Passionate About Cybersecurity | Sharing Passion to Help Individuals Discover, Engage, and Level Up A Cyber Career | Tweets Sharing Cyber Tips, Tools, Love💙
Join
#SimplyCyber
for the Daily Cyber Threat Briefing.
Learn the top cyber news stories and get expert analysis on what it means to YOU!
Community, engagement, inclusive, and valuable!
#cybersecurity
You want to work in cybersecurity, but not sure which role? 💥
I've worked in industry for nearly 20 years and you can to💙
Here are 5 entry cybersecurity level roles that might be a good fit:
A thread [🧵]
Hey You!
Cybersecurity interview coming up?
1st off, AWESOME 🥳
2nd: Let’s shed self doubt, and AMP UP the confidence!💪
I’ve worked in industry for 18+ years and hired many entry level folks.😍
Let me answer 12 interview questions and tell you WHY we’re asking them💥
[🧵]
Responsible for IT and
#cybersecurity
at your work?
20 years has taught me good tools are HUGE
Check out these 5 SOC Analyst web-based tools that will LEVEL UP your SOC game and help you move faster on detecting ‘bad’
The first one I bet you haven't heard of... 👇
[🧵]
People seeking a
#cybersecurity
career immediately get overwhelmed with Step 1😲
I’ve been at it 18+ years
I have over 500
#cybersecuirty
YT vids💥
Grab my 7 focused, curated Playlists below💪
Accelerate your progress 🚀
(They answer the FAQ I get all the time)
[🧵]
What's the best course or roadmap to get into Threat Hunting?
Start as a SOC analyst, but how?
And what non-obvious things to do?
A short thread ...
[🧵]
Recon is the first step in the Cyber Kill Chain, but what tools to start with?
Let's Kickoff your OSINT toolbox with these 10 website OSINT tools that rock
Let's start with a banger that I just found out about ...
#cybersecurity
#OSINT
#pentesting
If you're looking for inclusive, supportive
#cybersecurity
communities for networking, knowledge share, and good times.... I got you covered.
Check out these Discord servers for verified good times!
(P.S. Networking is so important! )🤩
I started in cyber when I was 25 y/o.
Since then, I've...
• Built a Cyber Program for a $750M company
• Worked in Antarctica
• Earned a PhD in Cyber Ops
• Actively teach Cyber at
@Citadel1842
Here are 5 mistakes people breaking into industry are making
[🧵]
Inspired by
@TCMSecurity
and
@HuskyHacksMK
and the Dollar and a Dream effort for PMAT and PEH, GRC Analyst Master Class can be had for $1 through Aug 22.
CODE: DOLLARANDADREAM
🔥 Break down the gates to affordable education
DYK - GRC Analyst Master Class (my lectures and practical hands on labs for all the things GRC analyst) is now 30% off til end of month. 💙
SIMPLYCYBER30 gets you discount. 🥳
Lets goooo!🚀🤩
#cyber
#GRC
🤔 Want a tailored
#Cybersecurity
#Resume
template?
😱 Do you want to pay $0 for it?
Help yourself --> Free Resources tab, bottom right; 3 different templates for 3 different situations. Enjoy! 🥰
Why work in
#cybersecurity
?
💥Great people
💥Never boring
💥Challenging mission
💥1000 different directions to take a career
💥Very relevant to our day-to-day lives
💥 Pay doesn't suck
💥 LOTS of Free Resources to learn
💥 All industries need it
I LOVE WORKING IN IT🥰💙
Full post with links to all the labs, secondary resources to support that role, and examples of active practitioners that are legend at that role over on my LinkedIn if you want to git it.
#cybersecurity
#labs
#practicalexperience
Are you overwhelmed by learning resources in
#cybersecurity
? 😲
Start with one of the best!
@Antisy_Training
PAY WHAT YOU CAN courses 🤩
Taught LIVE literally by industry seasoned pros!
🔥Let's just dig in here for a hot minute and share a few
[🧵 ]
If you don't have Information Technology (IT) experience encourage you go through the FREE SANS Cyberaces education.
Gives a great primer on Networking, OS, and programming. The networking and OS are a must if you are short on time.
Link to it ->
@_JohnHammond
Information overload/ yard sale 😊
1. for learners trying to parse out what to focus on
2. For Blue Practitioners fatigued on alert fatigue
3. For Management on trying to measure any of it, coming up w insights that mean nothing (e.g. phishes blocked in Sept)
[1] Echo Trail -
This one is new on the scene, but very interesting.
It has built a picture of what's normal or typical for a given operating system (OS) or a process running on that OS. Check if that odd service, dll, etc is 'normal'
[1] SOC Analyst 🛡️
Blue team defender with hands on keyboard defending, responding, and hunting for threats and compromises. Lot of opportunity with MSSPs for this role.
I did a deeper dive on SOC Analyst here:
Want to be a SOC Analyst? 🤔
Get all up in this curated playlist from top industry SOC Analyst and Blue Teamers 🎯
You will learn:
💥Pros / Cons of the job
💥How to get the job
💥Where to network and learn skills to be a great SOC Analyst
👇👇👇
[4] Pentester 😈
The 'hacker' role. Its matured over the years and you could 'attack' web apps, mobile apps, networks, and more. You use tools to get systems to do things they shouldn't, document it, and share.
I give deeper analysis on Pentester here:
[2] Digital Forensics Engineer (DFIR) 🔍
You are like a detective going through evidence trying to piece together what happened and recovering data. You are collecting evidence and it may be used in court. CSI-esque.
I give deeper analysis on DFIR here:
Trying to get into
#cybersecurity
?
Here's the TOP 5 cybersecurity job hunting questions from an industry expert that has placed over a 1000 people into a cybersecurity job.
All answered with time stamps:
#iThinkThisIsHowYouUseThreads
[🧵]
Trying to get
#Cybersecurity
#infosec
experience but unsure where to start? 😲
Jump into a Capture The Flag "CTF" 🥰
Don't be intimidated
Getting hands dirty is a great way.
Most cons have them, and they will have varying levels of challenges
[5] Vulnerability Assessment Analyst 🤓
Conduct network and system audits to find missing patches and security misconfigurations. Work with IT and the business to get them mitigated.
Get a deeper analysis on Vulnerability Assessor here:
[3] Security Engineer 🖥️
Now this 'role' is generic in title, but my intent here is you are working security technologies like EDR, MDM, or Firewalls.
I give deeper analysis on Security Engineer here:
Also practitioners need to stay current on cybersecurity trends and news.
Receive a Live Stream Briefing (from me) every weekday morning covering the top news stories of the day and giving my analysis on each event on what it means to you.
🔥🔥🔥
💪🏼 Sigma is a force multiplier for SOCs to share detection rules and work across SIEM stacks. Thank you
@cyb3rops
This week
#simplyCyber
fully explores Sigma.
Thanks
@Pwdrkeg
for walking through power use of it. Link to Full Video ➡️
#CyberSecurity
[2] Any Run -
Malware sandbox that I love 💖
Have a malicious or unknown file and want to see what it does fast, drop it in any run.
Saves you tons of time of building a VM if you’re just looking for a quick analysis.⚡
This you?> "I want to work in cybersecurity, what do I do?".
I'm asked this question every day.
I wrote this eBook to answer it
Download it for FREE, plz
There is massive amounts of free resources and best practices out there. USE THEM!
If you're in
#cybersecurity
, never forget mental health is critically important.
Find something you enjoy and make sure you do it
People you care about, spend time w/
Its amazing how refreshed, and recharged can feel.
Running is my jam 🏃,
What's yours?
ok, 2021! YOU want break into offensive
#CyberSecurity
(e.g. ethical hacking, penetration testing,
#BugBounty
), but unsure what certifications to target?
This week on
#simplyCyber
@thecybermentor
provides his thoughts on the red side of the house.
[1] Can you explain risk, vulnerability and threat? 🤔
Classic keyword definitions that are commonplace in industry.
Get my full answer here: (jumps right to it) 💥
Dear
@Microsoft
KB5012170 just enabled BitLocker on my Sis-in-laws computer with no key. You basically just ransomwared her box, and now she has to reimage.
You guys have any type of compensation or mechanism to aid with this? I get you can't reverse bitlocker, but...
Do you know the capabilities expected of
#GRC
Analysts? 💙
1. Compliance/Audit (Alignment with int/ext requirements)🥰
2. Risk Analysis (Where to focus, how bad is bad)🥰
3. Governance (Policy/Process Dev)🥰
4. Security Awareness (Mod User Behavior) 🥰
#cybersecurity
[5] URL Scan
Funky or shady URL in an email or DM?
Use this tool to “air-gap” your system from this site, but still allow you to see what it resolves to. Again, this is great for quick analysis ⚡
I use this tool all the time.
It's not always about being the best, hardest working. 😲
I've worked in
#infosec
#cybersecurity
for almost 20 years 🥰
There is a lot of advice to give, but some of the best I always give and have seen help ppl time and time again... a thread 👇
[🧵]
New to infosec?
Trying to make sense of it all? 💙
Check out CIS 18 💥
This is a simple approach to securing a business.
The controls are foundational.
Get familiar w/them and see a programmatic approach to securing a biz.
#cybersecurity
Get technical knowledge foundation first 💻
Begin to develop practical skills with Blue labs like ⚒️
@RangeForce
@BlueteamL
@HaikuInc_
Practical skills are king in industry right now. 💪
BOOKMARK THIS LINK --> 🔖🔥🔥
EXCELLENT Pay What You Can InfoSec training from experts.
I took AD&CD with John Strand and it was nails! 🙌
💥My full AD&CD review:
Thx
@strandjs
and at
@Antisy_Training
! 💙
Complement these tools with killer answers to SOC Analyst interview questions to really round you out. 💪
I’ve made a total SOC Analyst Interview Questions and Answers video for you.
Check it out.
[1] I have NO IT Background and Want to Get Into Cybersecurity
(21 Videos) 🎥
🌐
Is Cybersecurity for IT people only? NO! But how does one start without an IT background?
Here you go! 💥
@DeedsNPassports
It’s currently $60 but I do run discount promotions. Not sure where folks found it for $25 but would be very curious. Thanks for the kind words. I’m trying to bring GRC to the masses and make it socially acceptable. Will work on “cool” after that 😂
Do you know the capabilities expected of
#GRC
Analysts? 💙
1. Compliance/Audit (Alignment with int/ext requirements)🥰
2. Risk Analysis (Where to focus, how bad is bad)🥰
3. Governance (Policy/Process Dev)🥰
4. Security Awareness (Mod User Behavior) 🥰
#cybersecurity
Part 2 is out!
This video - How to get cyber experience without having a
#cybersecurity
job.
I give about 10 different free resources you can take advantage of.
All you need to do is commit, invest your time, and do the work.
You want to work in cybersecurity, but not sure which role? 💥
I've worked in industry for nearly 20 years and you can to💙
Here are 5 entry cybersecurity level roles that might be a good fit:
A thread [🧵]
[3] VirusTotal -
OG tool on the Interwebs.
Drop a file, hash, or URL up here and quickly get report back on what services are saying about its level of ‘bad’.
This is OG, but shouldn’t be your only tool. Results can be mixed.
I know its old hat to
@joehelle
and
@TCMSecurity
folks, but the 'blip' moment when you catch a reverse shell is verryyyyy satisfying.
Just saying. GRC people dabble too.
NOTE: Don't hire me to pentest, I'm sure I set off every alarm on my way to the shell. 🤣
#cyber
At a trampoline park rn. My 10 y/o came to get a sip off his water bottle that has school name stickers on side.
“Dad, we shouldn’t use these bottles in public, ppl will know what school we go to”. Kid knows opsec. Winning!
A packed week of "So You Want To Be A SOC Analyst " action w
@eric_capuano
💪
All the videos, plus one on how to leverage networking/LinkedIn to get a SOC Analyst job,
bundled into one clean Playlist. 💙
Bookmark / Share at your leisure.
#cyber
#dfir
[4] Shodan Monitor
Valuable feature often overshadowed by Shodan’s main capability, monitor allows you to get Just In Time alerting if your external network IP space has vulnerable assets.
New Misconfigurations and Shadow IT pop up for you!
Trying to transition into
#cybersecurity
from a non-tech background?
Do you: 🤔
A: Seek out a position you're most qualified for and pivot to what you want once in? 😥
OR
B: Focus on area of interest, develop skill, wait to get THAT job? 😥
A Thread ....
[🧵]
[2] What is the difference between Asymmetric and Symmetric encryption and which one is better? 🤔
Two types of encryption, worth knowing the diff
Get my full answer here: (jumps right to it) 💥
Spoiler alert,
Infosec is constantly changing and has much to explore.💖
Been at a bit and know a few things AND know 0 about writing android rootkits, the math behind AES, or how to run a conference.
Its a journey to learn and deliver value. It's why its fun and not boring.
Spoiler alert,
Infosec is constantly changing and has much to explore.💖
Been at a bit and know a few things AND know 0 about writing android rootkits, the math behind AES, or how to run a conference.
Its a journey to learn and deliver value. It's why its fun and not boring.
Make
@Recon_InfoSec
Thursday Defensive Meet-up part of your weekly routine (Thurs 1:30-2PM EST) 💙
Industry defenders, no scripted, solid talk. OPEN TO ALL. 🥰
🤔 Are you a cybersecurity beginner and want to get some time in the saddle (hands-on!)? ⌨️ How about a step-by-step guide to quickly and for free build a cyber lab and get education and experience? 🚀
#simplycyber
#cybersecurity
#informationsecurity
If you like this tweet, you'll love my exclusive email that helps you crush work, delivering 3 actionable cyber tasks every Monday morning to your inbox.
Join here:
Heard the term "GRC" and not sure what it is?
It's an information security /
#cybersecurity
term for a functional unit of a infosec program that is responsible for Governance, Risk, and Compliance.
GRC interfaces with the business side of the house and sets ISO strategy. 😉
@_JohnHammond
dropping knowledge as he closes out
@WWHackinFest
looking introspectively at the meta of our industry .
Engaging talk and a great person!
Mistake
#1
😱
Not Networking Within The Community.
Nobody is good at everything, and not all jobs are posted
Community provides support, go-to ppl for certain skills, and opportunity.
Here's a deeper explanation (timestamped) 🔥
PSA, if you are reading this and dont have Multi-factor on your email account, take a minute and configure it. Friend just had her email account compromised, details changed, so she cant validate her identity to vendor. Also, tell a friend.
💥 What questions should you ask during a SOC interview to identify red flags?
💥 What are different types of SOCs?
💥 Why is it ok not to evict a bad actor in your network?
Real talk with
@panoptcy
this week on
#simplyCyber
#CyberSecurity
Toxic people in
#cyber
?
Hard Pass.❌
Pro tip for newcomers entering
#cybersecurity
field, there's lot of inclusive, supportive communities in industry. 💙
Don't settle or accept a toxic one. 👋bye
🚨 3 new lectures published to “The Definitive GRC Analyst Master Class” 😲
💥Deep Dive on NIST 800-37 RMF
💥Hands on Audit Lab
💥Hands on Risk Assessment Lab
Existing students get FULL Access.
New students get FULL Access.
#GRC
#cybersecurity
Heard these terms?
Afraid to ask?
❤️ Red Team - Offensive security pro's. Used ubiquitously, but specifically refers to emulating specific Threat Actors
💙 Blue Team - (AKA SecOps, This is the technical defenders looking at logs, threat hunting, SOC analysts)
#cybersecurity