Chris's CYBR650 Blog

End of coursework...beginning of a new path. I started this Cybersecurity program many years ago. Work and other life obligations have prolonged it more than I would have liked, nevertheless, this is the end. It is also coinciding with the end of my military career next spring, and along with that, the choice to decide what work I actually want to do going forward. There are so many niches in Cybersecurity that it is hard to narrow down what to focus on. This program, much like the CISSP I got before starting, is an inch deep and a mile wide. I leave feeling like I know a great deal about nearly all of the critical concepts, yet still understand that each of these topics take years of education and real-world application to even begin to consider yourself an expert. I understand a lot, yet feel like I know very little.  Current Trends in Cybersecurity Conclusion The CYBR 650 course was a great introduction to the topics of assessing the security of a system. In the course...

Action Plans  This week I finished up creating my Action Plan for the Harry and Mae case study in my Current Trends in Cybersecurity course. This is the culmination of many weeks analyzing assets, threats, and vulnerabilities for the simulated enterprise. We delivered an action plan, detailing the steps recommended to fix some of the vulnerabilities. As I was detailing these steps I realized how incredibly complex and difficult some of these actions actually are. For academic purposes, some of this information can be handwaved as we are understanding the process, not necessarily all of the project management projection of some of these tasks we were detailing.       For example, recommending that an organization move from no password policy to two-factor authentication briefs very well, but it can be incredibly complex, expensive, and time consuming. At many points during the drafting of the Action Plan I felt like the employee in the above Dilbert...

Are We More Vulnerable Mid-week? While conducting research this week I stumbled across an interesting statistic in the eSentire 2nd Quarter Threat Report . This is an excellent threat source. Towards the end of this product, they were reviewing statistics associated with phishing. They claim that Tuesdays, Wednesdays, and Thursdays are days that employees are more likely to click on a phishing link. Additionally, Wednesday and Thursday account for nearly 50% of credential submitting occurrences. I had honestly never thought of this before. Generally being interested in social engineering, I wondered why this is true. eSentire Q2 Threat Report Explanations for this Wombat Security's 2018 State of the Phish also highlighted a similar notion. So is this a human thing to be more careless in the middle of the workweek. I could not find anything to support that claim. Monday's are the most common day for a workplace mishap. It is probably more related to the work...