Source – Weylon Solis One thing that consistently comes up is the need to secure our business applications, and today, we’re going to demystify some concepts around securing a platform many companies rely on: Salesforce. Think of Salesforce as a super-powered digital Rolodex and operations hub for businesses, managing everything from sales leads to customer Read More …
Tag: security
AZ 900 Study Guide
Core Concepts Describe Cloud Concepts – What is the cloud? Describe Azure Architecture & Services – What services are there? Describe Azure Management & Governance – How you can manage things. In simpler terms, cloud computing uses a network to connect users to a cloud platform where they request and access rented computing services. Read More …
Kubernetes Ingress Controller’s fake certificate
A Kubernetes Ingress Controller’s fake certificate is a security issue because it’s a self-signed certificate, which is not trusted by web browsers or other clients. This means that users will encounter certificate warnings or errors when trying to access your application, and the Ingress Controller is not providing secure communication. Here’s why it’s a problem: Not Trusted: Read More …
SID – Security Identifier
A Security Identifier (SID) is a unique, variable-length alphanumeric string assigned by an operating system (OS), like Windows, to every security principal. A security principal can be a user, group, computer, or process that can be authenticated by the OS. SIDs are fundamental to how these systems manage access to resources. Here’s a more detailed Read More …
Conference Video – Fundamentals – Distressingly Overlooked – David Elfering
In an era increasingly dominated by artificial intelligence (AI), the fundamentals of cybersecurity remain critically important for IT professionals. As organizations integrate AI technologies into their operations, the attack surface expands, creating new vulnerabilities that can be exploited by cyber criminals. Understanding core cybersecurity principles—such as risk management, threat detection, and incident response—enables IT teams Read More …
ACE – Access Control Entries
The Building Blocks of Permissions In the realm of Identity and Access Management, controlling who can access what is paramount. While Access Control Lists (ACLs) provide the structure for managing permissions, the individual permissions themselves are defined within Access Control Entries (ACEs). Understanding ACEs is crucial for IT students to grasp the fine-grained control that Read More …
The Dawn of Autonomous Warfare
The landscape of modern warfare is undergoing a profound transformation, driven by the rapid advancements in artificial intelligence (AI) and the proliferation of autonomous weapons systems. This shift, often likened to the advent of the Maxim gun which revolutionized battlefields, signals a potential end to traditional manned mechanized combat. At its core, autonomous warfare involves Read More …
TARA – Threat Analysis and Risk Assessment
Threat Analysis and Risk Assessment (TARA) is a critical process in cybersecurity that helps organizations identify, evaluate, and prioritize potential threats to their information systems and data. As cyber threats continue to evolve, understanding TARA is essential for protecting sensitive information and maintaining the integrity of systems. This summary will provide an overview of TARA Read More …
Tools – BEAR: Simulating Advanced Persistent Threats for Cybersecurity Education
For aspiring and new information security professionals, gaining practical insight into real-world attack methodologies is paramount. One tool that offers a unique perspective into advanced threat simulation is “BEAR,” a project found on GitHub. Unlike typical vulnerability scanners or compliance tools, BEAR is a compilation of Command and Control (C2) scripts, payloads, and stagers explicitly Read More …
Notes :: Kubernetes
Key topics include: Traditional vs. Kubernetes Challenges: Comparing the challenges of managing applications in traditional virtual machine environments versus containerized Kubernetes environments. Kubernetes Fundamentals: Defining Kubernetes, its origins, why it’s used, and key concepts like cluster architecture, API server, nodes, pods, and network policies. Kubernetes Security Fundamentals: Discussing control plane and data plane protection, including API protection, encryption, Read More …