In my previous article, we discussed how some of the aviation and cyber security regulations have come about, and what are some of the driving factors. Typically it is a loss of some sort; most of the aviation regulations are borne of the loss of life. The pre-flight checklist is no exception.
Information Security
Risk Management, in Aviation and Cyber Security
I have been an IT and security professional for almost my entire adult life. I started off my career as a network engineer and fell into being a security engineer fairly quickly. It started by adding a firewall certification, then I added intrusion detection and prevention. The areas of security continued to grow; adding forensics investigations, eDiscovery, project consulting, and so much more. In the project consulting, we focused on ensuring the risk level of a project was within acceptable levels for the organization. I have been the top of the cyber security organization in my last three roles; but I've wanted to be a pilot for as long as I can remember.
In 2018, I became a certificated pilot and in 2019 an advanced and instrument ground school instructor. I recently finished teaching a formal ground school class to about 15 students of differing skill levels, ages, and goals for their piloting careers.
Completed Master of Science, Information Security and Assurance
If you have been following my website, which you probably haven't since I don't update often enough to keep it interesting, but anyway; I started to go back to school to get my Bachelors of Science degree in 2011. When I started I knew that the B.S. should only be the beginning, after all, I had been in the technology industry and career field for 18 years. So my intent was to complete the B.S. and go directly into an advanced degree. When I completed the first degree 17 months later in 2013, I wasn't sure which direction to go.
SQL Injection protection and detection, SANS GCIH Class
Today was day 4 of the GCIH course being taught by Mark Baggett. Things are going great and I'm learning stuff, I today we discussed SQL injection and cross site scripting.
Regarding prevention, the training it states to perform input checking and disallow/block the user from entering symbols or specials characters such the apostrophe (') or the semi-colon (;) or the percent (%), etc.
Blogging for Information Security
Martin McKeay has an article Write to learn, learn to progress where he talks about his history of blogging and how it has helped his career, this is a very good post with many good points. I've halfheartedly been blogging since 2004 and one thing I've realized is in order to be a good blogger and get "followers" you need to read other peoples blogs and contribute to ongoing "conversations".
Perl code to post 404 pages to ISC 404 Project
So I was reading a post on the Emerging Threats signature mailing list and someone mentioned the SANS Internet Storm Center's 404 Project where your webserver sends information to SANS ISC whenever it receives a request for something that it can't answer, a 404 error.
Cornerstones of Trust 2011
Yesterday was the 2011 Cornerstones of Trust conference in Foster City, and we had a great turnout. There were 29 sponsor booths from various information security vendors. Four great tracks that were mostly full.
During one of the track session that I attended during the event was the Computer Incident Response Planning session presented by Neal McCarthy.
RSA SecurID data loss breach - opinion update
I am still seeing and hearing a fair amount of tweets and speculation about what the RSA Breach that was announced by Art Coviello, Executive Chairman, RSA.
There seems to be a lot of people worried about this particular breach stating that the RSA SecurID tokens have become "useless" or advocating that you request that RSA replace every one.
RSA SecurID data loss breach
If you're a member of the Information Security community, you're probably already aware of the breach that occured to RSA Security with regards to their SecureID Token two-factor authentication solution is used by millions including government and private sector organizations.
Twitter and Facebook integration
Over the weekend, I started to integrate my website EdwardFrye.com into social media sites and added icons to the site so you can find me on those social media sites like Twitter, Facebook, LinkedIn, etc.
Now I have enabled my website so you can sign into it using your Twitter or Facebook account to post comments directly on my site if you want.