Monday, January 30, 2023

Security Testing Journal Entry | w/e Friday January 27, 2023


Highlights for the week - A Spiritual Experience!

Apologies for the lateness of this post, but worth a mention is just how eventful last week was. If I were to take a deep look through a distinct lense of life experiences, everything came together in a spectacular kaleidescope of elements. There were several "blasts from the past" that showed themselves at odd times. Still not sure what to make of it. As the saying goes, "when you pray God hears you, but so does the enemy .. so be mindful."

What We Loved

  1. The fish are biting and a few job prospects are in different states in the process. That is to say: applications were filed and interviews have been had.
  2. The first of the odd but wonderful events came in the form of working with a QA VP on an Automation Strategy doc - which has lead to a potential job opportunity.
  3. Working with the aforementioned VP yielded the chance that we knew the same person(s), people from my first QA job. This lead to reconnecting with that acquaintance.
  4. Having connected with this acquaintance, my former manager - the one who forced me to resign - also connected. We exchanged pleasantries .. and I learned something about myself.
  5. One of the jobs I'm super interested in has a recruiting assistant who just happens to have the same name of that special someone. What are the odds!
  6. Discussing my passion for Cybersecurity lead to another job opportunity, waiting to hear back.
  7. And last but not least, another friend from my past presented a job opportunity my way. He forwarded my resume to the recruitment manager, who just happened to be a co-worker from another of my jobs.

What We Learned

  1. The biggest thing I took away from the weekend was how indifferent I was to my ex-manager reaching out to me. I felt no joy, but I had no ill-will either. It was a test .. hope I passed!

What We Longed For

  1. More time. The chore of moving everything off my emails and the Monday.com kanban to Trello bore some exciting but monumental amounts of work. Gotta keep grinding!!

What We Loathed

  1. Nothing to report this week.
Posted by at No comments:

Saturday, January 21, 2023

Security Testing | Security 4 No0bs - GDPR Basics


A quick n' dirty breakdown of GDPR and why it is important

Hello Reader!

In this installment of Security 4 NoObs we will be discussing GDPR - the General Data Protection Regulation

Anytime you visit a website, be it in the United States, or Europe, you are prompted with a banner to accept/decline cookies. It's a little checkbox (boolean) that carries a lot of value. On the surface, you tick off a box (or not) and the banner goes away. Behind the scenes a vast system of logic rules kicks into gear, the purpose of which is to collect and store "cookie" data as it relates to you when browsing that site.

A cookie can look something like this:









Why this matters

How data is collected is actually a big deal. Users have agency over how their data is to be handled and disseminated. The option to accept/decline tracking cookies gives the user the power to give consent to their data. Below are some quick notes on the specific details of how it works. Some glossary terms to note:

  • Member State: any acting government / governing body complying with GDPR
  • Controller: the product or service collecting the data
  • Collected for an explicit purpose at the consent of the consumer (data subject) visiting said site; not retained longer than necessary
  • Minors (~16yrs) require the consent of a parent (adult)

How it works

For a comprehensive reading of GDPR, written in a lot of legal-ese, please visit: gdpr-info.eu. Below are some key take-aways:

  1. Users have the right to be forgotten, as requested
  2. Users have the right to be informed when their data is being handled/transferred
  3. Users have the right to have their information wiped upon request
  4. Users have the right to object if their feel their PII is mishandled
  5. Processing ensures C.I.A of data
  6. If a breach occurs, notice to all impacted users must happen within 72hrs
  7. An official is to be appointed:
    • The Official will be solely responsible for all particulars of data
    • It is expected that this official will cooperate with any other authority figure as the need warrants
    • Any necessary investigation will be conducted jointly
  8. Reports will be drawn yearly to show the state of application of guidelines
  9. A board / committee will be created for the overall governance of said guidelines:
    • Any ratifications require 2/3rds vote
    • A chairperson will be appointed
    • The board will have a proper e-board, incl. A Secretary
  10. The board handles any complaints filed against mishandling of info.
  11. Users have the right to sue if their data gets mishandled:
    • Controller and/or Processor may be held liable, as the evidence warrants
    • The fine cannot be crazy excessive, max = $20M
  12. Every 4 years starting 5/25/2020, the Commission is expected to send a report on the evaluation and review of the regulation to European Parliament & The Council; available to the public

When it goes wrong

It is important to mention that European regulations for data management are somewhat different than those in the United States. A violation of the GDPR can have major consequences, as in the following issue with TikTok: tiktok-fined-54-million-by-french

Conclusion:

Consumers (visitors to a website) have the right to understand how their information is being used by Companies and how to ensure their privacy is not being violated. Next time you visit a website and get a prompt to accept/decline cookies, you'll know the true power you have over your information and how it should be used.

END OF LINE
Posted by at No comments:
Labels:

Friday, January 20, 2023

Security Testing Journal Entry | w/e Friday January 20, 2023


Highlights for the week

Work to continue personal improvements, one discipline at a time. The best part about this week was the continued emphasis on positive thinking manifesting positive results. In so doing, I had a couple of interviews that went extremely well. I also coordinated efforts with a QA director of a company I'm quite familiar with, and have friends that work there.


What We Loved

  1. Making new contacts
  2. Finally starting Network+ learnings
  3. Finally writing again. Starting a book!
  4. 2 successful interviews for QA Lead positions, promsing big $$ for setting up QA from scratch
  5. Successful conversation with mentor - new mission to accomplish

What We Learned

  1. Started on the fundamentals of Networking: OSI, protocols, different connector types, different cable types
  2. Moving through BurpSuite quite nicely - learned about login exploits
  3. Set up metasploit on my machine, required another VM but it works .. next is a few tutorials

What We Longed For

  1. Miss having connections with people, namely the Security team and Unq
  2. The cool job at IBM didn't happen .. but was worth the try!

What We Loathed

  1. Nothing really bad happened. Positive vibes this week!!

Posted by at No comments:

Friday, January 13, 2023

Security Testing Journal Entry | w/e Friday January 13, 2023


It has been a somewhat productive, mostly fun week

Two weeks of the new year in the bag, and I feel fine!

Unemployment has been a drag. I will go on about this in a separate entry, but for the most part the job search has been rough. Part of me needs a job to pay the bills and what-not, the other part of me is so over everything. What's the point of going through the circle- jerk of looking for a job you'll ultimately end up loosing if you're not playing the game the right way. It's not fair that bad decisions by executives result in job loss.

Regarding the job search, had a great first-round interview with one company, and had something great happen on slack that lead to applying for another job. A really great third opportunity was missed due to the policy of being hybrid (x-days in office, y-days out), with the office being located in Atlanta. I can't wait to hear back from either IBM or BRIGHT .. two potential job leads leaning towards the cybersecurity world. Not quite there yet, but a foot in the door at a Cybersecurity company would be killer! Will need to reign in the learnings and focus on security auditing and risk analysis. Stay tuned!!

I've maded a concerted effort to continue the Cybersecurity learnings. Boy oh boy! has there been a lot learned.


What We Loved

  1. Made a couple of new connections, one resulting in a potential job (fingers crossed).
  2. Started some Cypress learnings with Typescript. The purpose is for a second job that is in the works!
  3. Started on Network+ Learning. Might double-up with Security+ (3rd go-around).
  4. Made a lot of progress w. Burp Suite, namely file directory traversal, OAuth hacking, and currently brute-force authentication

What We Learned

  1. Network+: Basics of network architecture; topologies, virtual networks, and cabling.
  2. Burp Suite: Authentication Bypass.
  3. GDPR: completed learning some time ago.
  4. Windows Fundamentals: completed the HTB learning module.
  5. Cypress w. Typescript (work in progress)
  6. Python Practice (need to fix web driver)

What We Loathed

  1. Job search hasn't been as fruitful as I'd like. It's been an absolute horror. Closing in on 5 months.
  2. The idea of posting my weekly "wins" on Linked In annoys me. I prefer to be the "silent option".

What We Longed For

  1. I need a job to subsidise my learning.
  2. I need a better mentor to provide some kind of guidance, or at least a gameplan. Current has been "absent" going on 3 weeks.
Posted by at No comments:

Monday, January 2, 2023

New Me in 2023

Boy oh Boy!

It has been a crazy-busy-hectic-dramatic-awesome two years since my last post. I fervently propose to renew the discipline of writing and plan to keep this blog refreshed. This is going to be a short post, with a lot of events to unpack in a year-by-year basis, starting from the point of the last post. Here are some topics:

  1. July 2020 - December 2020: persistent lock-downs, working from home became the norm, and so on
  2. 2021: Lockdowns continued; tons of security breaches; thoughts of return to the office laughable; Qurantine-15 is real; travelled
  3. 2022: 2 Jobs lost (personally); mass job loss in tech; a war in Ukraine; Twitter taken over by Elon Musk; and oh so much more

What we longed for

Rest & relaxation!

This is just a super-brief summation (#tl;dr). There is going to be more ... promise! This is just the beginning

Posted by at No comments:

Monday, June 8, 2020

Quarantine, 100 days later .. its over!!

What we loved

In the 100 days since we have been in the state-mandated quarantine, the adjustment to working from home was a bit smooth. There was a lot to like:

  1. Not having to spend an extra bit of money and losing time every day in a commute
  2. Not necessarily having to wear shoes
  3. Not having to spend much money on food since home was a 24-7 all-you-can-eat buffet. Not that this happened
  4. Body-weight exercises became a huge relief
  5. NY State was blessed to have a proper mayor who flourished in the crisis
  6. Having a great job when so many others lost theirs. And there are many more advances on the horizon

What we loathed

There was a lot about being under mandated quarantine that made life a bit of a challenge:

  1. Gyms were closed for the better part of of the 100 days of quarantine. The weight-gain is real
  2. Ordering take-out was also locked-up for the first 80+ days
  3. A certain segment of the population felt empowered to police others. Not cool, Karen!!
  4. The constant switching of information was annoying. Yesterday's folly became tomorrows favor
  5. The lack of privacy took a toll on intimacy
  6. Certain political leaders who wilted like flowers in the rain when faced with challenges of a global pandemic
  7. The unnecessary violence that came with looting and the audacity to justify it as an exercise in free speech following the protest of police brutality

What we lost

I would be remiss if I didn't take a moment to drop a line on the souls lost:

  1. Total loss of life: 100k, not limited to those brave doctors and first-responders who braved the dangers of exposure so others can heal
  2. REST IN PEACE Brave angels of light: Ahamaud Aubry, Breonna Taylor, and George Floyd. Their deaths at the hand of uncivilized policing opened up the floodgates of civil unrest, protests, looting, and a boisterous call for change. THE OPPRESSION ENDS NOW!!

What we learned

In the depths of the crisis, there are two kinds of people: those who rise and meet the challenge head-on, and those who shrink away. The 45th President of the United States proved himself to be a coward of magnanimous proportions. The man exposed himself as the narcissist, fascist totalitarian he so admires in the likes of Putin and Kim Jong-Un.

When the nation expected unity, the man gave us division. When the people expected understanding and compassion, they were met with petulant tweets. Where the citizens called for change in the wake of George Floyd's death, they were met with threats of military force; the unmitigated gall to flex tyrannical muscle on US soil smacks of so much wrong with No.45 that it boggles the mind.

What we longed for

Best guess we are all longing for the freedom to move about our city without the worry of COVID-19. The state-mandated has been lifted today. Its a cautious optimistic, calculated re-opening.

Posted by at No comments:

Sunday, April 12, 2020

Quarantine, the first 30 days

30 DAYS OF SOCIAL DISTANCING

NYC is nearing a full month of quarantine. The death toll continues to rise. We celebrate our doctors, nurses, first-responders, and other health care professionals every day at 7:00pm. Conclusion: it feels like we may go the full span of summer locked in. It will get better, but at the moment all is not well.

I'll be celebrating 4 months at my current employment. I like the company, and I appreciate my work, but there's this nagging feeling like I've not quite gelled with my team. At times, I feel like I'm just freelancing - like I do what I have to do - on my own. I can't relate to the people I work with. I don't get the strong since of reassurance from my managers. But then I can admit I have always had a history of not quite fitting in.

FITTING IN ...

I wanted to dedicate this space to the concept of "fitting in." What it means to be a "good fit" and what it feels like to be apart from the team instead of a part of it. As someone who had to be the "man-of-the-house" at a young age, I've always felt like I had to grow up faster than I normal. It also meant I had to figure a lot of shit out. The consequence was resentment of authority and the self-perception that I was a square peg.

IN MY TEEN YEARS

When I moved from Miami to NY, I was the new kid. Living in Forest Hills for the time was a godsend but moving to Long Island broke my heart. I left behind a great group of friends, my first crush, and wonderful memories.
As the new kid in a predominantly white neighborhood, I never felt quite right. Sure I made friends and all, but some part of me always hated the experience. Fast-forward to high school. I was a chubby, pimply, quiet kid who never really got the chance to date or play on a professional sports team. I was so preoccupied with not trying to make a complete ass of myself that even the slightest bit of attention and I wilted. It was awful. God how I hated high school!

IN COLLEGE

The blessing of College life is that you can wipe the slate clean of who you were in high school and start anew. You go from being someone to being no one. This was ideal for me in many ways. But it also proved a bit of a challenge. Being the quiet introvert proved a bit of challenge when making connections. I got caught up in the trappings of campus life, but it was hard to make solid friendships.

Finding my roots

One of the greatest take-aways from St. John's University - my alma mater - was OLAS: the Organization of Latin-American Students. For the first time in my life, I felt like I truly belonged. There were others like me who spoke my language, shared my beliefs, and laughed at the same things. It was a great fit. The next 4 years were bliss. I belonged to a group. I had friends. I had a social life. I miss them

Failing at frats

The negative consequence of my college experience came at the hands of interactions with fraternities. Freshman year - rush week - and I was courted by one group, but they seemed like a typical group of BROs looking to get drunk and get laid. Not my cup-of-tea. The group that I could see myself a part of made it a point to reject my application, not once, but twice. At the time, I was never more hurt by the rejection. Surely, I was a good fit for OLAS, and therefore I would be a good fit for this group. Sadly, not the case. The sting bothered me for a while, but in hindsight, they weren't the fit for me, nor I for them.

AT WORK

Most workplaces emphasize the intrinsic need to be a "cultural fit"; that you subscribe to the same ideals, laugh at the same jokes, and share the same philosophies. You and the group are of one mind. In some of the jobs I have had, I felt like I was in a second home. The people I worked with were great kinsmen.

Then there were jobs where I never felt more alone. I was in a room full of people and felt like a wandering spirit amongst the living, invisible and ignored. I remember working at one such agency, a big place, and there were so many cliques. It was hard to ally myself with any one group because I just could not relate. I never felt quite right. Even most recently, I had one job where the team was like a second home. We all laughed at the same jokes, and shared the ideas.
Even now, at almost 45yo, I find it difficult to relate to my co-workers. And with this quarantine being a thing, it makes forming connections all the more difficult. I miss my old co-workers. I only hope things turn around.

Posted by at No comments:
Subscribe to: Posts (Atom)