Week 12

Week 12 - Final Week 

Wow, finally I am in my final weeks of grad school. I remember when I had to write a letter explaining why I had a bad GPA in my bachelor's degree and I wanted to prove myself that I am better than the GPA I had gotten in bachelor's. If nothing unexpected happens, I should be able to graduate MS in Cyber Security with good GPA. I know GPA is not a big concern for someone with many years of work experience, but it just makes me happy that I was able to accomplish something that I wasn't able to before. Thanks to the Air Force and Client Solution Architects for helping me financially to get my degree. Without their support, I would not be able to finish college quickly and with debt free. Who doesn’t like to graduate college debt free? The best part of the Grad school was improving my writing skills and learning necessary cyber skills. I think I have improved myself writing better which something I needed. Thanks to professor and friends who read my assignments and provided valuable comments. The company I work for is excellent who cares about their employees and professional development, so I am not rushing to get a direct cyber-related job. Hopefully, new cyber opportunities show up within the company. I always as a question to myself, did college prepare me for a cyber-job? I think it provided me a basic understanding of the field and how to write various cyber-related reports. At least I know where to start if I ever have to write a threat management, audit, and governance? The ethical hacking class was high technical and taught me how to install a virtual environment, Kali Linux and conduct basic ethical hacking activities in a virtual environment. Overall it is a significant relief to myself finishing college, so I can go back to my normal life spend time with my family and get some certification. I think I can use this picture now..

   

Week 11 Post

Week 11 update:

Wow, finally we are in the final two weeks. It's been an incredible journey, and I am close to graduation. Overall journey with the master's degree was harder than I had initially expected. I am not a big fan of writing long papers, but I think I have improved my writing skills. Still, I have to work on my grammatical mistakes. It's amazing that how professor's feedback helps to improve student style of writing. I have some professor that would not provide any feedback on any assignments. I think all professor should more actively engage with the students and challenge students. In my CYBR 515 class, I had some assignment where I felt like I was challenged and I have to talk to the professor. Also, Cybersecurity program should be more technical rather than just write. It prepared student general security stuff, how to write governance, cyber trends, etc. other than an ethical hacking class, we didn’t have any high technical class. I am close to finishing the degree and surprise to know that we didn’t learn any tools that are being used from the bad/good guys. There got to be the tools which are being utilized by the black hat or white hat hackers. Other than the installation of Linux in a virtual environment, NMAP, etc. tools. I think we didn’t go deep to learn about the cyber tools and methods being utilized from both sides. The university should consider adding a class which is very technical based on programming, scripting, modern tools where student required to involve research and group project. I know traditional universities don't prepare students for a mid-level career, but it should prepare students to take entry-level technical jobs.      

Week 10 Update

Week 9 has been the most challenging week. Writing an action plan for the Harry & Mae's Inc. vulnerabilities made me feel like I had a second full-time job. I would have more time to write an action plan if this was a for my regular job, but unfortunately, I had only a week to come up with a good plan. Also, I had other assignments to complete in the same week. The action plan could be for anything that requires a well-documented list of measures to fix something. For example, an action plan for IT Department to remediate vulnerabilities or a plan to build something. It provides guidelines to fix issues so that the particular goal could be met during a given period. According to an Internet source "An action plan is a document that lists what steps must be taken to achieve a particular goal. The purpose of an action plan is to clarify what resources are required to reach the target, formulate a timeline for when specific tasks need to be completed and determine what resources are needed". Reviewing other students action also helped to understand the process better and efficient way of remediating vulnerabilities. However, there were some big differences in the length of documents. Mine was about 11 pages, but I read some were about 22 pages. I know we don’t have specific length requirements, but I still think that it should be an easy to follow and read for the leadership.

Article 1 review:   

It has been a crazy couple of weeks in the cyber field with the rise of new sophisticated attacks. Malicious software attack around the world and took control of sensitive information demanding money. The most affected area is the healthcare organizations in the Europe where multiple hospitals could not operate because of these attacks. They still trying to figure out who, what and the damages. The name of the ransomware attack is called WannaCry malicious piece of code which attacks various organization around the globe. Computers around Russia, Taiwan Spain and Britain was the severely impacted. They are claiming that it was a leaked program from NSA. This coordinated attack infected thousands of computer and encrypted data. Hackers demanded money to decrypt data. This shows the scale of damage hackers can cause and a good signal of the cyber future. There is no place of weaknesses, and we must secure out content as much as possible. Especially who does business related to sensitive information, they are at high risk. Here is the link if you are interested reading. It is just amazing about the cyber attacks that it is tough to find who was behind the attacks. Here are some pictures about the attacks which are trending online for many days. 

https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20

Week 9 Post

Week 9 update:
It is just amazing how time passes. It feels like last month I decided to go back to college for masters and here I am trying to complete final four weeks. Most people say online college is easy, but I do not agree. It is hard to keep up with the grade because if you lost a couple of discussion board post and lost some points here and there, you are in the B+ category. However, if you invest your time and ask questions, you should be able to overcome the obstacles and finish your degree. There is no place for procrastination in the grad school. I am just sharing my experience, and I can't wait to finish my college. And finally, focus on other things.

Article 1 review:
There is some major cyber news trending online in this week. First one is the phishing attack attempts from Google Docs. I read an article written on RAWSTORY site page about this incident, and it was titled as " Google Docs phishing scam hammers home the importance of safe email habits." This title makes sense as many users don’t care about the security of email content. The phishing scam got so sophisticated that even someone with good cyber knowledge could fall into their trick. Users received an email with an invite to view a document from Google Docs from someone's email address they know. Once you click on it, it spreads to the user's contact list and multiplies. The take a way point from this article was about the importance of knowing the cyber threats and why you shouldn’t click on suspicious emails.

Source:
https://www.rawstory.com/2017/05/google-docs-phishing-scam-hammers-home-the-importance-of-safe-email-habits/

Week 8 update

Week 8 update:

Final four weeks remaining! I am not sure how other students manage their life as most of us work full time, college and family responsibilities. I have two jobs and taking two classes plus wife and 16 months old baby. This was my first time taking two classes. Even though it is very challenging finishing assignment on time, I think eventually it will worth of hard work and dedication. Hopefully, I can finish well and focus on other things I wanted to do. I wanted to go for PHD as soon as I finish my masters, but I have a second thought. First, let me get into the cyber market and get a cyber-related job. My current IT experience will definitely help. Once I have some years of direct experience with the cyber field and add some certification like CEH, CISSP, I will go for PHD. Many of my friends who I went college with are about to finish their PHD in Physics. They are my motivation and I am very committed to have PHD and I know it is not easy.

The challenging part is to improve case assignments each week. If you didn’t do well on the last assignment, most likely you won't do well in the coming weeks since each assignment is built on previous weeks assignment. I lose some points here and there because of my grammatical errors. Otherwise, I am doing well. CYBR 515 assignments are getting easier. First couple of weeks, assignments were very challenging. I really like CYBR 650 assignments format where students get to students work and add suggestion. This helps us to improve our work and improve assignments.

Article 1:
I had to share this even though I also posted this on our class security trends forum.

I am Gmail user for long time and Gmail is no exception when it comes to cyber attacks. hopefully they come up with a solution soon.

Rise of phishing attacks

I am sure most of you have read the news about the recent phishing attacks targeting Gmail users. Very sophisticated phishing scam attack is targeting about one billion Gmail users. Once a user clicks on the phishing email, it spreading to all contact list of the user who clicked on the email. The tricky part is that the email seems to come from a trusted contact and ask users to check out an attachment on Google Docs. Once a user clicks on the link, it spreads to all user contacts. Eventually, hackers will control of your email content. Even someone with good cyber threats knowledge could fall into this. The only thing Google saying is not to click on the link for now. If you read the email carefully, sending field looks as the sender is your contact, but in the recipient field, it is "hhhhhhhhhhhhhhhh@mailinator.com." Most users don’t read an email that carefully. As soon as it comes from someone you know, most likely you will attempt to open it. Some of the recommendations include - first, don’t click on it but if you do open the email, don’t grant access when fake Docs app ask for it. But if you went that far and granted access, go to Google connected sites console and remove access to that app and finally change your Google account password. The scary part is that once the worm enters the Google user's domain, it is very challenging to remove it. Hopefully, Google finds a way to fix this soon. I am a Gmail user and haven't gotten any those types of email, but people are talking about it a lot. It's been trending on the social media for some time now, and some people are having fun and other providing recommendations which will help to educate users about the risks. Phishing attacks are definitely a growing cyber threat trend that something we all should be careful. If you are interested reading the news in detail, here is the link.                    
http://www.nbcnews.com/tech/security/massive-phishing-attack-targets-millions-gmail-users-n754501

Some people are making fun out of it. Here are the some examples from the Twitter.

     

Week 7 Update

Week 7:

So far so good! I had never thought CYBR 515 class would be very challenging. It's not because I am getting a bad grade, but it's because of lack of resources. I know I am not that bad searching for resources online or library. Thanks to the professor who is very responsive and provides guidance if asked. I need to survive six more weeks then I am done. Despite close to finishing my Masters, I still have issues writing especially with the grammar. I take professor's suggestion seriously and try my best to improve. Sometimes when you are close to due and don’t have enough time, there is always a chance of mistakes. I am not a procrastinator though. I start my assignments early. The discussion board has been a great place to learn. The professor making to choose from the different topic is also helpful, so many students don’t end up writing on the same subject. Since this is my final semester, I have to say that online college is not easy. It gives students flexibility, but that doesn’t mean it is any easier than the traditional format. I would highly recommend others to go online if they want to be independent learners. You don’t get to ask questions directly to the professor being an online student, but you are saving time and improving yourself by doing research and asking a question on the class online forum.  I am glad I decided to go back to college, and I am close to finishing. As long as you are dedicated, finish assignments on time, you are good. You should think twice going for masters if you don’t love writing. I am more of a math and science student who likes solving a problem but not necessarily just writing. In the Cybersecurity field, there were many technical assignments, but you still have to write a report for the assignment. For example: if you design a wireless solution for a company, you still write a lengthy report how you would implement the design. Wow, I went little too far sharing my experience. Let's get back to regular topic "What's trending?".

Week 6 Updage: 
Thank God, I am almost half way through my final semester! It's been very challenging. I have to admit I am not good at designing network diagram. Hopefully, I get better since this was my first time designing a network diagram. Reading other students assignments and network diagram helping me to understand better. As usual, discussion board has been my source of learning and understand the different views of students. Some of the assignments from by Security Architecture class are tough. I wish professor would provide us additional information about the topic. We had some assignments where I couldn’t find much information on the Internet or textbook. Well, this is a part of learning. Sometimes you have to go deeper and work hard to find resources. Cyber Security field not meant to be so easy. Also, I read other students question on the professor's online board, and makes me feel ok that I am not doing that bad. We all are on the same page except those smartest ones. I think milestone types of assignments are difficult because if you mess up the first assignment, most likely there is a good chance you won't do good on the next milestone since you didn't build the base well. Applying students and professor's suggestion has been helping me to improve. This is good enough about my experience in week 6. So let's roll back to our usual blog writing style.

Article 1:
I read some news this week. They are talking about the United States might be behind the North
Korea's missile test failure. This may or may not be true, but if it is true, it would be good news for the United States, but the future, it may not be good unless we continue to develop new ways of fighting in the cyber domain. I liked how the news was written on this website (http://www.maxim.com/news/us-hacking-north-korea-missiles-2017-4). If this is true, I hope they always keep this secret as no-one needs to know how they did. Imagine if countries like Iran or North Korea could do the same to the other countries. No matter how sophisticated tool you build, if the hackers can somehow penetrate, your tool is useless since you can't operate how you want. For North Korea, this was an embarrassing moment especially when they were celebrating the 105th birthday of Founder Kim Sung.  

Article 2:

It's unusual and surprising what hackers are capable of doing. In a way, they are the troubleshooters for the good guys. If we didn’t have black hat hackers, I think the newer technology development would be much slower. There are the ones who make IT companies think twice before the design anything or release new products. Whenever a company releases a new tool and claims to be the most secure, hackers eventually hack the tool. This is the fate of the current technology. It's easier to break then build but what hackers are doing is very smart even though they do for various negative reasons. I am trying to refer to this news I read this week which is titled as "Stealing your PIN by tracking the motion of your phone." How is this even possible?

This article says, "Cyber experts have revealed the ease with which malicious websites, as well as installed apps, can spy on us using just the information from the motion sensors in our mobile phones. Analyzing the movement of the device as we type in information, they have shown it is possible to crack four-digit PINs with a 70 percent accuracy on the first guess — 100 percent by the fifth guess — using just the data collected via the phone’s numerous internal sensors.".

Wow, this tells us why we shouldn’t download apps that we see on the app's store. Malicious apps can spy users from the motion sensors which are used in our mobile phones. Even though the study has shown only 70 percent accuracy on the first guess of the PIN used in a mobile, the fifth try got 100 percent score. Most cell phone users are unware of this and continue to use the mobile as usual. It sounds like a serious threat, but this article didn’t give any ideas to prevent from happening. But I think it is always a smart not to click or download any unknown apps. Reading the apps reviews gives a good idea where the apps are good or bad. Some of the smart phones allow having 6 to 8 digit pins or using biometric to log into the cell phones. 

http://www.homelandsecuritynewswire.com/dr20170412-stealing-your-pin-by-tracking-the-motion-of-your-phone