RSS

Good Friday Just Became Better – With My CCSK Certification!

Holy Moly – The sweet taste of achieving the much coveted certification in the wake of furthering my Cyber Security journey. Aced the certification with a strong 90%. I’m now Certified Cloud Security Knowledge (CCSK) certified. My Good Friday just became a whole lot better!!!

 

It’s been sometime that I’ve been dragging my feet and finally decided to write the CCSK certification. Been busy with authoring and mentoring (cannot really complain as it’s my passion) hence, the delay. Like they say – better late than never!!

CCSK

In the following sections I’ve shared my experiences, my preparation, the insights and details to the certification exam. Hope these get you to your own CCSK summit.
The exam itself – This exam has been there for sometime now and I took the v3.0 (v2.1 is alo available but hey, latest is greatest right!). CCSK is a pretty comprehensive exam. It covers all basis (and more) from cyber security / security from a Cloud Service Provider (CSP) and a Cloud Consumer perspective, and then some. It also addresses domains which are usually blind spotted for example – cloud risk management, vendor management, supply chain management and such.

The insights to the exam – The exam can be daunting if you have little to no security experience and specially – if you come in with minimal (all encompassing security) virtualization, security controls, risk management, physical security and traditional DC experience. The exam consists of 60 questions – multiple choice and true and false type, to be completed in 90 min. It is an open book, take anywhere exam however, that doesn’t demean its importance at all, in fact – it take a lot of time to understand the subjects and topics and then be prepared for the exam itself. It’s the journey in this matter that’s much more valuable than the result itself.

My experience during the exam – I completed the first pass in about 30-35 min (of the allocated 90 min) and marked all questions for second pass (Yes, you can mark questions for review and come back to them). Finally submitted the questions for grading by 45-50 min mark and passed with 90% (80% is the minimal score to pass) and that calls for a jolly moment!

The preparation – For the prep I used the two documents (both available here https://ccsk.cloudsecurityalliance.org/index.html) i.e.

  1. Cloud Security Guidance https://cloudsecurityalliance.org/research/security-guidance/
  2. ENISA Cloud Risk Assessment Report: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport

These two documents cover all basis in terms of questions. Just a thorough read and you should be fine.  One of my dear and old time friend (who happens to be a security geek as well) Sumanta Bhattacharya helped me by brainstorming on the topics and coming out with logical and conclusive derivations.

Summarizing – This is a certification that’s a must to do for security practitioners and professionals who intend to or currently engage with cloud. An excellent certification that pushes a person beyond their scope of thinking in context of Cloud and so much more.

 

Advertisements
 
1 Comment

Posted by on April 15, 2017 in Cyber Security, Security Posts

 

Tags: , , , , , ,

Cyber Ops – Up Up and Away!!!

I’ll be spending a good amount of time doing something that I’m passionate about and which I think brings me the satisfaction of knowing that it will be a career catalyst for many professionals (especially security professionals).

To be precise, I’ll be spending most of my time from late Mar till May writing on Cyber Security. Now, it matters how this time I spend and the material I author helps the larger community gain from it – and that’s been my motto since I stepped up as an author and an evangelist.

Demystifying: I’ll be authoring Cisco’s latest Cyber Security / Cyber Ops on two fronts – writing the practice tests / question banks (to go with the premium content):

  • Cyber Ops – SecFnd
  • Cyber Ops – SecOps

I’ll be writing practice question banks which will help the CCNA Cyber Ops aspirants to attain these world-class cyber security certifications. These practice tests will be available as part of the premium package with the following books written by Omar Santos and Joseph Muniz.

CCNA SECFND: http://www.ciscopress.com/store/ccna-cyber-ops-secfnd-210-250-official-cert-guide-premium-9780134609010

CCNA SECOPS: http://www.ciscopress.com/store/ccna-cyber-ops-secops-210-255-official-cert-guide-premium-9780134609027

I have to admit that Cisco has come a long way and now with these certifications, the gaps from InfoSec and CyberSec would be more than addressed. These certifications are bench-marking in terms that they will help bridge the gap between the old and new security paradigms – network and cyber.

All in all – I’m enjoying my time writing these questions and hope that they will help the aspirants succeed in their attempts to grab these two really cool certifications.

Happy learning and reading!

 

 
Leave a comment

Posted by on April 11, 2017 in Cyber Security

 

Tags: , , , , , ,

Terminator and SkyNet might be here before you think!

Terminator movies have taught us a couple of important lessons – Whatever you do you cannot control the destiny. And, don’t let all the control to the machines.

That said – with IoT beginning to connect ‘Things’ and with no security standards (well not much of them anyway) established during the IoT wars; don’t you wonder if that ‘smart’ machine in your home or office is secure enough and will absolutely do what it’s supposed to do?

Time to think again! A recent publication by SCMagazine clearly articulates the fact that it’s about time that security was made paramount before going live with anything that is ‘smart’ enough to take decisions.

An excerpt follows:

As many of these “smart” machines are self – propelled, it is important that they’re secure, well protected, and not easy to hack. If not, instead of helpful resources they could quickly  become dangerous tools capable of wreaking havoc and caus ing substantive harm to  their surroundings and the humans they’re designed to serve. We’re already experiencing some of the consequences of substantial cybersecurity  problems with Internet of Things (IoT) devices that are impacting the Internet,  companies and commerce, and individual consumers alike. Cybersecurity problems in  robots could have a much greater impact. When you think of robots as computers with  arms, legs, or wheels, they become kinetic IoT devices that, if hacked, can pose new  serious threat s we have never encountered before.  As human – robot interactions improve and evolve, new attack vectors emerge and threat  scenarios expand. Mechanical extremities, peripheral devices, and human trust expand  the area where cybersecurity issues could be  exploited to cause harm, destroy property,  or even kill.

Reference: https://media.scmagazine.com/documents/287/hacking-robots-before-skynet_71714.pdf

There are references of incidents where life threatening situations occurred because security was at loss for example:

  • A robot security guard at the Stanford Shopping Center in Silicon Valley knocked  down a toddler; fortunately, the child was not seriously hurt
  • A Chinese – made robot had an accident at a Shenzhen tech trade  fair, smashing a  glass window and injuring someone standing nearby
  • In 2007 a robot cannon killed 9 soldiers and seriously injured 14 others during a  shooting exercise due to a malfunction
  • Robotic surgery has been linked to 144 deaths in the US by a recent study

Time to wake up to reality that (cyber) security controls are more than desired with robotics let apart IoT; the mother ship of connectivity (and increases the attack and exploit surface manifold).

Bottom line: Trying to let control go to leverage automation may not be a good idea unless there are strict security norms and cyber security controls in place.

Watch out – that smart machine may be just too smart for your liking!!!

 
Leave a comment

Posted by on March 15, 2017 in IoT Security

 

Ransomware as a Service – It’s as real as it gets!

The world of information technology is changing rapidly. So much so that – now you can get your hands on a service that offers creating ransomware to commission based returns on jacked machines. Yes, that’s true.

Here’s an excerpt from an ‘underground’ forum:


Satan is a free to use ransomware kit, you only need to register on the site to start making your viruses. Satan only requires a user name and password to create an account, althrough, if you wish, you can set a public key for two-factor authentication.
Satan has a initial fee of 30% over the victim’s payment, however, this fee will get lower as you get more infections and payments. All of the user transactions are covered by the server, you’ll always get what the victim paid, minus the fee of course.

When creating your malware you can specify the ransom value (in bitcoins), a multiplier for the ransom after X days have passed, the number of days after the multiplier takes place, a private note so you can keep track of your victims.
Satan is free. You just have to register on the site.
Satan is very easy to deploy, you can create your ransomware in less than a minute.
Satan uses TOR and Bitcoin for anonymity.
Satan’s executable is only 170kb.

If english is not your first language or you speak a second language you can translate the ransom notes to help your victims understand better what is happening.
In case you’re looking for a way to spread the ransomware, there is a droppers page, where you can generate a crude code for a Microsoft Word macro and CHM file.

If you have any problem with the ransomware, you can report it using the leftmost button on the malwares table. The middle blue button is used to update the malware to a newer version, if available, and the green one is used to edit your malware configuration.


 

All in all – this is a big step forward in luring in and incubating talent pertinent to ‘Anti-Security’ professionals aka. hackers, attackers, and the list goes on.

The the humorous part is that – the way this has been publicized; it’s much much better than any security vendors’ product or service offering in terms of marketing the packaged product.  An its an excellent business model for the provider as it fuels not just their current investment however, also takes it a notch up and adds to the revenue from the exploits to next iteration of R&D.

 
Leave a comment

Posted by on February 7, 2017 in Security Posts

 

Security Keynote at Total Security Conference

Last week I delivered a Keynote at Total Security Conference in Hong Kong. This was to share today’s security trends and Juniper vision on cloud as the platform to deliver security. It was both really insightful and fun connecting with the audience; understanding the security landscape in the region and getting to know what the C-Level is looking from a solution perspective to tag along the business imperatives.

Get a sneak peak of the session at http://www.questexevent.com/TotalSecurityConference/2016/hongkong

The slides used for the keynote should be available shortly.

Here are a few photos from the event._DSC2109

 
Leave a comment

Posted by on May 17, 2016 in Events

 

CIPTV2, It’s Official. And its here!!!

Yes, that’s right. Of the two books which were soon to be published – one is published. And so, it’s official – my third book (this time as a co-author) in its physical self – hard cover, 450+ pages. Feeling excited and ecstatic!!!

If this topic interests you or someone you know, please read it or recommend it and provide your invaluable feedback. The book is available at following link.

http://click.linksynergy.com/deeplink?id=aV8WWcTd0Yc&mid=24808&murl=http%3A%2F%2Fwww.ciscopress.com/store/implementing-cisco-ip-telephony-and-video-part-2-ciptv2-9781587144554

 

ShowCover.asp

 
Leave a comment

Posted by on March 29, 2016 in CCNP Collaboration

 

Tags: , , , , , , , , ,

Third Time is a Charm!!! Upcoming CIPTV1 and CIPTV2 Books

It’s said that third time is a charm. Looks like it is indeed the case when it comes for me to author books.

After the first two books – Securing Cisco IP Telephony Networks and CCIE Collaboration Quick Reference, I’ve yet again conjured my author spirit and have co-authored two more Cisco Press books.

The first to hit the shelves in late Mar to early Apr 2016 is Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2) followed by Implementing Cisco IP Telephony and Video , Part 1 (CIPTV1) which is set to be released in Jul 2016. These are part of the new CCNP Collaboration exam and are absolutely revamped from earlier avatars.

CIPTV1 addresses CCNP Collaboration Exam 300-070 while CIPTV2 addresses exam 300-075.

Both books are available for pre-order (both e-book and paperback) at following links:

Addressing CUCM architecture to design to deployment, Cisco VCS, Cisco Telepresence based Video Conferencing, Cisco Expressway, and many more topics – these books pack a punch!!! Of course, they’re aligned with the CCNP Collaboration exam blueprint so they are go to reference material to pass CIPTV1 and CIPTV2 exams with flying colours.

ShowCover.asp

 

ShowCover.asp2

I hope you enjoy reading these books as much as I enjoyed writing them 🙂

 

P.S. More stuff to follow including webinars, excerpts, reviews and much more shortly.

 
1 Comment

Posted by on March 14, 2016 in UC Security Posts

 

Tags: , , , , , , ,