Learning from Crowdstrike

On Friday evening, I caught up with a fellow cybersecurity professional over dinner. Luckily none of us had to deal with the meltdown Crowdstrike had caused. But this caused much grief and frenetic hours for our IT administrators around the globe, who had to manually perform workarounds to recover affected Windows servers and clients. Being…

My Cybersecurity Career > Cracking Code

Recently, I was at the Singapore Airshow to showcase what my firm offers in terms of cybersecurity solutions contextualised to the aviation market. Being a trade show, I was privileged to have met many different partners and stakeholders who would otherwise communicate with us typically via teleconference calls. Being the first huge trade show I…

CISSP Review: What Does it Take to Pass It?

Being my first cybersecurity management certificate, taking this differs from most of my earlier cybersecurity certifications, which focused around various skills in offensive security (penetration testing, exploit development e.t.c.) To some extent, I had to take this with a different approach — one with a stronger foundation in conceptual knowledge, and to a large extent,…

Why Did a White Hat Read a MBA?

Several friends in different social circles had talked up the Quantic MBA since it was free. But I was a cybersecurity professional. Why did I need to read a MBA now? I decided to do it anyway, and I am glad to report I have survived. Why I Did It Perhaps the answer can be…

A Fully Understandable Description (FUD) of PEN-300

*FUD also stands for “Fully UnDetectable”, which describes malware that evades the bulk of commercially used antivirus products. PEN-300 naturally continues where PEN-200 leaves off, for more advanced techniques. After all, OSCP skills alone will not beat modern mitigations; we must try harder. What Do I Really Need Before PEN-300? There has been a trend…

A Response to “What are IT Fundamentals” in Cybersecurity

I have decided to share a post written by Naomi, a CISO, on her views on whether a cybersecurity career requires IT fundamentals. She summarises her position as follows: You don’t NEED to know networking, computer hardware, operating systems, databases, or anything deeply technical to start in cybersecurity. All you need is a high level…