Understanding the Digital World, and Staying Safe on Cyberspace!
Recently, I was at the Singapore Airshow to showcase what my firm offers in terms of cybersecurity solutions contextualised to the aviation market. Being a trade show, I was privileged to have met many different partners and stakeholders who would otherwise communicate with us typically via teleconference calls. Being the first huge trade show I…
Being my first cybersecurity management certificate (the CISSP), taking this differs from most of my earlier cybersecurity certifications, which focused around various skills in offensive security (penetration testing, exploit development e.t.c.) To some extent, I had to take this with a different approach — one with a stronger foundation in conceptual knowledge, and to a…
Last year, I was interviewed by the Straits Times on the future of work. But I did not predict how many people would ask me about a cybersecurity career in 2023. I was once in this position in 2016, after graduating with a Physics degree. Knowing nothing about cybersecurity, I somehow applied for one such…
While the ChatGPT hype might not be so fervent anymore, many of us have internalised ChatGPT’s capabilities into our everyday life. I tried to provide it ten different types of tasks, and have provided some commentary on how we “might” get ChatGPT to work better for us. (In this post we play with the free…
*This course review is written rather differently from others you may have read. I doubt I need to re-invent the wheel here; build on the great reviews written by folks such as Space Raccoon, nop (allegedly guilty of breaking the Offsec mail server by accident), and epi052. Rather, this review takes a slightly more philosophical…
Several friends in different social circles had talked up the Quantic MBA since it was free. But I was a cybersecurity professional. Why did I need to read a MBA now? I decided to do it anyway, and I am glad to report I have survived. Why I Did It Perhaps the answer can be…
*FUD also stands for “Fully UnDetectable”, which describes malware that evades the bulk of commercially used antivirus products. PEN-300 naturally continues where PEN-200 leaves off, for more advanced techniques. After all, OSCP skills alone will not beat modern mitigations; we must try harder. What Do I Really Need Before PEN-300? There has been a trend…
I have decided to share a post written by Naomi, a CISO, on her views on whether a cybersecurity career requires IT fundamentals. She summarises her position as follows: You don’t NEED to know networking, computer hardware, operating systems, databases, or anything deeply technical to start in cybersecurity. All you need is a high level…
A few weeks after I signed up for Cracking the Perimeter (CTP), CTP was retired. Some infosec friends thought I got the short end of the stick, because the course content had not changed in a long while. That is half-true; newer exploit development techniques are now in the while, and CTP only covers the…
Yesterday, I left my first job. Four years in an organisation is neither a long nor short time, but it was the organisation that made me who I currently am today. My journey into cybersecurity was different from most. I was not a 16-year-old whiz kid who conquered the OSCP. Neither was I a Computer…