The Joys of Python

I’ve been working in the IT industry for almost 20 years now and all of that experience has been in the infrastructure and support side of things…server administration, network administration, consulting, and most recently some management. Programming has never been my strong suit, other than writing the occasional script to automate an administrative task. As I began my journey into InfoSec, I kept reading and hearing over and over how important it is to have solid coding skills if you want to be successful, and that launched one of many sub-journies…this one into the application development world.

The general consensus is that the most useful and easiest to learn programming language for a new security professional is Python, so that’s the language I decided to tackle first. Having skills in Ruby and PowerShell (which I have dabbled with a bit) are also important, but we all have to start somewhere. How does a non-coder become an actual coder who can build things that are useful in an InfoSec career? I’ll let you know as soon as I find out! But seriously, I have made some progress in learning Python, so I thought I’d share a little bit about that here in case anyone else if contemplating the same path.

Why Python?

What can you build with it?

How do you learn it? 

Recommended Resources

Read More

How Israel Is Leading The World In Cyber Security

How Israel Is Leading The World In Cyber Security

I found this great video today about how Israel is leading the world in cyber security. It talks about some of the cyber warfare tactics they use and how so many former Israeli military security engineers have gone on to start a bunch of the online companies we know and work with today.

The most interesting thing in this video is the way they describe how much the utility, manufacturing and pharmaceutical companies are vulnerable to cyber attacks. This is a good video to share with non-technical people to help them understand cyber security risks in layman’s terms with real-world examples.

Read More

How I Built My Home Lab – v1

One of the first things I did when I started learning more about InfoSec in 2018 was to put together a home lab I could use to learn and test with. I decided to do everything using free tools as much as possible, and to run it on the hardware I had available. The whole thing is running in a virtual environment on my 2011 MacBook Pro. I finished it and it works great, but I also realized that I need a more robust lab setup to be able to do the kind of testing needed to learn this stuff at a higher level, so I’m in the process of planning and building version 2 of my lab on more powerful hardware with enterprise-class tools. I’ll detail that in a subsequent post, but version 1 of my home lab is perfect for an InfoSec beginner on a tight budget, so I’ll explain how I put it together.

Shopping List 

1) Install Virtual Box

2) Configure an ISOLATED virtual network for your lab

3) Import and set up the Kali VirtualBox VM

4) Import and set up your vulnerable test VMs

That’s all there is to it…you now have your own mad scientist test lab where you can learn and practice your new security skills without worrying about jail time. Any tips, feedback or suggestions? Have your own home lab building experiences to share? Let’s discuss in the comment section below.

Read More