Week 12

Week 12 - Final Week 

Wow, finally I am in my final weeks of grad school. I remember when I had to write a letter explaining why I had a bad GPA in my bachelor's degree and I wanted to prove myself that I am better than the GPA I had gotten in bachelor's. If nothing unexpected happens, I should be able to graduate MS in Cyber Security with good GPA. I know GPA is not a big concern for someone with many years of work experience, but it just makes me happy that I was able to accomplish something that I wasn't able to before. Thanks to the Air Force and Client Solution Architects for helping me financially to get my degree. Without their support, I would not be able to finish college quickly and with debt free. Who doesn’t like to graduate college debt free? The best part of the Grad school was improving my writing skills and learning necessary cyber skills. I think I have improved myself writing better which something I needed. Thanks to professor and friends who read my assignments and provided valuable comments. The company I work for is excellent who cares about their employees and professional development, so I am not rushing to get a direct cyber-related job. Hopefully, new cyber opportunities show up within the company. I always as a question to myself, did college prepare me for a cyber-job? I think it provided me a basic understanding of the field and how to write various cyber-related reports. At least I know where to start if I ever have to write a threat management, audit, and governance? The ethical hacking class was high technical and taught me how to install a virtual environment, Kali Linux and conduct basic ethical hacking activities in a virtual environment. Overall it is a significant relief to myself finishing college, so I can go back to my normal life spend time with my family and get some certification. I think I can use this picture now..

   

Week 11 Post

Week 11 update:

Wow, finally we are in the final two weeks. It's been an incredible journey, and I am close to graduation. Overall journey with the master's degree was harder than I had initially expected. I am not a big fan of writing long papers, but I think I have improved my writing skills. Still, I have to work on my grammatical mistakes. It's amazing that how professor's feedback helps to improve student style of writing. I have some professor that would not provide any feedback on any assignments. I think all professor should more actively engage with the students and challenge students. In my CYBR 515 class, I had some assignment where I felt like I was challenged and I have to talk to the professor. Also, Cybersecurity program should be more technical rather than just write. It prepared student general security stuff, how to write governance, cyber trends, etc. other than an ethical hacking class, we didn’t have any high technical class. I am close to finishing the degree and surprise to know that we didn’t learn any tools that are being used from the bad/good guys. There got to be the tools which are being utilized by the black hat or white hat hackers. Other than the installation of Linux in a virtual environment, NMAP, etc. tools. I think we didn’t go deep to learn about the cyber tools and methods being utilized from both sides. The university should consider adding a class which is very technical based on programming, scripting, modern tools where student required to involve research and group project. I know traditional universities don't prepare students for a mid-level career, but it should prepare students to take entry-level technical jobs.      

Week 10 Update

Week 9 has been the most challenging week. Writing an action plan for the Harry & Mae's Inc. vulnerabilities made me feel like I had a second full-time job. I would have more time to write an action plan if this was a for my regular job, but unfortunately, I had only a week to come up with a good plan. Also, I had other assignments to complete in the same week. The action plan could be for anything that requires a well-documented list of measures to fix something. For example, an action plan for IT Department to remediate vulnerabilities or a plan to build something. It provides guidelines to fix issues so that the particular goal could be met during a given period. According to an Internet source "An action plan is a document that lists what steps must be taken to achieve a particular goal. The purpose of an action plan is to clarify what resources are required to reach the target, formulate a timeline for when specific tasks need to be completed and determine what resources are needed". Reviewing other students action also helped to understand the process better and efficient way of remediating vulnerabilities. However, there were some big differences in the length of documents. Mine was about 11 pages, but I read some were about 22 pages. I know we don’t have specific length requirements, but I still think that it should be an easy to follow and read for the leadership.

Article 1 review:   

It has been a crazy couple of weeks in the cyber field with the rise of new sophisticated attacks. Malicious software attack around the world and took control of sensitive information demanding money. The most affected area is the healthcare organizations in the Europe where multiple hospitals could not operate because of these attacks. They still trying to figure out who, what and the damages. The name of the ransomware attack is called WannaCry malicious piece of code which attacks various organization around the globe. Computers around Russia, Taiwan Spain and Britain was the severely impacted. They are claiming that it was a leaked program from NSA. This coordinated attack infected thousands of computer and encrypted data. Hackers demanded money to decrypt data. This shows the scale of damage hackers can cause and a good signal of the cyber future. There is no place of weaknesses, and we must secure out content as much as possible. Especially who does business related to sensitive information, they are at high risk. Here is the link if you are interested reading. It is just amazing about the cyber attacks that it is tough to find who was behind the attacks. Here are some pictures about the attacks which are trending online for many days. 

https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20

Week 9 Post

Week 9 update:
It is just amazing how time passes. It feels like last month I decided to go back to college for masters and here I am trying to complete final four weeks. Most people say online college is easy, but I do not agree. It is hard to keep up with the grade because if you lost a couple of discussion board post and lost some points here and there, you are in the B+ category. However, if you invest your time and ask questions, you should be able to overcome the obstacles and finish your degree. There is no place for procrastination in the grad school. I am just sharing my experience, and I can't wait to finish my college. And finally, focus on other things.

Article 1 review:
There is some major cyber news trending online in this week. First one is the phishing attack attempts from Google Docs. I read an article written on RAWSTORY site page about this incident, and it was titled as " Google Docs phishing scam hammers home the importance of safe email habits." This title makes sense as many users don’t care about the security of email content. The phishing scam got so sophisticated that even someone with good cyber knowledge could fall into their trick. Users received an email with an invite to view a document from Google Docs from someone's email address they know. Once you click on it, it spreads to the user's contact list and multiplies. The take a way point from this article was about the importance of knowing the cyber threats and why you shouldn’t click on suspicious emails.

Source:
https://www.rawstory.com/2017/05/google-docs-phishing-scam-hammers-home-the-importance-of-safe-email-habits/

Week 8 update

Week 8 update:

Final four weeks remaining! I am not sure how other students manage their life as most of us work full time, college and family responsibilities. I have two jobs and taking two classes plus wife and 16 months old baby. This was my first time taking two classes. Even though it is very challenging finishing assignment on time, I think eventually it will worth of hard work and dedication. Hopefully, I can finish well and focus on other things I wanted to do. I wanted to go for PHD as soon as I finish my masters, but I have a second thought. First, let me get into the cyber market and get a cyber-related job. My current IT experience will definitely help. Once I have some years of direct experience with the cyber field and add some certification like CEH, CISSP, I will go for PHD. Many of my friends who I went college with are about to finish their PHD in Physics. They are my motivation and I am very committed to have PHD and I know it is not easy.

The challenging part is to improve case assignments each week. If you didn’t do well on the last assignment, most likely you won't do well in the coming weeks since each assignment is built on previous weeks assignment. I lose some points here and there because of my grammatical errors. Otherwise, I am doing well. CYBR 515 assignments are getting easier. First couple of weeks, assignments were very challenging. I really like CYBR 650 assignments format where students get to students work and add suggestion. This helps us to improve our work and improve assignments.

Article 1:
I had to share this even though I also posted this on our class security trends forum.

I am Gmail user for long time and Gmail is no exception when it comes to cyber attacks. hopefully they come up with a solution soon.

Rise of phishing attacks

I am sure most of you have read the news about the recent phishing attacks targeting Gmail users. Very sophisticated phishing scam attack is targeting about one billion Gmail users. Once a user clicks on the phishing email, it spreading to all contact list of the user who clicked on the email. The tricky part is that the email seems to come from a trusted contact and ask users to check out an attachment on Google Docs. Once a user clicks on the link, it spreads to all user contacts. Eventually, hackers will control of your email content. Even someone with good cyber threats knowledge could fall into this. The only thing Google saying is not to click on the link for now. If you read the email carefully, sending field looks as the sender is your contact, but in the recipient field, it is "hhhhhhhhhhhhhhhh@mailinator.com." Most users don’t read an email that carefully. As soon as it comes from someone you know, most likely you will attempt to open it. Some of the recommendations include - first, don’t click on it but if you do open the email, don’t grant access when fake Docs app ask for it. But if you went that far and granted access, go to Google connected sites console and remove access to that app and finally change your Google account password. The scary part is that once the worm enters the Google user's domain, it is very challenging to remove it. Hopefully, Google finds a way to fix this soon. I am a Gmail user and haven't gotten any those types of email, but people are talking about it a lot. It's been trending on the social media for some time now, and some people are having fun and other providing recommendations which will help to educate users about the risks. Phishing attacks are definitely a growing cyber threat trend that something we all should be careful. If you are interested reading the news in detail, here is the link.                    
http://www.nbcnews.com/tech/security/massive-phishing-attack-targets-millions-gmail-users-n754501

Some people are making fun out of it. Here are the some examples from the Twitter.