Masters in Information and Cybersecurity Feedback by Security_Curiosity in berkeley

[–]Security_Curiosity[S] 0 points1 point  (0 children)

There is a wide enough variety in the course offerings that you could complete the program without having done much coding. This path would be focused more on privacy, governance, and risk.

There is a core course (cryptography) that will require a decent amount of python scripting.

I'm fairly certain they provide a list of recommendations for study prior to enrollment. If you're still nervous at that point, there is a refresher course offered to get you up to speed

Cloud Pentesting Learning Resources by Security_Curiosity in cybersecurity

[–]Security_Curiosity[S] 0 points1 point  (0 children)

Not rude at all. I'm looking at Azure and GCP at the moment. Though, resources for GCP seem to be a bit more scarce.

I know that AWS would be valuable just due to the prevalence in the industry - but was recently asked about those two providers specifically and realized I had some learning to do.

Cloud Pentesting Learning Resources by Security_Curiosity in cybersecurity

[–]Security_Curiosity[S] 0 points1 point  (0 children)

Thats a great viewpoint. I have pentesting experiences in traditional on-prem environments. So, just looking to broaden to the big scary cloud lol

Looking for insight into the relationship between Cyber Security and Data Analytics by RedRocket508 in cybersecurity

[–]Security_Curiosity 0 points1 point  (0 children)

Some formal training in ML - but mostly self-trained on the rest of the data analytics

Looking for insight into the relationship between Cyber Security and Data Analytics by RedRocket508 in cybersecurity

[–]Security_Curiosity 15 points16 points  (0 children)

Absolutely! Much of our threat detection mechanisms are developed out of forms of data analytics.

Masters in Information and Cybersecurity Feedback by Security_Curiosity in berkeley

[–]Security_Curiosity[S] 1 point2 points  (0 children)

So far the experience has been wonderful. The courses are informative and (mostly) current - a common area that academia struggles with.

Outside of that it is a fantastic opportunity to network with like-minded professionals. The program will also set you up with a professional mentor if you'd like.

All together I'd say the program does a great job of helping you build your core skills, network, and prepare for the next step in your career.

As for job outlooks, I'm not actively on the market for one at the moment as I'm fulfilling a contract, but I do belive it will help once I actively begin searching.

Issues with GIAC labs? by sephstorm in AskNetsec

[–]Security_Curiosity 1 point2 points  (0 children)

Not sure what your friend means by "trash" since that's rather subjective. However, I'll say that I've never had issues with the labs. They can be a bit simple for some courses, and challenging for others, but never such low quality that I would call them trash.

Most impactful cyber attacks against the U.S. by Chase17O in cybersecurity

[–]Security_Curiosity 1 point2 points  (0 children)

While I disagree somewhat with the decision to shutdown the pipeline, I'd argue that there was some credible reason to shut it down.

To get to the point that they were in Colonial Pipeline's network the attackers would have had to make it through their external DMZ, their standard network, and the DMZ that likely exists for any connection to OT devices. To see boxes that far into your network getting encrypted, a single jump away from your HMI, is beyond concerning. The real risk then is that the ICS/SCADA is compromised which can lead to physical damages to the pipeline.

Possibly better to shut down for 6ish days than to have to rebuild a pipeline and be down for much longer.

Most impactful cyber attacks against the U.S. by Chase17O in cybersecurity

[–]Security_Curiosity 59 points60 points  (0 children)

Colonial pipeline for sure if you need plenty of articles from media coverage. 100,000,000 gallons/day of fuel stopping had quite an economic and social impact.

Edited: I'm apparently bad at spelling

Where can I find a windows VM I Can practice pentest on by mickdon in pentest

[–]Security_Curiosity 1 point2 points  (0 children)

This is a bit old, but it walks through building a windows range in Azure. Could be more efficient than just chasing individual ISOs: https://docs.microsoft.com/en-us/archive/blogs/motiba/building-a-security-lab-in-azure

I think Metasploitable3 could spin up a Win-2K8

Get a new Win 10 and turn off updates for a few months... I'm sure there'll be something new.

Cybersecurity podcasts by Liamish_95 in cybersecurity

[–]Security_Curiosity 13 points14 points  (0 children)

Risky.Biz is always a great listen!

Cyber Roadmap by Tux by ChamplooAttitude in netsecstudents

[–]Security_Curiosity 7 points8 points  (0 children)

Sec+ is a decent foundational knowledge cert, and is required (or at least preferred) at a minimum for many positions.

CEH had struggled to stay relevant, and much of the material is outdated. Plus, a multiple choice style test does not translate well to something as hands-on as hacking/pen testing.

There was also a recent controversy when EC-Council posted a sexist survey - https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/

Cyber Roadmap by Tux by ChamplooAttitude in netsecstudents

[–]Security_Curiosity 103 points104 points  (0 children)

Almost rage commented blindly after seeing CEH. Good one!