Increasing my Cyber Security Knowledge

Increasing my Cyber Security Knowledge
I wrote this post as a diary entry in Jan 2016 towards my goal of acquiring expertise in Cyber Security. Since then I have been following this as guide and have added resources and material for it to become a reference for me to keep my learning aligned to my goals.   
     
Cyber or Internet is such a vast field that learning about it and its security is huge exercise. Cyber Security issues spread over the realm of technical, managerial, policy, law and warfare. In 2016, I have set myself to learn about this field by covering the entire gamut. As the growth of technology of cyber realm moves very fast, it is essential to remain updated and well read. All this learning can be acquired through online courses, blogs, magazines and books. In the next few paragraphs I will cover the resources I am using to update, enhance, upskill and educate myself on Cyber Security. I would love to receive feedback on my selected choices as well as suggestions for other methods and new ideas to further my aim.
      Having a graduate degree in telecommunications and a postgraduate degree in Computer Science, I already possess a fundamental knowledge of computer science, computer networking, network security and cryptography. However to stay current in today’s context it is essential to stress towards practical application of security, technical controls, regulations and legal aspects. I began my study by taking an introductory course from FutureLearn.com called “Introduction to Cyber Security”. After the course I have started focusing on reading various books, blogs and certifications to increase my knowledge in the field of Cyber Security. I have realized that to develop a deep understanding of any field it is essential to read books. Then, to develop a practical understanding you need to do things hands on. In Cyber Security that can be done by setting up a lab at home using Virtual machines.  Finally to stay updated one needs to follow and read blogs by top security professionals.
Some of the areas where I intend to focus are Application security, Risk Management, Security Governance, Disaster recovery and Business Continuity. The regulatory requirements I intend to focus on are HIPAA, PCI DSS and Sarbanes-Oxley. For books I homed on to the Cyber Security Canon by Rick Howard CSO of Palo Alto Networks which is a very exhaustive and carefully selected list of books on Cyber History, Cyber Crime, Cyber Espionage, Hactivism and Cyber Warfare. As the list was quite long I pruned the list and have added a few of my own choices.
      To remain updated on current happenings I have joined twitter and am following prominent security researchers and specialists and have also subscribed to their blogs. Most of these are include in the list are part of the top 100 influencers in Information security. Prominent among them which I follow on Twitter are Troy Hunt , Lesley Carhart, Bruce Schneier, Kevin Mitnick.  Prominent blogs I follow are Krebs on Security, Schneier on Security, Taosecurity and Naked Security by Sophos.  
       Besides the introductory course from FutureLearn & Open University, Coursera has number of useful courses on Cyber Security. They also have a specialist track on Cyber Security with Fundamentals courses and a capstone project. The courses in the specialization are Usable Security, Software Security, Cryptography and Hardware Security. Troy Hunt has two free courses hosted by Varonis on Web Security Fundamentals and Introduction to Ransomware. Cybrary is a website focused on providing free material on Cyber security and has a lot of material on this field.

        To cover the cyber aspects of my own country, I intend to study Indian Cyber laws (IT Act and IT Act Amendment 2010), specific cyber breaches in India, case studies related to Indian companies, cases of cyber breaches and crimes within India and various organization tackling cyber threats in India. I also intend to follow organisations such as DSCI , CERT-IN and STQC to be current with Indian regulation, laws and policies.

      Finally to ensure I cover all the fields I have decided to study for and earn the CISSP certification. CISSP covers all the domains of Cyber Security. Even though it is described as “mile wide and inch deep”,  I intend to combine it with my learnings from reading the selected books, identified blogs, online courses and try out practical aspects of security to become well rounded and knowledgeable information security professional. I have already the CISM exam in 2013 which covers Information Security from a management perspective. However I need to refresh my knowledge and understand the real life application of the concepts learned.

       Please do give me feedback and suggestions on what I could do better to understand this field and gain required knowledge. I will write more posts on specific resources and trainings as I go along studying and learning from them.

Comments

Post a Comment

Popular posts from this blog

API Security - A risk based approach for CISOs

       APIs or Application Programming Interfaces are the building blocks of modern applications. As the usage of APIs  and API traffic increases it is likely to be the major attack vector for hackers. APIs are utilised for a variety of purposes such as - share data with partners, customers, and other third parties. As per Akamai, 83 % of internet traffic is driven by APis. While APIs are a powerful enabler of digital transformation, they also present new security challenges. In fact, Gartner predicts that in 2023, API abuses will be the most frequent attack vector. To substantiate that prediction, OWASP has come out with a separate OWASP Top 10 for APIs in 2019. Also multiple organisations such as Coinbase and IRCTC have been affected by API security vulnerabilities in their applications.  To tackle this emerging attack vector, CISOs should understand the key risks associated with APIs. These include: Data Breaches or Data Leakages -  Risk of data le...
Read more

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...
Read more

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...
Read more