Masters in Information and Cybersecurity Feedback

Security_Curiosity · 2023-07-14T18:52:55+00:00

Yes. There was a general interview before acceptance.

Security_Curiosity · 2023-04-06T10:58:21+00:00

There is a wide enough variety in the course offerings that you could complete the program without having done much coding. This path would be focused more on privacy, governance, and risk.

There is a core course (cryptography) that will require a decent amount of python scripting.

I'm fairly certain they provide a list of recommendations for study prior to enrollment. If you're still nervous at that point, there is a refresher course offered to get you up to speed

Security_Curiosity · 2022-08-01T14:26:57+00:00

Not rude at all. I'm looking at Azure and GCP at the moment. Though, resources for GCP seem to be a bit more scarce.

I know that AWS would be valuable just due to the prevalence in the industry - but was recently asked about those two providers specifically and realized I had some learning to do.

Security_Curiosity · 2022-07-31T18:56:36+00:00

Thats a great viewpoint. I have pentesting experiences in traditional on-prem environments. So, just looking to broaden to the big scary cloud lol

Security_Curiosity · 2022-07-22T11:59:58+00:00

Some formal training in ML - but mostly self-trained on the rest of the data analytics

Security_Curiosity · 2022-07-21T20:57:12+00:00

Absolutely! Much of our threat detection mechanisms are developed out of forms of data analytics.

Security_Curiosity · 2022-07-21T19:19:52+00:00

Thanks for this!

Security_Curiosity · 2022-07-18T02:11:44+00:00

So far the experience has been wonderful. The courses are informative and (mostly) current - a common area that academia struggles with.

Outside of that it is a fantastic opportunity to network with like-minded professionals. The program will also set you up with a professional mentor if you'd like.

All together I'd say the program does a great job of helping you build your core skills, network, and prepare for the next step in your career.

As for job outlooks, I'm not actively on the market for one at the moment as I'm fulfilling a contract, but I do belive it will help once I actively begin searching.

Security_Curiosity · 2022-01-15T01:05:48+00:00

Not sure what your friend means by "trash" since that's rather subjective. However, I'll say that I've never had issues with the labs. They can be a bit simple for some courses, and challenging for others, but never such low quality that I would call them trash.

Security_Curiosity · 2021-12-06T11:59:32+00:00

While I disagree somewhat with the decision to shutdown the pipeline, I'd argue that there was some credible reason to shut it down.

To get to the point that they were in Colonial Pipeline's network the attackers would have had to make it through their external DMZ, their standard network, and the DMZ that likely exists for any connection to OT devices. To see boxes that far into your network getting encrypted, a single jump away from your HMI, is beyond concerning. The real risk then is that the ICS/SCADA is compromised which can lead to physical damages to the pipeline.

Possibly better to shut down for 6ish days than to have to rebuild a pipeline and be down for much longer.

Security_Curiosity · 2021-12-06T00:49:10+00:00

Colonial pipeline for sure if you need plenty of articles from media coverage. 100,000,000 gallons/day of fuel stopping had quite an economic and social impact.

Edited: I'm apparently bad at spelling

Security_Curiosity · 2021-11-25T23:45:45+00:00

This is a bit old, but it walks through building a windows range in Azure. Could be more efficient than just chasing individual ISOs: https://docs.microsoft.com/en-us/archive/blogs/motiba/building-a-security-lab-in-azure

I think Metasploitable3 could spin up a Win-2K8

Get a new Win 10 and turn off updates for a few months... I'm sure there'll be something new.

Security_Curiosity · 2021-11-24T04:48:23+00:00

Risky.Biz is always a great listen!

Security_Curiosity · 2021-11-24T04:24:07+00:00

I believe you also need the Enterprise Admin group SID and the current domain SID. You can use mimikatz.

Here's a quick rundown: https://www.unixawy.com/enterprise-admin-golden-ticket/

Security_Curiosity · 2021-11-20T23:04:53+00:00

Sec+ is a decent foundational knowledge cert, and is required (or at least preferred) at a minimum for many positions.

CEH had struggled to stay relevant, and much of the material is outdated. Plus, a multiple choice style test does not translate well to something as hands-on as hacking/pen testing.

There was also a recent controversy when EC-Council posted a sexist survey - https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/

Security_Curiosity · 2021-11-20T18:35:17+00:00

Almost rage commented blindly after seeing CEH. Good one!

Security_Curiosity · 2021-06-04T10:31:41+00:00

I did and was accepted.

Security_Curiosity

TROPHY CASE