigations.

An understanding of networking protocols and infrastructure designs; including, firewall functionality, routing, encryption, host and network intrusion detection systems, load balancing, and other network protocols.

An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security.

Willing to work out of hours and public holidays as part of a shift Rota and when on call as needed.

Inherent passion for information security and service excellence.

An ability to analyse and reverse engineer various file types including providing dynamic and static analysis of malware artefacts and binaries as well as other malicious attack files.

Be able to complete post-mortem analysis of network logs, traffic flows and other activities to identify malicious activity on a network.