Sponsored by:

Pluralsight

A 41-post collection

Get "The Information Security Big Picture" on Pluralsight now!

If you're here reading this then it probably won't come as a big surprise but brace yourself anyway - we have a security problem. Yes, yes, I know, it's all very terrifying and not a day goes by where someone isn't getting cyber-something'd. As best I can tell from the news, it's pretty much all to do with guys in hoodies sitting at green screens pwning all our things. I'm quite sure that's the case, I even did a quick check on Google to confirm: I talk about these crazy hacker perceptions in the intro of my new Pluralsight course and despite the sensationalist and inaccurate imagery in the reporting, security genuinely is a big problem. In my view, much...

New Pluralsight course: Exploring the Internet of Vulnerabilities

I've done a number of "Play by Play" courses for Pluralsight this year on a range of topics including Social Engineering with my mate Lars Klint, Deconstructing the Hack with my mate Gary Eimerman, Modernizing Your Deployment Strategy with Octopus Deploy with my mate Damo Brady and the latest one that's just landed, Exploring the Internet of Vulnerabilities with my mate Niall Merrigan. Lot of Play by Plays, lot of mates and frankly, that's what makes all these courses work; they're all friends I spend time with both in a professional capacity and in a drinking beer capacity. The Play by Play courses are all about the dialogue between two people talking through technology concepts and the chemistry is really...

New Pluralsight Course: Modernizing Your Deployment Strategy with Octopus Deploy

Here's a little-known fact for folks that have only tuned in more recently: I had a life before doing security things. I know, it seems like a long time ago now, but there was a time where all the other things that go into the software development process were highly topical for me. In fact, some of the most popular content on my blog over the last 7 years has been the You're deploying it wrong series where I walk through the setup of TeamCity to automate deployments from source control. That was way back in 2010, but I've now found myself revisiting the whole deployment world in a new Pluralsight course. A few months again when I was down...

New Pluralsight Course: Deconstructing the Hack

I was on another whirlwind trip back in July, this time to a bunch of spots in the US which included Chicago where Pluralsight has one of their offices. The last time I was there I'd recorded a "Play by Play" course which is video recorded rather than a screen cast like so many of my others. It meant myself and someone else (in this case, Gary Eimerman who's part of the Pluralsight team) actually sitting in front of the camera talking about security as well as recording snippets of screens to illustrate the discussion. I really loved the format of that course as it's very candid and feels like an organic discussion rather than a carefully rehearsed presentation. So...

Getting to grips with cloud computing security on Pluralsight

Two of the things you'll have found me most frequently writing about on this blog are "cloud" and "security". Whilst the latter seems to have been what I've gravitated towards most in recent years, the former is something I'm very heavily involved in, particularly with my work on Have I been pwned (HIBP). I'm enormously happy to see the very last course in the Ethical Hacking series I've been building out with Pluralsight now complete with the 8th and final one being Ethical Hacking: Cloud Computing. Overwhelmingly excited. Ecstatic! I'll come back to why I'm so happy that the entire thing has now been wrapped up, but let me start with my favourite cloud question of all: Is "the cloud"...

Understanding firewalls, intrusion detection systems and honeypots with Pluralsight

This was pretty big news 18 months ago: It was what greeted Sony Pictures employees when they turned up to the office and switched on their machines. Machines infected with malware was one thing - a very bad thing at that - but it got much, much worse for Sony. In all, we saw about 40GB of company data walk out the proverbial door and it included everything from employee credentials to unreleased films to somewhere in the order of 170,000 corporate emails. It was all bad news, but those emails in particular made things especially awkward on the company because it involved such embarrassing exchanges as execs making racist comments about Obama. (Side note: think just for one...

New Pluralsight course: Ethical Hacking, Denial of Service

I’ve just launched my latest Pluralsight course titled Ethical Hacking, Denial of Service but before I explain what’s in it, let’s kick off with some trivia: DDoS attacks have increased massively in size in recent years: This is from Arbor Networks’ latest Worldwide Infrastructure Security Report and that was current in October when the study was done. Now, it’s not so current: By the time you read this, we may well be at 700 or 800 or who knows where because the trend is very consistently “up and to the right”, as they say. But it’s not just the scale of the attacks which is alarming, it&...

A social engineering Play by Play on Pluralsight with Lars Klint

The other day, a hacker compromised someone’s email account. It was almost certainly a phishing attack, he probably just sent them over an email claiming to be from the victim’s organisation and then just, well, asked for their credentials. From there, the attacker wandered over to the web portal of the victim’s organisation and attempted to logon, which unfortunately for him didn’t work. No worries, they simply called up the helpdesk who kindly gave him access. So now he’s logged in to the victim’s portal and he heads over to a virtualised environment which he authenticates to using the victim’s credentials from the first step. Now...

It’s time that you – the vulnerable human – brush up on your social engineering skills with Pluralsight

We tend to get very focused on digital security controls; firewalls, antivirus, software updates and then all the usual practices I spend so much time talking to developers about, stuff like defending against SQL injection, cross site scripting and a whole raft of other attacks against systems. But the bigger risk – and it’s one that doesn’t get near as much coverage – is attacks against humans. Whereas most of the time we’re thinking about attacks against the systems, we tend to neglect weaknesses in the organic matter controlling them and as a result, social engineering attacks are enormously successful. I’ve just wrapped up Ethical Hacking: Social Engineering and when reflecting on...

Hacking Gary – a Pluralsight Play by Play

Every now and then, a Pluralsight course completely defies the odds of what I expected it to do. Now it’s not that I don’t think this latest one is a good course, rather it’s that it’s a play-by-play which effectively went like this: Pluralsight: Hey, how about you hack Gary Eimerman and we record it? Me: You had me at “hack”! And that’s about it – now it’s one of the top-rated courses in the library having been watched by thousands of people in only 5 days! All it entailed was jotting down some notes about stuff that would look good on camera and then sitting...